Lines Matching +full:standard +full:- +full:mode
1 # SPDX-License-Identifier: GPL-2.0
177 bool "Disable run-time self tests"
180 Disable run-time self tests that normally take place at
184 bool "Enable extra run-time crypto self tests"
187 Enable extra run-time self tests of registered crypto algorithms,
233 Authenc: Combined mode wrapper for IPsec.
246 profile. This is required for Kerberos 5-style encryption, used by
265 menu "Public-key cryptography"
268 tristate "RSA (Rivest-Shamir-Adleman)"
275 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
278 tristate "DH (Diffie-Hellman)"
282 DH (Diffie-Hellman) key exchange algorithm
289 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
292 Support these finite-field groups in DH key exchanges:
293 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
302 tristate "ECDH (Elliptic Curve Diffie-Hellman)"
306 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
307 using curves P-192, P-256, and P-384 (FIPS 186)
316 ISO/IEC 14888-3)
317 using curves P-192, P-256, P-384 and P-521
322 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
329 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
330 RFC 7091, ISO/IEC 14888-3)
332 One of the Russian cryptographic standard algorithms (called GOST
348 tristate "AES (Advanced Encryption Standard)"
352 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
356 environments regardless of its use in feedback or non-feedback
359 suited for restricted-space environments, in which it also
366 tristate "AES (Advanced Encryption Standard) (fixed time)"
370 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
380 8 for decryption), this implementation only uses just two S-boxes of
406 ARIA is a standard encryption algorithm of the Republic of Korea.
408 128-bit: 12 rounds.
409 192-bit: 14 rounds.
410 256-bit: 16 rounds.
438 Camellia cipher algorithms (ISO/IEC 18033-3)
454 tristate "CAST5 (CAST-128)"
458 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
461 tristate "CAST6 (CAST-256)"
465 CAST6 (CAST-256) encryption algorithm (RFC2612)
472 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
473 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
483 See https://ota.polyonymo.us/fcrypt-paper.txt
493 an algorithm optimized for 64-bit processors with good performance
494 on 32-bit processors. Khazad uses an 128 bit key size.
504 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
506 SEED is a 128-bit symmetric key block cipher that has been
508 national standard encryption algorithm of the Republic of Korea.
533 SM4 cipher algorithms (OSCCA GB/T 32907-2016,
534 ISO/IEC 18033-3:2010/Amd 1:2021)
536 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
541 networks, and is mandated in the Chinese National Standard for
543 (GB.15629.11-2003).
545 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
570 Xtendend Encryption Tiny Algorithm is a mis-implementation
580 Twofish was submitted as an AES (Advanced Encryption Standard)
595 menu "Length-preserving ciphers and modes"
604 Adiantum tweakable, length-preserving encryption mode
609 an ε-almost-∆-universal hash function, and an invocation of
610 the AES-256 block cipher on a single 16-byte block. On CPUs
612 AES-XTS.
616 bound. Unlike XTS, Adiantum is a true wide-block encryption
617 mode, so it actually provides an even stronger notion of
631 bits in length. This algorithm is required for driver-based
643 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
646 https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
652 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
656 in some performance-sensitive scenarios.
663 CBC (Cipher Block Chaining) mode (NIST SP800-38A)
665 This block cipher mode is required for IPSec ESP (XFRM_ESP).
672 CTR (Counter) mode (NIST SP800-38A)
679 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
680 Addendum to SP800-38A (October 2010))
682 This mode is required for Kerberos gss mechanism support
690 ECB (Electronic Codebook) mode (NIST SP800-38A)
698 HCTR2 length-preserving encryption mode
700 A mode for storage encryption that is efficient on processors with
702 x86 processors with AES-NI and CLMUL, and ARM processors with the
714 LRW (Liskov Rivest Wagner) mode
717 narrow block cipher mode for dm-crypt. Use it with cipher
718 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
729 PCBC (Propagating Cipher Block Chaining) mode
731 This block cipher mode is required for RxRPC.
738 XCTR (XOR Counter) mode for HCTR2
740 This blockcipher mode is a variant of CTR mode using XORs and little-endian
741 addition rather than big-endian arithmetic.
