[thirdparty/kernel/stable.git] / crypto / asymmetric_keys / Kconfig

# SPDX-License-Identifier: GPL-2.0
menuconfig ASYMMETRIC_KEY_TYPE
	bool "Asymmetric (public-key cryptographic) key type"
	depends on KEYS
	help
	  This option provides support for a key type that holds the data for
	  the asymmetric keys used for public key cryptographic operations such
	  as encryption, decryption, signature generation and signature
	  verification.

if ASYMMETRIC_KEY_TYPE

config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	tristate "Asymmetric public-key crypto algorithm subtype"
	select MPILIB
	select CRYPTO_HASH_INFO
	select CRYPTO_AKCIPHER
	help
	  This option provides support for asymmetric public key type handling.
	  If signature generation and/or verification are to be used,
	  appropriate hash algorithms (such as SHA-1) must be available.
	  ENOPKG will be reported if the requisite algorithm is unavailable.

config ASYMMETRIC_TPM_KEY_SUBTYPE
	tristate "Asymmetric TPM backed private key subtype"
	depends on TCG_TPM
	depends on TRUSTED_KEYS
	select CRYPTO_HMAC
	select CRYPTO_SHA1
	select CRYPTO_HASH_INFO
	help
	  This option provides support for TPM backed private key type handling.
	  Operations such as sign, verify, encrypt, decrypt are performed by
	  the TPM after the private key is loaded.

config X509_CERTIFICATE_PARSER
	tristate "X.509 certificate parser"
	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for parsing X.509 format blobs for key
	  data and provides the ability to instantiate a crypto key from a
	  public key packet found inside the certificate.

config PKCS8_PRIVATE_KEY_PARSER
	tristate "PKCS#8 private key parser"
	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for parsing PKCS#8 format blobs for
	  private key data and provides the ability to instantiate a crypto key
	  from that data.

config TPM_KEY_PARSER
	tristate "TPM private key parser"
	depends on ASYMMETRIC_TPM_KEY_SUBTYPE
	select ASN1
	help
	  This option provides support for parsing TPM format blobs for
	  private key data and provides the ability to instantiate a crypto key
	  from that data.

config PKCS7_MESSAGE_PARSER
	tristate "PKCS#7 message parser"
	depends on X509_CERTIFICATE_PARSER
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for parsing PKCS#7 format messages for
	  signature data and provides the ability to verify the signature.

config PKCS7_TEST_KEY
	tristate "PKCS#7 testing key type"
	depends on SYSTEM_DATA_VERIFICATION
	help
	  This option provides a type of key that can be loaded up from a
	  PKCS#7 message - provided the message is signed by a trusted key.  If
	  it is, the PKCS#7 wrapper is discarded and reading the key returns
	  just the payload.  If it isn't, adding the key will fail with an
	  error.

	  This is intended for testing the PKCS#7 parser.

config SIGNED_PE_FILE_VERIFICATION
	bool "Support for PE file signature verification"
	depends on PKCS7_MESSAGE_PARSER=y
	depends on SYSTEM_DATA_VERIFICATION
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for verifying the signature(s) on a
	  signed PE binary.

endif # ASYMMETRIC_KEY_TYPE
Commit	Line	Data
b2441318	1	# SPDX-License-Identifier: GPL-2.0
964f3b3b	2	menuconfig ASYMMETRIC_KEY_TYPE
99716b7c	3	bool "Asymmetric (public-key cryptographic) key type"
964f3b3b DH	4	depends on KEYS
	5	help
	6	This option provides support for a key type that holds the data for
	7	the asymmetric keys used for public key cryptographic operations such
	8	as encryption, decryption, signature generation and signature
	9	verification.
	10
	11	if ASYMMETRIC_KEY_TYPE
	12
a9681bf3 DH	13	config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	14	tristate "Asymmetric public-key crypto algorithm subtype"
	15	select MPILIB
3fe78ca2	16	select CRYPTO_HASH_INFO
bad6a185	17	select CRYPTO_AKCIPHER
a9681bf3 DH	18	help
	19	This option provides support for asymmetric public key type handling.
	20	If signature generation and/or verification are to be used,
	21	appropriate hash algorithms (such as SHA-1) must be available.
	22	ENOPKG will be reported if the requisite algorithm is unavailable.
964f3b3b	23
903be6bb DK	24	config ASYMMETRIC_TPM_KEY_SUBTYPE
	25	tristate "Asymmetric TPM backed private key subtype"
	26	depends on TCG_TPM
e1ea9f86	27	depends on TRUSTED_KEYS
903be6bb DK	28	select CRYPTO_HMAC
	29	select CRYPTO_SHA1
	30	select CRYPTO_HASH_INFO
	31	help
	32	This option provides support for TPM backed private key type handling.
	33	Operations such as sign, verify, encrypt, decrypt are performed by
	34	the TPM after the private key is loaded.
	35
c26fd69f DH	36	config X509_CERTIFICATE_PARSER
	37	tristate "X.509 certificate parser"
	38	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	39	select ASN1
	40	select OID_REGISTRY
	41	help
45206986	42	This option provides support for parsing X.509 format blobs for key
c26fd69f DH	43	data and provides the ability to instantiate a crypto key from a
	44	public key packet found inside the certificate.
	45
3c58b236 DH	46	config PKCS8_PRIVATE_KEY_PARSER
	47	tristate "PKCS#8 private key parser"
	48	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	49	select ASN1
	50	select OID_REGISTRY
	51	help
	52	This option provides support for parsing PKCS#8 format blobs for
	53	private key data and provides the ability to instantiate a crypto key
	54	from that data.
	55
d5e72745 DK	56	config TPM_KEY_PARSER
	57	tristate "TPM private key parser"
	58	depends on ASYMMETRIC_TPM_KEY_SUBTYPE
	59	select ASN1
	60	help
	61	This option provides support for parsing TPM format blobs for
	62	private key data and provides the ability to instantiate a crypto key
	63	from that data.
	64
2e3fadbf DH	65	config PKCS7_MESSAGE_PARSER
	66	tristate "PKCS#7 message parser"
	67	depends on X509_CERTIFICATE_PARSER
	68	select ASN1
	69	select OID_REGISTRY
	70	help
	71	This option provides support for parsing PKCS#7 format messages for
	72	signature data and provides the ability to verify the signature.
	73
22d01afb DH	74	config PKCS7_TEST_KEY
22d01afb DH	75	tristate "PKCS#7 testing key type"
e68503bd	76	depends on SYSTEM_DATA_VERIFICATION
22d01afb DH	77	help
	78	This option provides a type of key that can be loaded up from a
	79	PKCS#7 message - provided the message is signed by a trusted key. If
	80	it is, the PKCS#7 wrapper is discarded and reading the key returns
	81	just the payload. If it isn't, adding the key will fail with an
	82	error.
	83
	84	This is intended for testing the PKCS#7 parser.
	85
26d1164b DH	86	config SIGNED_PE_FILE_VERIFICATION
	87	bool "Support for PE file signature verification"
	88	depends on PKCS7_MESSAGE_PARSER=y
e68503bd	89	depends on SYSTEM_DATA_VERIFICATION
26d1164b DH	90	select ASN1
	91	select OID_REGISTRY
	92	help
	93	This option provides support for verifying the signature(s) on a
	94	signed PE binary.
	95
964f3b3b	96	endif # ASYMMETRIC_KEY_TYPE