1# SPDX-License-Identifier: GPL-2.0 2 3menu "Accelerated Cryptographic Algorithms for CPU (arm)" 4 5config CRYPTO_CURVE25519_NEON 6 tristate "Public key crypto: Curve25519 (NEON)" 7 depends on KERNEL_MODE_NEON 8 select CRYPTO_LIB_CURVE25519_GENERIC 9 select CRYPTO_ARCH_HAVE_LIB_CURVE25519 10 help 11 Curve25519 algorithm 12 13 Architecture: arm with 14 - NEON (Advanced SIMD) extensions 15 16config CRYPTO_GHASH_ARM_CE 17 tristate "Hash functions: GHASH (PMULL/NEON/ARMv8 Crypto Extensions)" 18 depends on KERNEL_MODE_NEON 19 select CRYPTO_AEAD 20 select CRYPTO_HASH 21 select CRYPTO_CRYPTD 22 select CRYPTO_LIB_AES 23 select CRYPTO_LIB_GF128MUL 24 help 25 GCM GHASH function (NIST SP800-38D) 26 27 Architecture: arm using 28 - PMULL (Polynomial Multiply Long) instructions 29 - NEON (Advanced SIMD) extensions 30 - ARMv8 Crypto Extensions 31 32 Use an implementation of GHASH (used by the GCM AEAD chaining mode) 33 that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64) 34 that is part of the ARMv8 Crypto Extensions, or a slower variant that 35 uses the vmull.p8 instruction that is part of the basic NEON ISA. 36 37config CRYPTO_NHPOLY1305_NEON 38 tristate "Hash functions: NHPoly1305 (NEON)" 39 depends on KERNEL_MODE_NEON 40 select CRYPTO_NHPOLY1305 41 help 42 NHPoly1305 hash function (Adiantum) 43 44 Architecture: arm using: 45 - NEON (Advanced SIMD) extensions 46 47config CRYPTO_POLY1305_ARM 48 tristate "Hash functions: Poly1305 (NEON)" 49 select CRYPTO_HASH 50 select CRYPTO_ARCH_HAVE_LIB_POLY1305 51 help 52 Poly1305 authenticator algorithm (RFC7539) 53 54 Architecture: arm optionally using 55 - NEON (Advanced SIMD) extensions 56 57config CRYPTO_BLAKE2S_ARM 58 bool "Hash functions: BLAKE2s" 59 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S 60 help 61 BLAKE2s cryptographic hash function (RFC 7693) 62 63 Architecture: arm 64 65 This is faster than the generic implementations of BLAKE2s and 66 BLAKE2b, but slower than the NEON implementation of BLAKE2b. 67 There is no NEON implementation of BLAKE2s, since NEON doesn't 68 really help with it. 69 70config CRYPTO_BLAKE2B_NEON 71 tristate "Hash functions: BLAKE2b (NEON)" 72 depends on KERNEL_MODE_NEON 73 select CRYPTO_BLAKE2B 74 help 75 BLAKE2b cryptographic hash function (RFC 7693) 76 77 Architecture: arm using 78 - NEON (Advanced SIMD) extensions 79 80 BLAKE2b digest algorithm optimized with ARM NEON instructions. 81 On ARM processors that have NEON support but not the ARMv8 82 Crypto Extensions, typically this BLAKE2b implementation is 83 much faster than the SHA-2 family and slightly faster than 84 SHA-1. 85 86config CRYPTO_SHA1_ARM 87 tristate "Hash functions: SHA-1" 88 select CRYPTO_SHA1 89 select CRYPTO_HASH 90 help 91 SHA-1 secure hash algorithm (FIPS 180) 92 93 Architecture: arm 94 95config CRYPTO_SHA1_ARM_NEON 96 tristate "Hash functions: SHA-1 (NEON)" 97 depends on KERNEL_MODE_NEON 98 select CRYPTO_SHA1_ARM 99 select CRYPTO_SHA1 100 select CRYPTO_HASH 101 help 102 SHA-1 secure hash algorithm (FIPS 180) 103 104 Architecture: arm using 105 - NEON (Advanced SIMD) extensions 106 107config CRYPTO_SHA1_ARM_CE 108 tristate "Hash functions: SHA-1 (ARMv8 Crypto Extensions)" 109 depends on KERNEL_MODE_NEON 110 select CRYPTO_SHA1_ARM 111 select CRYPTO_HASH 112 help 113 SHA-1 secure hash algorithm (FIPS 180) 114 115 Architecture: arm using ARMv8 Crypto Extensions 116 117config CRYPTO_SHA2_ARM_CE 118 tristate "Hash functions: SHA-224 and SHA-256 (ARMv8 Crypto Extensions)" 119 depends on KERNEL_MODE_NEON 120 select CRYPTO_SHA256_ARM 121 select CRYPTO_HASH 122 help 123 SHA-224 and SHA-256 secure hash algorithms (FIPS 180) 124 125 Architecture: arm using 126 - ARMv8 Crypto Extensions 127 128config CRYPTO_SHA256_ARM 129 tristate "Hash functions: SHA-224 and SHA-256 (NEON)" 130 select CRYPTO_HASH 131 depends on !CPU_V7M 132 help 133 SHA-224 and SHA-256 secure hash algorithms (FIPS 180) 134 135 Architecture: arm using 136 - NEON (Advanced SIMD) extensions 