crypto/asymmetric_keys/Kconfig - third_party/kernel - Git at Google

 # SPDX-License-Identifier: GPL-2.0
 menuconfig ASYMMETRIC_KEY_TYPE
 	bool "Asymmetric (public-key cryptographic) key type"
 	depends on KEYS
 	help
 	  This option provides support for a key type that holds the data for
 	  the asymmetric keys used for public key cryptographic operations such
 	  as encryption, decryption, signature generation and signature
 	  verification.

 if ASYMMETRIC_KEY_TYPE

 config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
 	tristate "Asymmetric public-key crypto algorithm subtype"
 	select MPILIB
 	select CRYPTO_HASH_INFO
 	select CRYPTO_AKCIPHER
 	select CRYPTO_HASH
 	help
 	  This option provides support for asymmetric public key type handling.
 	  If signature generation and/or verification are to be used,
 	  appropriate hash algorithms (such as SHA-1) must be available.
 	  ENOPKG will be reported if the requisite algorithm is unavailable.

 config X509_CERTIFICATE_PARSER
 	tristate "X.509 certificate parser"
 	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
 	select ASN1
 	select OID_REGISTRY
 	help
 	  This option provides support for parsing X.509 format blobs for key
 	  data and provides the ability to instantiate a crypto key from a
 	  public key packet found inside the certificate.

 config PKCS7_MESSAGE_PARSER
 	tristate "PKCS#7 message parser"
 	depends on X509_CERTIFICATE_PARSER
 	select CRYPTO_HASH
 	select ASN1
 	select OID_REGISTRY
 	help
 	  This option provides support for parsing PKCS#7 format messages for
 	  signature data and provides the ability to verify the signature.

 config PKCS7_TEST_KEY
 	tristate "PKCS#7 testing key type"
 	depends on SYSTEM_DATA_VERIFICATION
 	help
 	  This option provides a type of key that can be loaded up from a
 	  PKCS#7 message - provided the message is signed by a trusted key.  If
 	  it is, the PKCS#7 wrapper is discarded and reading the key returns
 	  just the payload.  If it isn't, adding the key will fail with an
 	  error.

 	  This is intended for testing the PKCS#7 parser.

 config SIGNED_PE_FILE_VERIFICATION
 	bool "Support for PE file signature verification"
 	depends on PKCS7_MESSAGE_PARSER=y
 	depends on SYSTEM_DATA_VERIFICATION
 	select CRYPTO_HASH
 	select ASN1
 	select OID_REGISTRY
 	help
 	  This option provides support for verifying the signature(s) on a
 	  signed PE binary.

 endif # ASYMMETRIC_KEY_TYPE
	# SPDX-License-Identifier: GPL-2.0
	menuconfig ASYMMETRIC_KEY_TYPE
	bool "Asymmetric (public-key cryptographic) key type"
	depends on KEYS
	help
	This option provides support for a key type that holds the data for
	the asymmetric keys used for public key cryptographic operations such
	as encryption, decryption, signature generation and signature
	verification.

	if ASYMMETRIC_KEY_TYPE

	config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	tristate "Asymmetric public-key crypto algorithm subtype"
	select MPILIB
	select CRYPTO_HASH_INFO
	select CRYPTO_AKCIPHER
	select CRYPTO_HASH
	help
	This option provides support for asymmetric public key type handling.
	If signature generation and/or verification are to be used,
	appropriate hash algorithms (such as SHA-1) must be available.
	ENOPKG will be reported if the requisite algorithm is unavailable.

	config X509_CERTIFICATE_PARSER
	tristate "X.509 certificate parser"
	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	select ASN1
	select OID_REGISTRY
	help
	This option provides support for parsing X.509 format blobs for key
	data and provides the ability to instantiate a crypto key from a
	public key packet found inside the certificate.

	config PKCS7_MESSAGE_PARSER
	tristate "PKCS#7 message parser"
	depends on X509_CERTIFICATE_PARSER
	select CRYPTO_HASH
	select ASN1
	select OID_REGISTRY
	help
	This option provides support for parsing PKCS#7 format messages for
	signature data and provides the ability to verify the signature.

	config PKCS7_TEST_KEY
	tristate "PKCS#7 testing key type"
	depends on SYSTEM_DATA_VERIFICATION
	help
	This option provides a type of key that can be loaded up from a
	PKCS#7 message - provided the message is signed by a trusted key. If
	it is, the PKCS#7 wrapper is discarded and reading the key returns
	just the payload. If it isn't, adding the key will fail with an
	error.

	This is intended for testing the PKCS#7 parser.

	config SIGNED_PE_FILE_VERIFICATION
	bool "Support for PE file signature verification"
	depends on PKCS7_MESSAGE_PARSER=y
	depends on SYSTEM_DATA_VERIFICATION
	select CRYPTO_HASH
	select ASN1
	select OID_REGISTRY
	help
	This option provides support for verifying the signature(s) on a
	signed PE binary.

	endif # ASYMMETRIC_KEY_TYPE