xref: /linux/arch/arm/crypto/Kconfig (revision 1260ed77798502de9c98020040d2995008de10cc) 
1# SPDX-License-Identifier: GPL-2.0
2
3menu "Accelerated Cryptographic Algorithms for CPU (arm)"
4
5config CRYPTO_CURVE25519_NEON
6	tristate
7	depends on KERNEL_MODE_NEON
8	select CRYPTO_KPP
9	select CRYPTO_LIB_CURVE25519_GENERIC
10	select CRYPTO_ARCH_HAVE_LIB_CURVE25519
11	default CRYPTO_LIB_CURVE25519_INTERNAL
12	help
13	  Curve25519 algorithm
14
15	  Architecture: arm with
16	  - NEON (Advanced SIMD) extensions
17
18config CRYPTO_GHASH_ARM_CE
19	tristate "Hash functions: GHASH (PMULL/NEON/ARMv8 Crypto Extensions)"
20	depends on KERNEL_MODE_NEON
21	select CRYPTO_AEAD
22	select CRYPTO_HASH
23	select CRYPTO_CRYPTD
24	select CRYPTO_LIB_AES
25	select CRYPTO_LIB_GF128MUL
26	help
27	  GCM GHASH function (NIST SP800-38D)
28
29	  Architecture: arm using
30	  - PMULL (Polynomial Multiply Long) instructions
31	  - NEON (Advanced SIMD) extensions
32	  - ARMv8 Crypto Extensions
33
34	  Use an implementation of GHASH (used by the GCM AEAD chaining mode)
35	  that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64)
36	  that is part of the ARMv8 Crypto Extensions, or a slower variant that
37	  uses the vmull.p8 instruction that is part of the basic NEON ISA.
38
39config CRYPTO_NHPOLY1305_NEON
40	tristate "Hash functions: NHPoly1305 (NEON)"
41	depends on KERNEL_MODE_NEON
42	select CRYPTO_NHPOLY1305
43	help
44	  NHPoly1305 hash function (Adiantum)
45
46	  Architecture: arm using:
47	  - NEON (Advanced SIMD) extensions
48
49config CRYPTO_POLY1305_ARM
50	tristate
51	select CRYPTO_HASH
52	select CRYPTO_ARCH_HAVE_LIB_POLY1305
53	default CRYPTO_LIB_POLY1305_INTERNAL
54	help
55	  Poly1305 authenticator algorithm (RFC7539)
56
57	  Architecture: arm optionally using
58	  - NEON (Advanced SIMD) extensions
59
60config CRYPTO_BLAKE2S_ARM
61	bool "Hash functions: BLAKE2s"
62	select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
63	help
64	  BLAKE2s cryptographic hash function (RFC 7693)
65
66	  Architecture: arm
67
68	  This is faster than the generic implementations of BLAKE2s and
69	  BLAKE2b, but slower than the NEON implementation of BLAKE2b.
70	  There is no NEON implementation of BLAKE2s, since NEON doesn't
71	  really help with it.
72
73config CRYPTO_BLAKE2B_NEON
74	tristate "Hash functions: BLAKE2b (NEON)"
