mirror of
https://github.com/torvalds/linux.git
synced 2024-11-25 05:32:00 +00:00
642356cb5f
Pull crypto updates from Herbert Xu:
"API:
- Add library interfaces of certain crypto algorithms for WireGuard
- Remove the obsolete ablkcipher and blkcipher interfaces
- Move add_early_randomness() out of rng_mutex
Algorithms:
- Add blake2b shash algorithm
- Add blake2s shash algorithm
- Add curve25519 kpp algorithm
- Implement 4 way interleave in arm64/gcm-ce
- Implement ciphertext stealing in powerpc/spe-xts
- Add Eric Biggers's scalar accelerated ChaCha code for ARM
- Add accelerated 32r2 code from Zinc for MIPS
- Add OpenSSL/CRYPTOGRAMS poly1305 implementation for ARM and MIPS
Drivers:
- Fix entropy reading failures in ks-sa
- Add support for sam9x60 in atmel
- Add crypto accelerator for amlogic GXL
- Add sun8i-ce Crypto Engine
- Add sun8i-ss cryptographic offloader
- Add a host of algorithms to inside-secure
- Add NPCM RNG driver
- add HiSilicon HPRE accelerator
- Add HiSilicon TRNG driver"
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (285 commits)
crypto: vmx - Avoid weird build failures
crypto: lib/chacha20poly1305 - use chacha20_crypt()
crypto: x86/chacha - only unregister algorithms if registered
crypto: chacha_generic - remove unnecessary setkey() functions
crypto: amlogic - enable working on big endian kernel
crypto: sun8i-ce - enable working on big endian
crypto: mips/chacha - select CRYPTO_SKCIPHER, not CRYPTO_BLKCIPHER
hwrng: ks-sa - Enable COMPILE_TEST
crypto: essiv - remove redundant null pointer check before kfree
crypto: atmel-aes - Change data type for "lastc" buffer
crypto: atmel-tdes - Set the IV after {en,de}crypt
crypto: sun4i-ss - fix big endian issues
crypto: sun4i-ss - hide the Invalid keylen message
crypto: sun4i-ss - use crypto_ahash_digestsize
crypto: sun4i-ss - remove dependency on not 64BIT
crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c
MAINTAINERS: Add maintainer for HiSilicon SEC V2 driver
crypto: hisilicon - add DebugFS for HiSilicon SEC
Documentation: add DebugFS doc for HiSilicon SEC
crypto: hisilicon - add SRIOV for HiSilicon SEC
...
153 lines
5.0 KiB
Plaintext
153 lines
5.0 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0
|
|
|
|
menuconfig ARM_CRYPTO
|
|
bool "ARM Accelerated Cryptographic Algorithms"
|
|
depends on ARM
|
|
help
|
|
Say Y here to choose from a selection of cryptographic algorithms
|
|
implemented using ARM specific CPU features or instructions.
|
|
|
|
if ARM_CRYPTO
|
|
|
|
config CRYPTO_SHA1_ARM
|
|
tristate "SHA1 digest algorithm (ARM-asm)"
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_HASH
|
|
help
|
|
SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
|
|
using optimized ARM assembler.
|
|
|
|
config CRYPTO_SHA1_ARM_NEON
|
|
tristate "SHA1 digest algorithm (ARM NEON)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_SHA1_ARM
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_HASH
|
|
help
|
|
SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
|
|
using optimized ARM NEON assembly, when NEON instructions are
|
|
available.
|
|
|
|
config CRYPTO_SHA1_ARM_CE
|
|
tristate "SHA1 digest algorithm (ARM v8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON && (CC_IS_CLANG || GCC_VERSION >= 40800)
|
|
select CRYPTO_SHA1_ARM
|
|
select CRYPTO_HASH
|
|
help
|
|
SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
|
|
using special ARMv8 Crypto Extensions.
|
|
|
|
config CRYPTO_SHA2_ARM_CE
|
|
tristate "SHA-224/256 digest algorithm (ARM v8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON && (CC_IS_CLANG || GCC_VERSION >= 40800)
|
|
select CRYPTO_SHA256_ARM
|
|
select CRYPTO_HASH
|
|
help
|
|
SHA-256 secure hash standard (DFIPS 180-2) implemented
|
|
using special ARMv8 Crypto Extensions.
|
|
|
|
config CRYPTO_SHA256_ARM
|
|
tristate "SHA-224/256 digest algorithm (ARM-asm and NEON)"
|
|
select CRYPTO_HASH
|
|
depends on !CPU_V7M
|
|
help
|
|
SHA-256 secure hash standard (DFIPS 180-2) implemented
|
|
using optimized ARM assembler and NEON, when available.
