Lines Matching +full:standard +full:- +full:mode
1 # SPDX-License-Identifier: GPL-2.0
156 cbc(aes), and the support for the crypto self-tests.
178 bool "Enable cryptographic self-tests"
181 Enable the cryptographic self-tests.
183 The cryptographic self-tests run at boot time, or at algorithm
188 - Development and pre-release testing. In this case, also enable
192 - Production kernels, to help prevent buggy drivers from being used
193 and/or meet FIPS 140-3 pre-operational testing requirements. In
197 bool "Enable the full set of cryptographic self-tests"
200 Enable the full set of cryptographic self-tests for each algorithm.
203 pre-release testing, but not in production kernels.
242 Authenc: Combined mode wrapper for IPsec.
254 profile. This is required for Kerberos 5-style encryption, used by
277 menu "Public-key cryptography"
280 tristate "RSA (Rivest-Shamir-Adleman)"
287 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
290 tristate "DH (Diffie-Hellman)"
294 DH (Diffie-Hellman) key exchange algorithm
301 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
304 Support these finite-field groups in DH key exchanges:
305 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
314 tristate "ECDH (Elliptic Curve Diffie-Hellman)"
318 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
319 using curves P-192, P-256, and P-384 (FIPS 186)
328 ISO/IEC 14888-3)
329 using curves P-192, P-256, P-384 and P-521
334 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
341 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
342 RFC 7091, ISO/IEC 14888-3)
344 One of the Russian cryptographic standard algorithms (called GOST
352 tristate "AES (Advanced Encryption Standard)"
356 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
360 environments regardless of its use in feedback or non-feedback
363 suited for restricted-space environments, in which it also
370 tristate "AES (Advanced Encryption Standard) (fixed time)"
374 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
384 8 for decryption), this implementation only uses just two S-boxes of
410 ARIA is a standard encryption algorithm of the Republic of Korea.
412 128-bit: 12 rounds.
413 192-bit: 14 rounds.
414 256-bit: 16 rounds.
442 Camellia cipher algorithms (ISO/IEC 18033-3)
458 tristate "CAST5 (CAST-128)"
462 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
465 tristate "CAST6 (CAST-256)"
469 CAST6 (CAST-256) encryption algorithm (RFC2612)
476 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
477 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
487 See https://ota.polyonymo.us/fcrypt-paper.txt
497 an algorithm optimized for 64-bit processors with good performance
498 on 32-bit processors. Khazad uses an 128 bit key size.
508 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
510 SEED is a 128-bit symmetric key block cipher that has been
512 national standard encryption algorithm of the Republic of Korea.
537 SM4 cipher algorithms (OSCCA GB/T 32907-2016,
538 ISO/IEC 18033-3:2010/Amd 1:2021)
540 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
545 networks, and is mandated in the Chinese National Standard for
547 (GB.15629.11-2003).
549 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
574 Xtendend Encryption Tiny Algorithm is a mis-implementation
584 Twofish was submitted as an AES (Advanced Encryption Standard)
599 menu "Length-preserving ciphers and modes"
609 Adiantum tweakable, length-preserving encryption mode
614 an ε-almost-∆-universal hash function, and an invocation of
615 the AES-256 block cipher on a single 16-byte block. On CPUs
617 AES-XTS.
621 bound. Unlike XTS, Adiantum is a true wide-block encryption
622 mode, so it actually provides an even stronger notion of
636 bits in length. This algorithm is required for driver-based
647 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
650 https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
656 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
660 in some performance-sensitive scenarios.
667 CBC (Cipher Block Chaining) mode (NIST SP800-38A)
669 This block cipher mode is required for IPSec ESP (XFRM_ESP).
676 CTR (Counter) mode (NIST SP800-38A)
683 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
684 Addendum to SP800-38A (October 2010))
686 This mode is required for Kerberos gss mechanism support
694 ECB (Electronic Codebook) mode (NIST SP800-38A)
702 HCTR2 length-preserving encryption mode
704 A mode for storage encryption that is efficient on processors with
706 x86 processors with AES-NI and CLMUL, and ARM processors with the
718 LRW (Liskov Rivest Wagner) mode
721 narrow block cipher mode for dm-crypt. Use it with cipher
722 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
733 PCBC (Propagating Cipher Block Chaining) mode
735 This block cipher mode is required for RxRPC.
742 XCTR (XOR Counter) mode for HCTR2
744 This blockcipher mode is a variant of CTR mode using XORs and little-endian
745 addition rather than big-endian arithmetic.
