| Greg Kroah-Hartman | b244131 | 2017-11-01 15:07:57 +0100 | [diff] [blame] | 1 | # SPDX-License-Identifier: GPL-2.0 |
| Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 2 | |
| 3 | menuconfig ARM_CRYPTO |
| 4 | bool "ARM Accelerated Cryptographic Algorithms" |
| 5 | depends on ARM |
| 6 | help |
| 7 | Say Y here to choose from a selection of cryptographic algorithms |
| 8 | implemented using ARM specific CPU features or instructions. |
| 9 | |
| 10 | if ARM_CRYPTO |
| 11 | |
| 12 | config CRYPTO_SHA1_ARM |
| 13 | tristate "SHA1 digest algorithm (ARM-asm)" |
| 14 | select CRYPTO_SHA1 |
| 15 | select CRYPTO_HASH |
| 16 | help |
| 17 | SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented |
| 18 | using optimized ARM assembler. |
| 19 | |
| 20 | config CRYPTO_SHA1_ARM_NEON |
| 21 | tristate "SHA1 digest algorithm (ARM NEON)" |
| 22 | depends on KERNEL_MODE_NEON |
| 23 | select CRYPTO_SHA1_ARM |
| 24 | select CRYPTO_SHA1 |
| 25 | select CRYPTO_HASH |
| 26 | help |
| 27 | SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented |
| 28 | using optimized ARM NEON assembly, when NEON instructions are |
| 29 | available. |
| 30 | |
| Ard Biesheuvel | 864cbee | 2015-03-10 09:47:45 +0100 | [diff] [blame] | 31 | config CRYPTO_SHA1_ARM_CE |
| 32 | tristate "SHA1 digest algorithm (ARM v8 Crypto Extensions)" |
| 33 | depends on KERNEL_MODE_NEON |
| 34 | select CRYPTO_SHA1_ARM |
| Ard Biesheuvel | 864cbee | 2015-03-10 09:47:45 +0100 | [diff] [blame] | 35 | select CRYPTO_HASH |
| 36 | help |
| 37 | SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented |
| 38 | using special ARMv8 Crypto Extensions. |
| 39 | |
| Ard Biesheuvel | 006d062 | 2015-03-10 09:47:46 +0100 | [diff] [blame] | 40 | config CRYPTO_SHA2_ARM_CE |
| 41 | tristate "SHA-224/256 digest algorithm (ARM v8 Crypto Extensions)" |
| 42 | depends on KERNEL_MODE_NEON |
| Ard Biesheuvel | 9205b94 | 2015-04-09 12:55:43 +0200 | [diff] [blame] | 43 | select CRYPTO_SHA256_ARM |
| Ard Biesheuvel | 006d062 | 2015-03-10 09:47:46 +0100 | [diff] [blame] | 44 | select CRYPTO_HASH |
| 45 | help |
| 46 | SHA-256 secure hash standard (DFIPS 180-2) implemented |
| 47 | using special ARMv8 Crypto Extensions. |
| 48 | |
| Sami Tolvanen | f2f770d | 2015-04-03 18:03:40 +0800 | [diff] [blame] | 49 | config CRYPTO_SHA256_ARM |
| 50 | tristate "SHA-224/256 digest algorithm (ARM-asm and NEON)" |
| 51 | select CRYPTO_HASH |
| Arnd Bergmann | b48321d | 2015-04-11 10:48:44 +0200 | [diff] [blame] | 52 | depends on !CPU_V7M |
| Sami Tolvanen | f2f770d | 2015-04-03 18:03:40 +0800 | [diff] [blame] | 53 | help |
| 54 | SHA-256 secure hash standard (DFIPS 180-2) implemented |
| 55 | using optimized ARM assembler and NEON, when available. |
| 56 | |
| Ard Biesheuvel | c80ae7c | 2015-05-08 10:46:21 +0200 | [diff] [blame] | 57 | config CRYPTO_SHA512_ARM |
| 58 | tristate "SHA-384/512 digest algorithm (ARM-asm and NEON)" |
| Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 59 | select CRYPTO_HASH |
| Ard Biesheuvel | c80ae7c | 2015-05-08 10:46:21 +0200 | [diff] [blame] | 60 | depends on !CPU_V7M |
| Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 61 | help |
| 62 | SHA-512 secure hash standard (DFIPS 180-2) implemented |
| Ard Biesheuvel | c80ae7c | 2015-05-08 10:46:21 +0200 | [diff] [blame] | 63 | using optimized ARM assembler and NEON, when available. |
| Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 64 | |
| 65 | config CRYPTO_AES_ARM |
| Ard Biesheuvel | 81edb42 | 2017-01-11 16:41:53 +0000 | [diff] [blame] | 66 | tristate "Scalar AES cipher for ARM" |
| Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 67 | select CRYPTO_ALGAPI |
| 68 | select CRYPTO_AES |
| 69 | help |
| 70 | Use optimized AES assembler routines for ARM platforms. |
| 71 | |
| Eric Biggers | 913a3aa | 2018-10-17 21:37:59 -0700 | [diff] [blame^] | 72 | On ARM processors without the Crypto Extensions, this is the |
| 73 | fastest AES implementation for single blocks. For multiple |
