Lines Matching +full:disable +full:- +full:timing +full:- +full:generator
1 # SPDX-License-Identifier: GPL-2.0
170 bool "Disable run-time self tests"
173 Disable run-time self tests that normally take place at
177 bool "Enable extra run-time crypto self tests"
180 Enable extra run-time self tests of registered crypto algorithms,
246 menu "Public-key cryptography"
249 tristate "RSA (Rivest-Shamir-Adleman)"
255 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
258 tristate "DH (Diffie-Hellman)"
262 DH (Diffie-Hellman) key exchange algorithm
269 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
272 Support these finite-field groups in DH key exchanges:
273 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
282 tristate "ECDH (Elliptic Curve Diffie-Hellman)"
286 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
287 using curves P-192, P-256, and P-384 (FIPS 186)
296 ISO/IEC 14888-3)
297 using curves P-192, P-256, and P-384
302 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
309 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
310 RFC 7091, ISO/IEC 14888-3)
326 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
329 https://datatracker.ietf.org/doc/draft-shen-sm2-ecdsa/
330 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
349 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
353 environments regardless of its use in feedback or non-feedback
356 suited for restricted-space environments, in which it also
358 among the easiest to defend against power and timing attacks.
367 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
377 8 for decryption), this implementation only uses just two S-boxes of
405 128-bit: 12 rounds.
406 192-bit: 14 rounds.
407 256-bit: 16 rounds.
435 Camellia cipher algorithms (ISO/IEC 18033-3)
451 tristate "CAST5 (CAST-128)"
455 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
458 tristate "CAST6 (CAST-256)"
462 CAST6 (CAST-256) encryption algorithm (RFC2612)
469 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
470 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
480 See https://ota.polyonymo.us/fcrypt-paper.txt
490 an algorithm optimized for 64-bit processors with good performance
491 on 32-bit processors. Khazad uses an 128 bit key size.
501 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
503 SEED is a 128-bit symmetric key block cipher that has been
530 SM4 cipher algorithms (OSCCA GB/T 32907-2016,
531 ISO/IEC 18033-3:2010/Amd 1:2021)
533 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
540 (GB.15629.11-2003).
542 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
567 Xtendend Encryption Tiny Algorithm is a mis-implementation
592 menu "Length-preserving ciphers and modes"
601 Adiantum tweakable, length-preserving encryption mode
606 an ε-almost-∆-universal hash function, and an invocation of
607 the AES-256 block cipher on a single 16-byte block. On CPUs
609 AES-XTS.
613 bound. Unlike XTS, Adiantum is a true wide-block encryption
628 bits in length. This algorithm is required for driver-based
639 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
642 https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
648 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
652 in some performance-sensitive scenarios.
659 CBC (Cipher Block Chaining) mode (NIST SP800-38A)
668 CFB (Cipher Feedback) mode (NIST SP800-38A)
677 CTR (Counter) mode (NIST SP800-38A)
684 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
685 Addendum to SP800-38A (October 2010))
695 ECB (Electronic Codebook) mode (NIST SP800-38A)
703 HCTR2 length-preserving encryption mode
707 x86 processors with AES-NI and CLMUL, and ARM processors with the
717 KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F
730 narrow block cipher mode for dm-crypt. Use it with cipher
731 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
742 OFB (Output Feedback) mode (NIST SP800-38A)
767 This blockcipher mode is a variant of CTR mode using XORs and little-endian
768 addition rather than big-endian arithmetic.
