1b2441318SGreg Kroah-Hartman# SPDX-License-Identifier: GPL-2.0 2964f3b3bSDavid Howellsmenuconfig ASYMMETRIC_KEY_TYPE 399716b7cSDavid Howells bool "Asymmetric (public-key cryptographic) key type" 4964f3b3bSDavid Howells depends on KEYS 5964f3b3bSDavid Howells help 6964f3b3bSDavid Howells This option provides support for a key type that holds the data for 7964f3b3bSDavid Howells the asymmetric keys used for public key cryptographic operations such 8964f3b3bSDavid Howells as encryption, decryption, signature generation and signature 9964f3b3bSDavid Howells verification. 10964f3b3bSDavid Howells 11964f3b3bSDavid Howellsif ASYMMETRIC_KEY_TYPE 12964f3b3bSDavid Howells 13a9681bf3SDavid Howellsconfig ASYMMETRIC_PUBLIC_KEY_SUBTYPE 14a9681bf3SDavid Howells tristate "Asymmetric public-key crypto algorithm subtype" 15a9681bf3SDavid Howells select MPILIB 163fe78ca2SDmitry Kasatkin select CRYPTO_HASH_INFO 17bad6a185SArnd Bergmann select CRYPTO_AKCIPHER 18dcaa86b9SEric Biggers select CRYPTO_SIG 1990acc065SArnd Bergmann select CRYPTO_HASH 20a9681bf3SDavid Howells help 21a9681bf3SDavid Howells This option provides support for asymmetric public key type handling. 22a9681bf3SDavid Howells If signature generation and/or verification are to be used, 23a9681bf3SDavid Howells appropriate hash algorithms (such as SHA-1) must be available. 24a9681bf3SDavid Howells ENOPKG will be reported if the requisite algorithm is unavailable. 25964f3b3bSDavid Howells 26c26fd69fSDavid Howellsconfig X509_CERTIFICATE_PARSER 27c26fd69fSDavid Howells tristate "X.509 certificate parser" 28c26fd69fSDavid Howells depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE 29c26fd69fSDavid Howells select ASN1 30c26fd69fSDavid Howells select OID_REGISTRY 31c26fd69fSDavid Howells help 3245206986SDavid Howells This option provides support for parsing X.509 format blobs for key 33c26fd69fSDavid Howells data and provides the ability to instantiate a crypto key from a 34c26fd69fSDavid Howells public key packet found inside the certificate. 35c26fd69fSDavid Howells 363c58b236SDavid Howellsconfig PKCS8_PRIVATE_KEY_PARSER 373c58b236SDavid Howells tristate "PKCS#8 private key parser" 383c58b236SDavid Howells depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE 393c58b236SDavid Howells select ASN1 403c58b236SDavid Howells select OID_REGISTRY 413c58b236SDavid Howells help 423c58b236SDavid Howells This option provides support for parsing PKCS#8 format blobs for 433c58b236SDavid Howells private key data and provides the ability to instantiate a crypto key 443c58b236SDavid Howells from that data. 453c58b236SDavid Howells 462e3fadbfSDavid Howellsconfig PKCS7_MESSAGE_PARSER 472e3fadbfSDavid Howells tristate "PKCS#7 message parser" 482e3fadbfSDavid Howells depends on X509_CERTIFICATE_PARSER 4990acc065SArnd Bergmann select CRYPTO_HASH 502e3fadbfSDavid Howells select ASN1 512e3fadbfSDavid Howells select OID_REGISTRY 522e3fadbfSDavid Howells help 532e3fadbfSDavid Howells This option provides support for parsing PKCS#7 format messages for 542e3fadbfSDavid Howells signature data and provides the ability to verify the signature. 552e3fadbfSDavid Howells 5622d01afbSDavid Howellsconfig PKCS7_TEST_KEY 5722d01afbSDavid Howells tristate "PKCS#7 testing key type" 58e68503bdSDavid Howells depends on SYSTEM_DATA_VERIFICATION 5922d01afbSDavid Howells help 6022d01afbSDavid Howells This option provides a type of key that can be loaded up from a 6122d01afbSDavid Howells PKCS#7 message - provided the message is signed by a trusted key. If 6222d01afbSDavid Howells it is, the PKCS#7 wrapper is discarded and reading the key returns 6322d01afbSDavid Howells just the payload. If it isn't, adding the key will fail with an 6422d01afbSDavid Howells error. 6522d01afbSDavid Howells 6622d01afbSDavid Howells This is intended for testing the PKCS#7 parser. 6722d01afbSDavid Howells 6826d1164bSDavid Howellsconfig SIGNED_PE_FILE_VERIFICATION 6926d1164bSDavid Howells bool "Support for PE file signature verification" 7026d1164bSDavid Howells depends on PKCS7_MESSAGE_PARSER=y 71e68503bdSDavid Howells depends on SYSTEM_DATA_VERIFICATION 7290acc065SArnd Bergmann select CRYPTO_HASH 7326d1164bSDavid Howells select ASN1 7426d1164bSDavid Howells select OID_REGISTRY 7526d1164bSDavid Howells help 7626d1164bSDavid Howells This option provides support for verifying the signature(s) on a 7726d1164bSDavid Howells signed PE binary. 7826d1164bSDavid Howells 793cde3174SDavid Howellsconfig FIPS_SIGNATURE_SELFTEST 8004a93202SHerbert Xu tristate "Run FIPS selftests on the X.509+PKCS7 signature verification" 813cde3174SDavid Howells help 823cde3174SDavid Howells This option causes some selftests to be run on the signature 833cde3174SDavid Howells verification code, using some built in data. This is required 843cde3174SDavid Howells for FIPS. 853cde3174SDavid Howells depends on KEYS 863cde3174SDavid Howells depends on ASYMMETRIC_KEY_TYPE 870f5d4a0bSArnd Bergmann depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER 8804a93202SHerbert Xu depends on X509_CERTIFICATE_PARSER 899d2fd8bdSEric Biggers depends on CRYPTO_RSA 909d2fd8bdSEric Biggers depends on CRYPTO_SHA256 913cde3174SDavid Howells 928cd9f234SJoachim Vandersmissenconfig FIPS_SIGNATURE_SELFTEST_RSA 938cd9f234SJoachim Vandersmissen bool 948cd9f234SJoachim Vandersmissen default y 958cd9f234SJoachim Vandersmissen depends on FIPS_SIGNATURE_SELFTEST 968cd9f234SJoachim Vandersmissen depends on CRYPTO_SHA256=y || CRYPTO_SHA256=FIPS_SIGNATURE_SELFTEST 978cd9f234SJoachim Vandersmissen depends on CRYPTO_RSA=y || CRYPTO_RSA=FIPS_SIGNATURE_SELFTEST 988cd9f234SJoachim Vandersmissen 99*747ae818SJoachim Vandersmissenconfig FIPS_SIGNATURE_SELFTEST_ECDSA 100*747ae818SJoachim Vandersmissen bool 101*747ae818SJoachim Vandersmissen default y 102*747ae818SJoachim Vandersmissen depends on FIPS_SIGNATURE_SELFTEST 103*747ae818SJoachim Vandersmissen depends on CRYPTO_SHA256=y || CRYPTO_SHA256=FIPS_SIGNATURE_SELFTEST 104*747ae818SJoachim Vandersmissen depends on CRYPTO_ECDSA=y || CRYPTO_ECDSA=FIPS_SIGNATURE_SELFTEST 105*747ae818SJoachim Vandersmissen 106964f3b3bSDavid Howellsendif # ASYMMETRIC_KEY_TYPE 107