Loading...
1# SPDX-License-Identifier: GPL-2.0
2
3menu "Accelerated Cryptographic Algorithms for CPU (arm)"
4
5config CRYPTO_CURVE25519_NEON
6 tristate "Public key crypto: Curve25519 (NEON)"
7 depends on KERNEL_MODE_NEON
8 select CRYPTO_LIB_CURVE25519_GENERIC
9 select CRYPTO_ARCH_HAVE_LIB_CURVE25519
10 help
11 Curve25519 algorithm
12
13 Architecture: arm with
14 - NEON (Advanced SIMD) extensions
15
16config CRYPTO_GHASH_ARM_CE
17 tristate "Hash functions: GHASH (PMULL/NEON/ARMv8 Crypto Extensions)"
18 depends on KERNEL_MODE_NEON
19 select CRYPTO_AEAD
20 select CRYPTO_HASH
21 select CRYPTO_CRYPTD
22 select CRYPTO_LIB_AES
23 select CRYPTO_LIB_GF128MUL
24 help
25 GCM GHASH function (NIST SP800-38D)
26
27 Architecture: arm using
28 - PMULL (Polynomial Multiply Long) instructions
29 - NEON (Advanced SIMD) extensions
30 - ARMv8 Crypto Extensions
31
32 Use an implementation of GHASH (used by the GCM AEAD chaining mode)
33 that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64)
34 that is part of the ARMv8 Crypto Extensions, or a slower variant that
35 uses the vmull.p8 instruction that is part of the basic NEON ISA.
36
37config CRYPTO_NHPOLY1305_NEON
38 tristate "Hash functions: NHPoly1305 (NEON)"
39 depends on KERNEL_MODE_NEON
40 select CRYPTO_NHPOLY1305
41 help
42 NHPoly1305 hash function (Adiantum)
43
44 Architecture: arm using:
45 - NEON (Advanced SIMD) extensions
46
47config CRYPTO_POLY1305_ARM
48 tristate "Hash functions: Poly1305 (NEON)"
49 select CRYPTO_HASH
50 select CRYPTO_ARCH_HAVE_LIB_POLY1305
51 help
52 Poly1305 authenticator algorithm (RFC7539)
53
54 Architecture: arm optionally using
55 - NEON (Advanced SIMD) extensions
56
57config CRYPTO_BLAKE2S_ARM
58 bool "Hash functions: BLAKE2s"
59 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
60 help
61 BLAKE2s cryptographic hash function (RFC 7693)
62
63 Architecture: arm
64
65 This is faster than the generic implementations of BLAKE2s and
66 BLAKE2b, but slower than the NEON implementation of BLAKE2b.
67 There is no NEON implementation of BLAKE2s, since NEON doesn't
68 really help with it.
69
70config CRYPTO_BLAKE2B_NEON
71 tristate "Hash functions: BLAKE2b (NEON)"
72 depends on KERNEL_MODE_NEON
73 select CRYPTO_BLAKE2B
74 help
75 BLAKE2b cryptographic hash function (RFC 7693)
76
77 Architecture: arm using
78 - NEON (Advanced SIMD) extensions
79
80 BLAKE2b digest algorithm optimized with ARM NEON instructions.
81 On ARM processors that have NEON support but not the ARMv8
82 Crypto Extensions, typically this BLAKE2b implementation is
83 much faster than the SHA-2 family and slightly faster than
84 SHA-1.
85
86config CRYPTO_SHA1_ARM
87 tristate "Hash functions: SHA-1"
88 select CRYPTO_SHA1
89 select CRYPTO_HASH
90 help
91 SHA-1 secure hash algorithm (FIPS 180)
92
93 Architecture: arm
94
95config CRYPTO_SHA1_ARM_NEON
96 tristate "Hash functions: SHA-1 (NEON)"
97 depends on KERNEL_MODE_NEON
98 select CRYPTO_SHA1_ARM
99 select CRYPTO_SHA1
100 select CRYPTO_HASH
101 help
102 SHA-1 secure hash algorithm (FIPS 180)
103
104 Architecture: arm using
105 - NEON (Advanced SIMD) extensions
106
107config CRYPTO_SHA1_ARM_CE
108 tristate "Hash functions: SHA-1 (ARMv8 Crypto Extensions)"
109 depends on KERNEL_MODE_NEON
110 select CRYPTO_SHA1_ARM
111 select CRYPTO_HASH
112 help
113 SHA-1 secure hash algorithm (FIPS 180)
114
115 Architecture: arm using ARMv8 Crypto Extensions
116
117config CRYPTO_SHA2_ARM_CE
118 tristate "Hash functions: SHA-224 and SHA-256 (ARMv8 Crypto Extensions)"
119 depends on KERNEL_MODE_NEON
120 select CRYPTO_SHA256_ARM
121 select CRYPTO_HASH
122 help
123 SHA-224 and SHA-256 secure hash algorithms (FIPS 180)
124
125 Architecture: arm using
126 - ARMv8 Crypto Extensions
127
128config CRYPTO_SHA256_ARM
129 tristate "Hash functions: SHA-224 and SHA-256 (NEON)"
130 select CRYPTO_HASH
131 depends on !CPU_V7M
132 help
133 SHA-224 and SHA-256 secure hash algorithms (FIPS 180)
134
135 Architecture: arm using
136 - NEON (Advanced SIMD) extensions
137
138config CRYPTO_SHA512_ARM
139 tristate "Hash functions: SHA-384 and SHA-512 (NEON)"
140 select CRYPTO_HASH
141 depends on !CPU_V7M
142 help
143 SHA-384 and SHA-512 secure hash algorithms (FIPS 180)
144
145 Architecture: arm using
146 - NEON (Advanced SIMD) extensions
147
148config CRYPTO_AES_ARM
149 tristate "Ciphers: AES"
150 select CRYPTO_ALGAPI
151 select CRYPTO_AES
152 help
153 Block ciphers: AES cipher algorithms (FIPS-197)
154
155 Architecture: arm
156
157 On ARM processors without the Crypto Extensions, this is the
158 fastest AES implementation for single blocks. For multiple
159 blocks, the NEON bit-sliced implementation is usually faster.
