Loading...
1# SPDX-License-Identifier: GPL-2.0
2
3menu "Accelerated Cryptographic Algorithms for CPU (arm)"
4
5config CRYPTO_CURVE25519_NEON
6 tristate "Public key crypto: Curve25519 (NEON)"
7 depends on KERNEL_MODE_NEON
8 select CRYPTO_LIB_CURVE25519_GENERIC
9 select CRYPTO_ARCH_HAVE_LIB_CURVE25519
10 help
11 Curve25519 algorithm
12
13 Architecture: arm with
14 - NEON (Advanced SIMD) extensions
15
16config CRYPTO_GHASH_ARM_CE
17 tristate "Hash functions: GHASH (PMULL/NEON/ARMv8 Crypto Extensions)"
18 depends on KERNEL_MODE_NEON
19 select CRYPTO_AEAD
20 select CRYPTO_HASH
21 select CRYPTO_CRYPTD
22 select CRYPTO_LIB_AES
23 select CRYPTO_LIB_GF128MUL
24 help
25 GCM GHASH function (NIST SP800-38D)
26
27 Architecture: arm using
28 - PMULL (Polynomial Multiply Long) instructions
29 - NEON (Advanced SIMD) extensions
30 - ARMv8 Crypto Extensions
31
32 Use an implementation of GHASH (used by the GCM AEAD chaining mode)
33 that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64)
34 that is part of the ARMv8 Crypto Extensions, or a slower variant that
35 uses the vmull.p8 instruction that is part of the basic NEON ISA.
36
37config CRYPTO_NHPOLY1305_NEON
38 tristate "Hash functions: NHPoly1305 (NEON)"
39 depends on KERNEL_MODE_NEON
40 select CRYPTO_NHPOLY1305
41 help
42 NHPoly1305 hash function (Adiantum)
43
44 Architecture: arm using:
45 - NEON (Advanced SIMD) extensions
46
47config CRYPTO_POLY1305_ARM
48 tristate "Hash functions: Poly1305 (NEON)"
49 select CRYPTO_HASH
50 select CRYPTO_ARCH_HAVE_LIB_POLY1305
51 help
52 Poly1305 authenticator algorithm (RFC7539)
53
54 Architecture: arm optionally using
55 - NEON (Advanced SIMD) extensions
56
57config CRYPTO_BLAKE2S_ARM
58 bool "Hash functions: BLAKE2s"
59 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
60 help
61 BLAKE2s cryptographic hash function (RFC 7693)
62
63 Architecture: arm
64
65 This is faster than the generic implementations of BLAKE2s and
66 BLAKE2b, but slower than the NEON implementation of BLAKE2b.
67 There is no NEON implementation of BLAKE2s, since NEON doesn't
68 really help with it.
69
70config CRYPTO_BLAKE2B_NEON
71 tristate "Hash functions: BLAKE2b (NEON)"
