1 # SPDX-License-Identifier: GPL-2.0 <<
2 menuconfig ASYMMETRIC_KEY_TYPE 1 menuconfig ASYMMETRIC_KEY_TYPE
3 bool "Asymmetric (public-key cryptogra !! 2 tristate "Asymmetric (public-key cryptographic) key type"
4 depends on KEYS 3 depends on KEYS
5 help 4 help
6 This option provides support for a k 5 This option provides support for a key type that holds the data for
7 the asymmetric keys used for public 6 the asymmetric keys used for public key cryptographic operations such
8 as encryption, decryption, signature 7 as encryption, decryption, signature generation and signature
9 verification. 8 verification.
10 9
11 if ASYMMETRIC_KEY_TYPE 10 if ASYMMETRIC_KEY_TYPE
12 11
13 config ASYMMETRIC_PUBLIC_KEY_SUBTYPE 12 config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
14 tristate "Asymmetric public-key crypto 13 tristate "Asymmetric public-key crypto algorithm subtype"
15 select MPILIB 14 select MPILIB
>> 15 select PUBLIC_KEY_ALGO_RSA
16 select CRYPTO_HASH_INFO 16 select CRYPTO_HASH_INFO
17 select CRYPTO_AKCIPHER 17 select CRYPTO_AKCIPHER
18 select CRYPTO_SIG <<
19 select CRYPTO_HASH <<
20 help 18 help
21 This option provides support for asy 19 This option provides support for asymmetric public key type handling.
22 If signature generation and/or verif 20 If signature generation and/or verification are to be used,
23 appropriate hash algorithms (such as 21 appropriate hash algorithms (such as SHA-1) must be available.
24 ENOPKG will be reported if the requi 22 ENOPKG will be reported if the requisite algorithm is unavailable.
25 23
>> 24 config PUBLIC_KEY_ALGO_RSA
>> 25 tristate "RSA public-key algorithm"
>> 26 select MPILIB
>> 27 help
>> 28 This option enables support for the RSA algorithm (PKCS#1, RFC3447).
>> 29
26 config X509_CERTIFICATE_PARSER 30 config X509_CERTIFICATE_PARSER
27 tristate "X.509 certificate parser" 31 tristate "X.509 certificate parser"
28 depends on ASYMMETRIC_PUBLIC_KEY_SUBTY 32 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
29 select ASN1 33 select ASN1
30 select OID_REGISTRY 34 select OID_REGISTRY
31 help 35 help
32 This option provides support for par 36 This option provides support for parsing X.509 format blobs for key
33 data and provides the ability to ins 37 data and provides the ability to instantiate a crypto key from a
34 public key packet found inside the c 38 public key packet found inside the certificate.
35 39
36 config PKCS8_PRIVATE_KEY_PARSER <<
37 tristate "PKCS#8 private key parser" <<
38 depends on ASYMMETRIC_PUBLIC_KEY_SUBTY <<
39 select ASN1 <<
40 select OID_REGISTRY <<
41 help <<
42 This option provides support for par <<
43 private key data and provides the ab <<
44 from that data. <<
45 <<
46 config PKCS7_MESSAGE_PARSER 40 config PKCS7_MESSAGE_PARSER
47 tristate "PKCS#7 message parser" 41 tristate "PKCS#7 message parser"
48 depends on X509_CERTIFICATE_PARSER 42 depends on X509_CERTIFICATE_PARSER
49 select CRYPTO_HASH <<
50 select ASN1 43 select ASN1
51 select OID_REGISTRY 44 select OID_REGISTRY
52 help 45 help
53 This option provides support for par 46 This option provides support for parsing PKCS#7 format messages for
54 signature data and provides the abil 47 signature data and provides the ability to verify the signature.
55 48
56 config PKCS7_TEST_KEY 49 config PKCS7_TEST_KEY
57 tristate "PKCS#7 testing key type" 50 tristate "PKCS#7 testing key type"
58 depends on SYSTEM_DATA_VERIFICATION !! 51 depends on PKCS7_MESSAGE_PARSER
>> 52 select SYSTEM_TRUSTED_KEYRING
59 help 53 help
60 This option provides a type of key t 54 This option provides a type of key that can be loaded up from a
61 PKCS#7 message - provided the messag 55 PKCS#7 message - provided the message is signed by a trusted key. If
62 it is, the PKCS#7 wrapper is discard 56 it is, the PKCS#7 wrapper is discarded and reading the key returns
63 just the payload. If it isn't, addi 57 just the payload. If it isn't, adding the key will fail with an
64 error. 58 error.
65 59
66 This is intended for testing the PKC 60 This is intended for testing the PKCS#7 parser.
67 61
68 config SIGNED_PE_FILE_VERIFICATION 62 config SIGNED_PE_FILE_VERIFICATION
69 bool "Support for PE file signature ve 63 bool "Support for PE file signature verification"
70 depends on PKCS7_MESSAGE_PARSER=y 64 depends on PKCS7_MESSAGE_PARSER=y
71 depends on SYSTEM_DATA_VERIFICATION <<
72 select CRYPTO_HASH <<
73 select ASN1 65 select ASN1
74 select OID_REGISTRY 66 select OID_REGISTRY
75 help 67 help
76 This option provides support for ver 68 This option provides support for verifying the signature(s) on a
77 signed PE binary. 69 signed PE binary.
78 <<
79 config FIPS_SIGNATURE_SELFTEST <<
80 tristate "Run FIPS selftests on the X. <<
81 help <<
82 This option causes some selftests to <<
83 verification code, using some built <<
84 for FIPS. <<
85 depends on KEYS <<
86 depends on ASYMMETRIC_KEY_TYPE <<
87 depends on PKCS7_MESSAGE_PARSER=X509_C <<
88 depends on X509_CERTIFICATE_PARSER <<
89 depends on CRYPTO_RSA <<
90 depends on CRYPTO_SHA256 <<
91 <<
92 config FIPS_SIGNATURE_SELFTEST_RSA <<
93 bool <<
94 default y <<
95 depends on FIPS_SIGNATURE_SELFTEST <<
96 depends on CRYPTO_SHA256=y || CRYPTO_S <<
97 depends on CRYPTO_RSA=y || CRYPTO_RSA= <<
98 <<
99 config FIPS_SIGNATURE_SELFTEST_ECDSA <<
100 bool <<
101 default y <<
102 depends on FIPS_SIGNATURE_SELFTEST <<
103 depends on CRYPTO_SHA256=y || CRYPTO_S <<
104 depends on CRYPTO_ECDSA=y || CRYPTO_EC <<
105 70
106 endif # ASYMMETRIC_KEY_TYPE 71 endif # ASYMMETRIC_KEY_TYPE
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.