Lines Matching +full:sha +full:- +full:1
1 # SPDX-License-Identifier: GPL-2.0
162 bool "Disable run-time self tests"
165 Disable run-time self tests that normally take place at
169 bool "Enable extra run-time crypto self tests"
172 Enable extra run-time self tests of registered crypto algorithms,
241 menu "Public-key cryptography"
244 tristate "RSA (Rivest-Shamir-Adleman)"
250 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
253 tristate "DH (Diffie-Hellman)"
257 DH (Diffie-Hellman) key exchange algorithm
264 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
267 Support these finite-field groups in DH key exchanges:
268 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
277 tristate "ECDH (Elliptic Curve Diffie-Hellman)"
281 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
282 using curves P-192, P-256, and P-384 (FIPS 186)
291 ISO/IEC 14888-3)
292 using curves P-192, P-256, and P-384
297 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
304 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
305 RFC 7091, ISO/IEC 14888-3)
321 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
324 https://datatracker.ietf.org/doc/draft-shen-sm2-ecdsa/
325 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
344 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
348 environments regardless of its use in feedback or non-feedback
351 suited for restricted-space environments, in which it also
362 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
371 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
372 8 for decryption), this implementation only uses just two S-boxes of
400 128-bit: 12 rounds.
401 192-bit: 14 rounds.
402 256-bit: 16 rounds.
430 Camellia cipher algorithms (ISO/IEC 18033-3)
446 tristate "CAST5 (CAST-128)"
450 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
453 tristate "CAST6 (CAST-256)"
457 CAST6 (CAST-256) encryption algorithm (RFC2612)
464 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
465 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
475 See https://ota.polyonymo.us/fcrypt-paper.txt
485 an algorithm optimized for 64-bit processors with good performance
486 on 32-bit processors. Khazad uses an 128 bit key size.
496 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
498 SEED is a 128-bit symmetric key block cipher that has been
525 SM4 cipher algorithms (OSCCA GB/T 32907-2016,
526 ISO/IEC 18033-3:2010/Amd 1:2021)
528 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
535 (GB.15629.11-2003).
537 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
562 Xtendend Encryption Tiny Algorithm is a mis-implementation
587 menu "Length-preserving ciphers and modes"
596 Adiantum tweakable, length-preserving encryption mode
601 an ε-almost-∆-universal hash function, and an invocation of
602 the AES-256 block cipher on a single 16-byte block. On CPUs
604 AES-XTS.
608 bound. Unlike XTS, Adiantum is a true wide-block encryption
623 bits in length. This algorithm is required for driver-based
634 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
637 https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
643 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
647 in some performance-sensitive scenarios.
654 CBC (Cipher Block Chaining) mode (NIST SP800-38A)
663 CFB (Cipher Feedback) mode (NIST SP800-38A)
672 CTR (Counter) mode (NIST SP800-38A)
679 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
680 Addendum to SP800-38A (October 2010))
690 ECB (Electronic Codebook) mode (NIST SP800-38A)
698 HCTR2 length-preserving encryption mode
702 x86 processors with AES-NI and CLMUL, and ARM processors with the
712 KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F
725 narrow block cipher mode for dm-crypt. Use it with cipher
726 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
737 OFB (Output Feedback) mode (NIST SP800-38A)
762 This blockcipher mode is a variant of CTR mode using XORs and little-endian
763 addition rather than big-endian arithmetic.
773 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
776 Use with aes-xts-plain, key size 256, 384 or 512 bits. This
790 tristate "AEGIS-128"
792 select CRYPTO_AES # for AES S-box tables
794 AEGIS-128 AEAD algorithm
797 bool "AEGIS-128 (arm NEON, arm64 NEON)"
801 AEGIS-128 AEAD algorithm
804 - NEON (Advanced SIMD) extension
807 tristate "ChaCha20-Poly1305"
817 tristate "CCM (Counter with Cipher Block Chaining-MAC)"
823 CCM (Counter with Cipher Block Chaining-Message Authentication Code)
824 authenticated encryption mode (NIST SP800-38C)
835 (GCM Message Authentication Code) (NIST SP800-38D)
868 tristate "Encrypted Salt-Sector IV Generator"
871 Encrypted Salt-Sector IV generator
874 dm-crypt. It uses the hash of the block encryption key as the
886 associated data (AAD) region (which is how dm-crypt uses it.)
906 BLAKE2b is optimized for 64-bit platforms and can produce digests
907 of any size between 1 and 64 bytes. The keyed hash is also implemented.
910 - blake2b-160
911 - blake2b-256
912 - blake2b-384
913 - blake2b-512
920 tristate "CMAC (Cipher-based MAC)"
924 CMAC (Cipher-based Message Authentication Code) authentication
925 mode (NIST SP800-38B and IETF RFC4493)
932 GCM GHASH function (NIST SP800-38D)
935 tristate "HMAC (Keyed-Hash MAC)"
939 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
963 known as WPA (Wif-Fi Protected Access).
975 This is used in HCTR2. It is not a general-purpose
986 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
990 tristate "RIPEMD-160"
993 RIPEMD-160 hash function (ISO/IEC 10118-3)
995 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
996 to be used as a secure replacement for the 128-bit hash functions
998 (not to be confused with RIPEMD-128).
1000 Its speed is comparable to SHA-1 and there are no known attacks
1001 against RIPEMD-160.
1008 tristate "SHA-1"
1012 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3)
1015 tristate "SHA-224 and SHA-256"
1019 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
1025 tristate "SHA-384 and SHA-512"
1028 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
1031 tristate "SHA-3"
1034 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
1044 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
1050 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1056 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
1072 very high speed on 64-bit architectures.
1080 Whirlpool hash function (ISO/IEC 10118-3)
1082 512, 384 and 256-bit hashes.
1084 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1090 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
1094 XCBC-MAC (Extended Cipher Block Chaining Message Authentication
1102 xxHash non-cryptographic hash algorithm
1119 A 32-bit CRC (cyclic redundancy check) with a polynomial defined
1121 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
1241 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
1243 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
1259 Hash_DRBG variant as defined in NIST SP800-90A.
1261 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
1268 CTR_DRBG variant as defined in NIST SP800-90A.
1281 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
1286 A non-physical non-deterministic ("true") RNG (e.g., an entropy source
1287 compliant with NIST SP800-90B) intended to provide a seed to a
1288 deterministic RNG (e.g. per NIST SP800-90C).
1312 See Documentation/crypto/userspace-if.rst and
1323 See Documentation/crypto/userspace-if.rst and
1335 See Documentation/crypto/userspace-if.rst and
1344 - resetting DRBG entropy
1345 - providing Additional Data
1360 See Documentation/crypto/userspace-if.rst and
1380 - AEAD ciphers (encrypt, decrypt)
1381 - asymmetric key ciphers (encrypt, decrypt, verify, sign)
1382 - symmetric key ciphers (encrypt, decrypt)
1383 - compression algorithms (compress, decompress)
1384 - hash algorithms (hash)
1385 - key-agreement protocol primitives (setsecret, generate
1387 - RNG (generate, seed)