Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 1 | |
| 2 | menuconfig ARM_CRYPTO |
| 3 | bool "ARM Accelerated Cryptographic Algorithms" |
| 4 | depends on ARM |
| 5 | help |
| 6 | Say Y here to choose from a selection of cryptographic algorithms |
| 7 | implemented using ARM specific CPU features or instructions. |
| 8 | |
| 9 | if ARM_CRYPTO |
| 10 | |
| 11 | config CRYPTO_SHA1_ARM |
| 12 | tristate "SHA1 digest algorithm (ARM-asm)" |
| 13 | select CRYPTO_SHA1 |
| 14 | select CRYPTO_HASH |
| 15 | help |
| 16 | SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented |
| 17 | using optimized ARM assembler. |
| 18 | |
| 19 | config CRYPTO_SHA1_ARM_NEON |
| 20 | tristate "SHA1 digest algorithm (ARM NEON)" |
| 21 | depends on KERNEL_MODE_NEON |
| 22 | select CRYPTO_SHA1_ARM |
| 23 | select CRYPTO_SHA1 |
| 24 | select CRYPTO_HASH |
| 25 | help |
| 26 | SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented |
| 27 | using optimized ARM NEON assembly, when NEON instructions are |
| 28 | available. |
| 29 | |
Ard Biesheuvel | 864cbee | 2015-03-10 09:47:45 +0100 | [diff] [blame] | 30 | config CRYPTO_SHA1_ARM_CE |
| 31 | tristate "SHA1 digest algorithm (ARM v8 Crypto Extensions)" |
| 32 | depends on KERNEL_MODE_NEON |
| 33 | select CRYPTO_SHA1_ARM |
Ard Biesheuvel | 864cbee | 2015-03-10 09:47:45 +0100 | [diff] [blame] | 34 | select CRYPTO_HASH |
| 35 | help |
| 36 | SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented |
| 37 | using special ARMv8 Crypto Extensions. |
| 38 | |
Ard Biesheuvel | 006d062 | 2015-03-10 09:47:46 +0100 | [diff] [blame] | 39 | config CRYPTO_SHA2_ARM_CE |
| 40 | tristate "SHA-224/256 digest algorithm (ARM v8 Crypto Extensions)" |
| 41 | depends on KERNEL_MODE_NEON |
Ard Biesheuvel | 9205b94 | 2015-04-09 12:55:43 +0200 | [diff] [blame] | 42 | select CRYPTO_SHA256_ARM |
Ard Biesheuvel | 006d062 | 2015-03-10 09:47:46 +0100 | [diff] [blame] | 43 | select CRYPTO_HASH |
| 44 | help |
| 45 | SHA-256 secure hash standard (DFIPS 180-2) implemented |
| 46 | using special ARMv8 Crypto Extensions. |
| 47 | |
Sami Tolvanen | f2f770d | 2015-04-03 18:03:40 +0800 | [diff] [blame] | 48 | config CRYPTO_SHA256_ARM |
| 49 | tristate "SHA-224/256 digest algorithm (ARM-asm and NEON)" |
| 50 | select CRYPTO_HASH |
Arnd Bergmann | b48321d | 2015-04-11 10:48:44 +0200 | [diff] [blame] | 51 | depends on !CPU_V7M |
Sami Tolvanen | f2f770d | 2015-04-03 18:03:40 +0800 | [diff] [blame] | 52 | help |
| 53 | SHA-256 secure hash standard (DFIPS 180-2) implemented |
| 54 | using optimized ARM assembler and NEON, when available. |
| 55 | |
Ard Biesheuvel | c80ae7c | 2015-05-08 10:46:21 +0200 | [diff] [blame] | 56 | config CRYPTO_SHA512_ARM |
| 57 | tristate "SHA-384/512 digest algorithm (ARM-asm and NEON)" |
Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 58 | select CRYPTO_HASH |
Ard Biesheuvel | c80ae7c | 2015-05-08 10:46:21 +0200 | [diff] [blame] | 59 | depends on !CPU_V7M |
Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 60 | help |
| 61 | SHA-512 secure hash standard (DFIPS 180-2) implemented |
Ard Biesheuvel | c80ae7c | 2015-05-08 10:46:21 +0200 | [diff] [blame] | 62 | using optimized ARM assembler and NEON, when available. |
Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 63 | |
| 64 | config CRYPTO_AES_ARM |
