1# SPDX-License-Identifier: GPL-2.0 2menuconfig ASYMMETRIC_KEY_TYPE 3 bool "Asymmetric (public-key cryptographic) key type" 4 depends on KEYS 5 help 6 This option provides support for a key type that holds the data for 7 the asymmetric keys used for public key cryptographic operations such 8 as encryption, decryption, signature generation and signature 9 verification. 10 11if ASYMMETRIC_KEY_TYPE 12 13config ASYMMETRIC_PUBLIC_KEY_SUBTYPE 14 tristate "Asymmetric public-key crypto algorithm subtype" 15 select MPILIB 16 select CRYPTO_HASH_INFO 17 select CRYPTO_AKCIPHER 18 select CRYPTO_SIG 19 select CRYPTO_HASH 20 help 21 This option provides support for asymmetric public key type handling. 22 If signature generation and/or verification are to be used, 23 appropriate hash algorithms (such as SHA-1) must be available. 24 ENOPKG will be reported if the requisite algorithm is unavailable. 25 26config X509_CERTIFICATE_PARSER 27 tristate "X.509 certificate parser" 28 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE 29 select ASN1 30 select OID_REGISTRY 31 help 32 This option provides support for parsing X.509 format blobs for key 33 data and provides the ability to instantiate a crypto key from a 34 public key packet found inside the certificate. 35 36config PKCS8_PRIVATE_KEY_PARSER 37 tristate "PKCS#8 private key parser" 38 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE 39 select ASN1 40 select OID_REGISTRY 41 help 42 This option provides support for parsing PKCS#8 format blobs for 43 private key data and provides the ability to instantiate a crypto key 44 from that data. 45 46config PKCS7_MESSAGE_PARSER 47 tristate "PKCS#7 message parser" 48 depends on X509_CERTIFICATE_PARSER 49 select CRYPTO_HASH 50 select ASN1 51 select OID_REGISTRY 52 help 53 This option provides support for parsing PKCS#7 format messages for 54 signature data and provides the ability to verify the signature. 55 56config PKCS7_TEST_KEY 57 tristate "PKCS#7 testing key type" 58 depends on SYSTEM_DATA_VERIFICATION 59 help 60 This option provides a type of key that can be loaded up from a 61 PKCS#7 message - provided the message is signed by a trusted key. If 62 it is, the PKCS#7 wrapper is discarded and reading the key returns 63 just the payload. If it isn't, adding the key will fail with an 64 error. 65 66 This is intended for testing the PKCS#7 parser. 67 68config SIGNED_PE_FILE_VERIFICATION 69 bool "Support for PE file signature verification" 70 depends on PKCS7_MESSAGE_PARSER=y 71 depends on SYSTEM_DATA_VERIFICATION 72 select CRYPTO_HASH 73 select ASN1 74 select OID_REGISTRY 75 help 76 This option provides support for verifying the signature(s) on a 77 signed PE binary. 78 79config FIPS_SIGNATURE_SELFTEST 80 tristate "Run FIPS selftests on the X.509+PKCS7 signature verification" 81 help 82 This option causes some selftests to be run on the signature 83 verification code, using some built in data. This is required 84 for FIPS. 85 depends on KEYS 86 depends on ASYMMETRIC_KEY_TYPE 87 depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER 88 depends on X509_CERTIFICATE_PARSER 89 depends on CRYPTO_RSA 90 depends on CRYPTO_SHA256 91 92config FIPS_SIGNATURE_SELFTEST_RSA 93 bool 94 default y 95 depends on FIPS_SIGNATURE_SELFTEST 96 depends on CRYPTO_SHA256=y || CRYPTO_SHA256=FIPS_SIGNATURE_SELFTEST 97 depends on CRYPTO_RSA=y || CRYPTO_RSA=FIPS_SIGNATURE_SELFTEST 98 99config FIPS_SIGNATURE_SELFTEST_ECDSA 100 bool 101 default y 102 depends on FIPS_SIGNATURE_SELFTEST 103 depends on CRYPTO_SHA256=y || CRYPTO_SHA256=FIPS_SIGNATURE_SELFTEST 104 depends on CRYPTO_ECDSA=y || CRYPTO_ECDSA=FIPS_SIGNATURE_SELFTEST 105 106endif # ASYMMETRIC_KEY_TYPE 107