# SPDX-License-Identifier: GPL-2.0-only

menu "Crypto support"

config CRC32
	bool

config CRC_ITU_T
	bool

config CRC7
	bool

menuconfig DIGEST
	bool "Digest"

if DIGEST

config HAVE_DIGEST_MD5
	bool

config HAVE_DIGEST_SHA1
	bool

config HAVE_DIGEST_SHA224
	bool

config HAVE_DIGEST_SHA256
	bool

config HAVE_DIGEST_SHA384
	bool

config HAVE_DIGEST_SHA512
	bool

config HAVE_DIGEST_HMAC
	bool

config DIGEST_CRC32_GENERIC
	bool "CRC32"
	select CRC32

config DIGEST_MD5_GENERIC
	bool "MD5"
	select HAVE_DIGEST_MD5

config DIGEST_SHA1_GENERIC
	bool "SHA1"
	select HAVE_DIGEST_SHA1

config DIGEST_SHA224_GENERIC
	bool "SHA224"
	select HAVE_DIGEST_SHA224

config DIGEST_SHA256_GENERIC
	bool "SHA256"
	select HAVE_DIGEST_SHA256

config DIGEST_SHA384_GENERIC
	bool "SHA384"
	select HAVE_DIGEST_SHA384

config DIGEST_SHA512_GENERIC
	bool "SHA512"
	select HAVE_DIGEST_SHA512

config DIGEST_HMAC_GENERIC
	bool "HMAC"
	select HAVE_DIGEST_HMAC

config DIGEST_SHA1_ARM
	tristate "SHA1 digest algorithm (ARM-asm)"
	depends on ARM && !CPU_V8
	select HAVE_DIGEST_SHA1
	help
	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
	  using optimized ARM assembler.

config DIGEST_SHA256_ARM
	tristate "SHA-224/256 digest algorithm (ARM-asm and NEON)"
	depends on ARM && !CPU_V8
	select HAVE_DIGEST_SHA256
	select HAVE_DIGEST_SHA224
	help
	  SHA-256 secure hash standard (DFIPS 180-2) implemented
	  using optimized ARM assembler and NEON, when available.

config DIGEST_SHA1_ARM64_CE
	tristate "SHA-1 digest algorithm (ARMv8 Crypto Extensions)"
	depends on CPU_V8
	select HAVE_DIGEST_SHA1
	help
	  SHA-1 secure hash algorithm (FIPS 180)

	  Architecture: arm64 using:
	  - ARMv8 Crypto Extensions

config DIGEST_SHA256_ARM64_CE
	tristate "SHA-224/256 digest algorithm (ARMv8 Crypto Extensions)"
	depends on CPU_V8
	select HAVE_DIGEST_SHA256
	select HAVE_DIGEST_SHA224
	help
	  SHA-224 and SHA-256 secure hash algorithms (FIPS 180)

	  Architecture: arm64 using:
	  - ARMv8 Crypto Extensions

endif

config CRYPTO_PBKDF2
	select DIGEST
	select DIGEST_SHA1_GENERIC
	select DIGEST_HMAC_GENERIC
	bool

config CRYPTO_ECC
	bool

config CRYPTO_RSA
	bool "RSA support"
	default y if FITIMAGE_SIGNATURE

config CRYPTO_ECDSA
	bool "ECDSA support"
	select CRYPTO_ECC

config CRYPTO_BUILTIN_KEYS
	bool "builtin keys"
	select KEYTOC

config CRYPTO_PUBLIC_KEYS
	depends on CRYPTO_BUILTIN_KEYS
	string "public keys to compile in"
	help
	  This option should be a space separated list of filenames of
	  PEM-formatted files containing X.509 certificates to be included into
	  barebox. If an entry starts with "pkcs11:" it is interpreted as a
	  PKCS#11 URI rather than a file. If an entry starts with a <hint>:
	  prefix, <hint> is used as a key name hint to find a key without
	  iterating over all keys.

	  Placeholders such as __ENV__VAR_NAME can be used to look up the
	  corresponding value in the environment variable VAR_NAME for both
	  public key paths/URIs as well as key name hints.

	  Examples specified directly:

	  - CONFIG_CRYPTO_PUBLIC_KEYS="pkcs11:object=foo"
	  - CONFIG_CRYPTO_PUBLIC_KEYS="myhint:pkcs11:object=foo"
	  - CONFIG_CRYPTO_PUBLIC_KEYS="myhint:pkcs11:object=foo /foobar/baz.der"
	  - CONFIG_CRYPTO_PUBLIC_KEYS="myhint:pkcs11:object=foo myotherhint:/foobar/baz.der"

	  Example specified indirectly by two environment variables:

	  - myhint="myhint"
	  - myname="pkcs11:object=foo" (.der could be used too)
	  - CONFIG_CRYPTO_PUBLIC_KEYS="__ENV__myhint:__ENV__myname"

	  Example specified indirectly by a single environment variable:

	  - mykey="myhint:pkcs11:object=foo" (.der could be used too)
	  - CONFIG_CRYPTO_PUBLIC_KEYS="__ENV__mykey"

endmenu