160
161 This implementation may be vulnerable to cache timing attacks,
162 since it uses lookup tables. However, as countermeasures it
163 disables IRQs and preloads the tables; it is hoped this makes
164 such attacks very difficult.
165
166config CRYPTO_AES_ARM_BS
167 tristate "Ciphers: AES, modes: ECB/CBC/CTR/XTS (bit-sliced NEON)"
168 depends on KERNEL_MODE_NEON
169 select CRYPTO_AES_ARM
170 select CRYPTO_SKCIPHER
171 select CRYPTO_LIB_AES
172 select CRYPTO_SIMD
173 help
174 Length-preserving ciphers: AES cipher algorithms (FIPS-197)
175 with block cipher modes:
176 - ECB (Electronic Codebook) mode (NIST SP800-38A)
177 - CBC (Cipher Block Chaining) mode (NIST SP800-38A)
178 - CTR (Counter) mode (NIST SP800-38A)
179 - XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
180 and IEEE 1619)
181
182 Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode
183 and for XTS mode encryption, CBC and XTS mode decryption speedup is
184 around 25%. (CBC encryption speed is not affected by this driver.)
185
186 The bit sliced AES code does not use lookup tables, so it is believed
187 to be invulnerable to cache timing attacks. However, since the bit
188 sliced AES code cannot process single blocks efficiently, in certain
189 cases table-based code with some countermeasures against cache timing
190 attacks will still be used as a fallback method; specifically CBC
191 encryption (not CBC decryption), the encryption of XTS tweaks, XTS
192 ciphertext stealing when the message isn't a multiple of 16 bytes, and
193 CTR when invoked in a context in which NEON instructions are unusable.
194
195config CRYPTO_AES_ARM_CE
196 tristate "Ciphers: AES, modes: ECB/CBC/CTS/CTR/XTS (ARMv8 Crypto Extensions)"
197 depends on KERNEL_MODE_NEON
198 select CRYPTO_SKCIPHER
199 select CRYPTO_LIB_AES
200 select CRYPTO_SIMD
201 help
202 Length-preserving ciphers: AES cipher algorithms (FIPS-197)
203 with block cipher modes:
204 - ECB (Electronic Codebook) mode (NIST SP800-38A)
205 - CBC (Cipher Block Chaining) mode (NIST SP800-38A)
206 - CTR (Counter) mode (NIST SP800-38A)
207 - CTS (Cipher Text Stealing) mode (NIST SP800-38A)
208 - XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
209 and IEEE 1619)
210
211 Architecture: arm using:
212 - ARMv8 Crypto Extensions
213
214config CRYPTO_CHACHA20_NEON
215 tristate "Ciphers: ChaCha20, XChaCha20, XChaCha12 (NEON)"
216 select CRYPTO_SKCIPHER
217 select CRYPTO_ARCH_HAVE_LIB_CHACHA
218 help
219 Length-preserving ciphers: ChaCha20, XChaCha20, and XChaCha12
220 stream cipher algorithms
221
222 Architecture: arm using:
223 - NEON (Advanced SIMD) extensions
224
225config CRYPTO_CRC32_ARM_CE
226 tristate "CRC32C and CRC32"
227 depends on KERNEL_MODE_NEON
228 depends on CRC32
229 select CRYPTO_HASH
230 help
231 CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720)
232 and CRC32 CRC algorithm (IEEE 802.3)
233
234 Architecture: arm using:
235 - CRC and/or PMULL instructions
236
237 Drivers: crc32-arm-ce and crc32c-arm-ce
238
239config CRYPTO_CRCT10DIF_ARM_CE
240 tristate "CRCT10DIF"
241 depends on KERNEL_MODE_NEON
242 depends on CRC_T10DIF
243 select CRYPTO_HASH
244 help
245 CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF)
246
247 Architecture: arm using:
248 - PMULL (Polynomial Multiply Long) instructions
249
250endmenu
251
1
2menuconfig ARM_CRYPTO
3 bool "ARM Accelerated Cryptographic Algorithms"
4 depends on ARM
5 help
6 Say Y here to choose from a selection of cryptographic algorithms
7 implemented using ARM specific CPU features or instructions.
