David Howells | 964f3b3 | 2012-09-13 15:17:21 +0100 | [diff] [blame] | 1 | menuconfig ASYMMETRIC_KEY_TYPE |
| 2 | tristate "Asymmetric (public-key cryptographic) key type" |
| 3 | depends on KEYS |
| 4 | help |
| 5 | This option provides support for a key type that holds the data for |
| 6 | the asymmetric keys used for public key cryptographic operations such |
| 7 | as encryption, decryption, signature generation and signature |
| 8 | verification. |
| 9 | |
| 10 | if ASYMMETRIC_KEY_TYPE |
| 11 | |
David Howells | a9681bf | 2012-09-21 23:24:55 +0100 | [diff] [blame] | 12 | config ASYMMETRIC_PUBLIC_KEY_SUBTYPE |
| 13 | tristate "Asymmetric public-key crypto algorithm subtype" |
| 14 | select MPILIB |
David Howells | 206ce59 | 2013-08-30 16:15:18 +0100 | [diff] [blame] | 15 | select PUBLIC_KEY_ALGO_RSA |
Dmitry Kasatkin | 3fe78ca | 2013-05-06 15:58:15 +0300 | [diff] [blame] | 16 | select CRYPTO_HASH_INFO |
David Howells | a9681bf | 2012-09-21 23:24:55 +0100 | [diff] [blame] | 17 | help |
| 18 | This option provides support for asymmetric public key type handling. |
| 19 | If signature generation and/or verification are to be used, |
| 20 | appropriate hash algorithms (such as SHA-1) must be available. |
| 21 | ENOPKG will be reported if the requisite algorithm is unavailable. |
David Howells | 964f3b3 | 2012-09-13 15:17:21 +0100 | [diff] [blame] | 22 | |
David Howells | 612e0fe | 2012-09-21 23:25:40 +0100 | [diff] [blame] | 23 | config PUBLIC_KEY_ALGO_RSA |
| 24 | tristate "RSA public-key algorithm" |
David Howells | 612e0fe | 2012-09-21 23:25:40 +0100 | [diff] [blame] | 25 | select MPILIB_EXTRA |
David Howells | dbed714 | 2013-11-01 15:11:14 +0000 | [diff] [blame] | 26 | select MPILIB |
David Howells | 612e0fe | 2012-09-21 23:25:40 +0100 | [diff] [blame] | 27 | help |
| 28 | This option enables support for the RSA algorithm (PKCS#1, RFC3447). |
| 29 | |
David Howells | c26fd69 | 2012-09-24 17:11:48 +0100 | [diff] [blame] | 30 | config X509_CERTIFICATE_PARSER |
| 31 | tristate "X.509 certificate parser" |
| 32 | depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE |
| 33 | select ASN1 |
| 34 | select OID_REGISTRY |
| 35 | help |
David Howells | 4520698 | 2014-07-08 17:21:01 +0100 | [diff] [blame] | 36 | This option provides support for parsing X.509 format blobs for key |
David Howells | c26fd69 | 2012-09-24 17:11:48 +0100 | [diff] [blame] | 37 | data and provides the ability to instantiate a crypto key from a |
| 38 | public key packet found inside the certificate. |
| 39 | |
David Howells | 2e3fadb | 2014-07-01 16:40:19 +0100 | [diff] [blame] | 40 | config PKCS7_MESSAGE_PARSER |
| 41 | tristate "PKCS#7 message parser" |
| 42 | depends on X509_CERTIFICATE_PARSER |
| 43 | select ASN1 |
| 44 | select OID_REGISTRY |
| 45 | help |
| 46 | This option provides support for parsing PKCS#7 format messages for |
| 47 | signature data and provides the ability to verify the signature. |
| 48 | |
David Howells | 22d01af | 2014-07-01 19:06:18 +0100 | [diff] [blame] | 49 | config PKCS7_TEST_KEY |
| 50 | tristate "PKCS#7 testing key type" |
| 51 | depends on PKCS7_MESSAGE_PARSER |
| 52 | select SYSTEM_TRUSTED_KEYRING |
| 53 | help |
| 54 | This option provides a type of key that can be loaded up from a |
| 55 | PKCS#7 message - provided the message is signed by a trusted key. If |
| 56 | it is, the PKCS#7 wrapper is discarded and reading the key returns |
| 57 | just the payload. If it isn't, adding the key will fail with an |
| 58 | error. |
| 59 | |
| 60 | This is intended for testing the PKCS#7 parser. |
| 61 | |
David Howells | 26d1164 | 2014-07-01 16:02:51 +0100 | [diff] [blame^] | 62 | config SIGNED_PE_FILE_VERIFICATION |
| 63 | bool "Support for PE file signature verification" |
| 64 | depends on PKCS7_MESSAGE_PARSER=y |
| 65 | select ASN1 |
| 66 | select OID_REGISTRY |
| 67 | help |
| 68 | This option provides support for verifying the signature(s) on a |
| 69 | signed PE binary. |
| 70 | |
David Howells | 964f3b3 | 2012-09-13 15:17:21 +0100 | [diff] [blame] | 71 | endif # ASYMMETRIC_KEY_TYPE |