mirror of
https://github.com/torvalds/linux.git
synced 2026-05-04 06:22:40 -04:00
4d8da35579
Migrate the x86_64 implementation of POLYVAL into lib/crypto/, wiring it up to the POLYVAL library interface. This makes the POLYVAL library be properly optimized on x86_64. This drops the x86_64 optimizations of polyval in the crypto_shash API. That's fine, since polyval will be removed from crypto_shash entirely since it is unneeded there. But even if it comes back, the crypto_shash API could just be implemented on top of the library API, as usual. Adjust the names and prototypes of the assembly functions to align more closely with the rest of the library code. Also replace a movaps instruction with movups to remove the assumption that the key struct is 16-byte aligned. Users can still align the key if they want (and at least in this case, movups is just as fast as movaps), but it's inconvenient to require it. Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20251109234726.638437-6-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org>
380 lines
9.7 KiB
Plaintext
380 lines
9.7 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0
|
|
|
|
menu "Accelerated Cryptographic Algorithms for CPU (x86)"
|
|
|
|
config CRYPTO_AES_NI_INTEL
|
|
tristate "Ciphers: AES, modes: ECB, CBC, CTS, CTR, XCTR, XTS, GCM (AES-NI/VAES)"
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_LIB_AES
|
|
select CRYPTO_LIB_GF128MUL
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_SKCIPHER
|
|
help
|
|
Block cipher: AES cipher algorithms
|
|
AEAD cipher: AES with GCM
|
|
Length-preserving ciphers: AES with ECB, CBC, CTS, CTR, XCTR, XTS
|
|
|
|
Architecture: x86 (32-bit and 64-bit) using:
|
|
- AES-NI (AES new instructions)
|
|
- VAES (Vector AES)
|
|
|
|
Some algorithm implementations are supported only in 64-bit builds,
|
|
and some have additional prerequisites such as AVX2 or AVX512.
|
|
|
|
config CRYPTO_BLOWFISH_X86_64
|
|
tristate "Ciphers: Blowfish, modes: ECB, CBC"
|
|
depends on 64BIT
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_BLOWFISH_COMMON
|
|
imply CRYPTO_CTR
|
|
help
|
|
Block cipher: Blowfish cipher algorithm
|
|
Length-preserving ciphers: Blowfish with ECB and CBC modes
|
|
|
|
Architecture: x86_64
|
|
|
|
config CRYPTO_CAMELLIA_X86_64
|
|
tristate "Ciphers: Camellia with modes: ECB, CBC"
|
|
depends on 64BIT
|
|
select CRYPTO_SKCIPHER
|
|
imply CRYPTO_CTR
|
|
help
|
|
Block cipher: Camellia cipher algorithms
|
|
Length-preserving ciphers: Camellia with ECB and CBC modes
|
|
|
|
Architecture: x86_64
|
|
|
|
config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
|
|
tristate "Ciphers: Camellia with modes: ECB, CBC (AES-NI/AVX)"
|
|
depends on 64BIT
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_CAMELLIA_X86_64
|
|
imply CRYPTO_XTS
|
|
help
|
|
Length-preserving ciphers: Camellia with ECB and CBC modes
|
|
|
|
Architecture: x86_64 using:
|
|
- AES-NI (AES New Instructions)
|
|
- AVX (Advanced Vector Extensions)
|
|
|
|
config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
|
|
tristate "Ciphers: Camellia with modes: ECB, CBC (AES-NI/AVX2)"
|
|
depends on 64BIT
|
|
select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
|
|
help
|
|
Length-preserving ciphers: Camellia with ECB and CBC modes
|
|
|
|
Architecture: x86_64 using:
|
|
- AES-NI (AES New Instructions)
|
|
- AVX2 (Advanced Vector Extensions 2)
|
|
|
|
config CRYPTO_CAST5_AVX_X86_64
|
|
tristate "Ciphers: CAST5 with modes: ECB, CBC (AVX)"
|
|
depends on 64BIT
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_CAST5
|
|
select CRYPTO_CAST_COMMON
|
|
imply CRYPTO_CTR
|
|
help
|
|
Length-preserving ciphers: CAST5 (CAST-128) cipher algorithm
|
|
(RFC2144) with ECB and CBC modes
|
|
|
|
Architecture: x86_64 using:
|
|
- AVX (Advanced Vector Extensions)
|
|
|
|
Processes 16 blocks in parallel.
