Lines Matching +full:aes +full:- +full:gcm
1 # SPDX-License-Identifier: GPL-2.0
120 cbc(aes).
137 cbc(aes).
140 bool "Disable run-time self tests"
143 Disable run-time self tests that normally take place at
147 bool "Enable extra run-time crypto self tests"
150 Enable extra run-time self tests of registered crypto algorithms,
221 comment "Public-key cryptography"
233 tristate "Diffie-Hellman algorithm"
237 Generic implementation of the Diffie-Hellman algorithm.
251 tristate "EC-RDSA (GOST 34.10) algorithm"
258 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
259 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
273 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
276 https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
277 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
303 tristate "GCM/GMAC support"
310 Support for Galois/Counter Mode (GCM) and Galois Message
314 tristate "ChaCha20-Poly1305 AEAD support"
320 ChaCha20-Poly1305 AEAD support, RFC7539.
327 tristate "AEGIS-128 AEAD algorithm"
329 select CRYPTO_AES # for AES S-box tables
331 Support for the AEGIS-128 dedicated AEAD algorithm.
334 bool "Support SIMD acceleration for AEGIS-128"
339 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
344 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
403 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
405 for AES encryption.
407 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
425 narrow block cipher mode for dm-crypt. Use it with cipher
426 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
427 The first 128, 192 or 256 bits in the key are used for AES and the
456 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
465 Support for key wrapping (NIST SP800-38F / RFC3394) without
496 Adiantum is a tweakable, length-preserving encryption mode
500 an ε-almost-∆-universal hash function, and an invocation of
501 the AES-256 block cipher on a single 16-byte block. On CPUs
502 without AES instructions, Adiantum is much faster than
503 AES-XTS.
507 bound. Unlike XTS, Adiantum is a true wide-block encryption
517 Encrypted salt-sector initialization vector (ESSIV) is an IV
519 dm-crypt. It uses the hash of the block encryption key as the
531 associated data (AAD) region (which is how dm-crypt uses it.)
548 Cipher-based Message Authentication Code (CMAC) specified by
552 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
559 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
567 XCBC: Keyed-Hashing with encryption algorithm
570 xcbc-mac/xcbc-mac-spec.pdf
578 very high speed on 64-bit architectures.
590 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
601 instruction. This option will create 'crc32c-intel' module,
604 Module will be crc32c-intel.
612 CRC32c algorithm implemented using vector polynomial multiply-sum
631 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
643 instruction. This option will create 'crc32-pclmul' module,
644 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
661 xxHash non-cryptographic hash algorithm. Extremely fast, working at
674 - blake2b-160
675 - blake2b-256
676 - blake2b-384
677 - blake2b-512
687 optimized for 8-32bit platforms and can produce digests of any size
692 - blake2s-128
693 - blake2s-160
694 - blake2s-224
695 - blake2s-256
721 'crct10dif-pclmul' module, which is faster when computing the
730 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
737 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
746 GHASH is the hash function used in GCM (Galois/Counter Mode).
747 It is not a general-purpose cryptographic hash function.
757 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
769 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
826 tristate "RIPEMD-128 digest algorithm"
829 RIPEMD-128 (ISO/IEC 10118-3:2004).
831 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
833 RIPEMD-160 should be used.
839 tristate "RIPEMD-160 digest algorithm"
842 RIPEMD-160 (ISO/IEC 10118-3:2004).
844 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
845 to be used as a secure replacement for the 128-bit hash functions
847 (not to be confused with RIPEMD-128).
850 against RIPEMD-160.
856 tristate "RIPEMD-256 digest algorithm"
859 RIPEMD-256 is an optional extension of RIPEMD-128 with a
861 longer hash-results, without needing a larger security level
862 (than RIPEMD-128).
868 tristate "RIPEMD-320 digest algorithm"
871 RIPEMD-320 is an optional extension of RIPEMD-160 with a
873 longer hash-results, without needing a larger security level
874 (than RIPEMD-160).
883 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
886 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
891 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
893 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
897 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
902 SHA-256 secure hash standard (DFIPS 180-2) implemented
905 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
914 SHA-512 secure hash standard (DFIPS 180-2) implemented
925 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
934 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
942 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
948 SHA-1 secure hash standard (DFIPS 180-4) implemented
956 SHA256 secure hash standard (DFIPS 180-2).
961 This code also includes SHA-224, a 224 bit hash with 112 bits
970 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
979 SHA-256 secure hash standard (DFIPS 180-2) implemented
988 SHA-256 secure hash standard (DFIPS 180-2) implemented
995 SHA512 secure hash standard (DFIPS 180-2).
1000 This code also includes SHA-384, a 384 bit hash with 192 bits
1009 SHA-512 secure hash standard (DFIPS 180-2) implemented
1018 SHA-512 secure hash standard (DFIPS 180-2) implemented
1025 SHA-3 secure hash standard (DFIPS 202). It's based on
1035 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1040 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1046 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1058 Tiger hash algorithm 192, 160 and 128-bit hashes
1060 Tiger is a hash function optimized for 64-bit processors while
1061 still having decent performance on 32-bit processors.
