| Greg Kroah-Hartman | b244131 | 2017-11-01 15:07:57 +0100 | [diff] [blame] | 1 | # SPDX-License-Identifier: GPL-2.0 |
| David Howells | 964f3b3 | 2012-09-13 15:17:21 +0100 | [diff] [blame] | 2 | menuconfig ASYMMETRIC_KEY_TYPE |
| David Howells | 99716b7 | 2016-04-06 16:14:26 +0100 | [diff] [blame] | 3 | bool "Asymmetric (public-key cryptographic) key type" |
| David Howells | 964f3b3 | 2012-09-13 15:17:21 +0100 | [diff] [blame] | 4 | depends on KEYS |
| 5 | help |
| 6 | This option provides support for a key type that holds the data for |
| 7 | the asymmetric keys used for public key cryptographic operations such |
| 8 | as encryption, decryption, signature generation and signature |
| 9 | verification. |
| 10 | |
| 11 | if ASYMMETRIC_KEY_TYPE |
| 12 | |
| David Howells | a9681bf | 2012-09-21 23:24:55 +0100 | [diff] [blame] | 13 | config ASYMMETRIC_PUBLIC_KEY_SUBTYPE |
| 14 | tristate "Asymmetric public-key crypto algorithm subtype" |
| 15 | select MPILIB |
| Dmitry Kasatkin | 3fe78ca | 2013-05-06 15:58:15 +0300 | [diff] [blame] | 16 | select CRYPTO_HASH_INFO |
| Arnd Bergmann | bad6a18 | 2016-05-18 16:55:56 +0200 | [diff] [blame] | 17 | select CRYPTO_AKCIPHER |
| Arnd Bergmann | 90acc06 | 2019-06-18 14:13:47 +0200 | [diff] [blame] | 18 | select CRYPTO_HASH |
| David Howells | a9681bf | 2012-09-21 23:24:55 +0100 | [diff] [blame] | 19 | help |
| 20 | This option provides support for asymmetric public key type handling. |
| 21 | If signature generation and/or verification are to be used, |
| 22 | appropriate hash algorithms (such as SHA-1) must be available. |
| 23 | ENOPKG will be reported if the requisite algorithm is unavailable. |
| David Howells | 964f3b3 | 2012-09-13 15:17:21 +0100 | [diff] [blame] | 24 | |
| Denis Kenzior | 903be6b | 2018-10-09 17:48:02 +0100 | [diff] [blame] | 25 | config ASYMMETRIC_TPM_KEY_SUBTYPE |
| 26 | tristate "Asymmetric TPM backed private key subtype" |
| 27 | depends on TCG_TPM |
| Denis Kenzior | e1ea9f8 | 2018-10-09 17:48:41 +0100 | [diff] [blame] | 28 | depends on TRUSTED_KEYS |
| Denis Kenzior | 903be6b | 2018-10-09 17:48:02 +0100 | [diff] [blame] | 29 | select CRYPTO_HMAC |
| 30 | select CRYPTO_SHA1 |
| 31 | select CRYPTO_HASH_INFO |
| 32 | help |
| 33 | This option provides support for TPM backed private key type handling. |
| 34 | Operations such as sign, verify, encrypt, decrypt are performed by |
| 35 | the TPM after the private key is loaded. |
| 36 | |
| David Howells | c26fd69 | 2012-09-24 17:11:48 +0100 | [diff] [blame] | 37 | config X509_CERTIFICATE_PARSER |
| 38 | tristate "X.509 certificate parser" |
| 39 | depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE |
| 40 | select ASN1 |
| 41 | select OID_REGISTRY |
| 42 | help |
| David Howells | 4520698 | 2014-07-08 17:21:01 +0100 | [diff] [blame] | 43 | This option provides support for parsing X.509 format blobs for key |
| David Howells | c26fd69 | 2012-09-24 17:11:48 +0100 | [diff] [blame] | 44 | data and provides the ability to instantiate a crypto key from a |