72 depends on KERNEL_MODE_NEON
73 select CRYPTO_BLAKE2B
74 help
75 BLAKE2b cryptographic hash function (RFC 7693)
76
77 Architecture: arm using
78 - NEON (Advanced SIMD) extensions
79
80 BLAKE2b digest algorithm optimized with ARM NEON instructions.
81 On ARM processors that have NEON support but not the ARMv8
82 Crypto Extensions, typically this BLAKE2b implementation is
83 much faster than the SHA-2 family and slightly faster than
84 SHA-1.
85
86config CRYPTO_SHA1_ARM
87 tristate "Hash functions: SHA-1"
88 select CRYPTO_SHA1
89 select CRYPTO_HASH
90 help
91 SHA-1 secure hash algorithm (FIPS 180)
92
93 Architecture: arm
94
95config CRYPTO_SHA1_ARM_NEON
96 tristate "Hash functions: SHA-1 (NEON)"
97 depends on KERNEL_MODE_NEON
98 select CRYPTO_SHA1_ARM
99 select CRYPTO_SHA1
100 select CRYPTO_HASH
101 help
102 SHA-1 secure hash algorithm (FIPS 180)
103
104 Architecture: arm using
105 - NEON (Advanced SIMD) extensions
106
107config CRYPTO_SHA1_ARM_CE
108 tristate "Hash functions: SHA-1 (ARMv8 Crypto Extensions)"
109 depends on KERNEL_MODE_NEON
110 select CRYPTO_SHA1_ARM
111 select CRYPTO_HASH
112 help
113 SHA-1 secure hash algorithm (FIPS 180)
114
115 Architecture: arm using ARMv8 Crypto Extensions
116
117config CRYPTO_SHA2_ARM_CE
118 tristate "Hash functions: SHA-224 and SHA-256 (ARMv8 Crypto Extensions)"
119 depends on KERNEL_MODE_NEON
120 select CRYPTO_SHA256_ARM
121 select CRYPTO_HASH
122 help
123 SHA-224 and SHA-256 secure hash algorithms (FIPS 180)
124
125 Architecture: arm using
126 - ARMv8 Crypto Extensions
127
128config CRYPTO_SHA256_ARM
129 tristate "Hash functions: SHA-224 and SHA-256 (NEON)"
130 select CRYPTO_HASH
131 depends on !CPU_V7M
132 help
133 SHA-224 and SHA-256 secure hash algorithms (FIPS 180)
134
135 Architecture: arm using
136 - NEON (Advanced SIMD) extensions
137
138config CRYPTO_SHA512_ARM
139 tristate "Hash functions: SHA-384 and SHA-512 (NEON)"
140 select CRYPTO_HASH
141 depends on !CPU_V7M
142 help
143 SHA-384 and SHA-512 secure hash algorithms (FIPS 180)
144
145 Architecture: arm using
146 - NEON (Advanced SIMD) extensions
147
148config CRYPTO_AES_ARM
149 tristate "Ciphers: AES"
150 select CRYPTO_ALGAPI
151 select CRYPTO_AES
152 help
153 Block ciphers: AES cipher algorithms (FIPS-197)
154
155 Architecture: arm
156
157 On ARM processors without the Crypto Extensions, this is the
158 fastest AES implementation for single blocks. For multiple
159 blocks, the NEON bit-sliced implementation is usually faster.
160
161 This implementation may be vulnerable to cache timing attacks,
162 since it uses lookup tables. However, as countermeasures it
163 disables IRQs and preloads the tables; it is hoped this makes
164 such attacks very difficult.
165
166config CRYPTO_AES_ARM_BS
167 tristate "Ciphers: AES, modes: ECB/CBC/CTR/XTS (bit-sliced NEON)"
168 depends on KERNEL_MODE_NEON
169 select CRYPTO_AES_ARM
170 select CRYPTO_SKCIPHER
171 select CRYPTO_LIB_AES
172 select CRYPTO_SIMD
173 help
174 Length-preserving ciphers: AES cipher algorithms (FIPS-197)
175 with block cipher modes:
176 - ECB (Electronic Codebook) mode (NIST SP800-38A)
177 - CBC (Cipher Block Chaining) mode (NIST SP800-38A)
178 - CTR (Counter) mode (NIST SP800-38A)
179 - XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
180 and IEEE 1619)
181
182 Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode
183 and for XTS mode encryption, CBC and XTS mode decryption speedup is
184 around 25%. (CBC encryption speed is not affected by this driver.)
