252 lines
7.4 KiB
Plaintext
252 lines
7.4 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0
|
|
|
|
menu "Accelerated Cryptographic Algorithms for CPU (arm)"
|
|
|
|
config CRYPTO_CURVE25519_NEON
|
|
tristate "Public key crypto: Curve25519 (NEON)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_LIB_CURVE25519_GENERIC
|
|
select CRYPTO_ARCH_HAVE_LIB_CURVE25519
|
|
help
|
|
Curve25519 algorithm
|
|
|
|
Architecture: arm with
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_GHASH_ARM_CE
|
|
tristate "Hash functions: GHASH (PMULL/NEON/ARMv8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_HASH
|
|
select CRYPTO_CRYPTD
|
|
select CRYPTO_LIB_AES
|
|
select CRYPTO_LIB_GF128MUL
|
|
help
|
|
GCM GHASH function (NIST SP800-38D)
|
|
|
|
Architecture: arm using
|
|
- PMULL (Polynomial Multiply Long) instructions
|
|
- NEON (Advanced SIMD) extensions
|
|
- ARMv8 Crypto Extensions
|
|
|
|
Use an implementation of GHASH (used by the GCM AEAD chaining mode)
|
|
that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64)
|
|
that is part of the ARMv8 Crypto Extensions, or a slower variant that
|
|
uses the vmull.p8 instruction that is part of the basic NEON ISA.
|
|
|
|
config CRYPTO_NHPOLY1305_NEON
|
|
tristate "Hash functions: NHPoly1305 (NEON)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_NHPOLY1305
|
|
help
|
|
NHPoly1305 hash function (Adiantum)
|
|
|
|
Architecture: arm using:
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_POLY1305_ARM
|
|
tristate "Hash functions: Poly1305 (NEON)"
|
|
select CRYPTO_HASH
|
|
select CRYPTO_ARCH_HAVE_LIB_POLY1305
|
|
help
|
|
Poly1305 authenticator algorithm (RFC7539)
|
|
|
|
Architecture: arm optionally using
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_BLAKE2S_ARM
|
|
bool "Hash functions: BLAKE2s"
|
|
select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
|
|
help
|
|
BLAKE2s cryptographic hash function (RFC 7693)
|
|
|
|
Architecture: arm
|
|
|
|
This is faster than the generic implementations of BLAKE2s and
|
|
BLAKE2b, but slower than the NEON implementation of BLAKE2b.
|
|
There is no NEON implementation of BLAKE2s, since NEON doesn't
|
|
really help with it.
|
|
|
|
config CRYPTO_BLAKE2B_NEON
|
|
tristate "Hash functions: BLAKE2b (NEON)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_BLAKE2B
|
|
help
|
|
BLAKE2b cryptographic hash function (RFC 7693)
|
|
|
|
Architecture: arm using
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
BLAKE2b digest algorithm optimized with ARM NEON instructions.
|
|
On ARM processors that have NEON support but not the ARMv8
|
|
Crypto Extensions, typically this BLAKE2b implementation is
|
|
much faster than the SHA-2 family and slightly faster than
|
|
SHA-1.
|
|
|
|
config CRYPTO_SHA1_ARM
|
|
tristate "Hash functions: SHA-1"
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_HASH
|
|
help
|
|
SHA-1 secure hash algorithm (FIPS 180)
|
|
|
|
Architecture: arm
|
|
|
|
config CRYPTO_SHA1_ARM_NEON
|
|
tristate "Hash functions: SHA-1 (NEON)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_SHA1_ARM
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_HASH
|
|
help
|
|
SHA-1 secure hash algorithm (FIPS 180)
|
|
|
|
Architecture: arm using
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_SHA1_ARM_CE
|
|
tristate "Hash functions: SHA-1 (ARMv8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_SHA1_ARM
|
|
select CRYPTO_HASH
|
|
help
|
|
SHA-1 secure hash algorithm (FIPS 180)
|
|
|
|
Architecture: arm using ARMv8 Crypto Extensions
|
|
|
|
config CRYPTO_SHA2_ARM_CE
|
|
tristate "Hash functions: SHA-224 and SHA-256 (ARMv8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_SHA256_ARM
|
|
select CRYPTO_HASH
|
|
help
|
|
SHA-224 and SHA-256 secure hash algorithms (FIPS 180)
|
|
|
|
Architecture: arm using
|
|
- ARMv8 Crypto Extensions
|
|
|
|
config CRYPTO_SHA256_ARM
|
|
tristate "Hash functions: SHA-224 and SHA-256 (NEON)"
|
|
select CRYPTO_HASH
|
|
depends on !CPU_V7M
|
|
help
|
|
SHA-224 and SHA-256 secure hash algorithms (FIPS 180)
|
|
|
|
Architecture: arm using
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_SHA512_ARM
|
|
tristate "Hash functions: SHA-384 and SHA-512 (NEON)"
|
|
select CRYPTO_HASH
|
|
depends on !CPU_V7M
|
|
help
|
|
SHA-384 and SHA-512 secure hash algorithms (FIPS 180)
|
|
|
|
Architecture: arm using
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_AES_ARM
|
|
tristate "Ciphers: AES"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_AES
|
|
help
|
|
Block ciphers: AES cipher algorithms (FIPS-197)
|
|
|
|
Architecture: arm
|
|
|
|
On ARM processors without the Crypto Extensions, this is the
|
|
fastest AES implementation for single blocks. For multiple
|
|
blocks, the NEON bit-sliced implementation is usually faster.
