Lines Matching +full:mode +full:- +full:based
1 # SPDX-License-Identifier: GPL-2.0
144 cbc(aes), and the support for the crypto self-tests.
167 bool "Enable cryptographic self-tests"
170 Enable the cryptographic self-tests.
172 The cryptographic self-tests run at boot time, or at algorithm
177 - Development and pre-release testing. In this case, also enable
181 - Production kernels, to help prevent buggy drivers from being used
182 and/or meet FIPS 140-3 pre-operational testing requirements. In
186 bool "Enable the full set of cryptographic self-tests"
189 Enable the full set of cryptographic self-tests for each algorithm.
192 pre-release testing, but not in production kernels.
232 Authenc: Combined mode wrapper for IPsec.
244 profile. This is required for Kerberos 5-style encryption, used by
276 menu "Public-key cryptography"
279 tristate "RSA (Rivest-Shamir-Adleman)"
286 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
289 tristate "DH (Diffie-Hellman)"
293 DH (Diffie-Hellman) key exchange algorithm
299 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
302 Support these finite-field groups in DH key exchanges:
303 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
311 tristate "ECDH (Elliptic Curve Diffie-Hellman)"
315 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
316 using curves P-192, P-256, and P-384 (FIPS 186)
325 ISO/IEC 14888-3)
326 using curves P-192, P-256, P-384 and P-521
331 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
338 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
339 RFC 7091, ISO/IEC 14888-3)
345 tristate "ML-DSA (Module-Lattice-Based Digital Signature Algorithm)"
349 ML-DSA (Module-Lattice-Based Digital Signature Algorithm) (FIPS-204).
364 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
368 environments regardless of its use in feedback or non-feedback
371 suited for restricted-space environments, in which it also
399 128-bit: 12 rounds.
400 192-bit: 14 rounds.
401 256-bit: 16 rounds.
429 Camellia cipher algorithms (ISO/IEC 18033-3)
445 tristate "CAST5 (CAST-128)"
449 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
452 tristate "CAST6 (CAST-256)"
456 CAST6 (CAST-256) encryption algorithm (RFC2612)
463 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
464 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
474 See https://ota.polyonymo.us/fcrypt-paper.txt
484 an algorithm optimized for 64-bit processors with good performance
485 on 32-bit processors. Khazad uses an 128 bit key size.
495 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
497 SEED is a 128-bit symmetric key block cipher that has been
524 SM4 cipher algorithms (OSCCA GB/T 32907-2016,
525 ISO/IEC 18033-3:2010/Amd 1:2021)
527 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
534 (GB.15629.11-2003).
536 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
561 Xtendend Encryption Tiny Algorithm is a mis-implementation
586 menu "Length-preserving ciphers and modes"
596 Adiantum tweakable, length-preserving encryption mode
601 an ε-almost-∆-universal hash function, and an invocation of
602 the AES-256 block cipher on a single 16-byte block. On CPUs
604 AES-XTS.
608 bound. Unlike XTS, Adiantum is a true wide-block encryption
609 mode, so it actually provides an even stronger notion of
623 bits in length. This algorithm is required for driver-based
634 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
637 https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
643 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
647 in some performance-sensitive scenarios.
654 CBC (Cipher Block Chaining) mode (NIST SP800-38A)
656 This block cipher mode is required for IPSec ESP (XFRM_ESP).
663 CTR (Counter) mode (NIST SP800-38A)
670 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
671 Addendum to SP800-38A (October 2010))
673 This mode is required for Kerberos gss mechanism support
681 ECB (Electronic Codebook) mode (NIST SP800-38A)
689 HCTR2 length-preserving encryption mode
691 A mode for storage encryption that is efficient on processors with
693 x86 processors with AES-NI and CLMUL, and ARM processors with the
705 LRW (Liskov Rivest Wagner) mode
708 narrow block cipher mode for dm-crypt. Use it with cipher
709 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
720 PCBC (Propagating Cipher Block Chaining) mode
722 This block cipher mode is required for RxRPC.
729 XCTR (XOR Counter) mode for HCTR2
731 This blockcipher mode is a variant of CTR mode using XORs and little-endian
732 addition rather than big-endian arithmetic.
