1 # SPDX-License-Identifier: GPL-2.0
2 menuconfig ASYMMETRIC_KEY_TYPE
3 bool "Asymmetric (public-key cryptographic) key type"
6 This option provides support for a key type that holds the data for
7 the asymmetric keys used for public key cryptographic operations such
8 as encryption, decryption, signature generation and signature
11 if ASYMMETRIC_KEY_TYPE
13 config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
14 tristate "Asymmetric public-key crypto algorithm subtype"
16 select CRYPTO_HASH_INFO
17 select CRYPTO_AKCIPHER
20 This option provides support for asymmetric public key type handling.
21 If signature generation and/or verification are to be used,
22 appropriate hash algorithms (such as SHA-1) must be available.
23 ENOPKG will be reported if the requisite algorithm is unavailable.
25 config X509_CERTIFICATE_PARSER
26 tristate "X.509 certificate parser"
27 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
31 This option provides support for parsing X.509 format blobs for key
32 data and provides the ability to instantiate a crypto key from a
33 public key packet found inside the certificate.
35 config PKCS8_PRIVATE_KEY_PARSER
36 tristate "PKCS#8 private key parser"
37 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
41 This option provides support for parsing PKCS#8 format blobs for
42 private key data and provides the ability to instantiate a crypto key
45 config PKCS7_MESSAGE_PARSER
46 tristate "PKCS#7 message parser"
47 depends on X509_CERTIFICATE_PARSER
52 This option provides support for parsing PKCS#7 format messages for
53 signature data and provides the ability to verify the signature.
56 tristate "PKCS#7 testing key type"
57 depends on SYSTEM_DATA_VERIFICATION
59 This option provides a type of key that can be loaded up from a
60 PKCS#7 message - provided the message is signed by a trusted key. If
61 it is, the PKCS#7 wrapper is discarded and reading the key returns
62 just the payload. If it isn't, adding the key will fail with an
65 This is intended for testing the PKCS#7 parser.
67 config SIGNED_PE_FILE_VERIFICATION
68 bool "Support for PE file signature verification"
69 depends on PKCS7_MESSAGE_PARSER=y
70 depends on SYSTEM_DATA_VERIFICATION
75 This option provides support for verifying the signature(s) on a
78 config FIPS_SIGNATURE_SELFTEST
79 bool "Run FIPS selftests on the X.509+PKCS7 signature verification"
81 This option causes some selftests to be run on the signature
82 verification code, using some built in data. This is required
85 depends on ASYMMETRIC_KEY_TYPE
86 depends on PKCS7_MESSAGE_PARSER
88 endif # ASYMMETRIC_KEY_TYPE