xref: /openbmc/linux/crypto/asymmetric_keys/Kconfig (revision ea47eed33a3fe3d919e6e3cf4e4eb5507b817188)
1# SPDX-License-Identifier: GPL-2.0
2menuconfig ASYMMETRIC_KEY_TYPE
3	bool "Asymmetric (public-key cryptographic) key type"
4	depends on KEYS
5	help
6	  This option provides support for a key type that holds the data for
7	  the asymmetric keys used for public key cryptographic operations such
8	  as encryption, decryption, signature generation and signature
9	  verification.
10
11if ASYMMETRIC_KEY_TYPE
12
13config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
14	tristate "Asymmetric public-key crypto algorithm subtype"
15	select MPILIB
16	select CRYPTO_HASH_INFO
17	select CRYPTO_AKCIPHER
18	help
19	  This option provides support for asymmetric public key type handling.
20	  If signature generation and/or verification are to be used,
21	  appropriate hash algorithms (such as SHA-1) must be available.
22	  ENOPKG will be reported if the requisite algorithm is unavailable.
23
24config X509_CERTIFICATE_PARSER
25	tristate "X.509 certificate parser"
26	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
27	select ASN1
28	select OID_REGISTRY
29	help
30	  This option provides support for parsing X.509 format blobs for key
31	  data and provides the ability to instantiate a crypto key from a
32	  public key packet found inside the certificate.
33
34config PKCS7_MESSAGE_PARSER
35	tristate "PKCS#7 message parser"
36	depends on X509_CERTIFICATE_PARSER
37	select ASN1
38	select OID_REGISTRY
39	help
40	  This option provides support for parsing PKCS#7 format messages for
41	  signature data and provides the ability to verify the signature.
42
43config PKCS7_TEST_KEY
44	tristate "PKCS#7 testing key type"
45	depends on SYSTEM_DATA_VERIFICATION
46	help
47	  This option provides a type of key that can be loaded up from a
48	  PKCS#7 message - provided the message is signed by a trusted key.  If
49	  it is, the PKCS#7 wrapper is discarded and reading the key returns
50	  just the payload.  If it isn't, adding the key will fail with an
51	  error.
52
53	  This is intended for testing the PKCS#7 parser.
54
55config SIGNED_PE_FILE_VERIFICATION
56	bool "Support for PE file signature verification"
57	depends on PKCS7_MESSAGE_PARSER=y
58	depends on SYSTEM_DATA_VERIFICATION
59	select ASN1
60	select OID_REGISTRY
61	help
62	  This option provides support for verifying the signature(s) on a
63	  signed PE binary.
64
65endif # ASYMMETRIC_KEY_TYPE
66