Lines Matching +full:standard +full:- +full:mode
1 # SPDX-License-Identifier: GPL-2.0
171 bool "Disable run-time self tests"
174 Disable run-time self tests that normally take place at
178 bool "Enable extra run-time crypto self tests"
181 Enable extra run-time self tests of registered crypto algorithms,
227 Authenc: Combined mode wrapper for IPsec.
247 menu "Public-key cryptography"
250 tristate "RSA (Rivest-Shamir-Adleman)"
256 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
259 tristate "DH (Diffie-Hellman)"
263 DH (Diffie-Hellman) key exchange algorithm
270 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
273 Support these finite-field groups in DH key exchanges:
274 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
283 tristate "ECDH (Elliptic Curve Diffie-Hellman)"
287 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
288 using curves P-192, P-256, and P-384 (FIPS 186)
297 ISO/IEC 14888-3)
298 using curves P-192, P-256, and P-384
303 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
310 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
311 RFC 7091, ISO/IEC 14888-3)
313 One of the Russian cryptographic standard algorithms (called GOST
327 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
330 https://datatracker.ietf.org/doc/draft-shen-sm2-ecdsa/
331 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
346 tristate "AES (Advanced Encryption Standard)"
350 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
354 environments regardless of its use in feedback or non-feedback
357 suited for restricted-space environments, in which it also
364 tristate "AES (Advanced Encryption Standard) (fixed time)"
368 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
378 8 for decryption), this implementation only uses just two S-boxes of
404 ARIA is a standard encryption algorithm of the Republic of Korea.
406 128-bit: 12 rounds.
407 192-bit: 14 rounds.
408 256-bit: 16 rounds.
436 Camellia cipher algorithms (ISO/IEC 18033-3)
452 tristate "CAST5 (CAST-128)"
456 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
459 tristate "CAST6 (CAST-256)"
463 CAST6 (CAST-256) encryption algorithm (RFC2612)
470 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
471 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
481 See https://ota.polyonymo.us/fcrypt-paper.txt
491 an algorithm optimized for 64-bit processors with good performance
492 on 32-bit processors. Khazad uses an 128 bit key size.
502 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
504 SEED is a 128-bit symmetric key block cipher that has been
506 national standard encryption algorithm of the Republic of Korea.
531 SM4 cipher algorithms (OSCCA GB/T 32907-2016,
532 ISO/IEC 18033-3:2010/Amd 1:2021)
534 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
539 networks, and is mandated in the Chinese National Standard for
541 (GB.15629.11-2003).
543 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
568 Xtendend Encryption Tiny Algorithm is a mis-implementation
578 Twofish was submitted as an AES (Advanced Encryption Standard)
593 menu "Length-preserving ciphers and modes"
602 Adiantum tweakable, length-preserving encryption mode
607 an ε-almost-∆-universal hash function, and an invocation of
608 the AES-256 block cipher on a single 16-byte block. On CPUs
610 AES-XTS.
614 bound. Unlike XTS, Adiantum is a true wide-block encryption
615 mode, so it actually provides an even stronger notion of
629 bits in length. This algorithm is required for driver-based
640 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
643 https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
649 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
653 in some performance-sensitive scenarios.
660 CBC (Cipher Block Chaining) mode (NIST SP800-38A)
662 This block cipher mode is required for IPSec ESP (XFRM_ESP).
669 CTR (Counter) mode (NIST SP800-38A)
676 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
677 Addendum to SP800-38A (October 2010))
679 This mode is required for Kerberos gss mechanism support
687 ECB (Electronic Codebook) mode (NIST SP800-38A)
695 HCTR2 length-preserving encryption mode
697 A mode for storage encryption that is efficient on processors with
699 x86 processors with AES-NI and CLMUL, and ARM processors with the
709 KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F
719 LRW (Liskov Rivest Wagner) mode
722 narrow block cipher mode for dm-crypt. Use it with cipher
723 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
734 PCBC (Propagating Cipher Block Chaining) mode
736 This block cipher mode is required for RxRPC.
743 XCTR (XOR Counter) mode for HCTR2
745 This blockcipher mode is a variant of CTR mode using XORs and little-endian
746 addition rather than big-endian arithmetic.
