~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,27 +1,28 @@
	1	+# SPDX-License-Identifier: GPL-2.0-only
1	2	#
2	3	# XFRM configuration
3	4	#
4	5	config XFRM
5		- bool
6		- depends on NET
7		- select GRO_CELLS
	6	+ bool
	7	+ depends on INET
	8	+ select GRO_CELLS
	9	+ select SKB_EXTENSIONS
8	10
9	11	config XFRM_OFFLOAD
10		- bool
11		- depends on XFRM
	12	+ bool
12	13
13	14	config XFRM_ALGO
14	15	tristate
15	16	select XFRM
16	17	select CRYPTO
17	18	select CRYPTO_HASH
18		- select CRYPTO_BLKCIPHER
	19	+ select CRYPTO_SKCIPHER
19	20
	21	+if INET
20	22	config XFRM_USER
21	23	tristate "Transformation user configuration interface"
22		- depends on INET
23	24	select XFRM_ALGO
24		- ---help---
	25	+ help
25	26	Support for Transformation(XFRM) user configuration interface
26	27	like IPsec used by native Linux tools.
27	28
..	..	@@ -41,7 +42,7 @@
41	42	config XFRM_INTERFACE
42	43	tristate "Transformation virtual interface"
43	44	depends on XFRM && IPV6
44		- ---help---
	45	+ help
45	46	This provides a virtual interface to route IPsec traffic.
46	47
47	48	If unsure, say N.
..	..	@@ -49,7 +50,7 @@
49	50	config XFRM_SUB_POLICY
50	51	bool "Transformation sub policy support"
51	52	depends on XFRM
52		- ---help---
	53	+ help
53	54	Support sub policy for developers. By using sub policy with main
54	55	one, two policies can be applied to the same packet at once.
55	56	Policy which lives shorter time in kernel should be a sub.
..	..	@@ -59,7 +60,7 @@
59	60	config XFRM_MIGRATE
60	61	bool "Transformation migrate database"
61	62	depends on XFRM
62		- ---help---
	63	+ help
63	64	A feature to update locator(s) of a given IPsec security
64	65	association dynamically. This feature is required, for
65	66	instance, in a Mobile IPv6 environment with IPsec configuration
..	..	@@ -69,13 +70,37 @@
69	70
70	71	config XFRM_STATISTICS
71	72	bool "Transformation statistics"
72		- depends on INET && XFRM && PROC_FS
73		- ---help---
	73	+ depends on XFRM && PROC_FS
	74	+ help
74	75	This statistics is not a SNMP/MIB specification but shows
75	76	statistics about transformation error (or almost error) factor
76	77	at packet processing for developer.
77	78
78	79	If unsure, say N.
	80	+
	81	+# This option selects XFRM_ALGO along with the AH authentication algorithms that
	82	+# RFC 8221 lists as MUST be implemented.
	83	+config XFRM_AH
	84	+ tristate
	85	+ select XFRM_ALGO
	86	+ select CRYPTO
	87	+ select CRYPTO_HMAC
	88	+ select CRYPTO_SHA256
	89	+
	90	+# This option selects XFRM_ALGO along with the ESP encryption and authentication
	91	+# algorithms that RFC 8221 lists as MUST be implemented.
	92	+config XFRM_ESP
	93	+ tristate
	94	+ select XFRM_ALGO
	95	+ select CRYPTO
	96	+ select CRYPTO_AES
	97	+ select CRYPTO_AUTHENC
	98	+ select CRYPTO_CBC
	99	+ select CRYPTO_ECHAINIV
	100	+ select CRYPTO_GCM
	101	+ select CRYPTO_HMAC
	102	+ select CRYPTO_SEQIV
	103	+ select CRYPTO_SHA256
79	104
80	105	config XFRM_IPCOMP
81	106	tristate
..	..	@@ -86,7 +111,7 @@
86	111	config NET_KEY
87	112	tristate "PF_KEY sockets"
88	113	select XFRM_ALGO
89		- ---help---
	114	+ help
90	115	PF_KEYv2 socket family, compatible to KAME ones.
91	116	They are required if you are going to use IPsec tools ported
92	117	from KAME.
..	..	@@ -97,7 +122,7 @@
97	122	bool "PF_KEY MIGRATE"
98	123	depends on NET_KEY
99	124	select XFRM_MIGRATE
100		- ---help---
	125	+ help
101	126	Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
102	127	The PF_KEY MIGRATE message is used to dynamically update
103	128	locator(s) of a given IPsec security association.
..	..	@@ -108,3 +133,8 @@
108	133	<draft-sugimoto-mip6-pfkey-migrate>.
109	134
110	135	If unsure, say N.
	136	+
	137	+config XFRM_ESPINTCP
	138	+ bool
	139	+
	140	+endif # INET