75	depends on KERNEL_MODE_NEON
76	select CRYPTO_BLAKE2B
77	help
78	  BLAKE2b cryptographic hash function (RFC 7693)
79
80	  Architecture: arm using
81	  - NEON (Advanced SIMD) extensions
82
83	  BLAKE2b digest algorithm optimized with ARM NEON instructions.
84	  On ARM processors that have NEON support but not the ARMv8
85	  Crypto Extensions, typically this BLAKE2b implementation is
86	  much faster than the SHA-2 family and slightly faster than
87	  SHA-1.
88
89config CRYPTO_SHA1_ARM
90	tristate "Hash functions: SHA-1"
91	select CRYPTO_SHA1
92	select CRYPTO_HASH
93	help
94	  SHA-1 secure hash algorithm (FIPS 180)
95
96	  Architecture: arm
97
98config CRYPTO_SHA1_ARM_NEON
99	tristate "Hash functions: SHA-1 (NEON)"
100	depends on KERNEL_MODE_NEON
101	select CRYPTO_SHA1_ARM
102	select CRYPTO_SHA1
103	select CRYPTO_HASH
104	help
105	  SHA-1 secure hash algorithm (FIPS 180)
106
107	  Architecture: arm using
108	  - NEON (Advanced SIMD) extensions
109
110config CRYPTO_SHA1_ARM_CE
111	tristate "Hash functions: SHA-1 (ARMv8 Crypto Extensions)"
112	depends on KERNEL_MODE_NEON
113	select CRYPTO_SHA1_ARM
114	select CRYPTO_HASH
115	help
116	  SHA-1 secure hash algorithm (FIPS 180)
117
118	  Architecture: arm using ARMv8 Crypto Extensions
119
120config CRYPTO_SHA2_ARM_CE
121	tristate "Hash functions: SHA-224 and SHA-256 (ARMv8 Crypto Extensions)"
122	depends on KERNEL_MODE_NEON
123	select CRYPTO_SHA256_ARM
124	select CRYPTO_HASH
125	help
126	  SHA-224 and SHA-256 secure hash algorithms (FIPS 180)
127
128	  Architecture: arm using
129	  - ARMv8 Crypto Extensions
130
131config CRYPTO_SHA256_ARM
132	tristate "Hash functions: SHA-224 and SHA-256 (NEON)"
133	select CRYPTO_HASH
134	depends on !CPU_V7M
135	help
136	  SHA-224 and SHA-256 secure hash algorithms (FIPS 180)
137
138	  Architecture: arm using
139	  - NEON (Advanced SIMD) extensions
140
141config CRYPTO_SHA512_ARM
142	tristate "Hash functions: SHA-384 and SHA-512 (NEON)"
143	select CRYPTO_HASH
144	depends on !CPU_V7M
145	help
146	  SHA-384 and SHA-512 secure hash algorithms (FIPS 180)
147
148	  Architecture: arm using
149	  - NEON (Advanced SIMD) extensions
150
151config CRYPTO_AES_ARM
152	tristate "Ciphers: AES"
153	select CRYPTO_ALGAPI
154	select CRYPTO_AES
155	help
156	  Block ciphers: AES cipher algorithms (FIPS-197)
157
158	  Architecture: arm
159
160	  On ARM processors without the Crypto Extensions, this is the
161	  fastest AES implementation for single blocks.  For multiple
162	  blocks, the NEON bit-sliced implementation is usually faster.
163
164	  This implementation may be vulnerable to cache timing attacks,
165	  since it uses lookup tables.  However, as countermeasures it
166	  disables IRQs and preloads the tables; it is hoped this makes
167	  such attacks very difficult.
168
169config CRYPTO_AES_ARM_BS
170	tristate "Ciphers: AES, modes: ECB/CBC/CTR/XTS (bit-sliced NEON)"
171	depends on KERNEL_MODE_NEON
172	select CRYPTO_AES_ARM
173	select CRYPTO_SKCIPHER
174	select CRYPTO_LIB_AES
175	select CRYPTO_SIMD
176	help
177	  Length-preserving ciphers: AES cipher algorithms (FIPS-197)
178	  with block cipher modes:
179	   - ECB (Electronic Codebook) mode (NIST SP800-38A)
180	   - CBC (Cipher Block Chaining) mode (NIST SP800-38A)
181	   - CTR (Counter) mode (NIST SP800-38A)
182	   - XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
183	     and IEEE 1619)
184
185	  Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode
186	  and for XTS mode encryption, CBC and XTS mode decryption speedup is
187	  around 25%. (CBC encryption speed is not affected by this driver.)
188
189	  The bit sliced AES code does not use lookup tables, so it is believed
190	  to be invulnerable to cache timing attacks. However, since the bit
191	  sliced AES code cannot process single blocks efficiently, in certain
192	  cases table-based code with some countermeasures against cache timing
193	  attacks will still be used as a fallback method; specifically CBC
194	  encryption (not CBC decryption), the encryption of XTS tweaks, XTS
195	  ciphertext stealing when the message isn't a multiple of 16 bytes, and
196	  CTR when invoked in a context in which NEON instructions are unusable.
197
198config CRYPTO_AES_ARM_CE
199	tristate "Ciphers: AES, modes: ECB/CBC/CTS/CTR/XTS (ARMv8 Crypto Extensions)"
200	depends on KERNEL_MODE_NEON
201	select CRYPTO_SKCIPHER
202	select CRYPTO_LIB_AES
203	select CRYPTO_SIMD
204	help
205	  Length-preserving ciphers: AES cipher algorithms (FIPS-197)
206	   with block cipher modes:
207	   - ECB (Electronic Codebook) mode (NIST SP800-38A)
208	   - CBC (Cipher Block Chaining) mode (NIST SP800-38A)
209	   - CTR (Counter) mode (NIST SP800-38A)
210	   - CTS (Cipher Text Stealing) mode (NIST SP800-38A)
211	   - XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
212	     and IEEE 1619)
213
214	  Architecture: arm using:
215	  - ARMv8 Crypto Extensions
216
217config CRYPTO_CHACHA20_NEON
218	tristate
219	select CRYPTO_SKCIPHER
220	select CRYPTO_ARCH_HAVE_LIB_CHACHA
221	default CRYPTO_LIB_CHACHA_INTERNAL
222	help
223	  Length-preserving ciphers: ChaCha20, XChaCha20, and XChaCha12
224	  stream cipher algorithms
225
226	  Architecture: arm using:
227	  - NEON (Advanced SIMD) extensions
228
229endmenu
230
231