948ffc66e5
CCM combines the counter (CTR) encryption mode with a MAC based on the same block cipher. This MAC construction is a bit clunky: it invokes the block cipher in a way that cannot be parallelized, resulting in poor CPU pipeline efficiency. The arm64 CCM code mitigates this by interleaving the encryption and MAC at the AES round level, resulting in a substantial speedup. But this approach does not apply to the additional authenticated data (AAD) which is not encrypted. This means the special asm routine dealing with the AAD is not any better than the MAC update routine used by the arm64 AES block encryption driver, so let's reuse that, and drop the special AES-CCM version. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
327 lines
9.1 KiB
Plaintext
327 lines
9.1 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0
|
|
|
|
menu "Accelerated Cryptographic Algorithms for CPU (arm64)"
|
|
|
|
config CRYPTO_GHASH_ARM64_CE
|
|
tristate "Hash functions: GHASH (ARMv8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_HASH
|
|
select CRYPTO_LIB_AES
|
|
select CRYPTO_LIB_GF128MUL
|
|
select CRYPTO_AEAD
|
|
help
|
|
GCM GHASH function (NIST SP800-38D)
|
|
|
|
Architecture: arm64 using:
|
|
- ARMv8 Crypto Extensions
|
|
|
|
config CRYPTO_NHPOLY1305_NEON
|
|
tristate "Hash functions: NHPoly1305 (NEON)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_NHPOLY1305
|
|
help
|
|
NHPoly1305 hash function (Adiantum)
|
|
|
|
Architecture: arm64 using:
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_POLY1305_NEON
|
|
tristate "Hash functions: Poly1305 (NEON)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_HASH
|
|
select CRYPTO_ARCH_HAVE_LIB_POLY1305
|
|
help
|
|
Poly1305 authenticator algorithm (RFC7539)
|
|
|
|
Architecture: arm64 using:
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_SHA1_ARM64_CE
|
|
tristate "Hash functions: SHA-1 (ARMv8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_HASH
|
|
select CRYPTO_SHA1
|
|
help
|
|
SHA-1 secure hash algorithm (FIPS 180)
|
|
|
|
Architecture: arm64 using:
|
|
- ARMv8 Crypto Extensions
|
|
|
|
config CRYPTO_SHA256_ARM64
|
|
tristate "Hash functions: SHA-224 and SHA-256"
|
|
select CRYPTO_HASH
|
|
help
|
|
SHA-224 and SHA-256 secure hash algorithms (FIPS 180)
|
|
|
|
Architecture: arm64
|
|
|
|
config CRYPTO_SHA2_ARM64_CE
|
|
tristate "Hash functions: SHA-224 and SHA-256 (ARMv8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_HASH
|
|
select CRYPTO_SHA256_ARM64
|
|
help
|
|
SHA-224 and SHA-256 secure hash algorithms (FIPS 180)
|
|
|
|
Architecture: arm64 using:
|
|
- ARMv8 Crypto Extensions
|
|
|
|
config CRYPTO_SHA512_ARM64
|
|
tristate "Hash functions: SHA-384 and SHA-512"
|
|
select CRYPTO_HASH
|
|
help
|
|
SHA-384 and SHA-512 secure hash algorithms (FIPS 180)
|
|
|
|
Architecture: arm64
|
|
|
|
config CRYPTO_SHA512_ARM64_CE
|
|
tristate "Hash functions: SHA-384 and SHA-512 (ARMv8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_HASH
|
|
select CRYPTO_SHA512_ARM64
|
|
help
|
|
SHA-384 and SHA-512 secure hash algorithms (FIPS 180)
|
|
|
|
Architecture: arm64 using:
|
|
- ARMv8 Crypto Extensions
|
|
|
|
config CRYPTO_SHA3_ARM64
|
|
tristate "Hash functions: SHA-3 (ARMv8.2 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_HASH
|
|
select CRYPTO_SHA3
|
|
help
|
|
SHA-3 secure hash algorithms (FIPS 202)
|
|
|
|
Architecture: arm64 using:
|
|
- ARMv8.2 Crypto Extensions
|
|
|
|
config CRYPTO_SM3_NEON
|
|
