1b2441318SGreg Kroah-Hartman# SPDX-License-Identifier: GPL-2.0 2652ccae5SArd Biesheuvel 3652ccae5SArd Biesheuvelmenuconfig ARM_CRYPTO 4652ccae5SArd Biesheuvel bool "ARM Accelerated Cryptographic Algorithms" 5652ccae5SArd Biesheuvel depends on ARM 6652ccae5SArd Biesheuvel help 7652ccae5SArd Biesheuvel Say Y here to choose from a selection of cryptographic algorithms 8652ccae5SArd Biesheuvel implemented using ARM specific CPU features or instructions. 9652ccae5SArd Biesheuvel 10652ccae5SArd Biesheuvelif ARM_CRYPTO 11652ccae5SArd Biesheuvel 12652ccae5SArd Biesheuvelconfig CRYPTO_SHA1_ARM 13652ccae5SArd Biesheuvel tristate "SHA1 digest algorithm (ARM-asm)" 14652ccae5SArd Biesheuvel select CRYPTO_SHA1 15652ccae5SArd Biesheuvel select CRYPTO_HASH 16652ccae5SArd Biesheuvel help 17652ccae5SArd Biesheuvel SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 18652ccae5SArd Biesheuvel using optimized ARM assembler. 19652ccae5SArd Biesheuvel 20652ccae5SArd Biesheuvelconfig CRYPTO_SHA1_ARM_NEON 21652ccae5SArd Biesheuvel tristate "SHA1 digest algorithm (ARM NEON)" 22652ccae5SArd Biesheuvel depends on KERNEL_MODE_NEON 23652ccae5SArd Biesheuvel select CRYPTO_SHA1_ARM 24652ccae5SArd Biesheuvel select CRYPTO_SHA1 25652ccae5SArd Biesheuvel select CRYPTO_HASH 26652ccae5SArd Biesheuvel help 27652ccae5SArd Biesheuvel SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 28652ccae5SArd Biesheuvel using optimized ARM NEON assembly, when NEON instructions are 29652ccae5SArd Biesheuvel available. 30652ccae5SArd Biesheuvel 31864cbeedSArd Biesheuvelconfig CRYPTO_SHA1_ARM_CE 32864cbeedSArd Biesheuvel tristate "SHA1 digest algorithm (ARM v8 Crypto Extensions)" 33b4d0c0aaSArd Biesheuvel depends on KERNEL_MODE_NEON && (CC_IS_CLANG || GCC_VERSION >= 40800) 34864cbeedSArd Biesheuvel select CRYPTO_SHA1_ARM 35864cbeedSArd Biesheuvel select CRYPTO_HASH 36864cbeedSArd Biesheuvel help 37864cbeedSArd Biesheuvel SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 38864cbeedSArd Biesheuvel using special ARMv8 Crypto Extensions. 39864cbeedSArd Biesheuvel 40006d0624SArd Biesheuvelconfig CRYPTO_SHA2_ARM_CE 41006d0624SArd Biesheuvel tristate "SHA-224/256 digest algorithm (ARM v8 Crypto Extensions)" 42b4d0c0aaSArd Biesheuvel depends on KERNEL_MODE_NEON && (CC_IS_CLANG || GCC_VERSION >= 40800) 439205b949SArd Biesheuvel select CRYPTO_SHA256_ARM 44006d0624SArd Biesheuvel select CRYPTO_HASH 45006d0624SArd Biesheuvel help 46006d0624SArd Biesheuvel SHA-256 secure hash standard (DFIPS 180-2) implemented 47006d0624SArd Biesheuvel using special ARMv8 Crypto Extensions. 48006d0624SArd Biesheuvel 49f2f770d7SSami Tolvanenconfig CRYPTO_SHA256_ARM 50f2f770d7SSami Tolvanen tristate "SHA-224/256 digest algorithm (ARM-asm and NEON)" 51f2f770d7SSami Tolvanen select CRYPTO_HASH 52b48321deSArnd Bergmann depends on !CPU_V7M 53f2f770d7SSami Tolvanen help 54f2f770d7SSami Tolvanen SHA-256 secure hash standard (DFIPS 180-2) implemented 55f2f770d7SSami Tolvanen using optimized ARM assembler and NEON, when available. 56f2f770d7SSami Tolvanen 57c80ae7caSArd Biesheuvelconfig CRYPTO_SHA512_ARM 58c80ae7caSArd Biesheuvel tristate "SHA-384/512 digest algorithm (ARM-asm and NEON)" 59652ccae5SArd Biesheuvel select CRYPTO_HASH 60c80ae7caSArd Biesheuvel depends on !CPU_V7M 61652ccae5SArd Biesheuvel help 62652ccae5SArd Biesheuvel SHA-512 secure hash standard (DFIPS 180-2) implemented 63c80ae7caSArd Biesheuvel using optimized ARM assembler and NEON, when available. 64652ccae5SArd Biesheuvel 65652ccae5SArd Biesheuvelconfig CRYPTO_AES_ARM 6681edb426SArd Biesheuvel tristate "Scalar AES cipher for ARM" 67652ccae5SArd Biesheuvel select CRYPTO_ALGAPI 68652ccae5SArd Biesheuvel select CRYPTO_AES 69652ccae5SArd Biesheuvel help 70652ccae5SArd Biesheuvel Use optimized AES assembler routines for ARM platforms. 71652ccae5SArd Biesheuvel 72913a3aa0SEric Biggers On ARM processors without the Crypto Extensions, this is the 73913a3aa0SEric Biggers fastest AES implementation for single blocks. For multiple 74913a3aa0SEric Biggers blocks, the NEON bit-sliced implementation is usually faster. 