137 138config CRYPTO_SHA512_ARM 139 tristate "Hash functions: SHA-384 and SHA-512 (NEON)" 140 select CRYPTO_HASH 141 depends on !CPU_V7M 142 help 143 SHA-384 and SHA-512 secure hash algorithms (FIPS 180) 144 145 Architecture: arm using 146 - NEON (Advanced SIMD) extensions 147 148config CRYPTO_AES_ARM 149 tristate "Ciphers: AES" 150 select CRYPTO_ALGAPI 151 select CRYPTO_AES 152 help 153 Block ciphers: AES cipher algorithms (FIPS-197) 154 155 Architecture: arm 156 157 On ARM processors without the Crypto Extensions, this is the 158 fastest AES implementation for single blocks. For multiple 159 blocks, the NEON bit-sliced implementation is usually faster. 160 161 This implementation may be vulnerable to cache timing attacks, 162 since it uses lookup tables. However, as countermeasures it 163 disables IRQs and preloads the tables; it is hoped this makes 164 such attacks very difficult. 165 166config CRYPTO_AES_ARM_BS 167 tristate "Ciphers: AES, modes: ECB/CBC/CTR/XTS (bit-sliced NEON)" 168 depends on KERNEL_MODE_NEON 169 select CRYPTO_AES_ARM 170 select CRYPTO_SKCIPHER 171 select CRYPTO_LIB_AES 172 select CRYPTO_SIMD 173 help 174 Length-preserving ciphers: AES cipher algorithms (FIPS-197) 175 with block cipher modes: 176 - ECB (Electronic Codebook) mode (NIST SP800-38A) 177 - CBC (Cipher Block Chaining) mode (NIST SP800-38A) 178 - CTR (Counter) mode (NIST SP800-38A) 179 - XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E 180 and IEEE 1619) 181 182 Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode 183 and for XTS mode encryption, CBC and XTS mode decryption speedup is 184 around 25%. (CBC encryption speed is not affected by this driver.) 185 186 The bit sliced AES code does not use lookup tables, so it is believed 187 to be invulnerable to cache timing attacks. However, since the bit 188 sliced AES code cannot process single blocks efficiently, in certain 189 cases table-based code with some countermeasures against cache timing 190 attacks will still be used as a fallback method; specifically CBC 191 encryption (not CBC decryption), the encryption of XTS tweaks, XTS 192 ciphertext stealing when the message isn't a multiple of 16 bytes, and 193 CTR when invoked in a context in which NEON instructions are unusable. 194 195config CRYPTO_AES_ARM_CE 196 tristate "Ciphers: AES, modes: ECB/CBC/CTS/CTR/XTS (ARMv8 Crypto Extensions)" 197 depends on KERNEL_MODE_NEON 198 select CRYPTO_SKCIPHER 199 select CRYPTO_LIB_AES 200 select CRYPTO_SIMD 201 help 202 Length-preserving ciphers: AES cipher algorithms (FIPS-197) 203 with block cipher modes: 204 - ECB (Electronic Codebook) mode (NIST SP800-38A) 205 - CBC (Cipher Block Chaining) mode (NIST SP800-38A) 206 - CTR (Counter) mode (NIST SP800-38A) 207 - CTS (Cipher Text Stealing) mode (NIST SP800-38A) 208 - XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E 209 and IEEE 1619) 210 211 Architecture: arm using: 212 - ARMv8 Crypto Extensions 213 214config CRYPTO_CHACHA20_NEON 215 tristate "Ciphers: ChaCha20, XChaCha20, XChaCha12 (NEON)" 216 select CRYPTO_SKCIPHER 217 select CRYPTO_ARCH_HAVE_LIB_CHACHA 218 help 219 Length-preserving ciphers: ChaCha20, XChaCha20, and XChaCha12 220 stream cipher algorithms 221 222 Architecture: arm using: 223 - NEON (Advanced SIMD) extensions 224 225config CRYPTO_CRC32_ARM_CE 226 tristate "CRC32C and CRC32" 227 depends on KERNEL_MODE_NEON 228 depends on CRC32 229 select CRYPTO_HASH 230 help 231 CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720) 232 and CRC32 CRC algorithm (IEEE 802.3) 233 234 Architecture: arm using: 235 - CRC and/or PMULL instructions 236 237 Drivers: crc32-arm-ce and crc32c-arm-ce 238 239config CRYPTO_CRCT10DIF_ARM_CE 240 tristate "CRCT10DIF" 241 depends on KERNEL_MODE_NEON 242 depends on CRC_T10DIF 243 select CRYPTO_HASH 244 help 245 CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF) 246 247 Architecture: arm using: 248 - PMULL (Polynomial Multiply Long) instructions 249 250endmenu 251 252