1# SPDX-License-Identifier: GPL-2.0 2menuconfig ASYMMETRIC_KEY_TYPE 3 bool "Asymmetric (public-key cryptographic) key type" 4 depends on KEYS 5 help 6 This option provides support for a key type that holds the data for 7 the asymmetric keys used for public key cryptographic operations such 8 as encryption, decryption, signature generation and signature 9 verification. 10 11if ASYMMETRIC_KEY_TYPE 12 13config ASYMMETRIC_PUBLIC_KEY_SUBTYPE 14 tristate "Asymmetric public-key crypto algorithm subtype" 15 select MPILIB 16 select CRYPTO_HASH_INFO 17 select CRYPTO_AKCIPHER 18 select CRYPTO_HASH 19 help 20 This option provides support for asymmetric public key type handling. 21 If signature generation and/or verification are to be used, 22 appropriate hash algorithms (such as SHA-1) must be available. 23 ENOPKG will be reported if the requisite algorithm is unavailable. 24 25config X509_CERTIFICATE_PARSER 26 tristate "X.509 certificate parser" 27 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE 28 select ASN1 29 select OID_REGISTRY 30 help 31 This option provides support for parsing X.509 format blobs for key 32 data and provides the ability to instantiate a crypto key from a 33 public key packet found inside the certificate. 34 35config PKCS8_PRIVATE_KEY_PARSER 36 tristate "PKCS#8 private key parser" 37 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE 38 select ASN1 39 select OID_REGISTRY 40 help 41 This option provides support for parsing PKCS#8 format blobs for 42 private key data and provides the ability to instantiate a crypto key 43 from that data. 44 45config PKCS7_MESSAGE_PARSER 46 tristate "PKCS#7 message parser" 47 depends on X509_CERTIFICATE_PARSER 48 select CRYPTO_HASH 49 select ASN1 50 select OID_REGISTRY 51 help 52 This option provides support for parsing PKCS#7 format messages for 53 signature data and provides the ability to verify the signature. 54 55config PKCS7_TEST_KEY 56 tristate "PKCS#7 testing key type" 57 depends on SYSTEM_DATA_VERIFICATION 58 help 59 This option provides a type of key that can be loaded up from a 60 PKCS#7 message - provided the message is signed by a trusted key. If 61 it is, the PKCS#7 wrapper is discarded and reading the key returns 62 just the payload. If it isn't, adding the key will fail with an 63 error. 64 65 This is intended for testing the PKCS#7 parser. 66 67config SIGNED_PE_FILE_VERIFICATION 68 bool "Support for PE file signature verification" 69 depends on PKCS7_MESSAGE_PARSER=y 70 depends on SYSTEM_DATA_VERIFICATION 71 select CRYPTO_HASH 72 select ASN1 73 select OID_REGISTRY 74 help 75 This option provides support for verifying the signature(s) on a 76 signed PE binary. 77 78config FIPS_SIGNATURE_SELFTEST 79 bool "Run FIPS selftests on the X.509+PKCS7 signature verification" 80 help 81 This option causes some selftests to be run on the signature 82 verification code, using some built in data. This is required 83 for FIPS. 84 depends on KEYS 85 depends on ASYMMETRIC_KEY_TYPE 86 depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER 87 88endif # ASYMMETRIC_KEY_TYPE 89