| 74 | blocks, the NEON bit-sliced implementation is usually faster. |
| 75 | |
| 76 | This implementation may be vulnerable to cache timing attacks, |
| 77 | since it uses lookup tables. However, as countermeasures it |
| 78 | disables IRQs and preloads the tables; it is hoped this makes |
| 79 | such attacks very difficult. |
| 80 | |
| Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 81 | config CRYPTO_AES_ARM_BS |
| 82 | tristate "Bit sliced AES using NEON instructions" |
| 83 | depends on KERNEL_MODE_NEON |
| Herbert Xu | 6fdf436 | 2016-11-29 16:43:33 +0800 | [diff] [blame] | 84 | select CRYPTO_BLKCIPHER |
| 85 | select CRYPTO_SIMD |
| Ard Biesheuvel | b56f5cb | 2017-02-14 21:51:01 +0000 | [diff] [blame] | 86 | select CRYPTO_AES |
| Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 87 | help |
| 88 | Use a faster and more secure NEON based implementation of AES in CBC, |
| 89 | CTR and XTS modes |
| 90 | |
| 91 | Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode |
| 92 | and for XTS mode encryption, CBC and XTS mode decryption speedup is |
| 93 | around 25%. (CBC encryption speed is not affected by this driver.) |
| 94 | This implementation does not rely on any lookup tables so it is |
| 95 | believed to be invulnerable to cache timing attacks. |
| 96 | |
| Ard Biesheuvel | 8646485 | 2015-03-10 09:47:47 +0100 | [diff] [blame] | 97 | config CRYPTO_AES_ARM_CE |
| 98 | tristate "Accelerated AES using ARMv8 Crypto Extensions" |
| 99 | depends on KERNEL_MODE_NEON |
| Herbert Xu | 6fdf436 | 2016-11-29 16:43:33 +0800 | [diff] [blame] | 100 | select CRYPTO_BLKCIPHER |
| Herbert Xu | 585b5fa | 2016-11-29 15:08:40 +0800 | [diff] [blame] | 101 | select CRYPTO_SIMD |
| Ard Biesheuvel | 8646485 | 2015-03-10 09:47:47 +0100 | [diff] [blame] | 102 | help |
| 103 | Use an implementation of AES in CBC, CTR and XTS modes that uses |
| 104 | ARMv8 Crypto Extensions |
| 105 | |
| Ard Biesheuvel | f1e866b | 2015-03-10 09:47:48 +0100 | [diff] [blame] | 106 | config CRYPTO_GHASH_ARM_CE |
| Ard Biesheuvel | 3759ee0 | 2017-07-24 11:28:17 +0100 | [diff] [blame] | 107 | tristate "PMULL-accelerated GHASH using NEON/ARMv8 Crypto Extensions" |
| Ard Biesheuvel | f1e866b | 2015-03-10 09:47:48 +0100 | [diff] [blame] | 108 | depends on KERNEL_MODE_NEON |
| 109 | select CRYPTO_HASH |
| 110 | select CRYPTO_CRYPTD |
| Ard Biesheuvel | 00227e3 | 2018-08-23 15:48:51 +0100 | [diff] [blame] | 111 | select CRYPTO_GF128MUL |
| Ard Biesheuvel | f1e866b | 2015-03-10 09:47:48 +0100 | [diff] [blame] | 112 | help |
| 113 | Use an implementation of GHASH (used by the GCM AEAD chaining mode) |
| 114 | that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64) |
| Ard Biesheuvel | 3759ee0 | 2017-07-24 11:28:17 +0100 | [diff] [blame] | 115 | that is part of the ARMv8 Crypto Extensions, or a slower variant that |
| 116 | uses the vmull.p8 instruction that is part of the basic NEON ISA. |
| Ard Biesheuvel | f1e866b | 2015-03-10 09:47:48 +0100 | [diff] [blame] | 117 | |
| Ard Biesheuvel | 1d481f1 | 2016-12-05 18:42:26 +0000 | [diff] [blame] | 118 | config CRYPTO_CRCT10DIF_ARM_CE |
| 119 | tristate "CRCT10DIF digest algorithm using PMULL instructions" |
| 120 | depends on KERNEL_MODE_NEON && CRC_T10DIF |
| 121 | select CRYPTO_HASH |
| 122 | |
| Ard Biesheuvel | d0a3431 | 2016-12-05 18:42:28 +0000 | [diff] [blame] | 123 | config CRYPTO_CRC32_ARM_CE |
| 124 | tristate "CRC32(C) digest algorithm using CRC and/or PMULL instructions" |
| 125 | depends on KERNEL_MODE_NEON && CRC32 |
| 126 | select CRYPTO_HASH |
| 127 | |
| Ard Biesheuvel | afaf712 | 2017-01-11 16:41:50 +0000 | [diff] [blame] | 128 | config CRYPTO_CHACHA20_NEON |
| 129 | tristate "NEON accelerated ChaCha20 symmetric cipher" |
| 130 | depends on KERNEL_MODE_NEON |
| 131 | select CRYPTO_BLKCIPHER |
| 132 | select CRYPTO_CHACHA20 |
| 133 | |
| Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 134 | endif |