0223de3a24
poly_hash is part of the HEH (Hash-Encrypt-Hash) encryption mode, proposed in Internet Draft https://tools.ietf.org/html/draft-cope-heh-01. poly_hash is very similar to GHASH; besides the swapping of the last two coefficients which we opted to handle in the HEH template, poly_hash just uses a different finite field representation. As with GHASH, poly_hash becomes much faster and more secure against timing attacks when implemented using carryless multiplication instructions instead of tables. This patch adds an ARMv8-CE optimized version of poly_hash, based roughly on the existing ARMv8-CE optimized version of GHASH. Benchmark results are shown below, but note that the resistance to timing attacks may be even more important than the performance gain. poly_hash only: poly_hash-generic: 1,000,000 setkey() takes 1185 ms hashing is 328 MB/s poly_hash-ce: 1,000,000 setkey() takes 8 ms hashing is 1756 MB/s heh(aes) with 4096-byte inputs (this is the ideal case, as the improvement is less significant with smaller inputs): encryption with "heh_base(cmac(aes-ce),poly_hash-generic,ecb-aes-ce)": 118 MB/s decryption with "heh_base(cmac(aes-ce),poly_hash-generic,ecb-aes-ce)": 120 MB/s encryption with "heh_base(cmac(aes-ce),poly_hash-ce,ecb-aes-ce)": 291 MB/s decryption with "heh_base(cmac(aes-ce),poly_hash-ce,ecb-aes-ce)": 293 MB/s Bug: 32508661 Signed-off-by: Eric Biggers <ebiggers@google.com> Change-Id: I621ec0e1115df7e6f5cbd7e864a4a9d8d2e94cf2
61 lines
1.8 KiB
Text
61 lines
1.8 KiB
Text
|
|
menuconfig ARM64_CRYPTO
|
|
bool "ARM64 Accelerated Cryptographic Algorithms"
|
|
depends on ARM64
|
|
help
|
|
Say Y here to choose from a selection of cryptographic algorithms
|
|
implemented using ARM64 specific CPU features or instructions.
|
|
|
|
if ARM64_CRYPTO
|
|
|
|
config CRYPTO_SHA1_ARM64_CE
|
|
tristate "SHA-1 digest algorithm (ARMv8 Crypto Extensions)"
|
|
depends on ARM64 && KERNEL_MODE_NEON
|
|
select CRYPTO_HASH
|
|
|
|
config CRYPTO_SHA2_ARM64_CE
|
|
tristate "SHA-224/SHA-256 digest algorithm (ARMv8 Crypto Extensions)"
|
|
depends on ARM64 && KERNEL_MODE_NEON
|
|
select CRYPTO_HASH
|
|
|
|
config CRYPTO_GHASH_ARM64_CE
|
|
tristate "GHASH (for GCM chaining mode) using ARMv8 Crypto Extensions"
|
|
depends on ARM64 && KERNEL_MODE_NEON
|
|
select CRYPTO_HASH
|
|
|
|
config CRYPTO_POLY_HASH_ARM64_CE
|
|
tristate "poly_hash (for HEH encryption mode) using ARMv8 Crypto Extensions"
|
|
depends on ARM64 && KERNEL_MODE_NEON
|
|
select CRYPTO_HASH
|
|
|
|
config CRYPTO_AES_ARM64_CE
|
|
tristate "AES core cipher using ARMv8 Crypto Extensions"
|
|
depends on ARM64 && KERNEL_MODE_NEON
|
|
select CRYPTO_ALGAPI
|
|
|
|
config CRYPTO_AES_ARM64_CE_CCM
|
|
tristate "AES in CCM mode using ARMv8 Crypto Extensions"
|
|
depends on ARM64 && KERNEL_MODE_NEON
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_AES_ARM64_CE
|
|
select CRYPTO_AEAD
|
|
|
|
config CRYPTO_AES_ARM64_CE_BLK
|
|
tristate "AES in ECB/CBC/CTR/XTS modes using ARMv8 Crypto Extensions"
|
|
depends on ARM64 && KERNEL_MODE_NEON
|
|
select CRYPTO_BLKCIPHER
|
|
select CRYPTO_AES_ARM64_CE
|
|
select CRYPTO_ABLK_HELPER
|
|
|
|
config CRYPTO_AES_ARM64_NEON_BLK
|
|
tristate "AES in ECB/CBC/CTR/XTS modes using NEON instructions"
|
|
depends on ARM64 && KERNEL_MODE_NEON
|
|
select CRYPTO_BLKCIPHER
|
|
select CRYPTO_AES
|
|
select CRYPTO_ABLK_HELPER
|
|
|
|
config CRYPTO_CRC32_ARM64
|
|
tristate "CRC32 and CRC32C using optional ARMv8 instructions"
|
|
depends on ARM64
|
|
select CRYPTO_HASH
|
|
endif
|