[mirror_ubuntu-jammy-kernel.git] / crypto / asymmetric_keys / Kconfig

# SPDX-License-Identifier: GPL-2.0
menuconfig ASYMMETRIC_KEY_TYPE
	bool "Asymmetric (public-key cryptographic) key type"
	depends on KEYS
	help
	  This option provides support for a key type that holds the data for
	  the asymmetric keys used for public key cryptographic operations such
	  as encryption, decryption, signature generation and signature
	  verification.

if ASYMMETRIC_KEY_TYPE

config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	tristate "Asymmetric public-key crypto algorithm subtype"
	select MPILIB
	select CRYPTO_HASH_INFO
	select CRYPTO_AKCIPHER
	select CRYPTO_HASH
	help
	  This option provides support for asymmetric public key type handling.
	  If signature generation and/or verification are to be used,
	  appropriate hash algorithms (such as SHA-1) must be available.
	  ENOPKG will be reported if the requisite algorithm is unavailable.

config ASYMMETRIC_TPM_KEY_SUBTYPE
	tristate "Asymmetric TPM backed private key subtype"
	depends on TCG_TPM
	depends on TRUSTED_KEYS
	select CRYPTO_HMAC
	select CRYPTO_SHA1
	select CRYPTO_HASH_INFO
	help
	  This option provides support for TPM backed private key type handling.
	  Operations such as sign, verify, encrypt, decrypt are performed by
	  the TPM after the private key is loaded.

config X509_CERTIFICATE_PARSER
	tristate "X.509 certificate parser"
	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for parsing X.509 format blobs for key
	  data and provides the ability to instantiate a crypto key from a
	  public key packet found inside the certificate.

config PKCS8_PRIVATE_KEY_PARSER
	tristate "PKCS#8 private key parser"
	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for parsing PKCS#8 format blobs for
	  private key data and provides the ability to instantiate a crypto key
	  from that data.

config TPM_KEY_PARSER
	tristate "TPM private key parser"
	depends on ASYMMETRIC_TPM_KEY_SUBTYPE
	select ASN1
	help
	  This option provides support for parsing TPM format blobs for
	  private key data and provides the ability to instantiate a crypto key
	  from that data.

config PKCS7_MESSAGE_PARSER
	tristate "PKCS#7 message parser"
	depends on X509_CERTIFICATE_PARSER
	select CRYPTO_HASH
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for parsing PKCS#7 format messages for
	  signature data and provides the ability to verify the signature.

config PKCS7_TEST_KEY
	tristate "PKCS#7 testing key type"
	depends on SYSTEM_DATA_VERIFICATION
	help
	  This option provides a type of key that can be loaded up from a
	  PKCS#7 message - provided the message is signed by a trusted key.  If
	  it is, the PKCS#7 wrapper is discarded and reading the key returns
	  just the payload.  If it isn't, adding the key will fail with an
	  error.

	  This is intended for testing the PKCS#7 parser.

config SIGNED_PE_FILE_VERIFICATION
	bool "Support for PE file signature verification"
	depends on PKCS7_MESSAGE_PARSER=y
	depends on SYSTEM_DATA_VERIFICATION
	select CRYPTO_HASH
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for verifying the signature(s) on a
	  signed PE binary.