|
|
|
|
config CRYPTO_SHA512_ARM
|
|
tristate "SHA-384/512 digest algorithm (ARM-asm and NEON)"
|
|
select CRYPTO_HASH
|
|
depends on !CPU_V7M
|
|
help
|
|
SHA-512 secure hash standard (DFIPS 180-2) implemented
|
|
using optimized ARM assembler and NEON, when available.
|
|
|
|
config CRYPTO_AES_ARM
|
|
tristate "Scalar AES cipher for ARM"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_AES
|
|
help
|
|
Use optimized AES assembler routines for ARM platforms.
|
|
|
|
On ARM processors without the Crypto Extensions, this is the
|
|
fastest AES implementation for single blocks. For multiple
|
|
blocks, the NEON bit-sliced implementation is usually faster.
|
|
|
|
This implementation may be vulnerable to cache timing attacks,
|
|
since it uses lookup tables. However, as countermeasures it
|
|
disables IRQs and preloads the tables; it is hoped this makes
|
|
such attacks very difficult.
|
|
|
|
config CRYPTO_AES_ARM_BS
|
|
tristate "Bit sliced AES using NEON instructions"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_LIB_AES
|
|
select CRYPTO_SIMD
|
|
help
|
|
Use a faster and more secure NEON based implementation of AES in CBC,
|
|
CTR and XTS modes
|
|
|
|
Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode
|
|
and for XTS mode encryption, CBC and XTS mode decryption speedup is
|
|
around 25%. (CBC encryption speed is not affected by this driver.)
|
|
This implementation does not rely on any lookup tables so it is
|
|
believed to be invulnerable to cache timing attacks.
|
|
|
|
config CRYPTO_AES_ARM_CE
|
|
tristate "Accelerated AES using ARMv8 Crypto Extensions"
|
|
depends on KERNEL_MODE_NEON && (CC_IS_CLANG || GCC_VERSION >= 40800)
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_LIB_AES
|
|
select CRYPTO_SIMD
|
|
help
|
|
Use an implementation of AES in CBC, CTR and XTS modes that uses
|
|
ARMv8 Crypto Extensions
|
|
|
|
config CRYPTO_GHASH_ARM_CE
|
|
tristate "PMULL-accelerated GHASH using NEON/ARMv8 Crypto Extensions"
|
|
depends on KERNEL_MODE_NEON && (CC_IS_CLANG || GCC_VERSION >= 40800)
|
|
select CRYPTO_HASH
|
|
select CRYPTO_CRYPTD
|
|
select CRYPTO_GF128MUL
|
|
help
|
|
Use an implementation of GHASH (used by the GCM AEAD chaining mode)
|
|
that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64)
|
|
that is part of the ARMv8 Crypto Extensions, or a slower variant that
|
|
uses the vmull.p8 instruction that is part of the basic NEON ISA.
|
|
|
|
config CRYPTO_CRCT10DIF_ARM_CE
|
|
tristate "CRCT10DIF digest algorithm using PMULL instructions"
|
|
depends on KERNEL_MODE_NEON && (CC_IS_CLANG || GCC_VERSION >= 40800)
|
|
depends on CRC_T10DIF
|
|
select CRYPTO_HASH
|
|
|
|
config CRYPTO_CRC32_ARM_CE
|
|
tristate "CRC32(C) digest algorithm using CRC and/or PMULL instructions"
|
|
depends on KERNEL_MODE_NEON && (CC_IS_CLANG || GCC_VERSION >= 40800)
|
|
depends on CRC32
|
|
select CRYPTO_HASH
|
|
|
|
config CRYPTO_CHACHA20_NEON
|
|
tristate "NEON and scalar accelerated ChaCha stream cipher algorithms"
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_ARCH_HAVE_LIB_CHACHA
|
|
|
|
config CRYPTO_POLY1305_ARM
|
|
tristate "Accelerated scalar and SIMD Poly1305 hash implementations"
|
|
select CRYPTO_HASH
|
|
select CRYPTO_ARCH_HAVE_LIB_POLY1305
|
|
|
|
config CRYPTO_NHPOLY1305_NEON
|
|
tristate "NEON accelerated NHPoly1305 hash function (for Adiantum)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_NHPOLY1305
|
|
|
|
config CRYPTO_CURVE25519_NEON
|
|
tristate "NEON accelerated Curve25519 scalar multiplication library"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_LIB_CURVE25519_GENERIC
|
|
select CRYPTO_ARCH_HAVE_LIB_CURVE25519
|
|
|
|
endif
|