blob: 331f6baf2df8ea39148a49f5f7408238adc2fb0f [file] [log] [blame]
David Howells964f3b32012-09-13 15:17:21 +01001menuconfig ASYMMETRIC_KEY_TYPE
David Howells99716b72016-04-06 16:14:26 +01002 bool "Asymmetric (public-key cryptographic) key type"
David Howells964f3b32012-09-13 15:17:21 +01003 depends on KEYS
4 help
5 This option provides support for a key type that holds the data for
6 the asymmetric keys used for public key cryptographic operations such
7 as encryption, decryption, signature generation and signature
8 verification.
9
10if ASYMMETRIC_KEY_TYPE
11
David Howellsa9681bf2012-09-21 23:24:55 +010012config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
13 tristate "Asymmetric public-key crypto algorithm subtype"
14 select MPILIB
Dmitry Kasatkin3fe78ca2013-05-06 15:58:15 +030015 select CRYPTO_HASH_INFO
Arnd Bergmannbad6a182016-05-18 16:55:56 +020016 select CRYPTO_AKCIPHER
David Howellsa9681bf2012-09-21 23:24:55 +010017 help
18 This option provides support for asymmetric public key type handling.
19 If signature generation and/or verification are to be used,
20 appropriate hash algorithms (such as SHA-1) must be available.
21 ENOPKG will be reported if the requisite algorithm is unavailable.
David Howells964f3b32012-09-13 15:17:21 +010022
David Howellsc26fd692012-09-24 17:11:48 +010023config X509_CERTIFICATE_PARSER
24 tristate "X.509 certificate parser"
25 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
26 select ASN1
27 select OID_REGISTRY
28 help
David Howells45206982014-07-08 17:21:01 +010029 This option provides support for parsing X.509 format blobs for key
David Howellsc26fd692012-09-24 17:11:48 +010030 data and provides the ability to instantiate a crypto key from a
31 public key packet found inside the certificate.
32
David Howells2e3fadb2014-07-01 16:40:19 +010033config PKCS7_MESSAGE_PARSER
34 tristate "PKCS#7 message parser"
35 depends on X509_CERTIFICATE_PARSER
36 select ASN1
37 select OID_REGISTRY
38 help
39 This option provides support for parsing PKCS#7 format messages for
40 signature data and provides the ability to verify the signature.
41
David Howells22d01af2014-07-01 19:06:18 +010042config PKCS7_TEST_KEY
43 tristate "PKCS#7 testing key type"
David Howellse68503b2016-04-06 16:14:24 +010044 depends on SYSTEM_DATA_VERIFICATION
David Howells22d01af2014-07-01 19:06:18 +010045 help
46 This option provides a type of key that can be loaded up from a
47 PKCS#7 message - provided the message is signed by a trusted key. If
48 it is, the PKCS#7 wrapper is discarded and reading the key returns
49 just the payload. If it isn't, adding the key will fail with an
50 error.
51
52 This is intended for testing the PKCS#7 parser.
53
David Howells26d11642014-07-01 16:02:51 +010054config SIGNED_PE_FILE_VERIFICATION
55 bool "Support for PE file signature verification"
56 depends on PKCS7_MESSAGE_PARSER=y
David Howellse68503b2016-04-06 16:14:24 +010057 depends on SYSTEM_DATA_VERIFICATION
David Howells26d11642014-07-01 16:02:51 +010058 select ASN1
59 select OID_REGISTRY
60 help
61 This option provides support for verifying the signature(s) on a
62 signed PE binary.
63
David Howells964f3b32012-09-13 15:17:21 +010064endif # ASYMMETRIC_KEY_TYPE