|
|
|
|
config CRYPTO_CAST6_AVX_X86_64
|
|
tristate "Ciphers: CAST6 with modes: ECB, CBC (AVX)"
|
|
depends on 64BIT
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_CAST6
|
|
select CRYPTO_CAST_COMMON
|
|
imply CRYPTO_XTS
|
|
imply CRYPTO_CTR
|
|
help
|
|
Length-preserving ciphers: CAST6 (CAST-256) cipher algorithm
|
|
(RFC2612) with ECB and CBC modes
|
|
|
|
Architecture: x86_64 using:
|
|
- AVX (Advanced Vector Extensions)
|
|
|
|
Processes eight blocks in parallel.
|
|
|
|
config CRYPTO_DES3_EDE_X86_64
|
|
tristate "Ciphers: Triple DES EDE with modes: ECB, CBC"
|
|
depends on 64BIT
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_LIB_DES
|
|
imply CRYPTO_CTR
|
|
help
|
|
Block cipher: Triple DES EDE (FIPS 46-3) cipher algorithm
|
|
Length-preserving ciphers: Triple DES EDE with ECB and CBC modes
|
|
|
|
Architecture: x86_64
|
|
|
|
Processes one or three blocks in parallel.
|
|
|
|
config CRYPTO_SERPENT_SSE2_X86_64
|
|
tristate "Ciphers: Serpent with modes: ECB, CBC (SSE2)"
|
|
depends on 64BIT
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_SERPENT
|
|
imply CRYPTO_CTR
|
|
help
|
|
Length-preserving ciphers: Serpent cipher algorithm
|
|
with ECB and CBC modes
|
|
|
|
Architecture: x86_64 using:
|
|
- SSE2 (Streaming SIMD Extensions 2)
|
|
|
|
Processes eight blocks in parallel.
|
|
|
|
config CRYPTO_SERPENT_SSE2_586
|
|
tristate "Ciphers: Serpent with modes: ECB, CBC (32-bit with SSE2)"
|
|
depends on !64BIT
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_SERPENT
|
|
imply CRYPTO_CTR
|
|
help
|
|
Length-preserving ciphers: Serpent cipher algorithm
|
|
with ECB and CBC modes
|
|
|
|
Architecture: x86 (32-bit) using:
|
|
- SSE2 (Streaming SIMD Extensions 2)
|
|
|
|
Processes four blocks in parallel.
|
|
|
|
config CRYPTO_SERPENT_AVX_X86_64
|
|
tristate "Ciphers: Serpent with modes: ECB, CBC (AVX)"
|
|
depends on 64BIT
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_SERPENT
|
|
imply CRYPTO_XTS
|
|
imply CRYPTO_CTR
|
|
help
|
|
Length-preserving ciphers: Serpent cipher algorithm
|
|
with ECB and CBC modes
|
|
|
|
Architecture: x86_64 using:
|
|
- AVX (Advanced Vector Extensions)
|
|
|
|
Processes eight blocks in parallel.
|
|
|
|
config CRYPTO_SERPENT_AVX2_X86_64
|
|
tristate "Ciphers: Serpent with modes: ECB, CBC (AVX2)"
|
|
depends on 64BIT
|
|
select CRYPTO_SERPENT_AVX_X86_64
|
|
help
|
|
Length-preserving ciphers: Serpent cipher algorithm
|
|
with ECB and CBC modes
|
|
|
|
Architecture: x86_64 using:
|
|
- AVX2 (Advanced Vector Extensions 2)
|
|
|
|
Processes 16 blocks in parallel.
