1# SPDX-License-Identifier: GPL-2.0
2menuconfig ASYMMETRIC_KEY_TYPE
3	bool "Asymmetric (public-key cryptographic) key type"
4	depends on KEYS
5	help
6	  This option provides support for a key type that holds the data for
7	  the asymmetric keys used for public key cryptographic operations such
8	  as encryption, decryption, signature generation and signature
9	  verification.
10
11if ASYMMETRIC_KEY_TYPE
12
13config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
14	tristate "Asymmetric public-key crypto algorithm subtype"
15	select MPILIB
16	select CRYPTO_HASH_INFO
17	select CRYPTO_AKCIPHER
18	select CRYPTO_HASH
19	help
20	  This option provides support for asymmetric public key type handling.
21	  If signature generation and/or verification are to be used,
22	  appropriate hash algorithms (such as SHA-1) must be available.
23	  ENOPKG will be reported if the requisite algorithm is unavailable.
24
25config X509_CERTIFICATE_PARSER
26	tristate "X.509 certificate parser"
27	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
28	select ASN1
29	select OID_REGISTRY
30	help
31	  This option provides support for parsing X.509 format blobs for key
32	  data and provides the ability to instantiate a crypto key from a
33	  public key packet found inside the certificate.
34
35config PKCS7_MESSAGE_PARSER
36	tristate "PKCS#7 message parser"
37	depends on X509_CERTIFICATE_PARSER
38	select CRYPTO_HASH
39	select ASN1
40	select OID_REGISTRY
41	help
42	  This option provides support for parsing PKCS#7 format messages for
43	  signature data and provides the ability to verify the signature.
44
45config PKCS7_TEST_KEY
46	tristate "PKCS#7 testing key type"
47	depends on SYSTEM_DATA_VERIFICATION
48	help
49	  This option provides a type of key that can be loaded up from a
50	  PKCS#7 message - provided the message is signed by a trusted key.  If
51	  it is, the PKCS#7 wrapper is discarded and reading the key returns
52	  just the payload.  If it isn't, adding the key will fail with an
53	  error.
54
55	  This is intended for testing the PKCS#7 parser.
56
57config SIGNED_PE_FILE_VERIFICATION
58	bool "Support for PE file signature verification"
59	depends on PKCS7_MESSAGE_PARSER=y
60	depends on SYSTEM_DATA_VERIFICATION
61	select CRYPTO_HASH
62	select ASN1
63	select OID_REGISTRY
64	help
65	  This option provides support for verifying the signature(s) on a
66	  signed PE binary.
67
68endif # ASYMMETRIC_KEY_TYPE
69