1652ccae5SArd Biesheuvel 2652ccae5SArd Biesheuvelmenuconfig ARM_CRYPTO 3652ccae5SArd Biesheuvel bool "ARM Accelerated Cryptographic Algorithms" 4652ccae5SArd Biesheuvel depends on ARM 5652ccae5SArd Biesheuvel help 6652ccae5SArd Biesheuvel Say Y here to choose from a selection of cryptographic algorithms 7652ccae5SArd Biesheuvel implemented using ARM specific CPU features or instructions. 8652ccae5SArd Biesheuvel 9652ccae5SArd Biesheuvelif ARM_CRYPTO 10652ccae5SArd Biesheuvel 11652ccae5SArd Biesheuvelconfig CRYPTO_SHA1_ARM 12652ccae5SArd Biesheuvel tristate "SHA1 digest algorithm (ARM-asm)" 13652ccae5SArd Biesheuvel select CRYPTO_SHA1 14652ccae5SArd Biesheuvel select CRYPTO_HASH 15652ccae5SArd Biesheuvel help 16652ccae5SArd Biesheuvel SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 17652ccae5SArd Biesheuvel using optimized ARM assembler. 18652ccae5SArd Biesheuvel 19652ccae5SArd Biesheuvelconfig CRYPTO_SHA1_ARM_NEON 20652ccae5SArd Biesheuvel tristate "SHA1 digest algorithm (ARM NEON)" 21652ccae5SArd Biesheuvel depends on KERNEL_MODE_NEON 22652ccae5SArd Biesheuvel select CRYPTO_SHA1_ARM 23652ccae5SArd Biesheuvel select CRYPTO_SHA1 24652ccae5SArd Biesheuvel select CRYPTO_HASH 25652ccae5SArd Biesheuvel help 26652ccae5SArd Biesheuvel SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 27652ccae5SArd Biesheuvel using optimized ARM NEON assembly, when NEON instructions are 28652ccae5SArd Biesheuvel available. 29652ccae5SArd Biesheuvel 30864cbeedSArd Biesheuvelconfig CRYPTO_SHA1_ARM_CE 31864cbeedSArd Biesheuvel tristate "SHA1 digest algorithm (ARM v8 Crypto Extensions)" 32864cbeedSArd Biesheuvel depends on KERNEL_MODE_NEON 33864cbeedSArd Biesheuvel select CRYPTO_SHA1_ARM 34864cbeedSArd Biesheuvel select CRYPTO_HASH 35864cbeedSArd Biesheuvel help 36864cbeedSArd Biesheuvel SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 37864cbeedSArd Biesheuvel using special ARMv8 Crypto Extensions. 38864cbeedSArd Biesheuvel 39006d0624SArd Biesheuvelconfig CRYPTO_SHA2_ARM_CE 40006d0624SArd Biesheuvel tristate "SHA-224/256 digest algorithm (ARM v8 Crypto Extensions)" 41006d0624SArd Biesheuvel depends on KERNEL_MODE_NEON 429205b949SArd Biesheuvel select CRYPTO_SHA256_ARM 43006d0624SArd Biesheuvel select CRYPTO_HASH 44006d0624SArd Biesheuvel help 45006d0624SArd Biesheuvel SHA-256 secure hash standard (DFIPS 180-2) implemented 46006d0624SArd Biesheuvel using special ARMv8 Crypto Extensions. 47006d0624SArd Biesheuvel 48f2f770d7SSami Tolvanenconfig CRYPTO_SHA256_ARM 49f2f770d7SSami Tolvanen tristate "SHA-224/256 digest algorithm (ARM-asm and NEON)" 50f2f770d7SSami Tolvanen select CRYPTO_HASH 51*b48321deSArnd Bergmann depends on !CPU_V7M 52f2f770d7SSami Tolvanen help 53f2f770d7SSami Tolvanen SHA-256 secure hash standard (DFIPS 180-2) implemented 54f2f770d7SSami Tolvanen using optimized ARM assembler and NEON, when available. 55f2f770d7SSami Tolvanen 56652ccae5SArd Biesheuvelconfig CRYPTO_SHA512_ARM_NEON 57652ccae5SArd Biesheuvel tristate "SHA384 and SHA512 digest algorithm (ARM NEON)" 58652ccae5SArd Biesheuvel depends on KERNEL_MODE_NEON 59652ccae5SArd Biesheuvel select CRYPTO_SHA512 60652ccae5SArd Biesheuvel select CRYPTO_HASH 61652ccae5SArd Biesheuvel help 62652ccae5SArd Biesheuvel SHA-512 secure hash standard (DFIPS 180-2) implemented 63652ccae5SArd Biesheuvel using ARM NEON instructions, when available. 64652ccae5SArd Biesheuvel 65652ccae5SArd Biesheuvel This version of SHA implements a 512 bit hash with 256 bits of 66652ccae5SArd Biesheuvel security against collision attacks. 67652ccae5SArd Biesheuvel 68652ccae5SArd Biesheuvel This code also includes SHA-384, a 384 bit hash with 192 bits 69652ccae5SArd Biesheuvel of security against collision attacks. 