]>
Commit | Line | Data |
---|---|---|
b2441318 | 1 | # SPDX-License-Identifier: GPL-2.0 |
964f3b3b | 2 | menuconfig ASYMMETRIC_KEY_TYPE |
99716b7c | 3 | bool "Asymmetric (public-key cryptographic) key type" |
964f3b3b DH |
4 | depends on KEYS |
5 | help | |
6 | This option provides support for a key type that holds the data for | |
7 | the asymmetric keys used for public key cryptographic operations such | |
8 | as encryption, decryption, signature generation and signature | |
9 | verification. | |
10 | ||
11 | if ASYMMETRIC_KEY_TYPE | |
12 | ||
a9681bf3 DH |
13 | config ASYMMETRIC_PUBLIC_KEY_SUBTYPE |
14 | tristate "Asymmetric public-key crypto algorithm subtype" | |
15 | select MPILIB | |
3fe78ca2 | 16 | select CRYPTO_HASH_INFO |
bad6a185 | 17 | select CRYPTO_AKCIPHER |
dcaa86b9 | 18 | select CRYPTO_SIG |
90acc065 | 19 | select CRYPTO_HASH |
a9681bf3 DH |
20 | help |
21 | This option provides support for asymmetric public key type handling. | |
22 | If signature generation and/or verification are to be used, | |
23 | appropriate hash algorithms (such as SHA-1) must be available. | |
24 | ENOPKG will be reported if the requisite algorithm is unavailable. | |
964f3b3b | 25 | |
c26fd69f DH |
26 | config X509_CERTIFICATE_PARSER |
27 | tristate "X.509 certificate parser" | |
28 | depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE | |
29 | select ASN1 | |
30 | select OID_REGISTRY | |
31 | help | |
45206986 | 32 | This option provides support for parsing X.509 format blobs for key |
c26fd69f DH |
33 | data and provides the ability to instantiate a crypto key from a |
34 | public key packet found inside the certificate. | |
35 | ||
3c58b236 DH |
36 | config PKCS8_PRIVATE_KEY_PARSER |
37 | tristate "PKCS#8 private key parser" | |
38 | depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE | |
39 | select ASN1 | |
40 | select OID_REGISTRY | |
41 | help | |
42 | This option provides support for parsing PKCS#8 format blobs for | |
43 | private key data and provides the ability to instantiate a crypto key | |
44 | from that data. | |
45 | ||
2e3fadbf DH |
46 | config PKCS7_MESSAGE_PARSER |
47 | tristate "PKCS#7 message parser" | |
48 | depends on X509_CERTIFICATE_PARSER | |
90acc065 | 49 | select CRYPTO_HASH |
2e3fadbf DH |
50 | select ASN1 |
51 | select OID_REGISTRY | |
52 | help | |
53 | This option provides support for parsing PKCS#7 format messages for | |
54 | signature data and provides the ability to verify the signature. | |
55 | ||
22d01afb DH |
56 | config PKCS7_TEST_KEY |
57 | tristate "PKCS#7 testing key type" | |
e68503bd | 58 | depends on SYSTEM_DATA_VERIFICATION |
22d01afb DH |
59 | help |
60 | This option provides a type of key that can be loaded up from a | |
61 | PKCS#7 message - provided the message is signed by a trusted key. If | |
62 | it is, the PKCS#7 wrapper is discarded and reading the key returns | |
63 | just the payload. If it isn't, adding the key will fail with an | |
64 | error. | |
65 | ||
66 | This is intended for testing the PKCS#7 parser. | |
67 | ||
26d1164b DH |
68 | config SIGNED_PE_FILE_VERIFICATION |
69 | bool "Support for PE file signature verification" | |
70 | depends on PKCS7_MESSAGE_PARSER=y | |
e68503bd | 71 | depends on SYSTEM_DATA_VERIFICATION |
90acc065 | 72 | select CRYPTO_HASH |
26d1164b DH |
73 | select ASN1 |
74 | select OID_REGISTRY | |
75 | help | |
76 | This option provides support for verifying the signature(s) on a | |
77 | signed PE binary. | |
78 | ||
3cde3174 | 79 | config FIPS_SIGNATURE_SELFTEST |
04a93202 | 80 | tristate "Run FIPS selftests on the X.509+PKCS7 signature verification" |
3cde3174 DH |
81 | help |
82 | This option causes some selftests to be run on the signature | |
83 | verification code, using some built in data. This is required | |
84 | for FIPS. | |
85 | depends on KEYS | |
86 | depends on ASYMMETRIC_KEY_TYPE | |
0f5d4a0b | 87 | depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER |
04a93202 | 88 | depends on X509_CERTIFICATE_PARSER |
3cde3174 | 89 | |
964f3b3b | 90 | endif # ASYMMETRIC_KEY_TYPE |