# SPDX-License-Identifier: GPL-2.0

  menuconfig ASYMMETRIC_KEY_TYPE

  	bool "Asymmetric (public-key cryptographic) key type"

  	depends on KEYS
  	help
  	  This option provides support for a key type that holds the data for
  	  the asymmetric keys used for public key cryptographic operations such
  	  as encryption, decryption, signature generation and signature
  	  verification.
  
  if ASYMMETRIC_KEY_TYPE

  config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
  	tristate "Asymmetric public-key crypto algorithm subtype"
  	select MPILIB

  	select CRYPTO_HASH_INFO

  	select CRYPTO_AKCIPHER

  	select CRYPTO_HASH

  	help
  	  This option provides support for asymmetric public key type handling.
  	  If signature generation and/or verification are to be used,
  	  appropriate hash algorithms (such as SHA-1) must be available.
  	  ENOPKG will be reported if the requisite algorithm is unavailable.

  config ASYMMETRIC_TPM_KEY_SUBTYPE
  	tristate "Asymmetric TPM backed private key subtype"
  	depends on TCG_TPM

  	depends on TRUSTED_KEYS

  	select CRYPTO_HMAC
  	select CRYPTO_SHA1
  	select CRYPTO_HASH_INFO
  	help
  	  This option provides support for TPM backed private key type handling.
  	  Operations such as sign, verify, encrypt, decrypt are performed by
  	  the TPM after the private key is loaded.

  config X509_CERTIFICATE_PARSER
  	tristate "X.509 certificate parser"
  	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
  	select ASN1
  	select OID_REGISTRY
  	help

  	  This option provides support for parsing X.509 format blobs for key

  	  data and provides the ability to instantiate a crypto key from a
  	  public key packet found inside the certificate.

  config PKCS8_PRIVATE_KEY_PARSER
  	tristate "PKCS#8 private key parser"
  	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
  	select ASN1
  	select OID_REGISTRY
  	help
  	  This option provides support for parsing PKCS#8 format blobs for
  	  private key data and provides the ability to instantiate a crypto key
  	  from that data.

  config TPM_KEY_PARSER
  	tristate "TPM private key parser"
  	depends on ASYMMETRIC_TPM_KEY_SUBTYPE
  	select ASN1
  	help
  	  This option provides support for parsing TPM format blobs for
  	  private key data and provides the ability to instantiate a crypto key
  	  from that data.

  config PKCS7_MESSAGE_PARSER
  	tristate "PKCS#7 message parser"
  	depends on X509_CERTIFICATE_PARSER

  	select CRYPTO_HASH

  	select ASN1
  	select OID_REGISTRY
  	help
  	  This option provides support for parsing PKCS#7 format messages for
  	  signature data and provides the ability to verify the signature.

  config PKCS7_TEST_KEY
  	tristate "PKCS#7 testing key type"

  	depends on SYSTEM_DATA_VERIFICATION

  	help
  	  This option provides a type of key that can be loaded up from a
  	  PKCS#7 message - provided the message is signed by a trusted key.  If
  	  it is, the PKCS#7 wrapper is discarded and reading the key returns
  	  just the payload.  If it isn't, adding the key will fail with an
  	  error.
  
  	  This is intended for testing the PKCS#7 parser.

  config SIGNED_PE_FILE_VERIFICATION
  	bool "Support for PE file signature verification"
  	depends on PKCS7_MESSAGE_PARSER=y

  	depends on SYSTEM_DATA_VERIFICATION

  	select CRYPTO_HASH

  	select ASN1
  	select OID_REGISTRY
  	help
  	  This option provides support for verifying the signature(s) on a
  	  signed PE binary.

  endif # ASYMMETRIC_KEY_TYPE