747 XCTR mode is used to implement HCTR2.
755 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
758 Use with aes-xts-plain, key size 256, 384 or 512 bits. This
773 tristate "AEGIS-128"
775 select CRYPTO_AES # for AES S-box tables
777 AEGIS-128 AEAD algorithm
780 bool "AEGIS-128 (arm NEON, arm64 NEON)"
784 AEGIS-128 AEAD algorithm
787 - NEON (Advanced SIMD) extension
790 tristate "ChaCha20-Poly1305"
797 mode (RFC8439)
800 tristate "CCM (Counter with Cipher Block Chaining-MAC)"
806 CCM (Counter with Cipher Block Chaining-Message Authentication Code)
807 authenticated encryption mode (NIST SP800-38C)
810 tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)"
816 GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
817 (GCM Message Authentication Code) (NIST SP800-38D)
849 tristate "Encrypted Salt-Sector IV Generator"
852 Encrypted Salt-Sector IV generator
855 dm-crypt. It uses the hash of the block encryption key as the
867 associated data (AAD) region (which is how dm-crypt uses it.)
874 combined with ESSIV the only feasible mode for h/w accelerated
887 BLAKE2b is optimized for 64-bit platforms and can produce digests
891 - blake2b-160
892 - blake2b-256
893 - blake2b-384
894 - blake2b-512
901 tristate "CMAC (Cipher-based MAC)"
905 CMAC (Cipher-based Message Authentication Code) authentication
906 mode (NIST SP800-38B and IETF RFC4493)
913 GCM GHASH function (NIST SP800-38D)
916 tristate "HMAC (Keyed-Hash MAC)"
920 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
945 known as WPA (Wif-Fi Protected Access).
957 This is used in HCTR2. It is not a general-purpose
961 tristate "RIPEMD-160"
964 RIPEMD-160 hash function (ISO/IEC 10118-3)
966 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
967 to be used as a secure replacement for the 128-bit hash functions
969 (not to be confused with RIPEMD-128).
971 Its speed is comparable to SHA-1 and there are no known attacks
972 against RIPEMD-160.
979 tristate "SHA-1"
983 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3), including
987 tristate "SHA-224 and SHA-256"
991 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC
992 10118-3), including HMAC support.
998 tristate "SHA-384 and SHA-512"
1002 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC
1003 10118-3), including HMAC support.
1006 tristate "SHA-3"
1009 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
1016 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
1022 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1028 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
1030 This is one of the Russian cryptographic standard algorithms (called
1042 Whirlpool hash function (ISO/IEC 10118-3)
1044 512, 384 and 256-bit hashes.
1046 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1052 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
1056 XCBC-MAC (Extended Cipher Block Chaining Message Authentication
1064 xxHash non-cryptographic hash algorithm
1081 A 32-bit CRC (cyclic redundancy check) with a polynomial defined
1083 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
1153 LZ4 high compression mode algorithm
1184 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
1186 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
1202 Hash_DRBG variant as defined in NIST SP800-90A.
1204 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
1211 CTR_DRBG variant as defined in NIST SP800-90A.
1213 This uses the AES cipher algorithm with the counter block mode.
1224 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
1230 A non-physical non-deterministic ("true") RNG (e.g., an entropy source
1231 compliant with NIST SP800-90B) intended to provide a seed to a
1232 deterministic RNG (e.g., per NIST SP800-90C).
1296 trade-off, however, is that the Jitter RNG now requires more time
1306 the Jitter RNG operates in an insecure mode as long as the
1359 See Documentation/crypto/userspace-if.rst and
1370 See Documentation/crypto/userspace-if.rst and
1382 See Documentation/crypto/userspace-if.rst and
1391 - resetting DRBG entropy
1392 - providing Additional Data
1406 See Documentation/crypto/userspace-if.rst and