Commit | Line | Data |
---|---|---|
964f3b3b DH |
1 | menuconfig ASYMMETRIC_KEY_TYPE |
2 | tristate "Asymmetric (public-key cryptographic) key type" | |
3 | depends on KEYS | |
4 | help | |
5 | This option provides support for a key type that holds the data for | |
6 | the asymmetric keys used for public key cryptographic operations such | |
7 | as encryption, decryption, signature generation and signature | |
8 | verification. | |
9 | ||
10 | if ASYMMETRIC_KEY_TYPE | |
11 | ||
a9681bf3 DH |
12 | config ASYMMETRIC_PUBLIC_KEY_SUBTYPE |
13 | tristate "Asymmetric public-key crypto algorithm subtype" | |
14 | select MPILIB | |
3fe78ca2 | 15 | select CRYPTO_HASH_INFO |
a9681bf3 DH |
16 | help |
17 | This option provides support for asymmetric public key type handling. | |
18 | If signature generation and/or verification are to be used, | |
19 | appropriate hash algorithms (such as SHA-1) must be available. | |
20 | ENOPKG will be reported if the requisite algorithm is unavailable. | |
964f3b3b | 21 | |
c26fd69f DH |
22 | config X509_CERTIFICATE_PARSER |
23 | tristate "X.509 certificate parser" | |
24 | depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE | |
25 | select ASN1 | |
26 | select OID_REGISTRY | |
27 | help | |
45206986 | 28 | This option provides support for parsing X.509 format blobs for key |
c26fd69f DH |
29 | data and provides the ability to instantiate a crypto key from a |
30 | public key packet found inside the certificate. | |
31 | ||
2e3fadbf DH |
32 | config PKCS7_MESSAGE_PARSER |
33 | tristate "PKCS#7 message parser" | |
34 | depends on X509_CERTIFICATE_PARSER | |
35 | select ASN1 | |
36 | select OID_REGISTRY | |
37 | help | |
38 | This option provides support for parsing PKCS#7 format messages for | |
39 | signature data and provides the ability to verify the signature. | |
40 | ||
22d01afb DH |
41 | config PKCS7_TEST_KEY |
42 | tristate "PKCS#7 testing key type" | |
43 | depends on PKCS7_MESSAGE_PARSER | |
44 | select SYSTEM_TRUSTED_KEYRING | |
45 | help | |
46 | This option provides a type of key that can be loaded up from a | |
47 | PKCS#7 message - provided the message is signed by a trusted key. If | |
48 | it is, the PKCS#7 wrapper is discarded and reading the key returns | |
49 | just the payload. If it isn't, adding the key will fail with an | |
50 | error. | |
51 | ||
52 | This is intended for testing the PKCS#7 parser. | |
53 | ||
26d1164b DH |
54 | config SIGNED_PE_FILE_VERIFICATION |
55 | bool "Support for PE file signature verification" | |
56 | depends on PKCS7_MESSAGE_PARSER=y | |
57 | select ASN1 | |
58 | select OID_REGISTRY | |
59 | help | |
60 | This option provides support for verifying the signature(s) on a | |
61 | signed PE binary. | |
62 | ||
964f3b3b | 63 | endif # ASYMMETRIC_KEY_TYPE |