xref: /openbmc/linux/crypto/asymmetric_keys/Kconfig (revision b181f7029bd71238ac2754ce7052dffd69432085) 
1b2441318SGreg Kroah-Hartman# SPDX-License-Identifier: GPL-2.0
2964f3b3bSDavid Howellsmenuconfig ASYMMETRIC_KEY_TYPE
399716b7cSDavid Howells	bool "Asymmetric (public-key cryptographic) key type"
4964f3b3bSDavid Howells	depends on KEYS
5964f3b3bSDavid Howells	help
6964f3b3bSDavid Howells	  This option provides support for a key type that holds the data for
7964f3b3bSDavid Howells	  the asymmetric keys used for public key cryptographic operations such
8964f3b3bSDavid Howells	  as encryption, decryption, signature generation and signature
9964f3b3bSDavid Howells	  verification.
10964f3b3bSDavid Howells
11964f3b3bSDavid Howellsif ASYMMETRIC_KEY_TYPE
12964f3b3bSDavid Howells
13a9681bf3SDavid Howellsconfig ASYMMETRIC_PUBLIC_KEY_SUBTYPE
14a9681bf3SDavid Howells	tristate "Asymmetric public-key crypto algorithm subtype"
15a9681bf3SDavid Howells	select MPILIB
163fe78ca2SDmitry Kasatkin	select CRYPTO_HASH_INFO
17bad6a185SArnd Bergmann	select CRYPTO_AKCIPHER
1821c7e458SEric Biggers	select CRYPTO_SIG
1990acc065SArnd Bergmann	select CRYPTO_HASH
20a9681bf3SDavid Howells	help
21a9681bf3SDavid Howells	  This option provides support for asymmetric public key type handling.
22a9681bf3SDavid Howells	  If signature generation and/or verification are to be used,
23a9681bf3SDavid Howells	  appropriate hash algorithms (such as SHA-1) must be available.
24a9681bf3SDavid Howells	  ENOPKG will be reported if the requisite algorithm is unavailable.
25964f3b3bSDavid Howells
26c26fd69fSDavid Howellsconfig X509_CERTIFICATE_PARSER
27c26fd69fSDavid Howells	tristate "X.509 certificate parser"
28c26fd69fSDavid Howells	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
29c26fd69fSDavid Howells	select ASN1
30c26fd69fSDavid Howells	select OID_REGISTRY
31c26fd69fSDavid Howells	help
3245206986SDavid Howells	  This option provides support for parsing X.509 format blobs for key
33c26fd69fSDavid Howells	  data and provides the ability to instantiate a crypto key from a
34c26fd69fSDavid Howells	  public key packet found inside the certificate.
35c26fd69fSDavid Howells
363c58b236SDavid Howellsconfig PKCS8_PRIVATE_KEY_PARSER
373c58b236SDavid Howells	tristate "PKCS#8 private key parser"
383c58b236SDavid Howells	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
393c58b236SDavid Howells	select ASN1
403c58b236SDavid Howells	select OID_REGISTRY
413c58b236SDavid Howells	help
423c58b236SDavid Howells	  This option provides support for parsing PKCS#8 format blobs for
433c58b236SDavid Howells	  private key data and provides the ability to instantiate a crypto key
443c58b236SDavid Howells	  from that data.
453c58b236SDavid Howells
462e3fadbfSDavid Howellsconfig PKCS7_MESSAGE_PARSER
472e3fadbfSDavid Howells	tristate "PKCS#7 message parser"
482e3fadbfSDavid Howells	depends on X509_CERTIFICATE_PARSER
4990acc065SArnd Bergmann	select CRYPTO_HASH
502e3fadbfSDavid Howells	select ASN1
512e3fadbfSDavid Howells	select OID_REGISTRY
522e3fadbfSDavid Howells	help
532e3fadbfSDavid Howells	  This option provides support for parsing PKCS#7 format messages for
542e3fadbfSDavid Howells	  signature data and provides the ability to verify the signature.
552e3fadbfSDavid Howells
5622d01afbSDavid Howellsconfig PKCS7_TEST_KEY
5722d01afbSDavid Howells	tristate "PKCS#7 testing key type"
58e68503bdSDavid Howells	depends on SYSTEM_DATA_VERIFICATION
5922d01afbSDavid Howells	help
6022d01afbSDavid Howells	  This option provides a type of key that can be loaded up from a
6122d01afbSDavid Howells	  PKCS#7 message - provided the message is signed by a trusted key.  If
6222d01afbSDavid Howells	  it is, the PKCS#7 wrapper is discarded and reading the key returns
6322d01afbSDavid Howells	  just the payload.  If it isn't, adding the key will fail with an
6422d01afbSDavid Howells	  error.
6522d01afbSDavid Howells
6622d01afbSDavid Howells	  This is intended for testing the PKCS#7 parser.
6722d01afbSDavid Howells
6826d1164bSDavid Howellsconfig SIGNED_PE_FILE_VERIFICATION
6926d1164bSDavid Howells	bool "Support for PE file signature verification"
7026d1164bSDavid Howells	depends on PKCS7_MESSAGE_PARSER=y
71e68503bdSDavid Howells	depends on SYSTEM_DATA_VERIFICATION
7290acc065SArnd Bergmann	select CRYPTO_HASH
7326d1164bSDavid Howells	select ASN1
7426d1164bSDavid Howells	select OID_REGISTRY
7526d1164bSDavid Howells	help
7626d1164bSDavid Howells	  This option provides support for verifying the signature(s) on a
7726d1164bSDavid Howells	  signed PE binary.
7826d1164bSDavid Howells
793cde3174SDavid Howellsconfig FIPS_SIGNATURE_SELFTEST
80e71d8a3aSHerbert Xu	tristate "Run FIPS selftests on the X.509+PKCS7 signature verification"
813cde3174SDavid Howells	help
823cde3174SDavid Howells	  This option causes some selftests to be run on the signature
833cde3174SDavid Howells	  verification code, using some built in data.  This is required
843cde3174SDavid Howells	  for FIPS.
853cde3174SDavid Howells	depends on KEYS
863cde3174SDavid Howells	depends on ASYMMETRIC_KEY_TYPE
870f5d4a0bSArnd Bergmann	depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER
88e71d8a3aSHerbert Xu	depends on X509_CERTIFICATE_PARSER
89*09133f4bSEric Biggers	depends on CRYPTO_RSA
90*09133f4bSEric Biggers	depends on CRYPTO_SHA256
913cde3174SDavid Howells
92964f3b3bSDavid Howellsendif # ASYMMETRIC_KEY_TYPE
93