18c2ecf20Sopenharmony_ci# SPDX-License-Identifier: GPL-2.0
28c2ecf20Sopenharmony_cimenuconfig ASYMMETRIC_KEY_TYPE
38c2ecf20Sopenharmony_ci	bool "Asymmetric (public-key cryptographic) key type"
48c2ecf20Sopenharmony_ci	depends on KEYS
58c2ecf20Sopenharmony_ci	help
68c2ecf20Sopenharmony_ci	  This option provides support for a key type that holds the data for
78c2ecf20Sopenharmony_ci	  the asymmetric keys used for public key cryptographic operations such
88c2ecf20Sopenharmony_ci	  as encryption, decryption, signature generation and signature
98c2ecf20Sopenharmony_ci	  verification.
108c2ecf20Sopenharmony_ci
118c2ecf20Sopenharmony_ciif ASYMMETRIC_KEY_TYPE
128c2ecf20Sopenharmony_ci
138c2ecf20Sopenharmony_ciconfig ASYMMETRIC_PUBLIC_KEY_SUBTYPE
148c2ecf20Sopenharmony_ci	tristate "Asymmetric public-key crypto algorithm subtype"
158c2ecf20Sopenharmony_ci	select MPILIB
168c2ecf20Sopenharmony_ci	select CRYPTO_HASH_INFO
178c2ecf20Sopenharmony_ci	select CRYPTO_AKCIPHER
188c2ecf20Sopenharmony_ci	select CRYPTO_HASH
198c2ecf20Sopenharmony_ci	help
208c2ecf20Sopenharmony_ci	  This option provides support for asymmetric public key type handling.
218c2ecf20Sopenharmony_ci	  If signature generation and/or verification are to be used,
228c2ecf20Sopenharmony_ci	  appropriate hash algorithms (such as SHA-1) must be available.
238c2ecf20Sopenharmony_ci	  ENOPKG will be reported if the requisite algorithm is unavailable.
248c2ecf20Sopenharmony_ci
258c2ecf20Sopenharmony_ciconfig ASYMMETRIC_TPM_KEY_SUBTYPE
268c2ecf20Sopenharmony_ci	tristate "Asymmetric TPM backed private key subtype"
278c2ecf20Sopenharmony_ci	depends on TCG_TPM
288c2ecf20Sopenharmony_ci	depends on TRUSTED_KEYS
298c2ecf20Sopenharmony_ci	select CRYPTO_HMAC
308c2ecf20Sopenharmony_ci	select CRYPTO_SHA1
318c2ecf20Sopenharmony_ci	select CRYPTO_HASH_INFO
328c2ecf20Sopenharmony_ci	help
338c2ecf20Sopenharmony_ci	  This option provides support for TPM backed private key type handling.
348c2ecf20Sopenharmony_ci	  Operations such as sign, verify, encrypt, decrypt are performed by
358c2ecf20Sopenharmony_ci	  the TPM after the private key is loaded.
368c2ecf20Sopenharmony_ci
378c2ecf20Sopenharmony_ciconfig X509_CERTIFICATE_PARSER
388c2ecf20Sopenharmony_ci	tristate "X.509 certificate parser"
398c2ecf20Sopenharmony_ci	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
408c2ecf20Sopenharmony_ci	select ASN1
418c2ecf20Sopenharmony_ci	select OID_REGISTRY
428c2ecf20Sopenharmony_ci	help
438c2ecf20Sopenharmony_ci	  This option provides support for parsing X.509 format blobs for key
448c2ecf20Sopenharmony_ci	  data and provides the ability to instantiate a crypto key from a
458c2ecf20Sopenharmony_ci	  public key packet found inside the certificate.
