[linux-2.6-block.git] / crypto / asymmetric_keys / Kconfig

menuconfig ASYMMETRIC_KEY_TYPE
	tristate "Asymmetric (public-key cryptographic) key type"
	depends on KEYS
	help
	  This option provides support for a key type that holds the data for
	  the asymmetric keys used for public key cryptographic operations such
	  as encryption, decryption, signature generation and signature
	  verification.

if ASYMMETRIC_KEY_TYPE

config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	tristate "Asymmetric public-key crypto algorithm subtype"
	select MPILIB
	select PUBLIC_KEY_ALGO_RSA
	select CRYPTO_HASH_INFO
	help
	  This option provides support for asymmetric public key type handling.
	  If signature generation and/or verification are to be used,
	  appropriate hash algorithms (such as SHA-1) must be available.
	  ENOPKG will be reported if the requisite algorithm is unavailable.

config PUBLIC_KEY_ALGO_RSA
	tristate "RSA public-key algorithm"
	select MPILIB
	help
	  This option enables support for the RSA algorithm (PKCS#1, RFC3447).

config X509_CERTIFICATE_PARSER
	tristate "X.509 certificate parser"
	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for parsing X.509 format blobs for key
	  data and provides the ability to instantiate a crypto key from a
	  public key packet found inside the certificate.

config PKCS7_MESSAGE_PARSER
	tristate "PKCS#7 message parser"
	depends on X509_CERTIFICATE_PARSER
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for parsing PKCS#7 format messages for
	  signature data and provides the ability to verify the signature.

config PKCS7_TEST_KEY
	tristate "PKCS#7 testing key type"
	depends on PKCS7_MESSAGE_PARSER
	select SYSTEM_TRUSTED_KEYRING
	help
	  This option provides a type of key that can be loaded up from a
	  PKCS#7 message - provided the message is signed by a trusted key.  If
	  it is, the PKCS#7 wrapper is discarded and reading the key returns
	  just the payload.  If it isn't, adding the key will fail with an
	  error.

	  This is intended for testing the PKCS#7 parser.

config SIGNED_PE_FILE_VERIFICATION
	bool "Support for PE file signature verification"
	depends on PKCS7_MESSAGE_PARSER=y
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for verifying the signature(s) on a
	  signed PE binary.

endif # ASYMMETRIC_KEY_TYPE
Commit	Line	Data
964f3b3b DH	1	menuconfig ASYMMETRIC_KEY_TYPE
	2	tristate "Asymmetric (public-key cryptographic) key type"
	3	depends on KEYS
	4	help
	5	This option provides support for a key type that holds the data for
	6	the asymmetric keys used for public key cryptographic operations such
	7	as encryption, decryption, signature generation and signature
	8	verification.
	9
	10	if ASYMMETRIC_KEY_TYPE
	11
a9681bf3 DH	12	config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	13	tristate "Asymmetric public-key crypto algorithm subtype"
	14	select MPILIB
206ce59a	15	select PUBLIC_KEY_ALGO_RSA
3fe78ca2	16	select CRYPTO_HASH_INFO
a9681bf3 DH	17	help
	18	This option provides support for asymmetric public key type handling.
	19	If signature generation and/or verification are to be used,
	20	appropriate hash algorithms (such as SHA-1) must be available.
	21	ENOPKG will be reported if the requisite algorithm is unavailable.
964f3b3b	22
612e0fe9 DH	23	config PUBLIC_KEY_ALGO_RSA
612e0fe9 DH	24	tristate "RSA public-key algorithm"
dbed7141	25	select MPILIB
612e0fe9 DH	26	help
	27	This option enables support for the RSA algorithm (PKCS#1, RFC3447).
	28
c26fd69f DH	29	config X509_CERTIFICATE_PARSER
	30	tristate "X.509 certificate parser"
	31	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	32	select ASN1
	33	select OID_REGISTRY
	34	help
45206986	35	This option provides support for parsing X.509 format blobs for key
c26fd69f DH	36	data and provides the ability to instantiate a crypto key from a
	37	public key packet found inside the certificate.
	38
2e3fadbf DH	39	config PKCS7_MESSAGE_PARSER
	40	tristate "PKCS#7 message parser"
	41	depends on X509_CERTIFICATE_PARSER
	42	select ASN1
	43	select OID_REGISTRY
	44	help
	45	This option provides support for parsing PKCS#7 format messages for
	46	signature data and provides the ability to verify the signature.
	47
22d01afb DH	48	config PKCS7_TEST_KEY
	49	tristate "PKCS#7 testing key type"
	50	depends on PKCS7_MESSAGE_PARSER
	51	select SYSTEM_TRUSTED_KEYRING
	52	help
	53	This option provides a type of key that can be loaded up from a
	54	PKCS#7 message - provided the message is signed by a trusted key. If
	55	it is, the PKCS#7 wrapper is discarded and reading the key returns
	56	just the payload. If it isn't, adding the key will fail with an
	57	error.
	58
	59	This is intended for testing the PKCS#7 parser.
	60
26d1164b DH	61	config SIGNED_PE_FILE_VERIFICATION
	62	bool "Support for PE file signature verification"
	63	depends on PKCS7_MESSAGE_PARSER=y
	64	select ASN1
	65	select OID_REGISTRY
	66	help
	67	This option provides support for verifying the signature(s) on a
	68	signed PE binary.
	69
964f3b3b	70	endif # ASYMMETRIC_KEY_TYPE