| blob | e1345b8f39f132ef532bf9418c2718b5a04197ea |
1 # SPDX-License-Identifier: GPL-2.0
2 menuconfig ASYMMETRIC_KEY_TYPE
3 bool "Asymmetric (public-key cryptographic) key type"
4 depends on KEYS
5 help
6 This option provides support for a key type that holds the data for
7 the asymmetric keys used for public key cryptographic operations such
8 as encryption, decryption, signature generation and signature
9 verification.
11 if ASYMMETRIC_KEY_TYPE
13 config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
14 tristate "Asymmetric public-key crypto algorithm subtype"
15 select MPILIB
16 select CRYPTO_HASH_INFO
17 select CRYPTO_AKCIPHER
18 select CRYPTO_SIG
19 select CRYPTO_HASH
20 help
21 This option provides support for asymmetric public key type handling.
22 If signature generation and/or verification are to be used,
23 appropriate hash algorithms (such as SHA-1) must be available.
24 ENOPKG will be reported if the requisite algorithm is unavailable.
26 config X509_CERTIFICATE_PARSER
27 tristate "X.509 certificate parser"
28 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
29 select ASN1
30 select OID_REGISTRY
31 help
32 This option provides support for parsing X.509 format blobs for key
33 data and provides the ability to instantiate a crypto key from a
34 public key packet found inside the certificate.
36 config PKCS8_PRIVATE_KEY_PARSER
37 tristate "PKCS#8 private key parser"
38 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
39 select ASN1
40 select OID_REGISTRY
41 help
42 This option provides support for parsing PKCS#8 format blobs for
43 private key data and provides the ability to instantiate a crypto key
44 from that data.
46 config PKCS7_MESSAGE_PARSER
47 tristate "PKCS#7 message parser"
48 depends on X509_CERTIFICATE_PARSER
49 select CRYPTO_HASH
50 select ASN1
51 select OID_REGISTRY
52 help
53 This option provides support for parsing PKCS#7 format messages for
54 signature data and provides the ability to verify the signature.
56 config PKCS7_TEST_KEY
57 tristate "PKCS#7 testing key type"
58 depends on SYSTEM_DATA_VERIFICATION
59 help
60 This option provides a type of key that can be loaded up from a
61 PKCS#7 message - provided the message is signed by a trusted key. If
62 it is, the PKCS#7 wrapper is discarded and reading the key returns
63 just the payload. If it isn't, adding the key will fail with an
64 error.
66 This is intended for testing the PKCS#7 parser.
68 config SIGNED_PE_FILE_VERIFICATION
69 bool "Support for PE file signature verification"
70 depends on PKCS7_MESSAGE_PARSER=y
71 depends on SYSTEM_DATA_VERIFICATION
72 select CRYPTO_HASH
73 select ASN1
74 select OID_REGISTRY
75 help
76 This option provides support for verifying the signature(s) on a
77 signed PE binary.
79 config FIPS_SIGNATURE_SELFTEST
80 tristate "Run FIPS selftests on the X.509+PKCS7 signature verification"
81 help
82 This option causes some selftests to be run on the signature
83 verification code, using some built in data. This is required
84 for FIPS.
85 depends on KEYS
86 depends on ASYMMETRIC_KEY_TYPE
87 depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER
88 depends on X509_CERTIFICATE_PARSER
89 depends on CRYPTO_RSA
90 depends on CRYPTO_SHA256
92 config FIPS_SIGNATURE_SELFTEST_RSA
93 bool
94 default y
95 depends on FIPS_SIGNATURE_SELFTEST
96 depends on CRYPTO_SHA256=y || CRYPTO_SHA256=FIPS_SIGNATURE_SELFTEST
97 depends on CRYPTO_RSA=y || CRYPTO_RSA=FIPS_SIGNATURE_SELFTEST
99 config FIPS_SIGNATURE_SELFTEST_ECDSA
100 bool
101 default y
102 depends on FIPS_SIGNATURE_SELFTEST
103 depends on CRYPTO_SHA256=y || CRYPTO_SHA256=FIPS_SIGNATURE_SELFTEST
104 depends on CRYPTO_ECDSA=y || CRYPTO_ECDSA=FIPS_SIGNATURE_SELFTEST
106 endif # ASYMMETRIC_KEY_TYPE