743 XCTR mode is used to implement HCTR2.
751 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
754 Use with aes-xts-plain, key size 256, 384 or 512 bits. This
768 tristate "AEGIS-128"
770 select CRYPTO_AES # for AES S-box tables
772 AEGIS-128 AEAD algorithm
775 bool "AEGIS-128 (arm NEON, arm64 NEON)"
779 AEGIS-128 AEAD algorithm
782 - NEON (Advanced SIMD) extension
785 tristate "ChaCha20-Poly1305"
792 mode (RFC8439)
795 tristate "CCM (Counter with Cipher Block Chaining-MAC)"
801 CCM (Counter with Cipher Block Chaining-Message Authentication Code)
802 authenticated encryption mode (NIST SP800-38C)
805 tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)"
812 GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
813 (GCM Message Authentication Code) (NIST SP800-38D)
846 tristate "Encrypted Salt-Sector IV Generator"
849 Encrypted Salt-Sector IV generator
852 dm-crypt. It uses the hash of the block encryption key as the
864 associated data (AAD) region (which is how dm-crypt uses it.)
871 combined with ESSIV the only feasible mode for h/w accelerated
884 BLAKE2b is optimized for 64-bit platforms and can produce digests
888 - blake2b-160
889 - blake2b-256
890 - blake2b-384
891 - blake2b-512
898 tristate "CMAC (Cipher-based MAC)"
902 CMAC (Cipher-based Message Authentication Code) authentication
903 mode (NIST SP800-38B and IETF RFC4493)
910 GCM GHASH function (NIST SP800-38D)
913 tristate "HMAC (Keyed-Hash MAC)"
917 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
941 known as WPA (Wif-Fi Protected Access).
953 This is used in HCTR2. It is not a general-purpose
965 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
969 tristate "RIPEMD-160"
972 RIPEMD-160 hash function (ISO/IEC 10118-3)
974 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
975 to be used as a secure replacement for the 128-bit hash functions
977 (not to be confused with RIPEMD-128).
979 Its speed is comparable to SHA-1 and there are no known attacks
980 against RIPEMD-160.
987 tristate "SHA-1"
991 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3)
994 tristate "SHA-224 and SHA-256"
998 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
1004 tristate "SHA-384 and SHA-512"
1007 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
1010 tristate "SHA-3"
1013 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
1023 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
1029 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1035 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
1037 This is one of the Russian cryptographic standard algorithms (called
1049 Whirlpool hash function (ISO/IEC 10118-3)
1051 512, 384 and 256-bit hashes.
1053 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1059 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
1063 XCBC-MAC (Extended Cipher Block Chaining Message Authentication
1071 xxHash non-cryptographic hash algorithm
1088 A 32-bit CRC (cyclic redundancy check) with a polynomial defined
1090 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
1160 LZ4 high compression mode algorithm
1191 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
1193 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
1209 Hash_DRBG variant as defined in NIST SP800-90A.
1211 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
1218 CTR_DRBG variant as defined in NIST SP800-90A.
1220 This uses the AES cipher algorithm with the counter block mode.
1231 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
1237 A non-physical non-deterministic ("true") RNG (e.g., an entropy source
1238 compliant with NIST SP800-90B) intended to provide a seed to a
1239 deterministic RNG (e.g., per NIST SP800-90C).
1303 trade-off, however, is that the Jitter RNG now requires more time
1313 the Jitter RNG operates in an insecure mode as long as the
1366 See Documentation/crypto/userspace-if.rst and
1377 See Documentation/crypto/userspace-if.rst and
1389 See Documentation/crypto/userspace-if.rst and
1398 - resetting DRBG entropy
1399 - providing Additional Data
1414 See Documentation/crypto/userspace-if.rst and