| menuconfig ASYMMETRIC_KEY_TYPE |
| tristate "Asymmetric (public-key cryptographic) key type" |
| depends on KEYS |
| help |
| This option provides support for a key type that holds the data for |
| the asymmetric keys used for public key cryptographic operations such |
| as encryption, decryption, signature generation and signature |
| verification. |
| |
| if ASYMMETRIC_KEY_TYPE |
| |
| config ASYMMETRIC_PUBLIC_KEY_SUBTYPE |
| tristate "Asymmetric public-key crypto algorithm subtype" |
| select MPILIB |
| select PUBLIC_KEY_ALGO_RSA |
| select CRYPTO_HASH_INFO |
| select CRYPTO_AKCIPHER |
| help |
| This option provides support for asymmetric public key type handling. |
| If signature generation and/or verification are to be used, |
| appropriate hash algorithms (such as SHA-1) must be available. |
| ENOPKG will be reported if the requisite algorithm is unavailable. |
| |
| config PUBLIC_KEY_ALGO_RSA |
| tristate "RSA public-key algorithm" |
| select MPILIB |
| help |
| This option enables support for the RSA algorithm (PKCS#1, RFC3447). |
| |
| config X509_CERTIFICATE_PARSER |
| tristate "X.509 certificate parser" |
| depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE |
| select ASN1 |
| select OID_REGISTRY |
| help |
| This option provides support for parsing X.509 format blobs for key |
| data and provides the ability to instantiate a crypto key from a |
| public key packet found inside the certificate. |
| |
| config PKCS7_MESSAGE_PARSER |
| tristate "PKCS#7 message parser" |
| depends on X509_CERTIFICATE_PARSER |
| select ASN1 |
| select OID_REGISTRY |
| help |
| This option provides support for parsing PKCS#7 format messages for |
| signature data and provides the ability to verify the signature. |
| |
| config PKCS7_TEST_KEY |
| tristate "PKCS#7 testing key type" |
| depends on PKCS7_MESSAGE_PARSER |
| select SYSTEM_TRUSTED_KEYRING |
| help |
| This option provides a type of key that can be loaded up from a |
| PKCS#7 message - provided the message is signed by a trusted key. If |
| it is, the PKCS#7 wrapper is discarded and reading the key returns |
| just the payload. If it isn't, adding the key will fail with an |
| error. |
| |
| This is intended for testing the PKCS#7 parser. |
| |
| config SIGNED_PE_FILE_VERIFICATION |
| bool "Support for PE file signature verification" |
| depends on PKCS7_MESSAGE_PARSER=y |
| select ASN1 |
| select OID_REGISTRY |
| help |
| This option provides support for verifying the signature(s) on a |
| signed PE binary. |
| |
| endif # ASYMMETRIC_KEY_TYPE |