|
|
|
|
config CRYPTO_SM4_AESNI_AVX_X86_64
|
|
tristate "Ciphers: SM4 with modes: ECB, CBC, CTR (AES-NI/AVX)"
|
|
depends on 64BIT
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_SM4
|
|
help
|
|
Length-preserving ciphers: SM4 cipher algorithms
|
|
(OSCCA GB/T 32907-2016) with ECB, CBC, and CTR modes
|
|
|
|
Architecture: x86_64 using:
|
|
- AES-NI (AES New Instructions)
|
|
- AVX (Advanced Vector Extensions)
|
|
|
|
Through two affine transforms,
|
|
we can use the AES S-Box to simulate the SM4 S-Box to achieve the
|
|
effect of instruction acceleration.
|
|
|
|
If unsure, say N.
|
|
|
|
config CRYPTO_SM4_AESNI_AVX2_X86_64
|
|
tristate "Ciphers: SM4 with modes: ECB, CBC, CTR (AES-NI/AVX2)"
|
|
depends on 64BIT
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_SM4
|
|
select CRYPTO_SM4_AESNI_AVX_X86_64
|
|
help
|
|
Length-preserving ciphers: SM4 cipher algorithms
|
|
(OSCCA GB/T 32907-2016) with ECB, CBC, and CTR modes
|
|
|
|
Architecture: x86_64 using:
|
|
- AES-NI (AES New Instructions)
|
|
- AVX2 (Advanced Vector Extensions 2)
|
|
|
|
Through two affine transforms,
|
|
we can use the AES S-Box to simulate the SM4 S-Box to achieve the
|
|
effect of instruction acceleration.
|
|
|
|
If unsure, say N.
|
|
|
|
config CRYPTO_TWOFISH_586
|
|
tristate "Ciphers: Twofish (32-bit)"
|
|
depends on !64BIT
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_TWOFISH_COMMON
|
|
imply CRYPTO_CTR
|
|
help
|
|
Block cipher: Twofish cipher algorithm
|
|
|
|
Architecture: x86 (32-bit)
|
|
|
|
config CRYPTO_TWOFISH_X86_64
|
|
tristate "Ciphers: Twofish"
|
|
depends on 64BIT
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_TWOFISH_COMMON
|
|
imply CRYPTO_CTR
|
|
help
|
|
Block cipher: Twofish cipher algorithm
|
|
|
|
Architecture: x86_64
|
|
|
|
config CRYPTO_TWOFISH_X86_64_3WAY
|
|
tristate "Ciphers: Twofish with modes: ECB, CBC (3-way parallel)"
|
|
depends on 64BIT
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_TWOFISH_COMMON
|
|
select CRYPTO_TWOFISH_X86_64
|
|
help
|
|
Length-preserving cipher: Twofish cipher algorithm
|
|
with ECB and CBC modes
|
|
|
|
Architecture: x86_64
|
|
|
|
Processes three blocks in parallel, better utilizing resources of
|
|
out-of-order CPUs.
|
|
|
|
config CRYPTO_TWOFISH_AVX_X86_64
|
|
tristate "Ciphers: Twofish with modes: ECB, CBC (AVX)"
|
|
depends on 64BIT
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_TWOFISH_COMMON
|
|
select CRYPTO_TWOFISH_X86_64
|
|
select CRYPTO_TWOFISH_X86_64_3WAY
|
|
imply CRYPTO_XTS
|
|
help
|
|
Length-preserving cipher: Twofish cipher algorithm
|
|
with ECB and CBC modes
|
|
|
|
Architecture: x86_64 using:
|
|
- AVX (Advanced Vector Extensions)
|
|
|
|
Processes eight blocks in parallel.
|
|
|
|
config CRYPTO_ARIA_AESNI_AVX_X86_64
|
|
tristate "Ciphers: ARIA with modes: ECB, CTR (AES-NI/AVX/GFNI)"
|
|
depends on 64BIT
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_ARIA
|
|
help
|
|
Length-preserving cipher: ARIA cipher algorithms
|
|
(RFC 5794) with ECB and CTR modes
|
|
|
|
Architecture: x86_64 using:
|
|
- AES-NI (AES New Instructions)
|
|
- AVX (Advanced Vector Extensions)
|
|
- GFNI (Galois Field New Instructions)
|
|
|
|
Processes 16 blocks in parallel.
