Lines Matching +full:standard +full:- +full:mode
1 # SPDX-License-Identifier: GPL-2.0
171 bool "Disable run-time self tests"
174 Disable run-time self tests that normally take place at
178 bool "Enable extra run-time crypto self tests"
181 Enable extra run-time self tests of registered crypto algorithms,
227 Authenc: Combined mode wrapper for IPsec.
247 menu "Public-key cryptography"
250 tristate "RSA (Rivest-Shamir-Adleman)"
257 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
260 tristate "DH (Diffie-Hellman)"
264 DH (Diffie-Hellman) key exchange algorithm
271 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
274 Support these finite-field groups in DH key exchanges:
275 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
284 tristate "ECDH (Elliptic Curve Diffie-Hellman)"
288 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
289 using curves P-192, P-256, and P-384 (FIPS 186)
298 ISO/IEC 14888-3)
299 using curves P-192, P-256, P-384 and P-521
304 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
311 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
312 RFC 7091, ISO/IEC 14888-3)
314 One of the Russian cryptographic standard algorithms (called GOST
329 tristate "AES (Advanced Encryption Standard)"
333 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
337 environments regardless of its use in feedback or non-feedback
340 suited for restricted-space environments, in which it also
347 tristate "AES (Advanced Encryption Standard) (fixed time)"
351 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
361 8 for decryption), this implementation only uses just two S-boxes of
387 ARIA is a standard encryption algorithm of the Republic of Korea.
389 128-bit: 12 rounds.
390 192-bit: 14 rounds.
391 256-bit: 16 rounds.
419 Camellia cipher algorithms (ISO/IEC 18033-3)
435 tristate "CAST5 (CAST-128)"
439 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
442 tristate "CAST6 (CAST-256)"
446 CAST6 (CAST-256) encryption algorithm (RFC2612)
453 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
454 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
464 See https://ota.polyonymo.us/fcrypt-paper.txt
474 an algorithm optimized for 64-bit processors with good performance
475 on 32-bit processors. Khazad uses an 128 bit key size.
485 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
487 SEED is a 128-bit symmetric key block cipher that has been
489 national standard encryption algorithm of the Republic of Korea.
514 SM4 cipher algorithms (OSCCA GB/T 32907-2016,
515 ISO/IEC 18033-3:2010/Amd 1:2021)
517 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
522 networks, and is mandated in the Chinese National Standard for
524 (GB.15629.11-2003).
526 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
551 Xtendend Encryption Tiny Algorithm is a mis-implementation
561 Twofish was submitted as an AES (Advanced Encryption Standard)
576 menu "Length-preserving ciphers and modes"
585 Adiantum tweakable, length-preserving encryption mode
590 an ε-almost-∆-universal hash function, and an invocation of
591 the AES-256 block cipher on a single 16-byte block. On CPUs
593 AES-XTS.
597 bound. Unlike XTS, Adiantum is a true wide-block encryption
598 mode, so it actually provides an even stronger notion of
612 bits in length. This algorithm is required for driver-based
623 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
626 https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
632 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
636 in some performance-sensitive scenarios.
643 CBC (Cipher Block Chaining) mode (NIST SP800-38A)
645 This block cipher mode is required for IPSec ESP (XFRM_ESP).
652 CTR (Counter) mode (NIST SP800-38A)
659 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
660 Addendum to SP800-38A (October 2010))
662 This mode is required for Kerberos gss mechanism support
670 ECB (Electronic Codebook) mode (NIST SP800-38A)
678 HCTR2 length-preserving encryption mode
680 A mode for storage encryption that is efficient on processors with
682 x86 processors with AES-NI and CLMUL, and ARM processors with the
694 LRW (Liskov Rivest Wagner) mode
697 narrow block cipher mode for dm-crypt. Use it with cipher
698 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
709 PCBC (Propagating Cipher Block Chaining) mode
711 This block cipher mode is required for RxRPC.
718 XCTR (XOR Counter) mode for HCTR2
720 This blockcipher mode is a variant of CTR mode using XORs and little-endian
721 addition rather than big-endian arithmetic.
