1# SPDX-License-Identifier: GPL-2.0 2 3menu "Accelerated Cryptographic Algorithms for CPU (arm)" 4 5config CRYPTO_GHASH_ARM_CE 6 tristate "Hash functions: GHASH (PMULL/NEON/ARMv8 Crypto Extensions)" 7 depends on KERNEL_MODE_NEON 8 select CRYPTO_AEAD 9 select CRYPTO_HASH 10 select CRYPTO_CRYPTD 11 select CRYPTO_LIB_AES 12 select CRYPTO_LIB_GF128MUL 13 help 14 GCM GHASH function (NIST SP800-38D) 15 16 Architecture: arm using 17 - PMULL (Polynomial Multiply Long) instructions 18 - NEON (Advanced SIMD) extensions 19 - ARMv8 Crypto Extensions 20 21 Use an implementation of GHASH (used by the GCM AEAD chaining mode) 22 that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64) 23 that is part of the ARMv8 Crypto Extensions, or a slower variant that 24 uses the vmull.p8 instruction that is part of the basic NEON ISA. 25 26config CRYPTO_AES_ARM_BS 27 tristate "Ciphers: AES, modes: ECB/CBC/CTR/XTS (bit-sliced NEON)" 28 depends on KERNEL_MODE_NEON 29 select CRYPTO_SKCIPHER 30 select CRYPTO_LIB_AES 31 help 32 Length-preserving ciphers: AES cipher algorithms (FIPS-197) 33 with block cipher modes: 34 - ECB (Electronic Codebook) mode (NIST SP800-38A) 35 - CBC (Cipher Block Chaining) mode (NIST SP800-38A) 36 - CTR (Counter) mode (NIST SP800-38A) 37 - XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E 38 and IEEE 1619) 39 40 Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode 41 and for XTS mode encryption, CBC and XTS mode decryption speedup is 42 around 25%. (CBC encryption speed is not affected by this driver.) 43 44 The bit sliced AES code does not use lookup tables, so it is believed 45 to be invulnerable to cache timing attacks. However, since the bit 46 sliced AES code cannot process single blocks efficiently, in certain 47 cases table-based code with some countermeasures against cache timing 48 attacks will still be used as a fallback method; specifically CBC 49 encryption (not CBC decryption), the encryption of XTS tweaks, XTS 50 ciphertext stealing when the message isn't a multiple of 16 bytes, and 51 CTR when invoked in a context in which NEON instructions are unusable. 52 53config CRYPTO_AES_ARM_CE 54 tristate "Ciphers: AES, modes: ECB/CBC/CTS/CTR/XTS (ARMv8 Crypto Extensions)" 55 depends on KERNEL_MODE_NEON 56 select CRYPTO_SKCIPHER 57 select CRYPTO_LIB_AES 58 help 59 Length-preserving ciphers: AES cipher algorithms (FIPS-197) 60 with block cipher modes: 61 - ECB (Electronic Codebook) mode (NIST SP800-38A) 62 - CBC (Cipher Block Chaining) mode (NIST SP800-38A) 63 - CTR (Counter) mode (NIST SP800-38A) 64 - CTS (Cipher Text Stealing) mode (NIST SP800-38A) 65 - XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E 66 and IEEE 1619) 67 68 Architecture: arm using: 69 - ARMv8 Crypto Extensions 70 71endmenu 72 73