107 lines · plain
1# SPDX-License-Identifier: GPL-2.02menuconfig ASYMMETRIC_KEY_TYPE3 bool "Asymmetric (public-key cryptographic) key type"4 depends on KEYS5 help6 This option provides support for a key type that holds the data for7 the asymmetric keys used for public key cryptographic operations such8 as encryption, decryption, signature generation and signature9 verification.10 11if ASYMMETRIC_KEY_TYPE12 13config ASYMMETRIC_PUBLIC_KEY_SUBTYPE14 tristate "Asymmetric public-key crypto algorithm subtype"15 select MPILIB16 select CRYPTO_HASH_INFO17 select CRYPTO_AKCIPHER18 select CRYPTO_SIG19 select CRYPTO_HASH20 help21 This option provides support for asymmetric public key type handling.22 If signature generation and/or verification are to be used,23 appropriate hash algorithms (such as SHA-1) must be available.24 ENOPKG will be reported if the requisite algorithm is unavailable.25 26config X509_CERTIFICATE_PARSER27 tristate "X.509 certificate parser"28 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE29 select ASN130 select OID_REGISTRY31 help32 This option provides support for parsing X.509 format blobs for key33 data and provides the ability to instantiate a crypto key from a34 public key packet found inside the certificate.35 36config PKCS8_PRIVATE_KEY_PARSER37 tristate "PKCS#8 private key parser"38 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE39 select ASN140 select OID_REGISTRY41 help42 This option provides support for parsing PKCS#8 format blobs for43 private key data and provides the ability to instantiate a crypto key44 from that data.45 46config PKCS7_MESSAGE_PARSER47 tristate "PKCS#7 message parser"48 depends on X509_CERTIFICATE_PARSER49 select CRYPTO_HASH50 select ASN151 select OID_REGISTRY52 help53 This option provides support for parsing PKCS#7 format messages for54 signature data and provides the ability to verify the signature.55 56config PKCS7_TEST_KEY57 tristate "PKCS#7 testing key type"58 depends on SYSTEM_DATA_VERIFICATION59 help60 This option provides a type of key that can be loaded up from a61 PKCS#7 message - provided the message is signed by a trusted key. If62 it is, the PKCS#7 wrapper is discarded and reading the key returns63 just the payload. If it isn't, adding the key will fail with an64 error.65 66 This is intended for testing the PKCS#7 parser.67 68config SIGNED_PE_FILE_VERIFICATION69 bool "Support for PE file signature verification"70 depends on PKCS7_MESSAGE_PARSER=y71 depends on SYSTEM_DATA_VERIFICATION72 select CRYPTO_HASH73 select ASN174 select OID_REGISTRY75 help76 This option provides support for verifying the signature(s) on a77 signed PE binary.78 79config FIPS_SIGNATURE_SELFTEST80 tristate "Run FIPS selftests on the X.509+PKCS7 signature verification"81 help82 This option causes some selftests to be run on the signature83 verification code, using some built in data. This is required84 for FIPS.85 depends on KEYS86 depends on ASYMMETRIC_KEY_TYPE87 depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER88 depends on X509_CERTIFICATE_PARSER89 depends on CRYPTO_RSA90 depends on CRYPTO_SHA25691 92config FIPS_SIGNATURE_SELFTEST_RSA93 bool94 default y95 depends on FIPS_SIGNATURE_SELFTEST96 depends on CRYPTO_SHA256=y || CRYPTO_SHA256=FIPS_SIGNATURE_SELFTEST97 depends on CRYPTO_RSA=y || CRYPTO_RSA=FIPS_SIGNATURE_SELFTEST98 99config FIPS_SIGNATURE_SELFTEST_ECDSA100 bool101 default y102 depends on FIPS_SIGNATURE_SELFTEST103 depends on CRYPTO_SHA256=y || CRYPTO_SHA256=FIPS_SIGNATURE_SELFTEST104 depends on CRYPTO_ECDSA=y || CRYPTO_ECDSA=FIPS_SIGNATURE_SELFTEST105 106endif # ASYMMETRIC_KEY_TYPE107