xref: /linux/crypto/asymmetric_keys/Kconfig (revision 6204e0025566ad3992ce649d4f44b7e8cdde2293) 
1menuconfig ASYMMETRIC_KEY_TYPE
2	tristate "Asymmetric (public-key cryptographic) key type"
3	depends on KEYS
4	help
5	  This option provides support for a key type that holds the data for
6	  the asymmetric keys used for public key cryptographic operations such
7	  as encryption, decryption, signature generation and signature
8	  verification.
9
10if ASYMMETRIC_KEY_TYPE
11
12config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
13	tristate "Asymmetric public-key crypto algorithm subtype"
14	select MPILIB
15	select PUBLIC_KEY_ALGO_RSA
16	select CRYPTO_HASH_INFO
17	help
18	  This option provides support for asymmetric public key type handling.
19	  If signature generation and/or verification are to be used,
20	  appropriate hash algorithms (such as SHA-1) must be available.
21	  ENOPKG will be reported if the requisite algorithm is unavailable.
22
23config PUBLIC_KEY_ALGO_RSA
24	tristate "RSA public-key algorithm"
25	select MPILIB_EXTRA
26	select MPILIB
27	help
28	  This option enables support for the RSA algorithm (PKCS#1, RFC3447).
29
30config X509_CERTIFICATE_PARSER
31	tristate "X.509 certificate parser"
32	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
33	select ASN1
34	select OID_REGISTRY
35	help
36	  This option provides support for parsing X.509 format blobs for key
37	  data and provides the ability to instantiate a crypto key from a
38	  public key packet found inside the certificate.
39
40config PKCS7_MESSAGE_PARSER
41	tristate "PKCS#7 message parser"
42	depends on X509_CERTIFICATE_PARSER
43	select ASN1
44	select OID_REGISTRY
45	help
46	  This option provides support for parsing PKCS#7 format messages for
47	  signature data and provides the ability to verify the signature.
48
49config PKCS7_TEST_KEY
50	tristate "PKCS#7 testing key type"
51	depends on PKCS7_MESSAGE_PARSER
52	select SYSTEM_TRUSTED_KEYRING
53	help
54	  This option provides a type of key that can be loaded up from a
55	  PKCS#7 message - provided the message is signed by a trusted key.  If
56	  it is, the PKCS#7 wrapper is discarded and reading the key returns
57	  just the payload.  If it isn't, adding the key will fail with an
58	  error.
59
60	  This is intended for testing the PKCS#7 parser.
61
62config SIGNED_PE_FILE_VERIFICATION
63	bool "Support for PE file signature verification"
64	depends on PKCS7_MESSAGE_PARSER=y
65	select ASN1
66	select OID_REGISTRY
67	help
68	  This option provides support for verifying the signature(s) on a
69	  signed PE binary.
70
71endif # ASYMMETRIC_KEY_TYPE
72