Ard Biesheuvel | b7912e0 | 2017-01-11 16:41:53 +0000 | [diff] [blame] | 65 | tristate "Scalar AES cipher for ARM" |
Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 66 | select CRYPTO_ALGAPI |
| 67 | select CRYPTO_AES |
| 68 | help |
| 69 | Use optimized AES assembler routines for ARM platforms. |
| 70 | |
Eric Biggers | 910bbfc | 2018-10-17 21:37:59 -0700 | [diff] [blame] | 71 | On ARM processors without the Crypto Extensions, this is the |
| 72 | fastest AES implementation for single blocks. For multiple |
| 73 | blocks, the NEON bit-sliced implementation is usually faster. |
| 74 | |
| 75 | This implementation may be vulnerable to cache timing attacks, |
| 76 | since it uses lookup tables. However, as countermeasures it |
| 77 | disables IRQs and preloads the tables; it is hoped this makes |
| 78 | such attacks very difficult. |
| 79 | |
Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 80 | config CRYPTO_AES_ARM_BS |
| 81 | tristate "Bit sliced AES using NEON instructions" |
| 82 | depends on KERNEL_MODE_NEON |
| 83 | select CRYPTO_ALGAPI |
Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 84 | select CRYPTO_ABLK_HELPER |
| 85 | help |
| 86 | Use a faster and more secure NEON based implementation of AES in CBC, |
| 87 | CTR and XTS modes |
| 88 | |
| 89 | Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode |
| 90 | and for XTS mode encryption, CBC and XTS mode decryption speedup is |
| 91 | around 25%. (CBC encryption speed is not affected by this driver.) |
| 92 | This implementation does not rely on any lookup tables so it is |
| 93 | believed to be invulnerable to cache timing attacks. |
| 94 | |
Ard Biesheuvel | 8646485 | 2015-03-10 09:47:47 +0100 | [diff] [blame] | 95 | config CRYPTO_AES_ARM_CE |
| 96 | tristate "Accelerated AES using ARMv8 Crypto Extensions" |
| 97 | depends on KERNEL_MODE_NEON |
| 98 | select CRYPTO_ALGAPI |
| 99 | select CRYPTO_ABLK_HELPER |
| 100 | help |
| 101 | Use an implementation of AES in CBC, CTR and XTS modes that uses |
| 102 | ARMv8 Crypto Extensions |
| 103 | |
Ard Biesheuvel | f1e866b | 2015-03-10 09:47:48 +0100 | [diff] [blame] | 104 | config CRYPTO_GHASH_ARM_CE |
| 105 | tristate "PMULL-accelerated GHASH using ARMv8 Crypto Extensions" |
| 106 | depends on KERNEL_MODE_NEON |
| 107 | select CRYPTO_HASH |
| 108 | select CRYPTO_CRYPTD |
| 109 | help |
| 110 | Use an implementation of GHASH (used by the GCM AEAD chaining mode) |
| 111 | that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64) |
| 112 | that is part of the ARMv8 Crypto Extensions |
| 113 | |
Ard Biesheuvel | dc6ff202 | 2016-12-08 14:28:59 +0000 | [diff] [blame] | 114 | config CRYPTO_CHACHA20_NEON |
Eric Biggers | 38e3f25 | 2018-11-16 17:26:26 -0800 | [diff] [blame] | 115 | tristate "NEON accelerated ChaCha stream cipher algorithms" |
Ard Biesheuvel | dc6ff202 | 2016-12-08 14:28:59 +0000 | [diff] [blame] | 116 | depends on KERNEL_MODE_NEON |
| 117 | select CRYPTO_BLKCIPHER |
| 118 | select CRYPTO_CHACHA20 |
| 119 | |
Eric Biggers | f2daee4 | 2018-11-16 17:26:30 -0800 | [diff] [blame] | 120 | config CRYPTO_NHPOLY1305_NEON |
| 121 | tristate "NEON accelerated NHPoly1305 hash function (for Adiantum)" |
| 122 | depends on KERNEL_MODE_NEON |
| 123 | select CRYPTO_NHPOLY1305 |
| 124 | |
Ard Biesheuvel | 652ccae | 2015-03-10 09:47:44 +0100 | [diff] [blame] | 125 | endif |