748 XCTR mode is used to implement HCTR2.
756 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
759 Use with aes-xts-plain, key size 256, 384 or 512 bits. This
773 tristate "AEGIS-128"
775 select CRYPTO_AES # for AES S-box tables
777 AEGIS-128 AEAD algorithm
780 bool "AEGIS-128 (arm NEON, arm64 NEON)"
784 AEGIS-128 AEAD algorithm
787 - NEON (Advanced SIMD) extension
790 tristate "ChaCha20-Poly1305"
797 mode (RFC8439)
800 tristate "CCM (Counter with Cipher Block Chaining-MAC)"
806 CCM (Counter with Cipher Block Chaining-Message Authentication Code)
807 authenticated encryption mode (NIST SP800-38C)
810 tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)"
817 GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
818 (GCM Message Authentication Code) (NIST SP800-38D)
851 tristate "Encrypted Salt-Sector IV Generator"
854 Encrypted Salt-Sector IV generator
857 dm-crypt. It uses the hash of the block encryption key as the
869 associated data (AAD) region (which is how dm-crypt uses it.)
876 combined with ESSIV the only feasible mode for h/w accelerated
889 BLAKE2b is optimized for 64-bit platforms and can produce digests
893 - blake2b-160
894 - blake2b-256
895 - blake2b-384
896 - blake2b-512
903 tristate "CMAC (Cipher-based MAC)"
907 CMAC (Cipher-based Message Authentication Code) authentication
908 mode (NIST SP800-38B and IETF RFC4493)
915 GCM GHASH function (NIST SP800-38D)
918 tristate "HMAC (Keyed-Hash MAC)"
922 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
946 known as WPA (Wif-Fi Protected Access).
958 This is used in HCTR2. It is not a general-purpose
969 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
973 tristate "RIPEMD-160"
976 RIPEMD-160 hash function (ISO/IEC 10118-3)
978 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
979 to be used as a secure replacement for the 128-bit hash functions
981 (not to be confused with RIPEMD-128).
983 Its speed is comparable to SHA-1 and there are no known attacks
984 against RIPEMD-160.
991 tristate "SHA-1"
995 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3)
998 tristate "SHA-224 and SHA-256"
1002 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
1008 tristate "SHA-384 and SHA-512"
1011 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
1014 tristate "SHA-3"
1017 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
1027 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
1033 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1039 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
1041 This is one of the Russian cryptographic standard algorithms (called
1055 very high speed on 64-bit architectures.
1063 Whirlpool hash function (ISO/IEC 10118-3)
1065 512, 384 and 256-bit hashes.
1067 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1073 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
1077 XCBC-MAC (Extended Cipher Block Chaining Message Authentication
1085 xxHash non-cryptographic hash algorithm
1102 A 32-bit CRC (cyclic redundancy check) with a polynomial defined
1104 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
1125 CRC algorithm used by the SCSI Block Commands standard.
1193 LZ4 high compression mode algorithm
1224 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
1226 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
1242 Hash_DRBG variant as defined in NIST SP800-90A.
1244 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
1251 CTR_DRBG variant as defined in NIST SP800-90A.
1253 This uses the AES cipher algorithm with the counter block mode.
1264 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
1270 A non-physical non-deterministic ("true") RNG (e.g., an entropy source
1271 compliant with NIST SP800-90B) intended to provide a seed to a
1272 deterministic RNG (e.g. per NIST SP800-90C).
1335 trade-off, however, is that the Jitter RNG now requires more time
1345 the Jitter RNG operates in an insecure mode as long as the
1398 See Documentation/crypto/userspace-if.rst and
1409 See Documentation/crypto/userspace-if.rst and
1421 See Documentation/crypto/userspace-if.rst and
1430 - resetting DRBG entropy
1431 - providing Additional Data
1446 See Documentation/crypto/userspace-if.rst and
1469 - AEAD ciphers (encrypt, decrypt)
1470 - asymmetric key ciphers (encrypt, decrypt, verify, sign)
1471 - symmetric key ciphers (encrypt, decrypt)
1472 - compression algorithms (compress, decompress)
1473 - hash algorithms (hash)
1474 - key-agreement protocol primitives (setsecret, generate
1476 - RNG (generate, seed)