xref: /linux/crypto/asymmetric_keys/Kconfig (revision 0f5d4a0b995faa6537c4de79973817a4f8da206a) 
1b2441318SGreg Kroah-Hartman# SPDX-License-Identifier: GPL-2.0
2964f3b3bSDavid Howellsmenuconfig ASYMMETRIC_KEY_TYPE
399716b7cSDavid Howells	bool "Asymmetric (public-key cryptographic) key type"
4964f3b3bSDavid Howells	depends on KEYS
5964f3b3bSDavid Howells	help
6964f3b3bSDavid Howells	  This option provides support for a key type that holds the data for
7964f3b3bSDavid Howells	  the asymmetric keys used for public key cryptographic operations such
8964f3b3bSDavid Howells	  as encryption, decryption, signature generation and signature
9964f3b3bSDavid Howells	  verification.
10964f3b3bSDavid Howells
11964f3b3bSDavid Howellsif ASYMMETRIC_KEY_TYPE
12964f3b3bSDavid Howells
13a9681bf3SDavid Howellsconfig ASYMMETRIC_PUBLIC_KEY_SUBTYPE
14a9681bf3SDavid Howells	tristate "Asymmetric public-key crypto algorithm subtype"
15a9681bf3SDavid Howells	select MPILIB
163fe78ca2SDmitry Kasatkin	select CRYPTO_HASH_INFO
17bad6a185SArnd Bergmann	select CRYPTO_AKCIPHER
1890acc065SArnd Bergmann	select CRYPTO_HASH
19a9681bf3SDavid Howells	help
20a9681bf3SDavid Howells	  This option provides support for asymmetric public key type handling.
21a9681bf3SDavid Howells	  If signature generation and/or verification are to be used,
22a9681bf3SDavid Howells	  appropriate hash algorithms (such as SHA-1) must be available.
23a9681bf3SDavid Howells	  ENOPKG will be reported if the requisite algorithm is unavailable.
24964f3b3bSDavid Howells
25c26fd69fSDavid Howellsconfig X509_CERTIFICATE_PARSER
26c26fd69fSDavid Howells	tristate "X.509 certificate parser"
27c26fd69fSDavid Howells	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
28c26fd69fSDavid Howells	select ASN1
29c26fd69fSDavid Howells	select OID_REGISTRY
30c26fd69fSDavid Howells	help
3145206986SDavid Howells	  This option provides support for parsing X.509 format blobs for key
32c26fd69fSDavid Howells	  data and provides the ability to instantiate a crypto key from a
33c26fd69fSDavid Howells	  public key packet found inside the certificate.
34c26fd69fSDavid Howells
353c58b236SDavid Howellsconfig PKCS8_PRIVATE_KEY_PARSER
363c58b236SDavid Howells	tristate "PKCS#8 private key parser"
373c58b236SDavid Howells	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
383c58b236SDavid Howells	select ASN1
393c58b236SDavid Howells	select OID_REGISTRY
403c58b236SDavid Howells	help
413c58b236SDavid Howells	  This option provides support for parsing PKCS#8 format blobs for
423c58b236SDavid Howells	  private key data and provides the ability to instantiate a crypto key
433c58b236SDavid Howells	  from that data.
443c58b236SDavid Howells
452e3fadbfSDavid Howellsconfig PKCS7_MESSAGE_PARSER
462e3fadbfSDavid Howells	tristate "PKCS#7 message parser"
472e3fadbfSDavid Howells	depends on X509_CERTIFICATE_PARSER
4890acc065SArnd Bergmann	select CRYPTO_HASH
492e3fadbfSDavid Howells	select ASN1
502e3fadbfSDavid Howells	select OID_REGISTRY
512e3fadbfSDavid Howells	help
522e3fadbfSDavid Howells	  This option provides support for parsing PKCS#7 format messages for
532e3fadbfSDavid Howells	  signature data and provides the ability to verify the signature.
542e3fadbfSDavid Howells
5522d01afbSDavid Howellsconfig PKCS7_TEST_KEY
5622d01afbSDavid Howells	tristate "PKCS#7 testing key type"
57e68503bdSDavid Howells	depends on SYSTEM_DATA_VERIFICATION
5822d01afbSDavid Howells	help
5922d01afbSDavid Howells	  This option provides a type of key that can be loaded up from a
6022d01afbSDavid Howells	  PKCS#7 message - provided the message is signed by a trusted key.  If
6122d01afbSDavid Howells	  it is, the PKCS#7 wrapper is discarded and reading the key returns
6222d01afbSDavid Howells	  just the payload.  If it isn't, adding the key will fail with an
6322d01afbSDavid Howells	  error.
6422d01afbSDavid Howells
6522d01afbSDavid Howells	  This is intended for testing the PKCS#7 parser.
6622d01afbSDavid Howells
6726d1164bSDavid Howellsconfig SIGNED_PE_FILE_VERIFICATION
6826d1164bSDavid Howells	bool "Support for PE file signature verification"
6926d1164bSDavid Howells	depends on PKCS7_MESSAGE_PARSER=y
70e68503bdSDavid Howells	depends on SYSTEM_DATA_VERIFICATION
7190acc065SArnd Bergmann	select CRYPTO_HASH
7226d1164bSDavid Howells	select ASN1
7326d1164bSDavid Howells	select OID_REGISTRY
7426d1164bSDavid Howells	help
7526d1164bSDavid Howells	  This option provides support for verifying the signature(s) on a
7626d1164bSDavid Howells	  signed PE binary.
7726d1164bSDavid Howells
783cde3174SDavid Howellsconfig FIPS_SIGNATURE_SELFTEST
793cde3174SDavid Howells	bool "Run FIPS selftests on the X.509+PKCS7 signature verification"
803cde3174SDavid Howells	help
813cde3174SDavid Howells	  This option causes some selftests to be run on the signature
823cde3174SDavid Howells	  verification code, using some built in data.  This is required
833cde3174SDavid Howells	  for FIPS.
843cde3174SDavid Howells	depends on KEYS
853cde3174SDavid Howells	depends on ASYMMETRIC_KEY_TYPE
86*0f5d4a0bSArnd Bergmann	depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER
873cde3174SDavid Howells
88964f3b3bSDavid Howellsendif # ASYMMETRIC_KEY_TYPE
89