75913a3aa0SEric Biggers 76913a3aa0SEric Biggers This implementation may be vulnerable to cache timing attacks, 77913a3aa0SEric Biggers since it uses lookup tables. However, as countermeasures it 78913a3aa0SEric Biggers disables IRQs and preloads the tables; it is hoped this makes 79913a3aa0SEric Biggers such attacks very difficult. 80913a3aa0SEric Biggers 81652ccae5SArd Biesheuvelconfig CRYPTO_AES_ARM_BS 82652ccae5SArd Biesheuvel tristate "Bit sliced AES using NEON instructions" 83652ccae5SArd Biesheuvel depends on KERNEL_MODE_NEON 84b95bba5dSEric Biggers select CRYPTO_SKCIPHER 85aa6e2d2bSArd Biesheuvel select CRYPTO_LIB_AES 866fdf436fSHerbert Xu select CRYPTO_SIMD 87652ccae5SArd Biesheuvel help 88652ccae5SArd Biesheuvel Use a faster and more secure NEON based implementation of AES in CBC, 89652ccae5SArd Biesheuvel CTR and XTS modes 90652ccae5SArd Biesheuvel 91652ccae5SArd Biesheuvel Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode 92652ccae5SArd Biesheuvel and for XTS mode encryption, CBC and XTS mode decryption speedup is 93652ccae5SArd Biesheuvel around 25%. (CBC encryption speed is not affected by this driver.) 94652ccae5SArd Biesheuvel This implementation does not rely on any lookup tables so it is 95652ccae5SArd Biesheuvel believed to be invulnerable to cache timing attacks. 96652ccae5SArd Biesheuvel 9786464859SArd Biesheuvelconfig CRYPTO_AES_ARM_CE 9886464859SArd Biesheuvel tristate "Accelerated AES using ARMv8 Crypto Extensions" 99b4d0c0aaSArd Biesheuvel depends on KERNEL_MODE_NEON && (CC_IS_CLANG || GCC_VERSION >= 40800) 100b95bba5dSEric Biggers select CRYPTO_SKCIPHER 101585b5fa6SHerbert Xu select CRYPTO_SIMD 10286464859SArd Biesheuvel help 10386464859SArd Biesheuvel Use an implementation of AES in CBC, CTR and XTS modes that uses 10486464859SArd Biesheuvel ARMv8 Crypto Extensions 10586464859SArd Biesheuvel 106f1e866b1SArd Biesheuvelconfig CRYPTO_GHASH_ARM_CE 1073759ee05SArd Biesheuvel tristate "PMULL-accelerated GHASH using NEON/ARMv8 Crypto Extensions" 108b4d0c0aaSArd Biesheuvel depends on KERNEL_MODE_NEON && (CC_IS_CLANG || GCC_VERSION >= 40800) 109f1e866b1SArd Biesheuvel select CRYPTO_HASH 110f1e866b1SArd Biesheuvel select CRYPTO_CRYPTD 11100227e3aSArd Biesheuvel select CRYPTO_GF128MUL 112f1e866b1SArd Biesheuvel help 113f1e866b1SArd Biesheuvel Use an implementation of GHASH (used by the GCM AEAD chaining mode) 114f1e866b1SArd Biesheuvel that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64) 1153759ee05SArd Biesheuvel that is part of the ARMv8 Crypto Extensions, or a slower variant that 1163759ee05SArd Biesheuvel uses the vmull.p8 instruction that is part of the basic NEON ISA. 117f1e866b1SArd Biesheuvel 1181d481f1cSArd Biesheuvelconfig CRYPTO_CRCT10DIF_ARM_CE 1191d481f1cSArd Biesheuvel tristate "CRCT10DIF digest algorithm using PMULL instructions" 120b4d0c0aaSArd Biesheuvel depends on KERNEL_MODE_NEON && (CC_IS_CLANG || GCC_VERSION >= 40800) 121b4d0c0aaSArd Biesheuvel depends on CRC_T10DIF 1221d481f1cSArd Biesheuvel select CRYPTO_HASH 1231d481f1cSArd Biesheuvel 124d0a3431aSArd Biesheuvelconfig CRYPTO_CRC32_ARM_CE 125d0a3431aSArd Biesheuvel tristate "CRC32(C) digest algorithm using CRC and/or PMULL instructions" 126b4d0c0aaSArd Biesheuvel depends on KERNEL_MODE_NEON && (CC_IS_CLANG || GCC_VERSION >= 40800) 127b4d0c0aaSArd Biesheuvel depends on CRC32 128d0a3431aSArd Biesheuvel select CRYPTO_HASH 129d0a3431aSArd Biesheuvel 130afaf712eSArd Biesheuvelconfig CRYPTO_CHACHA20_NEON 131b36d8c09SArd Biesheuvel tristate "NEON and scalar accelerated ChaCha stream cipher algorithms" 132b95bba5dSEric Biggers select CRYPTO_SKCIPHER 133*a44a3430SArd Biesheuvel select CRYPTO_ARCH_HAVE_LIB_CHACHA 134afaf712eSArd Biesheuvel 13516aae359SEric Biggersconfig CRYPTO_NHPOLY1305_NEON 13616aae359SEric Biggers tristate "NEON accelerated NHPoly1305 hash function (for Adiantum)" 13716aae359SEric Biggers depends on KERNEL_MODE_NEON 13816aae359SEric Biggers select CRYPTO_NHPOLY1305 13916aae359SEric Biggers 140652ccae5SArd Biesheuvelendif 141