| 45 | public key packet found inside the certificate. |
| 46 | |
| David Howells | 3c58b23 | 2018-10-09 17:47:46 +0100 | [diff] [blame] | 47 | config PKCS8_PRIVATE_KEY_PARSER |
| 48 | tristate "PKCS#8 private key parser" |
| 49 | depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE |
| 50 | select ASN1 |
| 51 | select OID_REGISTRY |
| 52 | help |
| 53 | This option provides support for parsing PKCS#8 format blobs for |
| 54 | private key data and provides the ability to instantiate a crypto key |
| 55 | from that data. |
| 56 | |
| Denis Kenzior | d5e7274 | 2018-10-09 17:48:17 +0100 | [diff] [blame] | 57 | config TPM_KEY_PARSER |
| 58 | tristate "TPM private key parser" |
| 59 | depends on ASYMMETRIC_TPM_KEY_SUBTYPE |
| 60 | select ASN1 |
| 61 | help |
| 62 | This option provides support for parsing TPM format blobs for |
| 63 | private key data and provides the ability to instantiate a crypto key |
| 64 | from that data. |
| 65 | |
| David Howells | 2e3fadb | 2014-07-01 16:40:19 +0100 | [diff] [blame] | 66 | config PKCS7_MESSAGE_PARSER |
| 67 | tristate "PKCS#7 message parser" |
| 68 | depends on X509_CERTIFICATE_PARSER |
| Arnd Bergmann | 90acc06 | 2019-06-18 14:13:47 +0200 | [diff] [blame] | 69 | select CRYPTO_HASH |
| David Howells | 2e3fadb | 2014-07-01 16:40:19 +0100 | [diff] [blame] | 70 | select ASN1 |
| 71 | select OID_REGISTRY |
| 72 | help |
| 73 | This option provides support for parsing PKCS#7 format messages for |
| 74 | signature data and provides the ability to verify the signature. |
| 75 | |
| David Howells | 22d01af | 2014-07-01 19:06:18 +0100 | [diff] [blame] | 76 | config PKCS7_TEST_KEY |
| 77 | tristate "PKCS#7 testing key type" |
| David Howells | e68503b | 2016-04-06 16:14:24 +0100 | [diff] [blame] | 78 | depends on SYSTEM_DATA_VERIFICATION |
| David Howells | 22d01af | 2014-07-01 19:06:18 +0100 | [diff] [blame] | 79 | help |
| 80 | This option provides a type of key that can be loaded up from a |
| 81 | PKCS#7 message - provided the message is signed by a trusted key. If |
| 82 | it is, the PKCS#7 wrapper is discarded and reading the key returns |
| 83 | just the payload. If it isn't, adding the key will fail with an |
| 84 | error. |
| 85 | |
| 86 | This is intended for testing the PKCS#7 parser. |
| 87 | |
| David Howells | 26d1164b | 2014-07-01 16:02:51 +0100 | [diff] [blame] | 88 | config SIGNED_PE_FILE_VERIFICATION |
| 89 | bool "Support for PE file signature verification" |
| 90 | depends on PKCS7_MESSAGE_PARSER=y |
| David Howells | e68503b | 2016-04-06 16:14:24 +0100 | [diff] [blame] | 91 | depends on SYSTEM_DATA_VERIFICATION |
| Arnd Bergmann | 90acc06 | 2019-06-18 14:13:47 +0200 | [diff] [blame] | 92 | select CRYPTO_HASH |
| David Howells | 26d1164b | 2014-07-01 16:02:51 +0100 | [diff] [blame] | 93 | select ASN1 |
| 94 | select OID_REGISTRY |
| 95 | help |
| 96 | This option provides support for verifying the signature(s) on a |
| 97 | signed PE binary. |
| 98 | |
| David Howells | 964f3b3 | 2012-09-13 15:17:21 +0100 | [diff] [blame] | 99 | endif # ASYMMETRIC_KEY_TYPE |