tristate "Hash functions: SM3 (NEON)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_HASH
|
|
select CRYPTO_SM3
|
|
help
|
|
SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012)
|
|
|
|
Architecture: arm64 using:
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_SM3_ARM64_CE
|
|
tristate "Hash functions: SM3 (ARMv8.2 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_HASH
|
|
select CRYPTO_SM3
|
|
help
|
|
SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012)
|
|
|
|
Architecture: arm64 using:
|
|
- ARMv8.2 Crypto Extensions
|
|
|
|
config CRYPTO_POLYVAL_ARM64_CE
|
|
tristate "Hash functions: POLYVAL (ARMv8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_POLYVAL
|
|
help
|
|
POLYVAL hash function for HCTR2
|
|
|
|
Architecture: arm64 using:
|
|
- ARMv8 Crypto Extensions
|
|
|
|
config CRYPTO_AES_ARM64
|
|
tristate "Ciphers: AES, modes: ECB, CBC, CTR, CTS, XCTR, XTS"
|
|
select CRYPTO_AES
|
|
help
|
|
Block ciphers: AES cipher algorithms (FIPS-197)
|
|
Length-preserving ciphers: AES with ECB, CBC, CTR, CTS,
|
|
XCTR, and XTS modes
|
|
AEAD cipher: AES with CBC, ESSIV, and SHA-256
|
|
for fscrypt and dm-crypt
|
|
|
|
Architecture: arm64
|
|
|
|
config CRYPTO_AES_ARM64_CE
|
|
tristate "Ciphers: AES (ARMv8 Crypto Extensions)"
|
|
depends on ARM64 && KERNEL_MODE_NEON
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_LIB_AES
|
|
help
|
|
Block ciphers: AES cipher algorithms (FIPS-197)
|
|
|
|
Architecture: arm64 using:
|
|
- ARMv8 Crypto Extensions
|
|
|
|
config CRYPTO_AES_ARM64_CE_BLK
|
|
tristate "Ciphers: AES, modes: ECB/CBC/CTR/XTS (ARMv8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_AES_ARM64_CE
|
|
help
|
|
Length-preserving ciphers: AES cipher algorithms (FIPS-197)
|
|
with block cipher modes:
|
|
- ECB (Electronic Codebook) mode (NIST SP800-38A)
|
|
- CBC (Cipher Block Chaining) mode (NIST SP800-38A)
|
|
- CTR (Counter) mode (NIST SP800-38A)
|
|
- XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
|
|
and IEEE 1619)
|
|
|
|
Architecture: arm64 using:
|
|
- ARMv8 Crypto Extensions
|
|
|
|
config CRYPTO_AES_ARM64_NEON_BLK
|
|
tristate "Ciphers: AES, modes: ECB/CBC/CTR/XTS (NEON)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_LIB_AES
|
|
help
|
|
Length-preserving ciphers: AES cipher algorithms (FIPS-197)
|
|
with block cipher modes:
|
|
- ECB (Electronic Codebook) mode (NIST SP800-38A)
|
|
- CBC (Cipher Block Chaining) mode (NIST SP800-38A)
|
|
- CTR (Counter) mode (NIST SP800-38A)
|
|
- XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
|
|
and IEEE 1619)
|
|
|
|
Architecture: arm64 using:
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_CHACHA20_NEON
|
|
tristate "Ciphers: ChaCha (NEON)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_LIB_CHACHA_GENERIC
|
|
select CRYPTO_ARCH_HAVE_LIB_CHACHA
|
|
help
|
|
Length-preserving ciphers: ChaCha20, XChaCha20, and XChaCha12
|
|
stream cipher algorithms
|
|
|
|
Architecture: arm64 using:
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_AES_ARM64_BS
|
|
tristate "Ciphers: AES, modes: ECB/CBC/CTR/XCTR/XTS modes (bit-sliced NEON)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_AES_ARM64_NEON_BLK
|
|
select CRYPTO_LIB_AES
|
|
help
|
|
Length-preserving ciphers: AES cipher algorithms (FIPS-197)
|
|
with block cipher modes:
|
|
- ECB (Electronic Codebook) mode (NIST SP800-38A)
|
|
- CBC (Cipher Block Chaining) mode (NIST SP800-38A)
|
|
- CTR (Counter) mode (NIST SP800-38A)
|
|
- XCTR mode for HCTR2