|
|
|
|
This implementation may be vulnerable to cache timing attacks,
|
|
since it uses lookup tables. However, as countermeasures it
|
|
disables IRQs and preloads the tables; it is hoped this makes
|
|
such attacks very difficult.
|
|
|
|
config CRYPTO_AES_ARM_BS
|
|
tristate "Ciphers: AES, modes: ECB/CBC/CTR/XTS (bit-sliced NEON)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_AES_ARM
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_LIB_AES
|
|
select CRYPTO_SIMD
|
|
help
|
|
Length-preserving ciphers: AES cipher algorithms (FIPS-197)
|
|
with block cipher modes:
|
|
- ECB (Electronic Codebook) mode (NIST SP800-38A)
|
|
- CBC (Cipher Block Chaining) mode (NIST SP800-38A)
|
|
- CTR (Counter) mode (NIST SP800-38A)
|
|
- XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
|
|
and IEEE 1619)
|
|
|
|
Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode
|
|
and for XTS mode encryption, CBC and XTS mode decryption speedup is
|
|
around 25%. (CBC encryption speed is not affected by this driver.)
|
|
|
|
The bit sliced AES code does not use lookup tables, so it is believed
|
|
to be invulnerable to cache timing attacks. However, since the bit
|
|
sliced AES code cannot process single blocks efficiently, in certain
|
|
cases table-based code with some countermeasures against cache timing
|
|
attacks will still be used as a fallback method; specifically CBC
|
|
encryption (not CBC decryption), the encryption of XTS tweaks, XTS
|
|
ciphertext stealing when the message isn't a multiple of 16 bytes, and
|
|
CTR when invoked in a context in which NEON instructions are unusable.
|
|
|
|
config CRYPTO_AES_ARM_CE
|
|
tristate "Ciphers: AES, modes: ECB/CBC/CTS/CTR/XTS (ARMv8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_LIB_AES
|
|
select CRYPTO_SIMD
|
|
help
|
|
Length-preserving ciphers: AES cipher algorithms (FIPS-197)
|
|
with block cipher modes:
|
|
- ECB (Electronic Codebook) mode (NIST SP800-38A)
|
|
- CBC (Cipher Block Chaining) mode (NIST SP800-38A)
|
|
- CTR (Counter) mode (NIST SP800-38A)
|
|
- CTS (Cipher Text Stealing) mode (NIST SP800-38A)
|
|
- XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
|
|
and IEEE 1619)
|
|
|
|
Architecture: arm using:
|
|
- ARMv8 Crypto Extensions
|
|
|
|
config CRYPTO_CHACHA20_NEON
|
|
tristate "Ciphers: ChaCha20, XChaCha20, XChaCha12 (NEON)"
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_ARCH_HAVE_LIB_CHACHA
|
|
help
|
|
Length-preserving ciphers: ChaCha20, XChaCha20, and XChaCha12
|
|
stream cipher algorithms
|
|
|
|
Architecture: arm using:
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_CRC32_ARM_CE
|
|
tristate "CRC32C and CRC32"
|
|
depends on KERNEL_MODE_NEON
|
|
depends on CRC32
|
|
select CRYPTO_HASH
|
|
help
|
|
CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720)
|
|
and CRC32 CRC algorithm (IEEE 802.3)
|
|
|
|
Architecture: arm using:
|
|
- CRC and/or PMULL instructions
|
|
|
|
Drivers: crc32-arm-ce and crc32c-arm-ce
|
|
|
|
config CRYPTO_CRCT10DIF_ARM_CE
|
|
tristate "CRCT10DIF"
|
|
depends on KERNEL_MODE_NEON
|
|
depends on CRC_T10DIF
|
|
select CRYPTO_HASH
|
|
help
|
|
CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF)
|
|
|
|
Architecture: arm using:
|
|
- PMULL (Polynomial Multiply Long) instructions
|
|
|
|
endmenu
|
|
|