734 XCTR mode is used to implement HCTR2.
742 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
745 Use with aes-xts-plain, key size 256, 384 or 512 bits. This
754 tristate "AEGIS-128"
756 select CRYPTO_LIB_AES # for AES S-box tables
758 AEGIS-128 AEAD algorithm
761 bool "AEGIS-128 (arm NEON, arm64 NEON)"
765 AEGIS-128 AEAD algorithm
768 - NEON (Advanced SIMD) extension
771 tristate "ChaCha20-Poly1305"
778 mode (RFC8439)
781 tristate "CCM (Counter with Cipher Block Chaining-MAC)"
787 CCM (Counter with Cipher Block Chaining-Message Authentication Code)
788 authenticated encryption mode (NIST SP800-38C)
791 tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)"
797 GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
798 (GCM Message Authentication Code) (NIST SP800-38D)
813 This IV generator generates an IV based on a sequence number by
824 This IV generator generates an IV based on the encryption of
829 tristate "Encrypted Salt-Sector IV Generator"
832 Encrypted Salt-Sector IV generator
835 dm-crypt. It uses the hash of the block encryption key as the
847 associated data (AAD) region (which is how dm-crypt uses it.)
854 combined with ESSIV the only feasible mode for h/w accelerated
868 BLAKE2b is optimized for 64-bit platforms and can produce digests
872 - blake2b-160
873 - blake2b-256
874 - blake2b-384
875 - blake2b-512
880 tristate "CMAC (Cipher-based MAC)"
884 CMAC (Cipher-based Message Authentication Code) authentication
885 mode (NIST SP800-38B and IETF RFC4493)
888 tristate "HMAC (Keyed-Hash MAC)"
892 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
911 tristate "RIPEMD-160"
914 RIPEMD-160 hash function (ISO/IEC 10118-3)
916 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
917 to be used as a secure replacement for the 128-bit hash functions
919 (not to be confused with RIPEMD-128).
921 Its speed is comparable to SHA-1 and there are no known attacks
922 against RIPEMD-160.
929 tristate "SHA-1"
933 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3), including
937 tristate "SHA-224 and SHA-256"
941 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC
942 10118-3), including HMAC support.
947 tristate "SHA-384 and SHA-512"
951 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC
952 10118-3), including HMAC support.
955 tristate "SHA-3"
959 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
966 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
972 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
978 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
992 Whirlpool hash function (ISO/IEC 10118-3)
994 512, 384 and 256-bit hashes.
996 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1002 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
1006 XCBC-MAC (Extended Cipher Block Chaining Message Authentication
1014 xxHash non-cryptographic hash algorithm
1029 A 32-bit CRC (cyclic redundancy check) with a polynomial defined
1031 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
1097 LZ4 high compression mode algorithm
1117 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
1119 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
1135 Hash_DRBG variant as defined in NIST SP800-90A.
1137 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
1143 CTR_DRBG variant as defined in NIST SP800-90A.
1145 This uses the AES cipher algorithm with the counter block mode.
1156 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
1162 A non-physical non-deterministic ("true") RNG (e.g., an entropy source
1163 compliant with NIST SP800-90B) intended to provide a seed to a
1164 deterministic RNG (e.g., per NIST SP800-90C).
1228 trade-off, however, is that the Jitter RNG now requires more time
1238 the Jitter RNG operates in an insecure mode as long as the
1296 See Documentation/crypto/userspace-if.rst and
1307 See Documentation/crypto/userspace-if.rst and
1319 See Documentation/crypto/userspace-if.rst and
1328 - resetting DRBG entropy
1329 - providing Additional Data
1343 See Documentation/crypto/userspace-if.rst and