70652ccae5SArd Biesheuvel 71652ccae5SArd Biesheuvelconfig CRYPTO_AES_ARM 72652ccae5SArd Biesheuvel tristate "AES cipher algorithms (ARM-asm)" 73652ccae5SArd Biesheuvel depends on ARM 74652ccae5SArd Biesheuvel select CRYPTO_ALGAPI 75652ccae5SArd Biesheuvel select CRYPTO_AES 76652ccae5SArd Biesheuvel help 77652ccae5SArd Biesheuvel Use optimized AES assembler routines for ARM platforms. 78652ccae5SArd Biesheuvel 79652ccae5SArd Biesheuvel AES cipher algorithms (FIPS-197). AES uses the Rijndael 80652ccae5SArd Biesheuvel algorithm. 81652ccae5SArd Biesheuvel 82652ccae5SArd Biesheuvel Rijndael appears to be consistently a very good performer in 83652ccae5SArd Biesheuvel both hardware and software across a wide range of computing 84652ccae5SArd Biesheuvel environments regardless of its use in feedback or non-feedback 85652ccae5SArd Biesheuvel modes. Its key setup time is excellent, and its key agility is 86652ccae5SArd Biesheuvel good. Rijndael's very low memory requirements make it very well 87652ccae5SArd Biesheuvel suited for restricted-space environments, in which it also 88652ccae5SArd Biesheuvel demonstrates excellent performance. Rijndael's operations are 89652ccae5SArd Biesheuvel among the easiest to defend against power and timing attacks. 90652ccae5SArd Biesheuvel 91652ccae5SArd Biesheuvel The AES specifies three key sizes: 128, 192 and 256 bits 92652ccae5SArd Biesheuvel 93652ccae5SArd Biesheuvel See <http://csrc.nist.gov/encryption/aes/> for more information. 94652ccae5SArd Biesheuvel 95652ccae5SArd Biesheuvelconfig CRYPTO_AES_ARM_BS 96652ccae5SArd Biesheuvel tristate "Bit sliced AES using NEON instructions" 97652ccae5SArd Biesheuvel depends on KERNEL_MODE_NEON 98652ccae5SArd Biesheuvel select CRYPTO_ALGAPI 99652ccae5SArd Biesheuvel select CRYPTO_AES_ARM 100652ccae5SArd Biesheuvel select CRYPTO_ABLK_HELPER 101652ccae5SArd Biesheuvel help 102652ccae5SArd Biesheuvel Use a faster and more secure NEON based implementation of AES in CBC, 103652ccae5SArd Biesheuvel CTR and XTS modes 104652ccae5SArd Biesheuvel 105652ccae5SArd Biesheuvel Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode 106652ccae5SArd Biesheuvel and for XTS mode encryption, CBC and XTS mode decryption speedup is 107652ccae5SArd Biesheuvel around 25%. (CBC encryption speed is not affected by this driver.) 108652ccae5SArd Biesheuvel This implementation does not rely on any lookup tables so it is 109652ccae5SArd Biesheuvel believed to be invulnerable to cache timing attacks. 110652ccae5SArd Biesheuvel 11186464859SArd Biesheuvelconfig CRYPTO_AES_ARM_CE 11286464859SArd Biesheuvel tristate "Accelerated AES using ARMv8 Crypto Extensions" 11386464859SArd Biesheuvel depends on KERNEL_MODE_NEON 11486464859SArd Biesheuvel select CRYPTO_ALGAPI 11586464859SArd Biesheuvel select CRYPTO_ABLK_HELPER 11686464859SArd Biesheuvel help 11786464859SArd Biesheuvel Use an implementation of AES in CBC, CTR and XTS modes that uses 11886464859SArd Biesheuvel ARMv8 Crypto Extensions 11986464859SArd Biesheuvel 120f1e866b1SArd Biesheuvelconfig CRYPTO_GHASH_ARM_CE 121f1e866b1SArd Biesheuvel tristate "PMULL-accelerated GHASH using ARMv8 Crypto Extensions" 122f1e866b1SArd Biesheuvel depends on KERNEL_MODE_NEON 123f1e866b1SArd Biesheuvel select CRYPTO_HASH 124f1e866b1SArd Biesheuvel select CRYPTO_CRYPTD 125f1e866b1SArd Biesheuvel help 126f1e866b1SArd Biesheuvel Use an implementation of GHASH (used by the GCM AEAD chaining mode) 127f1e866b1SArd Biesheuvel that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64) 128f1e866b1SArd Biesheuvel that is part of the ARMv8 Crypto Extensions 129f1e866b1SArd Biesheuvel 130652ccae5SArd Biesheuvelendif 131