185
186 The bit sliced AES code does not use lookup tables, so it is believed
187 to be invulnerable to cache timing attacks. However, since the bit
188 sliced AES code cannot process single blocks efficiently, in certain
189 cases table-based code with some countermeasures against cache timing
190 attacks will still be used as a fallback method; specifically CBC
191 encryption (not CBC decryption), the encryption of XTS tweaks, XTS
192 ciphertext stealing when the message isn't a multiple of 16 bytes, and
193 CTR when invoked in a context in which NEON instructions are unusable.
194
195config CRYPTO_AES_ARM_CE
196 tristate "Ciphers: AES, modes: ECB/CBC/CTS/CTR/XTS (ARMv8 Crypto Extensions)"
197 depends on KERNEL_MODE_NEON
198 select CRYPTO_SKCIPHER
199 select CRYPTO_LIB_AES
200 select CRYPTO_SIMD
201 help
202 Length-preserving ciphers: AES cipher algorithms (FIPS-197)
203 with block cipher modes:
204 - ECB (Electronic Codebook) mode (NIST SP800-38A)
205 - CBC (Cipher Block Chaining) mode (NIST SP800-38A)
206 - CTR (Counter) mode (NIST SP800-38A)
207 - CTS (Cipher Text Stealing) mode (NIST SP800-38A)
208 - XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
209 and IEEE 1619)
210
211 Architecture: arm using:
212 - ARMv8 Crypto Extensions
213
214config CRYPTO_CHACHA20_NEON
215 tristate "Ciphers: ChaCha20, XChaCha20, XChaCha12 (NEON)"
216 select CRYPTO_SKCIPHER
217 select CRYPTO_ARCH_HAVE_LIB_CHACHA
218 help
219 Length-preserving ciphers: ChaCha20, XChaCha20, and XChaCha12
220 stream cipher algorithms
221
222 Architecture: arm using:
223 - NEON (Advanced SIMD) extensions
224
225config CRYPTO_CRC32_ARM_CE
226 tristate "CRC32C and CRC32"
227 depends on KERNEL_MODE_NEON
228 depends on CRC32
229 select CRYPTO_HASH
230 help
231 CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720)
232 and CRC32 CRC algorithm (IEEE 802.3)
233
234 Architecture: arm using:
235 - CRC and/or PMULL instructions
236
237 Drivers: crc32-arm-ce and crc32c-arm-ce
238
239config CRYPTO_CRCT10DIF_ARM_CE
240 tristate "CRCT10DIF"
241 depends on KERNEL_MODE_NEON
242 depends on CRC_T10DIF
243 select CRYPTO_HASH
244 help
245 CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF)
246
247 Architecture: arm using:
248 - PMULL (Polynomial Multiply Long) instructions
249
250endmenu
251
1# SPDX-License-Identifier: GPL-2.0
2
3menuconfig ARM_CRYPTO
4 bool "ARM Accelerated Cryptographic Algorithms"
5 depends on ARM
6 help
7 Say Y here to choose from a selection of cryptographic algorithms
8 implemented using ARM specific CPU features or instructions.
9
10if ARM_CRYPTO
11
12config CRYPTO_SHA1_ARM
13 tristate "SHA1 digest algorithm (ARM-asm)"
14 select CRYPTO_SHA1
15 select CRYPTO_HASH
16 help
17 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
18 using optimized ARM assembler.
19
20config CRYPTO_SHA1_ARM_NEON
21 tristate "SHA1 digest algorithm (ARM NEON)"
22 depends on KERNEL_MODE_NEON
23 select CRYPTO_SHA1_ARM
24 select CRYPTO_SHA1
25 select CRYPTO_HASH
26 help
27 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
28 using optimized ARM NEON assembly, when NEON instructions are
29 available.
30
31config CRYPTO_SHA1_ARM_CE
32 tristate "SHA1 digest algorithm (ARM v8 Crypto Extensions)"
33 depends on KERNEL_MODE_NEON
34 select CRYPTO_SHA1_ARM
35 select CRYPTO_HASH
36 help
37 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
38 using special ARMv8 Crypto Extensions.
39
40config CRYPTO_SHA2_ARM_CE
41 tristate "SHA-224/256 digest algorithm (ARM v8 Crypto Extensions)"
42 depends on KERNEL_MODE_NEON
43 select CRYPTO_SHA256_ARM
44 select CRYPTO_HASH
45 help
46 SHA-256 secure hash standard (DFIPS 180-2) implemented
47 using special ARMv8 Crypto Extensions.
48
49config CRYPTO_SHA256_ARM
50 tristate "SHA-224/256 digest algorithm (ARM-asm and NEON)"
51 select CRYPTO_HASH
52 depends on !CPU_V7M
53 help
54 SHA-256 secure hash standard (DFIPS 180-2) implemented
55 using optimized ARM assembler and NEON, when available.
56
57config CRYPTO_SHA512_ARM
58 tristate "SHA-384/512 digest algorithm (ARM-asm and NEON)"
59 select CRYPTO_HASH
60 depends on !CPU_V7M
61 help
62 SHA-512 secure hash standard (DFIPS 180-2) implemented
63 using optimized ARM assembler and NEON, when available.
64
65config CRYPTO_BLAKE2S_ARM
66 tristate "BLAKE2s digest algorithm (ARM)"
67 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
68 help
69 BLAKE2s digest algorithm optimized with ARM scalar instructions. This
70 is faster than the generic implementations of BLAKE2s and BLAKE2b, but
71 slower than the NEON implementation of BLAKE2b. (There is no NEON
72 implementation of BLAKE2s, since NEON doesn't really help with it.)
