1 # SPDX-License-Identifier: GPL-2.0
3 menu "Accelerated Cryptographic Algorithms for CPU (arm)"
5 config CRYPTO_CURVE25519_NEON
6 tristate "Public key crypto: Curve25519 (NEON)"
7 depends on KERNEL_MODE_NEON
8 select CRYPTO_LIB_CURVE25519_GENERIC
9 select CRYPTO_ARCH_HAVE_LIB_CURVE25519
13 Architecture: arm with
14 - NEON (Advanced SIMD) extensions
16 config CRYPTO_GHASH_ARM_CE
17 tristate "Hash functions: GHASH (PMULL/NEON/ARMv8 Crypto Extensions)"
18 depends on KERNEL_MODE_NEON
21 select CRYPTO_LIB_GF128MUL
23 GCM GHASH function (NIST SP800-38D)
25 Architecture: arm using
26 - PMULL (Polynomial Multiply Long) instructions
27 - NEON (Advanced SIMD) extensions
28 - ARMv8 Crypto Extensions
30 Use an implementation of GHASH (used by the GCM AEAD chaining mode)
31 that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64)
32 that is part of the ARMv8 Crypto Extensions, or a slower variant that
33 uses the vmull.p8 instruction that is part of the basic NEON ISA.
35 config CRYPTO_NHPOLY1305_NEON
36 tristate "Hash functions: NHPoly1305 (NEON)"
37 depends on KERNEL_MODE_NEON
38 select CRYPTO_NHPOLY1305
40 NHPoly1305 hash function (Adiantum)
42 Architecture: arm using:
43 - NEON (Advanced SIMD) extensions
45 config CRYPTO_POLY1305_ARM
46 tristate "Hash functions: Poly1305 (NEON)"
48 select CRYPTO_ARCH_HAVE_LIB_POLY1305
50 Poly1305 authenticator algorithm (RFC7539)
52 Architecture: arm optionally using
53 - NEON (Advanced SIMD) extensions
55 config CRYPTO_BLAKE2S_ARM
56 bool "Hash functions: BLAKE2s"
57 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
59 BLAKE2s cryptographic hash function (RFC 7693)
63 This is faster than the generic implementations of BLAKE2s and
64 BLAKE2b, but slower than the NEON implementation of BLAKE2b.
65 There is no NEON implementation of BLAKE2s, since NEON doesn't
68 config CRYPTO_BLAKE2B_NEON
69 tristate "Hash functions: BLAKE2b (NEON)"
70 depends on KERNEL_MODE_NEON
73 BLAKE2b cryptographic hash function (RFC 7693)
75 Architecture: arm using
76 - NEON (Advanced SIMD) extensions
78 BLAKE2b digest algorithm optimized with ARM NEON instructions.
79 On ARM processors that have NEON support but not the ARMv8
80 Crypto Extensions, typically this BLAKE2b implementation is
81 much faster than the SHA-2 family and slightly faster than
84 config CRYPTO_SHA1_ARM
85 tristate "Hash functions: SHA-1"
89 SHA-1 secure hash algorithm (FIPS 180)
93 config CRYPTO_SHA1_ARM_NEON
94 tristate "Hash functions: SHA-1 (NEON)"
95 depends on KERNEL_MODE_NEON
96 select CRYPTO_SHA1_ARM
100 SHA-1 secure hash algorithm (FIPS 180)
102 Architecture: arm using
103 - NEON (Advanced SIMD) extensions
105 config CRYPTO_SHA1_ARM_CE
106 tristate "Hash functions: SHA-1 (ARMv8 Crypto Extensions)"
107 depends on KERNEL_MODE_NEON
108 select CRYPTO_SHA1_ARM
111 SHA-1 secure hash algorithm (FIPS 180)
113 Architecture: arm using ARMv8 Crypto Extensions
115 config CRYPTO_SHA2_ARM_CE
116 tristate "Hash functions: SHA-224 and SHA-256 (ARMv8 Crypto Extensions)"
117 depends on KERNEL_MODE_NEON
118 select CRYPTO_SHA256_ARM
121 SHA-224 and SHA-256 secure hash algorithms (FIPS 180)
123 Architecture: arm using
124 - ARMv8 Crypto Extensions
126 config CRYPTO_SHA256_ARM
127 tristate "Hash functions: SHA-224 and SHA-256 (NEON)"
131 SHA-224 and SHA-256 secure hash algorithms (FIPS 180)
133 Architecture: arm using
134 - NEON (Advanced SIMD) extensions
136 config CRYPTO_SHA512_ARM
137 tristate "Hash functions: SHA-384 and SHA-512 (NEON)"
141 SHA-384 and SHA-512 secure hash algorithms (FIPS 180)
143 Architecture: arm using
144 - NEON (Advanced SIMD) extensions
146 config CRYPTO_AES_ARM
147 tristate "Ciphers: AES"
151 Block ciphers: AES cipher algorithms (FIPS-197)
155 On ARM processors without the Crypto Extensions, this is the
156 fastest AES implementation for single blocks. For multiple
157 blocks, the NEON bit-sliced implementation is usually faster.
