162306a36Sopenharmony_ci# SPDX-License-Identifier: GPL-2.0
262306a36Sopenharmony_cimenuconfig ASYMMETRIC_KEY_TYPE
362306a36Sopenharmony_ci	bool "Asymmetric (public-key cryptographic) key type"
462306a36Sopenharmony_ci	depends on KEYS
562306a36Sopenharmony_ci	help
662306a36Sopenharmony_ci	  This option provides support for a key type that holds the data for
762306a36Sopenharmony_ci	  the asymmetric keys used for public key cryptographic operations such
862306a36Sopenharmony_ci	  as encryption, decryption, signature generation and signature
962306a36Sopenharmony_ci	  verification.
1062306a36Sopenharmony_ci
1162306a36Sopenharmony_ciif ASYMMETRIC_KEY_TYPE
1262306a36Sopenharmony_ci
1362306a36Sopenharmony_ciconfig ASYMMETRIC_PUBLIC_KEY_SUBTYPE
1462306a36Sopenharmony_ci	tristate "Asymmetric public-key crypto algorithm subtype"
1562306a36Sopenharmony_ci	select MPILIB
1662306a36Sopenharmony_ci	select CRYPTO_HASH_INFO
1762306a36Sopenharmony_ci	select CRYPTO_AKCIPHER
1862306a36Sopenharmony_ci	select CRYPTO_HASH
1962306a36Sopenharmony_ci	help
2062306a36Sopenharmony_ci	  This option provides support for asymmetric public key type handling.
2162306a36Sopenharmony_ci	  If signature generation and/or verification are to be used,
2262306a36Sopenharmony_ci	  appropriate hash algorithms (such as SHA-1) must be available.
2362306a36Sopenharmony_ci	  ENOPKG will be reported if the requisite algorithm is unavailable.
2462306a36Sopenharmony_ci
2562306a36Sopenharmony_ciconfig X509_CERTIFICATE_PARSER
2662306a36Sopenharmony_ci	tristate "X.509 certificate parser"
2762306a36Sopenharmony_ci	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
2862306a36Sopenharmony_ci	select ASN1
2962306a36Sopenharmony_ci	select OID_REGISTRY
3062306a36Sopenharmony_ci	help
3162306a36Sopenharmony_ci	  This option provides support for parsing X.509 format blobs for key
3262306a36Sopenharmony_ci	  data and provides the ability to instantiate a crypto key from a
3362306a36Sopenharmony_ci	  public key packet found inside the certificate.
3462306a36Sopenharmony_ci
3562306a36Sopenharmony_ciconfig PKCS8_PRIVATE_KEY_PARSER
3662306a36Sopenharmony_ci	tristate "PKCS#8 private key parser"
3762306a36Sopenharmony_ci	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
3862306a36Sopenharmony_ci	select ASN1
3962306a36Sopenharmony_ci	select OID_REGISTRY
4062306a36Sopenharmony_ci	help
4162306a36Sopenharmony_ci	  This option provides support for parsing PKCS#8 format blobs for
4262306a36Sopenharmony_ci	  private key data and provides the ability to instantiate a crypto key
4362306a36Sopenharmony_ci	  from that data.
4462306a36Sopenharmony_ci
4562306a36Sopenharmony_ciconfig PKCS7_MESSAGE_PARSER
4662306a36Sopenharmony_ci	tristate "PKCS#7 message parser"
4762306a36Sopenharmony_ci	depends on X509_CERTIFICATE_PARSER
4862306a36Sopenharmony_ci	select CRYPTO_HASH
4962306a36Sopenharmony_ci	select ASN1
5062306a36Sopenharmony_ci	select OID_REGISTRY
5162306a36Sopenharmony_ci	help
5262306a36Sopenharmony_ci	  This option provides support for parsing PKCS#7 format messages for
5362306a36Sopenharmony_ci	  signature data and provides the ability to verify the signature.
5462306a36Sopenharmony_ci
5562306a36Sopenharmony_ciconfig PKCS7_TEST_KEY
5662306a36Sopenharmony_ci	tristate "PKCS#7 testing key type"
5762306a36Sopenharmony_ci	depends on SYSTEM_DATA_VERIFICATION
5862306a36Sopenharmony_ci	help
5962306a36Sopenharmony_ci	  This option provides a type of key that can be loaded up from a
6062306a36Sopenharmony_ci	  PKCS#7 message - provided the message is signed by a trusted key.  If
6162306a36Sopenharmony_ci	  it is, the PKCS#7 wrapper is discarded and reading the key returns
6262306a36Sopenharmony_ci	  just the payload.  If it isn't, adding the key will fail with an
6362306a36Sopenharmony_ci	  error.
6462306a36Sopenharmony_ci
6562306a36Sopenharmony_ci	  This is intended for testing the PKCS#7 parser.
6662306a36Sopenharmony_ci
6762306a36Sopenharmony_ciconfig SIGNED_PE_FILE_VERIFICATION
6862306a36Sopenharmony_ci	bool "Support for PE file signature verification"
6962306a36Sopenharmony_ci	depends on PKCS7_MESSAGE_PARSER=y
7062306a36Sopenharmony_ci	depends on SYSTEM_DATA_VERIFICATION
7162306a36Sopenharmony_ci	select CRYPTO_HASH
7262306a36Sopenharmony_ci	select ASN1
7362306a36Sopenharmony_ci	select OID_REGISTRY
7462306a36Sopenharmony_ci	help
7562306a36Sopenharmony_ci	  This option provides support for verifying the signature(s) on a
7662306a36Sopenharmony_ci	  signed PE binary.
7762306a36Sopenharmony_ci
7862306a36Sopenharmony_ciconfig FIPS_SIGNATURE_SELFTEST
7962306a36Sopenharmony_ci	tristate "Run FIPS selftests on the X.509+PKCS7 signature verification"
8062306a36Sopenharmony_ci	help
8162306a36Sopenharmony_ci	  This option causes some selftests to be run on the signature
8262306a36Sopenharmony_ci	  verification code, using some built in data.  This is required
8362306a36Sopenharmony_ci	  for FIPS.
8462306a36Sopenharmony_ci	depends on KEYS
8562306a36Sopenharmony_ci	depends on ASYMMETRIC_KEY_TYPE
8662306a36Sopenharmony_ci	depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER
8762306a36Sopenharmony_ci	depends on X509_CERTIFICATE_PARSER
8862306a36Sopenharmony_ci
8962306a36Sopenharmony_ciendif # ASYMMETRIC_KEY_TYPE
90