blob: f7d2ef9789d8d7d8006be0051002fb4bb4eb4e19 [file] [log] [blame]
David Howells964f3b32012-09-13 15:17:21 +01001menuconfig ASYMMETRIC_KEY_TYPE
2 tristate "Asymmetric (public-key cryptographic) key type"
3 depends on KEYS
4 help
5 This option provides support for a key type that holds the data for
6 the asymmetric keys used for public key cryptographic operations such
7 as encryption, decryption, signature generation and signature
8 verification.
9
10if ASYMMETRIC_KEY_TYPE
11
David Howellsa9681bf2012-09-21 23:24:55 +010012config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
13 tristate "Asymmetric public-key crypto algorithm subtype"
14 select MPILIB
Dmitry Kasatkin3fe78ca2013-05-06 15:58:15 +030015 select CRYPTO_HASH_INFO
David Howellsa9681bf2012-09-21 23:24:55 +010016 help
17 This option provides support for asymmetric public key type handling.
18 If signature generation and/or verification are to be used,
19 appropriate hash algorithms (such as SHA-1) must be available.
20 ENOPKG will be reported if the requisite algorithm is unavailable.
David Howells964f3b32012-09-13 15:17:21 +010021
David Howellsc26fd692012-09-24 17:11:48 +010022config X509_CERTIFICATE_PARSER
23 tristate "X.509 certificate parser"
24 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
25 select ASN1
26 select OID_REGISTRY
27 help
David Howells45206982014-07-08 17:21:01 +010028 This option provides support for parsing X.509 format blobs for key
David Howellsc26fd692012-09-24 17:11:48 +010029 data and provides the ability to instantiate a crypto key from a
30 public key packet found inside the certificate.
31
David Howells2e3fadb2014-07-01 16:40:19 +010032config PKCS7_MESSAGE_PARSER
33 tristate "PKCS#7 message parser"
34 depends on X509_CERTIFICATE_PARSER
35 select ASN1
36 select OID_REGISTRY
37 help
38 This option provides support for parsing PKCS#7 format messages for
39 signature data and provides the ability to verify the signature.
40
David Howells22d01af2014-07-01 19:06:18 +010041config PKCS7_TEST_KEY
42 tristate "PKCS#7 testing key type"
David Howellse68503b2016-04-06 16:14:24 +010043 depends on SYSTEM_DATA_VERIFICATION
David Howells22d01af2014-07-01 19:06:18 +010044 help
45 This option provides a type of key that can be loaded up from a
46 PKCS#7 message - provided the message is signed by a trusted key. If
47 it is, the PKCS#7 wrapper is discarded and reading the key returns
48 just the payload. If it isn't, adding the key will fail with an
49 error.
50
51 This is intended for testing the PKCS#7 parser.
52
David Howells26d11642014-07-01 16:02:51 +010053config SIGNED_PE_FILE_VERIFICATION
54 bool "Support for PE file signature verification"
55 depends on PKCS7_MESSAGE_PARSER=y
David Howellse68503b2016-04-06 16:14:24 +010056 depends on SYSTEM_DATA_VERIFICATION
David Howells26d11642014-07-01 16:02:51 +010057 select ASN1
58 select OID_REGISTRY
59 help
60 This option provides support for verifying the signature(s) on a
61 signed PE binary.
62
David Howells964f3b32012-09-13 15:17:21 +010063endif # ASYMMETRIC_KEY_TYPE