# SPDX-License-Identifier: GPL-2.0
menuconfig ASYMMETRIC_KEY_TYPE
	bool "Asymmetric (public-key cryptographic) key type"
	depends on KEYS
	help
	  This option provides support for a key type that holds the data for
	  the asymmetric keys used for public key cryptographic operations such
	  as encryption, decryption, signature generation and signature
	  verification.

if ASYMMETRIC_KEY_TYPE

config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	tristate "Asymmetric public-key crypto algorithm subtype"
	select MPILIB
	select CRYPTO_HASH_INFO
	select CRYPTO_AKCIPHER
	select CRYPTO_HASH
	help
	  This option provides support for asymmetric public key type handling.
	  If signature generation and/or verification are to be used,
	  appropriate hash algorithms (such as SHA-1) must be available.
	  ENOPKG will be reported if the requisite algorithm is unavailable.

config X509_CERTIFICATE_PARSER
	tristate "X.509 certificate parser"
	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for parsing X.509 format blobs for key
	  data and provides the ability to instantiate a crypto key from a
	  public key packet found inside the certificate.

config PKCS7_MESSAGE_PARSER
	tristate "PKCS#7 message parser"
	depends on X509_CERTIFICATE_PARSER
	select CRYPTO_HASH
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for parsing PKCS#7 format messages for
	  signature data and provides the ability to verify the signature.

config PKCS7_TEST_KEY
	tristate "PKCS#7 testing key type"
	depends on SYSTEM_DATA_VERIFICATION
	help
	  This option provides a type of key that can be loaded up from a
	  PKCS#7 message - provided the message is signed by a trusted key.  If
	  it is, the PKCS#7 wrapper is discarded and reading the key returns
	  just the payload.  If it isn't, adding the key will fail with an
	  error.

	  This is intended for testing the PKCS#7 parser.

config SIGNED_PE_FILE_VERIFICATION
	bool "Support for PE file signature verification"
	depends on PKCS7_MESSAGE_PARSER=y
	depends on SYSTEM_DATA_VERIFICATION
	select CRYPTO_HASH
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for verifying the signature(s) on a
	  signed PE binary.

config PGP_LIBRARY
	tristate "PGP parsing library"
	help
	  This option enables a library that provides a number of simple
	  utility functions for parsing PGP (RFC 4880) packet-based messages.

config PGP_KEY_PARSER
	tristate "PGP key parser"
	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	select PGP_LIBRARY
	select MD5 # V3 fingerprint generation
	select SHA1 # V4 fingerprint generation
	help
	  This option provides support for parsing PGP (RFC 4880) format blobs
	  for key data and provides the ability to instantiate a crypto key
	  from a public key packet found inside the blob.

config PGP_PRELOAD
	bool "PGP public key preloading facility"
	select PGP_KEY_PARSER
	help
	  This option provides a facility for the kernel to preload PGP-wrapped
	  bundles of keys during boot.  It is used by module signing to load
	  the module signing keys for example.

endif # ASYMMETRIC_KEY_TYPE
