Lines Matching +full:cts +full:- +full:override
1 # SPDX-License-Identifier: GPL-2.0
54 This option provides the ability to override the FIPS Module Version.
156 cbc(aes), and the support for the crypto self-tests.
178 bool "Enable cryptographic self-tests"
181 Enable the cryptographic self-tests.
183 The cryptographic self-tests run at boot time, or at algorithm
188 - Development and pre-release testing. In this case, also enable
192 - Production kernels, to help prevent buggy drivers from being used
193 and/or meet FIPS 140-3 pre-operational testing requirements. In
197 bool "Enable the full set of cryptographic self-tests"
200 Enable the full set of cryptographic self-tests for each algorithm.
203 pre-release testing, but not in production kernels.
254 profile. This is required for Kerberos 5-style encryption, used by
277 menu "Public-key cryptography"
280 tristate "RSA (Rivest-Shamir-Adleman)"
287 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
290 tristate "DH (Diffie-Hellman)"
294 DH (Diffie-Hellman) key exchange algorithm
301 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
304 Support these finite-field groups in DH key exchanges:
305 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
314 tristate "ECDH (Elliptic Curve Diffie-Hellman)"
318 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
319 using curves P-192, P-256, and P-384 (FIPS 186)
328 ISO/IEC 14888-3)
329 using curves P-192, P-256, P-384 and P-521
334 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
341 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
342 RFC 7091, ISO/IEC 14888-3)
356 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
360 environments regardless of its use in feedback or non-feedback
363 suited for restricted-space environments, in which it also
374 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
384 8 for decryption), this implementation only uses just two S-boxes of
412 128-bit: 12 rounds.
413 192-bit: 14 rounds.
414 256-bit: 16 rounds.
442 Camellia cipher algorithms (ISO/IEC 18033-3)
458 tristate "CAST5 (CAST-128)"
462 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
465 tristate "CAST6 (CAST-256)"
469 CAST6 (CAST-256) encryption algorithm (RFC2612)
476 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
477 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
487 See https://ota.polyonymo.us/fcrypt-paper.txt
497 an algorithm optimized for 64-bit processors with good performance
498 on 32-bit processors. Khazad uses an 128 bit key size.
508 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
510 SEED is a 128-bit symmetric key block cipher that has been
537 SM4 cipher algorithms (OSCCA GB/T 32907-2016,
538 ISO/IEC 18033-3:2010/Amd 1:2021)
540 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
547 (GB.15629.11-2003).
549 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
574 Xtendend Encryption Tiny Algorithm is a mis-implementation
599 menu "Length-preserving ciphers and modes"
609 Adiantum tweakable, length-preserving encryption mode
614 an ε-almost-∆-universal hash function, and an invocation of
615 the AES-256 block cipher on a single 16-byte block. On CPUs
617 AES-XTS.
621 bound. Unlike XTS, Adiantum is a true wide-block encryption
636 bits in length. This algorithm is required for driver-based
647 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
650 https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
656 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
660 in some performance-sensitive scenarios.
667 CBC (Cipher Block Chaining) mode (NIST SP800-38A)
676 CTR (Counter) mode (NIST SP800-38A)
679 tristate "CTS (Cipher Text Stealing)"
683 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
684 Addendum to SP800-38A (October 2010))
694 ECB (Electronic Codebook) mode (NIST SP800-38A)
702 HCTR2 length-preserving encryption mode
706 x86 processors with AES-NI and CLMUL, and ARM processors with the
721 narrow block cipher mode for dm-crypt. Use it with cipher
722 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
744 This blockcipher mode is a variant of CTR mode using XORs and little-endian
745 addition rather than big-endian arithmetic.
755 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
758 Use with aes-xts-plain, key size 256, 384 or 512 bits. This
773 tristate "AEGIS-128"
775 select CRYPTO_AES # for AES S-box tables
777 AEGIS-128 AEAD algorithm
780 bool "AEGIS-128 (arm NEON, arm64 NEON)"
784 AEGIS-128 AEAD algorithm
787 - NEON (Advanced SIMD) extension
790 tristate "ChaCha20-Poly1305"
800 tristate "CCM (Counter with Cipher Block Chaining-MAC)"
806 CCM (Counter with Cipher Block Chaining-Message Authentication Code)
807 authenticated encryption mode (NIST SP800-38C)
817 (GCM Message Authentication Code) (NIST SP800-38D)
849 tristate "Encrypted Salt-Sector IV Generator"
852 Encrypted Salt-Sector IV generator
855 dm-crypt. It uses the hash of the block encryption key as the
867 associated data (AAD) region (which is how dm-crypt uses it.)
887 BLAKE2b is optimized for 64-bit platforms and can produce digests
891 - blake2b-160
892 - blake2b-256
893 - blake2b-384
894 - blake2b-512
901 tristate "CMAC (Cipher-based MAC)"
905 CMAC (Cipher-based Message Authentication Code) authentication
906 mode (NIST SP800-38B and IETF RFC4493)
913 GCM GHASH function (NIST SP800-38D)
916 tristate "HMAC (Keyed-Hash MAC)"
920 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
945 known as WPA (Wif-Fi Protected Access).
957 This is used in HCTR2. It is not a general-purpose
961 tristate "RIPEMD-160"
964 RIPEMD-160 hash function (ISO/IEC 10118-3)
966 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
967 to be used as a secure replacement for the 128-bit hash functions
969 (not to be confused with RIPEMD-128).
971 Its speed is comparable to SHA-1 and there are no known attacks
972 against RIPEMD-160.
979 tristate "SHA-1"
983 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3), including
987 tristate "SHA-224 and SHA-256"
991 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC
992 10118-3), including HMAC support.
998 tristate "SHA-384 and SHA-512"
1002 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC
1003 10118-3), including HMAC support.
1006 tristate "SHA-3"
1009 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
1016 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
1022 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1028 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
1042 Whirlpool hash function (ISO/IEC 10118-3)
1044 512, 384 and 256-bit hashes.
1046 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1052 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
1056 XCBC-MAC (Extended Cipher Block Chaining Message Authentication
1064 xxHash non-cryptographic hash algorithm
1081 A 32-bit CRC (cyclic redundancy check) with a polynomial defined
1083 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
1184 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
1186 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
1202 Hash_DRBG variant as defined in NIST SP800-90A.
1204 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
1211 CTR_DRBG variant as defined in NIST SP800-90A.
1224 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
1230 A non-physical non-deterministic ("true") RNG (e.g., an entropy source
1231 compliant with NIST SP800-90B) intended to provide a seed to a
1232 deterministic RNG (e.g., per NIST SP800-90C).
1296 trade-off, however, is that the Jitter RNG now requires more time
1359 See Documentation/crypto/userspace-if.rst and
1370 See Documentation/crypto/userspace-if.rst and
1382 See Documentation/crypto/userspace-if.rst and
1391 - resetting DRBG entropy
1392 - providing Additional Data
1406 See Documentation/crypto/userspace-if.rst and