Lines Matching +full:disable +full:- +full:timing +full:- +full:generator
1 # SPDX-License-Identifier: GPL-2.0
162 bool "Disable run-time self tests"
165 Disable run-time self tests that normally take place at
169 bool "Enable extra run-time crypto self tests"
172 Enable extra run-time self tests of registered crypto algorithms,
241 menu "Public-key cryptography"
244 tristate "RSA (Rivest-Shamir-Adleman)"
250 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
253 tristate "DH (Diffie-Hellman)"
257 DH (Diffie-Hellman) key exchange algorithm
264 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
267 Support these finite-field groups in DH key exchanges:
268 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
277 tristate "ECDH (Elliptic Curve Diffie-Hellman)"
281 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
282 using curves P-192, P-256, and P-384 (FIPS 186)
291 ISO/IEC 14888-3)
292 using curves P-192, P-256, and P-384
297 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
304 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
305 RFC 7091, ISO/IEC 14888-3)
321 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
324 https://datatracker.ietf.org/doc/draft-shen-sm2-ecdsa/
325 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
344 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
348 environments regardless of its use in feedback or non-feedback
351 suited for restricted-space environments, in which it also
353 among the easiest to defend against power and timing attacks.
362 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
372 8 for decryption), this implementation only uses just two S-boxes of
400 128-bit: 12 rounds.
401 192-bit: 14 rounds.
402 256-bit: 16 rounds.
430 Camellia cipher algorithms (ISO/IEC 18033-3)
446 tristate "CAST5 (CAST-128)"
450 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
453 tristate "CAST6 (CAST-256)"
457 CAST6 (CAST-256) encryption algorithm (RFC2612)
464 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
465 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
475 See https://ota.polyonymo.us/fcrypt-paper.txt
485 an algorithm optimized for 64-bit processors with good performance
486 on 32-bit processors. Khazad uses an 128 bit key size.
496 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
498 SEED is a 128-bit symmetric key block cipher that has been
525 SM4 cipher algorithms (OSCCA GB/T 32907-2016,
526 ISO/IEC 18033-3:2010/Amd 1:2021)
528 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
535 (GB.15629.11-2003).
537 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
562 Xtendend Encryption Tiny Algorithm is a mis-implementation
587 menu "Length-preserving ciphers and modes"
596 Adiantum tweakable, length-preserving encryption mode
601 an ε-almost-∆-universal hash function, and an invocation of
602 the AES-256 block cipher on a single 16-byte block. On CPUs
604 AES-XTS.
608 bound. Unlike XTS, Adiantum is a true wide-block encryption
623 bits in length. This algorithm is required for driver-based
634 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
637 https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
643 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
647 in some performance-sensitive scenarios.
654 CBC (Cipher Block Chaining) mode (NIST SP800-38A)
663 CFB (Cipher Feedback) mode (NIST SP800-38A)
672 CTR (Counter) mode (NIST SP800-38A)
679 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
680 Addendum to SP800-38A (October 2010))
690 ECB (Electronic Codebook) mode (NIST SP800-38A)
698 HCTR2 length-preserving encryption mode
702 x86 processors with AES-NI and CLMUL, and ARM processors with the
712 KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F
725 narrow block cipher mode for dm-crypt. Use it with cipher
726 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
737 OFB (Output Feedback) mode (NIST SP800-38A)
762 This blockcipher mode is a variant of CTR mode using XORs and little-endian
763 addition rather than big-endian arithmetic.