|
|
- XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
|
|
and IEEE 1619)
|
|
|
|
Architecture: arm64 using:
|
|
- bit-sliced algorithm
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_SM4_ARM64_CE
|
|
tristate "Ciphers: SM4 (ARMv8.2 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_SM4
|
|
help
|
|
Block ciphers: SM4 cipher algorithms (OSCCA GB/T 32907-2016)
|
|
|
|
Architecture: arm64 using:
|
|
- ARMv8.2 Crypto Extensions
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_SM4_ARM64_CE_BLK
|
|
tristate "Ciphers: SM4, modes: ECB/CBC/CTR/XTS (ARMv8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_SM4
|
|
help
|
|
Length-preserving ciphers: SM4 cipher algorithms (OSCCA GB/T 32907-2016)
|
|
with block cipher modes:
|
|
- ECB (Electronic Codebook) mode (NIST SP800-38A)
|
|
- CBC (Cipher Block Chaining) mode (NIST SP800-38A)
|
|
- CTR (Counter) mode (NIST SP800-38A)
|
|
- XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
|
|
and IEEE 1619)
|
|
|
|
Architecture: arm64 using:
|
|
- ARMv8 Crypto Extensions
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_SM4_ARM64_NEON_BLK
|
|
tristate "Ciphers: SM4, modes: ECB/CBC/CTR (NEON)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_SM4
|
|
help
|
|
Length-preserving ciphers: SM4 cipher algorithms (OSCCA GB/T 32907-2016)
|
|
with block cipher modes:
|
|
- ECB (Electronic Codebook) mode (NIST SP800-38A)
|
|
- CBC (Cipher Block Chaining) mode (NIST SP800-38A)
|
|
- CTR (Counter) mode (NIST SP800-38A)
|
|
|
|
Architecture: arm64 using:
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_AES_ARM64_CE_CCM
|
|
tristate "AEAD cipher: AES in CCM mode (ARMv8 Crypto Extensions)"
|
|
depends on ARM64 && KERNEL_MODE_NEON
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_AES_ARM64_CE
|
|
select CRYPTO_AES_ARM64_CE_BLK
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_LIB_AES
|
|
help
|
|
AEAD cipher: AES cipher algorithms (FIPS-197) with
|
|
CCM (Counter with Cipher Block Chaining-Message Authentication Code)
|
|
authenticated encryption mode (NIST SP800-38C)
|
|
|
|
Architecture: arm64 using:
|
|
- ARMv8 Crypto Extensions
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_SM4_ARM64_CE_CCM
|
|
tristate "AEAD cipher: SM4 in CCM mode (ARMv8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_SM4
|
|
select CRYPTO_SM4_ARM64_CE_BLK
|
|
help
|
|
AEAD cipher: SM4 cipher algorithms (OSCCA GB/T 32907-2016) with
|
|
CCM (Counter with Cipher Block Chaining-Message Authentication Code)
|
|
authenticated encryption mode (NIST SP800-38C)
|
|
|
|
Architecture: arm64 using:
|
|
- ARMv8 Crypto Extensions
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_SM4_ARM64_CE_GCM
|
|
tristate "AEAD cipher: SM4 in GCM mode (ARMv8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_SM4
|
|
select CRYPTO_SM4_ARM64_CE_BLK
|
|
help
|
|
AEAD cipher: SM4 cipher algorithms (OSCCA GB/T 32907-2016) with
|
|
GCM (Galois/Counter Mode) authenticated encryption mode (NIST SP800-38D)
|
|
|
|
Architecture: arm64 using:
|
|
- ARMv8 Crypto Extensions
|
|
- PMULL (Polynomial Multiply Long) instructions
|
|
- NEON (Advanced SIMD) extensions
|
|
|
|
config CRYPTO_CRCT10DIF_ARM64_CE
|
|
tristate "CRCT10DIF (PMULL)"
|
|
depends on KERNEL_MODE_NEON && CRC_T10DIF
|
|
select CRYPTO_HASH
|
|
help
|
|
CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF)
|
|
|
|
Architecture: arm64 using
|
|
- PMULL (Polynomial Multiply Long) instructions
|
|
|
|
endmenu
|
|
|