159 This implementation may be vulnerable to cache timing attacks,
160 since it uses lookup tables. However, as countermeasures it
161 disables IRQs and preloads the tables; it is hoped this makes
162 such attacks very difficult.
164 config CRYPTO_AES_ARM_BS
165 tristate "Ciphers: AES, modes: ECB/CBC/CTR/XTS (bit-sliced NEON)"
166 depends on KERNEL_MODE_NEON
167 select CRYPTO_SKCIPHER
168 select CRYPTO_LIB_AES
173 Length-preserving ciphers: AES cipher algorithms (FIPS-197)
174 with block cipher modes:
175 - ECB (Electronic Codebook) mode (NIST SP800-38A)
176 - CBC (Cipher Block Chaining) mode (NIST SP800-38A)
177 - CTR (Counter) mode (NIST SP800-38A)
178 - XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
181 Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode
182 and for XTS mode encryption, CBC and XTS mode decryption speedup is
183 around 25%. (CBC encryption speed is not affected by this driver.)
184 This implementation does not rely on any lookup tables so it is
185 believed to be invulnerable to cache timing attacks.
187 config CRYPTO_AES_ARM_CE
188 tristate "Ciphers: AES, modes: ECB/CBC/CTS/CTR/XTS (ARMv8 Crypto Extensions)"
189 depends on KERNEL_MODE_NEON
190 select CRYPTO_SKCIPHER
191 select CRYPTO_LIB_AES
194 Length-preserving ciphers: AES cipher algorithms (FIPS-197)
195 with block cipher modes:
196 - ECB (Electronic Codebook) mode (NIST SP800-38A)
197 - CBC (Cipher Block Chaining) mode (NIST SP800-38A)
198 - CTR (Counter) mode (NIST SP800-38A)
199 - CTS (Cipher Text Stealing) mode (NIST SP800-38A)
200 - XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
203 Architecture: arm using:
204 - ARMv8 Crypto Extensions
206 config CRYPTO_CHACHA20_NEON
207 tristate "Ciphers: ChaCha20, XChaCha20, XChaCha12 (NEON)"
208 select CRYPTO_SKCIPHER
209 select CRYPTO_ARCH_HAVE_LIB_CHACHA
211 Length-preserving ciphers: ChaCha20, XChaCha20, and XChaCha12
212 stream cipher algorithms
214 Architecture: arm using:
215 - NEON (Advanced SIMD) extensions
217 config CRYPTO_CRC32_ARM_CE
218 tristate "CRC32C and CRC32"
219 depends on KERNEL_MODE_NEON
223 CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720)
224 and CRC32 CRC algorithm (IEEE 802.3)
226 Architecture: arm using:
227 - CRC and/or PMULL instructions
229 Drivers: crc32-arm-ce and crc32c-arm-ce
231 config CRYPTO_CRCT10DIF_ARM_CE
233 depends on KERNEL_MODE_NEON
234 depends on CRC_T10DIF
237 CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF)
239 Architecture: arm using:
240 - PMULL (Polynomial Multiply Long) instructions