1menuconfig ASYMMETRIC_KEY_TYPE 2 tristate "Asymmetric (public-key cryptographic) key type" 3 depends on KEYS 4 help 5 This option provides support for a key type that holds the data for 6 the asymmetric keys used for public key cryptographic operations such 7 as encryption, decryption, signature generation and signature 8 verification. 9 10if ASYMMETRIC_KEY_TYPE 11 12config ASYMMETRIC_PUBLIC_KEY_SUBTYPE 13 tristate "Asymmetric public-key crypto algorithm subtype" 14 select MPILIB 15 select PUBLIC_KEY_ALGO_RSA 16 select CRYPTO_HASH_INFO 17 select CRYPTO_AKCIPHER 18 help 19 This option provides support for asymmetric public key type handling. 20 If signature generation and/or verification are to be used, 21 appropriate hash algorithms (such as SHA-1) must be available. 22 ENOPKG will be reported if the requisite algorithm is unavailable. 23 24config PUBLIC_KEY_ALGO_RSA 25 tristate "RSA public-key algorithm" 26 select MPILIB 27 help 28 This option enables support for the RSA algorithm (PKCS#1, RFC3447). 29 30config X509_CERTIFICATE_PARSER 31 tristate "X.509 certificate parser" 32 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE 33 select ASN1 34 select OID_REGISTRY 35 help 36 This option provides support for parsing X.509 format blobs for key 37 data and provides the ability to instantiate a crypto key from a 38 public key packet found inside the certificate. 39 40config PKCS7_MESSAGE_PARSER 41 tristate "PKCS#7 message parser" 42 depends on X509_CERTIFICATE_PARSER 43 select ASN1 44 select OID_REGISTRY 45 help 46 This option provides support for parsing PKCS#7 format messages for 47 signature data and provides the ability to verify the signature. 48 49config PKCS7_TEST_KEY 50 tristate "PKCS#7 testing key type" 51 depends on PKCS7_MESSAGE_PARSER 52 select SYSTEM_TRUSTED_KEYRING 53 help 54 This option provides a type of key that can be loaded up from a 55 PKCS#7 message - provided the message is signed by a trusted key. If 56 it is, the PKCS#7 wrapper is discarded and reading the key returns 57 just the payload. If it isn't, adding the key will fail with an 58 error. 59 60 This is intended for testing the PKCS#7 parser. 61 62config SIGNED_PE_FILE_VERIFICATION 63 bool "Support for PE file signature verification" 64 depends on PKCS7_MESSAGE_PARSER=y 65 select ASN1 66 select OID_REGISTRY 67 help 68 This option provides support for verifying the signature(s) on a 69 signed PE binary. 70 71endif # ASYMMETRIC_KEY_TYPE 72