blob: ca41be5631c7f120921735e7e17f510833f5d01a [file] [log] [blame]
David Howells964f3b32012-09-13 15:17:21 +01001menuconfig ASYMMETRIC_KEY_TYPE
2 tristate "Asymmetric (public-key cryptographic) key type"
3 depends on KEYS
4 help
5 This option provides support for a key type that holds the data for
6 the asymmetric keys used for public key cryptographic operations such
7 as encryption, decryption, signature generation and signature
8 verification.
9
10if ASYMMETRIC_KEY_TYPE
11
David Howellsa9681bf2012-09-21 23:24:55 +010012config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
13 tristate "Asymmetric public-key crypto algorithm subtype"
14 select MPILIB
David Howells206ce592013-08-30 16:15:18 +010015 select PUBLIC_KEY_ALGO_RSA
Dmitry Kasatkin3fe78ca2013-05-06 15:58:15 +030016 select CRYPTO_HASH_INFO
David Howellsa9681bf2012-09-21 23:24:55 +010017 help
18 This option provides support for asymmetric public key type handling.
19 If signature generation and/or verification are to be used,
20 appropriate hash algorithms (such as SHA-1) must be available.
21 ENOPKG will be reported if the requisite algorithm is unavailable.
David Howells964f3b32012-09-13 15:17:21 +010022
David Howells612e0fe2012-09-21 23:25:40 +010023config PUBLIC_KEY_ALGO_RSA
24 tristate "RSA public-key algorithm"
David Howells612e0fe2012-09-21 23:25:40 +010025 select MPILIB_EXTRA
David Howellsdbed7142013-11-01 15:11:14 +000026 select MPILIB
David Howells612e0fe2012-09-21 23:25:40 +010027 help
28 This option enables support for the RSA algorithm (PKCS#1, RFC3447).
29
David Howellsc26fd692012-09-24 17:11:48 +010030config X509_CERTIFICATE_PARSER
31 tristate "X.509 certificate parser"
32 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
33 select ASN1
34 select OID_REGISTRY
35 help
David Howells45206982014-07-08 17:21:01 +010036 This option provides support for parsing X.509 format blobs for key
David Howellsc26fd692012-09-24 17:11:48 +010037 data and provides the ability to instantiate a crypto key from a
38 public key packet found inside the certificate.
39
David Howells2e3fadb2014-07-01 16:40:19 +010040config PKCS7_MESSAGE_PARSER
41 tristate "PKCS#7 message parser"
42 depends on X509_CERTIFICATE_PARSER
43 select ASN1
44 select OID_REGISTRY
45 help
46 This option provides support for parsing PKCS#7 format messages for
47 signature data and provides the ability to verify the signature.
48
David Howells22d01af2014-07-01 19:06:18 +010049config PKCS7_TEST_KEY
50 tristate "PKCS#7 testing key type"
51 depends on PKCS7_MESSAGE_PARSER
52 select SYSTEM_TRUSTED_KEYRING
53 help
54 This option provides a type of key that can be loaded up from a
55 PKCS#7 message - provided the message is signed by a trusted key. If
56 it is, the PKCS#7 wrapper is discarded and reading the key returns
57 just the payload. If it isn't, adding the key will fail with an
58 error.
59
60 This is intended for testing the PKCS#7 parser.
61
David Howells26d11642014-07-01 16:02:51 +010062config SIGNED_PE_FILE_VERIFICATION
63 bool "Support for PE file signature verification"
64 depends on PKCS7_MESSAGE_PARSER=y
65 select ASN1
66 select OID_REGISTRY
67 help
68 This option provides support for verifying the signature(s) on a
69 signed PE binary.
70
David Howells964f3b32012-09-13 15:17:21 +010071endif # ASYMMETRIC_KEY_TYPE