73
74config CRYPTO_BLAKE2B_NEON
75 tristate "BLAKE2b digest algorithm (ARM NEON)"
76 depends on KERNEL_MODE_NEON
77 select CRYPTO_BLAKE2B
78 help
79 BLAKE2b digest algorithm optimized with ARM NEON instructions.
80 On ARM processors that have NEON support but not the ARMv8
81 Crypto Extensions, typically this BLAKE2b implementation is
82 much faster than SHA-2 and slightly faster than SHA-1.
83
84config CRYPTO_AES_ARM
85 tristate "Scalar AES cipher for ARM"
86 select CRYPTO_ALGAPI
87 select CRYPTO_AES
88 help
89 Use optimized AES assembler routines for ARM platforms.
90
91 On ARM processors without the Crypto Extensions, this is the
92 fastest AES implementation for single blocks. For multiple
93 blocks, the NEON bit-sliced implementation is usually faster.
94
95 This implementation may be vulnerable to cache timing attacks,
96 since it uses lookup tables. However, as countermeasures it
97 disables IRQs and preloads the tables; it is hoped this makes
98 such attacks very difficult.
99
100config CRYPTO_AES_ARM_BS
101 tristate "Bit sliced AES using NEON instructions"
102 depends on KERNEL_MODE_NEON
103 select CRYPTO_SKCIPHER
104 select CRYPTO_LIB_AES
105 select CRYPTO_SIMD
106 help
107 Use a faster and more secure NEON based implementation of AES in CBC,
108 CTR and XTS modes
109
110 Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode
111 and for XTS mode encryption, CBC and XTS mode decryption speedup is
112 around 25%. (CBC encryption speed is not affected by this driver.)
113 This implementation does not rely on any lookup tables so it is
114 believed to be invulnerable to cache timing attacks.
115
116config CRYPTO_AES_ARM_CE
117 tristate "Accelerated AES using ARMv8 Crypto Extensions"
118 depends on KERNEL_MODE_NEON
119 select CRYPTO_SKCIPHER
120 select CRYPTO_LIB_AES
121 select CRYPTO_SIMD
122 help
123 Use an implementation of AES in CBC, CTR and XTS modes that uses
124 ARMv8 Crypto Extensions
125
126config CRYPTO_GHASH_ARM_CE
127 tristate "PMULL-accelerated GHASH using NEON/ARMv8 Crypto Extensions"
128 depends on KERNEL_MODE_NEON
129 select CRYPTO_HASH
130 select CRYPTO_CRYPTD
131 select CRYPTO_GF128MUL
132 help
133 Use an implementation of GHASH (used by the GCM AEAD chaining mode)
134 that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64)
135 that is part of the ARMv8 Crypto Extensions, or a slower variant that
136 uses the vmull.p8 instruction that is part of the basic NEON ISA.
137
138config CRYPTO_CRCT10DIF_ARM_CE
139 tristate "CRCT10DIF digest algorithm using PMULL instructions"
140 depends on KERNEL_MODE_NEON
141 depends on CRC_T10DIF
142 select CRYPTO_HASH
143
144config CRYPTO_CRC32_ARM_CE
145 tristate "CRC32(C) digest algorithm using CRC and/or PMULL instructions"
146 depends on KERNEL_MODE_NEON
147 depends on CRC32
148 select CRYPTO_HASH
149
150config CRYPTO_CHACHA20_NEON
151 tristate "NEON and scalar accelerated ChaCha stream cipher algorithms"
152 select CRYPTO_SKCIPHER
153 select CRYPTO_ARCH_HAVE_LIB_CHACHA
154
155config CRYPTO_POLY1305_ARM
156 tristate "Accelerated scalar and SIMD Poly1305 hash implementations"
157 select CRYPTO_HASH
158 select CRYPTO_ARCH_HAVE_LIB_POLY1305
159
160config CRYPTO_NHPOLY1305_NEON
161 tristate "NEON accelerated NHPoly1305 hash function (for Adiantum)"
162 depends on KERNEL_MODE_NEON
163 select CRYPTO_NHPOLY1305
164
165config CRYPTO_CURVE25519_NEON
166 tristate "NEON accelerated Curve25519 scalar multiplication library"
167 depends on KERNEL_MODE_NEON
168 select CRYPTO_LIB_CURVE25519_GENERIC
169 select CRYPTO_ARCH_HAVE_LIB_CURVE25519
170
171endif