|
|
|
|
config CRYPTO_ARIA_AESNI_AVX2_X86_64
|
|
tristate "Ciphers: ARIA with modes: ECB, CTR (AES-NI/AVX2/GFNI)"
|
|
depends on 64BIT
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_ARIA
|
|
select CRYPTO_ARIA_AESNI_AVX_X86_64
|
|
help
|
|
Length-preserving cipher: ARIA cipher algorithms
|
|
(RFC 5794) with ECB and CTR modes
|
|
|
|
Architecture: x86_64 using:
|
|
- AES-NI (AES New Instructions)
|
|
- AVX2 (Advanced Vector Extensions)
|
|
- GFNI (Galois Field New Instructions)
|
|
|
|
Processes 32 blocks in parallel.
|
|
|
|
config CRYPTO_ARIA_GFNI_AVX512_X86_64
|
|
tristate "Ciphers: ARIA with modes: ECB, CTR (AVX512/GFNI)"
|
|
depends on 64BIT
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_ARIA
|
|
select CRYPTO_ARIA_AESNI_AVX_X86_64
|
|
select CRYPTO_ARIA_AESNI_AVX2_X86_64
|
|
help
|
|
Length-preserving cipher: ARIA cipher algorithms
|
|
(RFC 5794) with ECB and CTR modes
|
|
|
|
Architecture: x86_64 using:
|
|
- AVX512 (Advanced Vector Extensions)
|
|
- GFNI (Galois Field New Instructions)
|
|
|
|
Processes 64 blocks in parallel.
|
|
|
|
config CRYPTO_AEGIS128_AESNI_SSE2
|
|
tristate "AEAD ciphers: AEGIS-128 (AES-NI/SSE4.1)"
|
|
depends on 64BIT
|
|
select CRYPTO_AEAD
|
|
help
|
|
AEGIS-128 AEAD algorithm
|
|
|
|
Architecture: x86_64 using:
|
|
- AES-NI (AES New Instructions)
|
|
- SSE4.1 (Streaming SIMD Extensions 4.1)
|
|
|
|
config CRYPTO_NHPOLY1305_SSE2
|
|
tristate "Hash functions: NHPoly1305 (SSE2)"
|
|
depends on 64BIT
|
|
select CRYPTO_NHPOLY1305
|
|
help
|
|
NHPoly1305 hash function for Adiantum
|
|
|
|
Architecture: x86_64 using:
|
|
- SSE2 (Streaming SIMD Extensions 2)
|
|
|
|
config CRYPTO_NHPOLY1305_AVX2
|
|
tristate "Hash functions: NHPoly1305 (AVX2)"
|
|
depends on 64BIT
|
|
select CRYPTO_NHPOLY1305
|
|
help
|
|
NHPoly1305 hash function for Adiantum
|
|
|
|
Architecture: x86_64 using:
|
|
- AVX2 (Advanced Vector Extensions 2)
|
|
|
|
config CRYPTO_SM3_AVX_X86_64
|
|
tristate "Hash functions: SM3 (AVX)"
|
|
depends on 64BIT
|
|
select CRYPTO_HASH
|
|
select CRYPTO_LIB_SM3
|
|
help
|
|
SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3
|
|
|
|
Architecture: x86_64 using:
|
|
- AVX (Advanced Vector Extensions)
|
|
|
|
If unsure, say N.
|
|
|
|
config CRYPTO_GHASH_CLMUL_NI_INTEL
|
|
tristate "Hash functions: GHASH (CLMUL-NI)"
|
|
depends on 64BIT
|
|
select CRYPTO_CRYPTD
|
|
help
|
|
GCM GHASH hash function (NIST SP800-38D)
|
|
|
|
Architecture: x86_64 using:
|
|
- CLMUL-NI (carry-less multiplication new instructions)
|
|
|
|
endmenu
|