773 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
776 Use with aes-xts-plain, key size 256, 384 or 512 bits. This
790 tristate "AEGIS-128"
792 select CRYPTO_AES # for AES S-box tables
794 AEGIS-128 AEAD algorithm
797 bool "AEGIS-128 (arm NEON, arm64 NEON)"
801 AEGIS-128 AEAD algorithm
804 - NEON (Advanced SIMD) extension
807 tristate "ChaCha20-Poly1305"
817 tristate "CCM (Counter with Cipher Block Chaining-MAC)"
823 CCM (Counter with Cipher Block Chaining-Message Authentication Code)
824 authenticated encryption mode (NIST SP800-38C)
835 (GCM Message Authentication Code) (NIST SP800-38D)
840 tristate "Sequence Number IV Generator"
847 Sequence Number IV generator
849 This IV generator generates an IV based on a sequence number by
855 tristate "Encrypted Chain IV Generator"
861 Encrypted Chain IV generator
863 This IV generator generates an IV based on the encryption of
868 tristate "Encrypted Salt-Sector IV Generator"
871 Encrypted Salt-Sector IV generator
873 This IV generator is used in some cases by fscrypt and/or
874 dm-crypt. It uses the hash of the block encryption key as the
886 associated data (AAD) region (which is how dm-crypt uses it.)
906 BLAKE2b is optimized for 64-bit platforms and can produce digests
910 - blake2b-160
911 - blake2b-256
912 - blake2b-384
913 - blake2b-512
920 tristate "CMAC (Cipher-based MAC)"
924 CMAC (Cipher-based Message Authentication Code) authentication
925 mode (NIST SP800-38B and IETF RFC4493)
932 GCM GHASH function (NIST SP800-38D)
935 tristate "HMAC (Keyed-Hash MAC)"
939 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
963 known as WPA (Wif-Fi Protected Access).
975 This is used in HCTR2. It is not a general-purpose
986 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
990 tristate "RIPEMD-160"
993 RIPEMD-160 hash function (ISO/IEC 10118-3)
995 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
996 to be used as a secure replacement for the 128-bit hash functions
998 (not to be confused with RIPEMD-128).
1000 Its speed is comparable to SHA-1 and there are no known attacks
1001 against RIPEMD-160.
1008 tristate "SHA-1"
1012 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3)
1015 tristate "SHA-224 and SHA-256"
1019 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
1025 tristate "SHA-384 and SHA-512"
1028 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
1031 tristate "SHA-3"
1034 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
1044 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
1050 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1056 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
1072 very high speed on 64-bit architectures.
1080 Whirlpool hash function (ISO/IEC 10118-3)
1082 512, 384 and 256-bit hashes.
1084 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1090 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
1094 XCBC-MAC (Extended Cipher Block Chaining Message Authentication
1102 xxHash non-cryptographic hash algorithm
1119 A 32-bit CRC (cyclic redundancy check) with a polynomial defined
1121 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
1230 tristate "ANSI PRNG (Pseudo Random Number Generator)"
1234 Pseudo RNG (random number generator) (ANSI X9.31 Appendix A.2.4)
1241 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
1243 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
1259 Hash_DRBG variant as defined in NIST SP800-90A.
1261 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
1268 CTR_DRBG variant as defined in NIST SP800-90A.
1281 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
1284 CPU Jitter RNG (Random Number Generator) from the Jitterentropy library
1286 A non-physical non-deterministic ("true") RNG (e.g., an entropy source
1287 compliant with NIST SP800-90B) intended to provide a seed to a
1288 deterministic RNG (e.g. per NIST SP800-90C).
1312 See Documentation/crypto/userspace-if.rst and
1323 See Documentation/crypto/userspace-if.rst and
1327 tristate "RNG (random number generator) algorithms"
1332 Enable the userspace interface for RNG (random number generator)
1335 See Documentation/crypto/userspace-if.rst and
1344 - resetting DRBG entropy
1345 - providing Additional Data
1360 See Documentation/crypto/userspace-if.rst and
1380 - AEAD ciphers (encrypt, decrypt)
1381 - asymmetric key ciphers (encrypt, decrypt, verify, sign)
1382 - symmetric key ciphers (encrypt, decrypt)
1383 - compression algorithms (compress, decompress)
1384 - hash algorithms (hash)
1385 - key-agreement protocol primitives (setsecret, generate
1387 - RNG (generate, seed)