778 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
781 Use with aes-xts-plain, key size 256, 384 or 512 bits. This
795 tristate "AEGIS-128"
797 select CRYPTO_AES # for AES S-box tables
799 AEGIS-128 AEAD algorithm
802 bool "AEGIS-128 (arm NEON, arm64 NEON)"
806 AEGIS-128 AEAD algorithm
809 - NEON (Advanced SIMD) extension
812 tristate "ChaCha20-Poly1305"
822 tristate "CCM (Counter with Cipher Block Chaining-MAC)"
828 CCM (Counter with Cipher Block Chaining-Message Authentication Code)
829 authenticated encryption mode (NIST SP800-38C)
840 (GCM Message Authentication Code) (NIST SP800-38D)
852 tristate "Sequence Number IV Generator"
855 Sequence Number IV generator
857 This IV generator generates an IV based on a sequence number by
863 tristate "Encrypted Chain IV Generator"
866 Encrypted Chain IV generator
868 This IV generator generates an IV based on the encryption of
873 tristate "Encrypted Salt-Sector IV Generator"
876 Encrypted Salt-Sector IV generator
878 This IV generator is used in some cases by fscrypt and/or
879 dm-crypt. It uses the hash of the block encryption key as the
891 associated data (AAD) region (which is how dm-crypt uses it.)
911 BLAKE2b is optimized for 64-bit platforms and can produce digests
915 - blake2b-160
916 - blake2b-256
917 - blake2b-384
918 - blake2b-512
925 tristate "CMAC (Cipher-based MAC)"
929 CMAC (Cipher-based Message Authentication Code) authentication
930 mode (NIST SP800-38B and IETF RFC4493)
937 GCM GHASH function (NIST SP800-38D)
940 tristate "HMAC (Keyed-Hash MAC)"
944 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
968 known as WPA (Wif-Fi Protected Access).
980 This is used in HCTR2. It is not a general-purpose
991 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
995 tristate "RIPEMD-160"
998 RIPEMD-160 hash function (ISO/IEC 10118-3)
1000 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
1001 to be used as a secure replacement for the 128-bit hash functions
1003 (not to be confused with RIPEMD-128).
1005 Its speed is comparable to SHA-1 and there are no known attacks
1006 against RIPEMD-160.
1013 tristate "SHA-1"
1017 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3)
1020 tristate "SHA-224 and SHA-256"
1024 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
1030 tristate "SHA-384 and SHA-512"
1033 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
1036 tristate "SHA-3"
1039 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
1049 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
1055 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1061 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
1077 very high speed on 64-bit architectures.
1085 Whirlpool hash function (ISO/IEC 10118-3)
1087 512, 384 and 256-bit hashes.
1089 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1095 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
1099 XCBC-MAC (Extended Cipher Block Chaining Message Authentication
1107 xxHash non-cryptographic hash algorithm
1124 A 32-bit CRC (cyclic redundancy check) with a polynomial defined
1126 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
1235 tristate "ANSI PRNG (Pseudo Random Number Generator)"
1239 Pseudo RNG (random number generator) (ANSI X9.31 Appendix A.2.4)
1246 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
1248 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
1264 Hash_DRBG variant as defined in NIST SP800-90A.
1266 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
1273 CTR_DRBG variant as defined in NIST SP800-90A.
1286 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
1290 CPU Jitter RNG (Random Number Generator) from the Jitterentropy library
1292 A non-physical non-deterministic ("true") RNG (e.g., an entropy source
1293 compliant with NIST SP800-90B) intended to provide a seed to a
1294 deterministic RNG (e.g., per NIST SP800-90C).
1339 See Documentation/crypto/userspace-if.rst and
1350 See Documentation/crypto/userspace-if.rst and
1354 tristate "RNG (random number generator) algorithms"
1359 Enable the userspace interface for RNG (random number generator)
1362 See Documentation/crypto/userspace-if.rst and
1371 - resetting DRBG entropy
1372 - providing Additional Data
1387 See Documentation/crypto/userspace-if.rst and
1410 - AEAD ciphers (encrypt, decrypt)
1411 - asymmetric key ciphers (encrypt, decrypt, verify, sign)
1412 - symmetric key ciphers (encrypt, decrypt)
1413 - compression algorithms (compress, decompress)
1414 - hash algorithms (hash)
1415 - key-agreement protocol primitives (setsecret, generate
1417 - RNG (generate, seed)