endif # ASYMMETRIC_KEY_TYPE
Commit	Line	Data
b2441318	1	# SPDX-License-Identifier: GPL-2.0
964f3b3b	2	menuconfig ASYMMETRIC_KEY_TYPE
99716b7c	3	bool "Asymmetric (public-key cryptographic) key type"
964f3b3b DH	4	depends on KEYS
	5	help
	6	This option provides support for a key type that holds the data for
	7	the asymmetric keys used for public key cryptographic operations such
	8	as encryption, decryption, signature generation and signature
	9	verification.
	10
	11	if ASYMMETRIC_KEY_TYPE
	12
a9681bf3 DH	13	config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	14	tristate "Asymmetric public-key crypto algorithm subtype"
	15	select MPILIB
3fe78ca2	16	select CRYPTO_HASH_INFO
bad6a185	17	select CRYPTO_AKCIPHER
90acc065	18	select CRYPTO_HASH
a9681bf3 DH	19	help
	20	This option provides support for asymmetric public key type handling.
	21	If signature generation and/or verification are to be used,
	22	appropriate hash algorithms (such as SHA-1) must be available.
	23	ENOPKG will be reported if the requisite algorithm is unavailable.
964f3b3b	24
903be6bb DK	25	config ASYMMETRIC_TPM_KEY_SUBTYPE
	26	tristate "Asymmetric TPM backed private key subtype"
	27	depends on TCG_TPM
e1ea9f86	28	depends on TRUSTED_KEYS
903be6bb DK	29	select CRYPTO_HMAC
	30	select CRYPTO_SHA1
	31	select CRYPTO_HASH_INFO
	32	help
	33	This option provides support for TPM backed private key type handling.
	34	Operations such as sign, verify, encrypt, decrypt are performed by
	35	the TPM after the private key is loaded.
	36
c26fd69f DH	37	config X509_CERTIFICATE_PARSER
	38	tristate "X.509 certificate parser"
	39	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	40	select ASN1
	41	select OID_REGISTRY
	42	help
45206986	43	This option provides support for parsing X.509 format blobs for key
c26fd69f DH	44	data and provides the ability to instantiate a crypto key from a
	45	public key packet found inside the certificate.
	46
3c58b236 DH	47	config PKCS8_PRIVATE_KEY_PARSER
	48	tristate "PKCS#8 private key parser"
	49	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	50	select ASN1
	51	select OID_REGISTRY
	52	help
	53	This option provides support for parsing PKCS#8 format blobs for
	54	private key data and provides the ability to instantiate a crypto key
	55	from that data.
	56
d5e72745 DK	57	config TPM_KEY_PARSER
	58	tristate "TPM private key parser"
	59	depends on ASYMMETRIC_TPM_KEY_SUBTYPE
	60	select ASN1
	61	help
	62	This option provides support for parsing TPM format blobs for
	63	private key data and provides the ability to instantiate a crypto key
	64	from that data.
	65
2e3fadbf DH	66	config PKCS7_MESSAGE_PARSER
	67	tristate "PKCS#7 message parser"
	68	depends on X509_CERTIFICATE_PARSER
90acc065	69	select CRYPTO_HASH
2e3fadbf DH	70	select ASN1
	71	select OID_REGISTRY
	72	help
	73	This option provides support for parsing PKCS#7 format messages for
	74	signature data and provides the ability to verify the signature.
	75
22d01afb DH	76	config PKCS7_TEST_KEY
22d01afb DH	77	tristate "PKCS#7 testing key type"
e68503bd	78	depends on SYSTEM_DATA_VERIFICATION
22d01afb DH	79	help
	80	This option provides a type of key that can be loaded up from a
	81	PKCS#7 message - provided the message is signed by a trusted key. If
	82	it is, the PKCS#7 wrapper is discarded and reading the key returns
	83	just the payload. If it isn't, adding the key will fail with an
	84	error.
	85
	86	This is intended for testing the PKCS#7 parser.
	87
26d1164b DH	88	config SIGNED_PE_FILE_VERIFICATION
	89	bool "Support for PE file signature verification"
	90	depends on PKCS7_MESSAGE_PARSER=y
e68503bd	91	depends on SYSTEM_DATA_VERIFICATION
90acc065	92	select CRYPTO_HASH
26d1164b DH	93	select ASN1
	94	select OID_REGISTRY
	95	help
	96	This option provides support for verifying the signature(s) on a
	97	signed PE binary.
	98
964f3b3b	99	endif # ASYMMETRIC_KEY_TYPE