8
9if ARM_CRYPTO
10
11config CRYPTO_SHA1_ARM
12 tristate "SHA1 digest algorithm (ARM-asm)"
13 select CRYPTO_SHA1
14 select CRYPTO_HASH
15 help
16 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
17 using optimized ARM assembler.
18
19config CRYPTO_SHA1_ARM_NEON
20 tristate "SHA1 digest algorithm (ARM NEON)"
21 depends on KERNEL_MODE_NEON
22 select CRYPTO_SHA1_ARM
23 select CRYPTO_SHA1
24 select CRYPTO_HASH
25 help
26 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
27 using optimized ARM NEON assembly, when NEON instructions are
28 available.
29
30config CRYPTO_SHA1_ARM_CE
31 tristate "SHA1 digest algorithm (ARM v8 Crypto Extensions)"
32 depends on KERNEL_MODE_NEON
33 select CRYPTO_SHA1_ARM
34 select CRYPTO_HASH
35 help
36 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
37 using special ARMv8 Crypto Extensions.
38
39config CRYPTO_SHA2_ARM_CE
40 tristate "SHA-224/256 digest algorithm (ARM v8 Crypto Extensions)"
41 depends on KERNEL_MODE_NEON
42 select CRYPTO_SHA256_ARM
43 select CRYPTO_HASH
44 help
45 SHA-256 secure hash standard (DFIPS 180-2) implemented
46 using special ARMv8 Crypto Extensions.
47
48config CRYPTO_SHA256_ARM
49 tristate "SHA-224/256 digest algorithm (ARM-asm and NEON)"
50 select CRYPTO_HASH
51 depends on !CPU_V7M
52 help
53 SHA-256 secure hash standard (DFIPS 180-2) implemented
54 using optimized ARM assembler and NEON, when available.
55
56config CRYPTO_SHA512_ARM
57 tristate "SHA-384/512 digest algorithm (ARM-asm and NEON)"
58 select CRYPTO_HASH
59 depends on !CPU_V7M
60 help
61 SHA-512 secure hash standard (DFIPS 180-2) implemented
62 using optimized ARM assembler and NEON, when available.
63
64config CRYPTO_AES_ARM
65 tristate "AES cipher algorithms (ARM-asm)"
66 depends on ARM
67 select CRYPTO_ALGAPI
68 select CRYPTO_AES
69 help
70 Use optimized AES assembler routines for ARM platforms.
71
72 AES cipher algorithms (FIPS-197). AES uses the Rijndael
73 algorithm.
74
75 Rijndael appears to be consistently a very good performer in
76 both hardware and software across a wide range of computing
77 environments regardless of its use in feedback or non-feedback
78 modes. Its key setup time is excellent, and its key agility is
79 good. Rijndael's very low memory requirements make it very well
80 suited for restricted-space environments, in which it also
81 demonstrates excellent performance. Rijndael's operations are
82 among the easiest to defend against power and timing attacks.
83
84 The AES specifies three key sizes: 128, 192 and 256 bits
85
86 See <http://csrc.nist.gov/encryption/aes/> for more information.
87
88config CRYPTO_AES_ARM_BS
89 tristate "Bit sliced AES using NEON instructions"
90 depends on KERNEL_MODE_NEON
91 select CRYPTO_AES_ARM
92 select CRYPTO_BLKCIPHER
93 select CRYPTO_SIMD
94 help
95 Use a faster and more secure NEON based implementation of AES in CBC,
96 CTR and XTS modes
97
98 Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode
99 and for XTS mode encryption, CBC and XTS mode decryption speedup is
100 around 25%. (CBC encryption speed is not affected by this driver.)
101 This implementation does not rely on any lookup tables so it is
102 believed to be invulnerable to cache timing attacks.
103
104config CRYPTO_AES_ARM_CE
105 tristate "Accelerated AES using ARMv8 Crypto Extensions"
106 depends on KERNEL_MODE_NEON
107 select CRYPTO_BLKCIPHER
108 select CRYPTO_SIMD
109 help
110 Use an implementation of AES in CBC, CTR and XTS modes that uses
111 ARMv8 Crypto Extensions
112
113config CRYPTO_GHASH_ARM_CE
114 tristate "PMULL-accelerated GHASH using ARMv8 Crypto Extensions"
115 depends on KERNEL_MODE_NEON
116 select CRYPTO_HASH
117 select CRYPTO_CRYPTD
118 help
119 Use an implementation of GHASH (used by the GCM AEAD chaining mode)
120 that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64)
121 that is part of the ARMv8 Crypto Extensions
122
123config CRYPTO_CRCT10DIF_ARM_CE
124 tristate "CRCT10DIF digest algorithm using PMULL instructions"
125 depends on KERNEL_MODE_NEON && CRC_T10DIF
126 select CRYPTO_HASH
127
128config CRYPTO_CRC32_ARM_CE
129 tristate "CRC32(C) digest algorithm using CRC and/or PMULL instructions"
130 depends on KERNEL_MODE_NEON && CRC32
131 select CRYPTO_HASH
132
133endif