468c2ecf20Sopenharmony_ci
478c2ecf20Sopenharmony_ciconfig PKCS8_PRIVATE_KEY_PARSER
488c2ecf20Sopenharmony_ci	tristate "PKCS#8 private key parser"
498c2ecf20Sopenharmony_ci	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
508c2ecf20Sopenharmony_ci	select ASN1
518c2ecf20Sopenharmony_ci	select OID_REGISTRY
528c2ecf20Sopenharmony_ci	help
538c2ecf20Sopenharmony_ci	  This option provides support for parsing PKCS#8 format blobs for
548c2ecf20Sopenharmony_ci	  private key data and provides the ability to instantiate a crypto key
558c2ecf20Sopenharmony_ci	  from that data.
568c2ecf20Sopenharmony_ci
578c2ecf20Sopenharmony_ciconfig TPM_KEY_PARSER
588c2ecf20Sopenharmony_ci	tristate "TPM private key parser"
598c2ecf20Sopenharmony_ci	depends on ASYMMETRIC_TPM_KEY_SUBTYPE
608c2ecf20Sopenharmony_ci	select ASN1
618c2ecf20Sopenharmony_ci	help
628c2ecf20Sopenharmony_ci	  This option provides support for parsing TPM format blobs for
638c2ecf20Sopenharmony_ci	  private key data and provides the ability to instantiate a crypto key
648c2ecf20Sopenharmony_ci	  from that data.
658c2ecf20Sopenharmony_ci
668c2ecf20Sopenharmony_ciconfig PKCS7_MESSAGE_PARSER
678c2ecf20Sopenharmony_ci	tristate "PKCS#7 message parser"
688c2ecf20Sopenharmony_ci	depends on X509_CERTIFICATE_PARSER
698c2ecf20Sopenharmony_ci	select CRYPTO_HASH
708c2ecf20Sopenharmony_ci	select ASN1
718c2ecf20Sopenharmony_ci	select OID_REGISTRY
728c2ecf20Sopenharmony_ci	help
738c2ecf20Sopenharmony_ci	  This option provides support for parsing PKCS#7 format messages for
748c2ecf20Sopenharmony_ci	  signature data and provides the ability to verify the signature.
758c2ecf20Sopenharmony_ci
768c2ecf20Sopenharmony_ciconfig PKCS7_TEST_KEY
778c2ecf20Sopenharmony_ci	tristate "PKCS#7 testing key type"
788c2ecf20Sopenharmony_ci	depends on SYSTEM_DATA_VERIFICATION
798c2ecf20Sopenharmony_ci	help
808c2ecf20Sopenharmony_ci	  This option provides a type of key that can be loaded up from a
818c2ecf20Sopenharmony_ci	  PKCS#7 message - provided the message is signed by a trusted key.  If
828c2ecf20Sopenharmony_ci	  it is, the PKCS#7 wrapper is discarded and reading the key returns
838c2ecf20Sopenharmony_ci	  just the payload.  If it isn't, adding the key will fail with an
848c2ecf20Sopenharmony_ci	  error.
858c2ecf20Sopenharmony_ci
868c2ecf20Sopenharmony_ci	  This is intended for testing the PKCS#7 parser.
878c2ecf20Sopenharmony_ci
888c2ecf20Sopenharmony_ciconfig SIGNED_PE_FILE_VERIFICATION
898c2ecf20Sopenharmony_ci	bool "Support for PE file signature verification"
908c2ecf20Sopenharmony_ci	depends on PKCS7_MESSAGE_PARSER=y
918c2ecf20Sopenharmony_ci	depends on SYSTEM_DATA_VERIFICATION
928c2ecf20Sopenharmony_ci	select CRYPTO_HASH
938c2ecf20Sopenharmony_ci	select ASN1
948c2ecf20Sopenharmony_ci	select OID_REGISTRY
958c2ecf20Sopenharmony_ci	help
968c2ecf20Sopenharmony_ci	  This option provides support for verifying the signature(s) on a
978c2ecf20Sopenharmony_ci	  signed PE binary.
988c2ecf20Sopenharmony_ci
998c2ecf20Sopenharmony_ciendif # ASYMMETRIC_KEY_TYPE
100