723 XCTR mode is used to implement HCTR2.
731 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
734 Use with aes-xts-plain, key size 256, 384 or 512 bits. This
748 tristate "AEGIS-128"
750 select CRYPTO_AES # for AES S-box tables
752 AEGIS-128 AEAD algorithm
755 bool "AEGIS-128 (arm NEON, arm64 NEON)"
759 AEGIS-128 AEAD algorithm
762 - NEON (Advanced SIMD) extension
765 tristate "ChaCha20-Poly1305"
772 mode (RFC8439)
775 tristate "CCM (Counter with Cipher Block Chaining-MAC)"
781 CCM (Counter with Cipher Block Chaining-Message Authentication Code)
782 authenticated encryption mode (NIST SP800-38C)
785 tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)"
792 GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
793 (GCM Message Authentication Code) (NIST SP800-38D)
826 tristate "Encrypted Salt-Sector IV Generator"
829 Encrypted Salt-Sector IV generator
832 dm-crypt. It uses the hash of the block encryption key as the
844 associated data (AAD) region (which is how dm-crypt uses it.)
851 combined with ESSIV the only feasible mode for h/w accelerated
864 BLAKE2b is optimized for 64-bit platforms and can produce digests
868 - blake2b-160
869 - blake2b-256
870 - blake2b-384
871 - blake2b-512
878 tristate "CMAC (Cipher-based MAC)"
882 CMAC (Cipher-based Message Authentication Code) authentication
883 mode (NIST SP800-38B and IETF RFC4493)
890 GCM GHASH function (NIST SP800-38D)
893 tristate "HMAC (Keyed-Hash MAC)"
897 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
921 known as WPA (Wif-Fi Protected Access).
933 This is used in HCTR2. It is not a general-purpose
944 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
948 tristate "RIPEMD-160"
951 RIPEMD-160 hash function (ISO/IEC 10118-3)
953 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
954 to be used as a secure replacement for the 128-bit hash functions
956 (not to be confused with RIPEMD-128).
958 Its speed is comparable to SHA-1 and there are no known attacks
959 against RIPEMD-160.
966 tristate "SHA-1"
970 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3)
973 tristate "SHA-224 and SHA-256"
977 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
983 tristate "SHA-384 and SHA-512"
986 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
989 tristate "SHA-3"
992 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
1002 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
1008 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1014 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
1016 This is one of the Russian cryptographic standard algorithms (called
1028 Whirlpool hash function (ISO/IEC 10118-3)
1030 512, 384 and 256-bit hashes.
1032 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1038 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
1042 XCBC-MAC (Extended Cipher Block Chaining Message Authentication
1050 xxHash non-cryptographic hash algorithm
1067 A 32-bit CRC (cyclic redundancy check) with a polynomial defined
1069 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
1091 CRC algorithm used by the SCSI Block Commands standard.
1159 LZ4 high compression mode algorithm
1190 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
1192 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
1208 Hash_DRBG variant as defined in NIST SP800-90A.
1210 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
1217 CTR_DRBG variant as defined in NIST SP800-90A.
1219 This uses the AES cipher algorithm with the counter block mode.
1230 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
1236 A non-physical non-deterministic ("true") RNG (e.g., an entropy source
1237 compliant with NIST SP800-90B) intended to provide a seed to a
1238 deterministic RNG (e.g., per NIST SP800-90C).
1302 trade-off, however, is that the Jitter RNG now requires more time
1312 the Jitter RNG operates in an insecure mode as long as the
1365 See Documentation/crypto/userspace-if.rst and
1376 See Documentation/crypto/userspace-if.rst and
1388 See Documentation/crypto/userspace-if.rst and
1397 - resetting DRBG entropy
1398 - providing Additional Data
1413 See Documentation/crypto/userspace-if.rst and