1071 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1073 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1074 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1080 tristate "GHASH hash function (CLMUL-NI accelerated)"
1084 This is the x86_64 CLMUL-NI accelerated implementation of
1085 GHASH, the hash function used in GCM (Galois/Counter mode).
1090 tristate "AES cipher algorithms"
1094 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1099 environments regardless of its use in feedback or non-feedback
1102 suited for restricted-space environments, in which it also
1106 The AES specifies three key sizes: 128, 192 and 256 bits
1108 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1111 tristate "Fixed time AES cipher"
1115 This is a generic implementation of AES that attempts to eliminate
1118 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1123 8 for decryption), this implementation only uses just two S-boxes of
1130 tristate "AES cipher algorithms (AES-NI)"
1139 Use Intel AES-NI instructions for AES algorithm.
1141 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1146 environments regardless of its use in feedback or non-feedback
1149 suited for restricted-space environments, in which it also
1153 The AES specifies three key sizes: 128, 192 and 256 bits
1155 See <http://csrc.nist.gov/encryption/aes/> for more information.
1157 In addition to AES cipher algorithm support, the acceleration
1163 tristate "AES cipher algorithms (SPARC64)"
1167 Use SPARC64 crypto opcodes for AES algorithm.
1169 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1174 environments regardless of its use in feedback or non-feedback
1177 suited for restricted-space environments, in which it also
1181 The AES specifies three key sizes: 128, 192 and 256 bits
1183 See <http://csrc.nist.gov/encryption/aes/> for more information.
1185 In addition to AES cipher algorithm support, the acceleration
1190 tristate "AES cipher algorithms (PPC SPE)"
1194 AES cipher algorithms (FIPS-197). Additionally the acceleration
1197 without hardware AES acceleration (e.g. caam crypto). It reduces the
1198 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1201 tables or 256 bytes S-boxes.
1227 bits in length. This algorithm is required for driver-based
1302 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1311 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1322 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1327 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1361 tristate "CAST5 (CAST-128) cipher algorithm"
1365 The CAST5 encryption algorithm (synonymous with CAST-128) is
1369 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1376 The CAST5 encryption algorithm (synonymous with CAST-128) is
1383 tristate "CAST6 (CAST-256) cipher algorithm"
1387 The CAST6 encryption algorithm (synonymous with CAST-256) is
1391 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1400 The CAST6 encryption algorithm (synonymous with CAST-256) is
1411 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1420 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1424 tristate "Triple DES EDE cipher algorithm (x86-64)"
1429 Triple DES EDE (FIPS 46-3) algorithm.
1432 algorithm that is optimized for x86-64 processors. Two versions of
1451 an algorithm optimized for 64-bit processors with good performance
1452 on 32-bit processors. Khazad uses an 128 bit key size.
1476 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1479 <https://cr.yp.to/chacha/chacha-20080128.pdf>
1485 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1489 in some performance-sensitive scenarios.
1492 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1498 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1514 SEED is a 128-bit symmetric key block cipher that has been
1613 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1615 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1622 (GB.15629.11-2003).
1624 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1649 Xtendend Encryption Tiny Algorithm is a mis-implementation
1659 Twofish was submitted as an AES (Advanced Encryption Standard)
1681 Twofish was submitted as an AES (Advanced Encryption Standard)
1697 Twofish was submitted as an AES (Advanced Encryption Standard)
1706 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1713 Twofish cipher algorithm (x86_64, 3-way parallel).
1715 Twofish was submitted as an AES (Advanced Encryption Standard)
1721 blocks parallel, utilizing resources of out-of-order CPUs better.
1738 Twofish was submitted as an AES (Advanced Encryption Standard)
1821 tristate "NIST SP800-90A DRBG"
1823 NIST SP800-90A compliant DRBG. In the following submenu, one or
1838 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1845 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1856 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1869 tristate "User-space interface for hash algorithms"
1874 This option enables the user-spaces interface for hash
1878 tristate "User-space interface for symmetric key cipher algorithms"
1883 This option enables the user-spaces interface for symmetric
1887 tristate "User-space interface for random number generator algorithms"
1892 This option enables the user-spaces interface for random
1899 This option enables extra API for CAVP testing via the user-space
1905 tristate "User-space interface for AEAD cipher algorithms"
1912 This option enables the user-spaces interface for AEAD
1925 bool "Crypto usage statistics for User-space"
1930 - encrypt/decrypt size and numbers of symmeric operations
1931 - compress/decompress size and numbers of compress operations
1932 - size and numbers of hash operations
1933 - encrypt/decrypt/sign/verify numbers for asymmetric operations
1934 - generate/seed numbers for rng operations