brintos

brintos / linux-shallow public Read only

0
0
Text · 3.4 KiB · e1345b8 Raw
107 lines · plain
1# SPDX-License-Identifier: GPL-2.02menuconfig ASYMMETRIC_KEY_TYPE3	bool "Asymmetric (public-key cryptographic) key type"4	depends on KEYS5	help6	  This option provides support for a key type that holds the data for7	  the asymmetric keys used for public key cryptographic operations such8	  as encryption, decryption, signature generation and signature9	  verification.10 11if ASYMMETRIC_KEY_TYPE12 13config ASYMMETRIC_PUBLIC_KEY_SUBTYPE14	tristate "Asymmetric public-key crypto algorithm subtype"15	select MPILIB16	select CRYPTO_HASH_INFO17	select CRYPTO_AKCIPHER18	select CRYPTO_SIG19	select CRYPTO_HASH20	help21	  This option provides support for asymmetric public key type handling.22	  If signature generation and/or verification are to be used,23	  appropriate hash algorithms (such as SHA-1) must be available.24	  ENOPKG will be reported if the requisite algorithm is unavailable.25 26config X509_CERTIFICATE_PARSER27	tristate "X.509 certificate parser"28	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE29	select ASN130	select OID_REGISTRY31	help32	  This option provides support for parsing X.509 format blobs for key33	  data and provides the ability to instantiate a crypto key from a34	  public key packet found inside the certificate.35 36config PKCS8_PRIVATE_KEY_PARSER37	tristate "PKCS#8 private key parser"38	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE39	select ASN140	select OID_REGISTRY41	help42	  This option provides support for parsing PKCS#8 format blobs for43	  private key data and provides the ability to instantiate a crypto key44	  from that data.45 46config PKCS7_MESSAGE_PARSER47	tristate "PKCS#7 message parser"48	depends on X509_CERTIFICATE_PARSER49	select CRYPTO_HASH50	select ASN151	select OID_REGISTRY52	help53	  This option provides support for parsing PKCS#7 format messages for54	  signature data and provides the ability to verify the signature.55 56config PKCS7_TEST_KEY57	tristate "PKCS#7 testing key type"58	depends on SYSTEM_DATA_VERIFICATION59	help60	  This option provides a type of key that can be loaded up from a61	  PKCS#7 message - provided the message is signed by a trusted key.  If62	  it is, the PKCS#7 wrapper is discarded and reading the key returns63	  just the payload.  If it isn't, adding the key will fail with an64	  error.65 66	  This is intended for testing the PKCS#7 parser.67 68config SIGNED_PE_FILE_VERIFICATION69	bool "Support for PE file signature verification"70	depends on PKCS7_MESSAGE_PARSER=y71	depends on SYSTEM_DATA_VERIFICATION72	select CRYPTO_HASH73	select ASN174	select OID_REGISTRY75	help76	  This option provides support for verifying the signature(s) on a77	  signed PE binary.78 79config FIPS_SIGNATURE_SELFTEST80	tristate "Run FIPS selftests on the X.509+PKCS7 signature verification"81	help82	  This option causes some selftests to be run on the signature83	  verification code, using some built in data.  This is required84	  for FIPS.85	depends on KEYS86	depends on ASYMMETRIC_KEY_TYPE87	depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER88	depends on X509_CERTIFICATE_PARSER89	depends on CRYPTO_RSA90	depends on CRYPTO_SHA25691 92config FIPS_SIGNATURE_SELFTEST_RSA93	bool94	default y95	depends on FIPS_SIGNATURE_SELFTEST96	depends on CRYPTO_SHA256=y || CRYPTO_SHA256=FIPS_SIGNATURE_SELFTEST97	depends on CRYPTO_RSA=y || CRYPTO_RSA=FIPS_SIGNATURE_SELFTEST98 99config FIPS_SIGNATURE_SELFTEST_ECDSA100	bool101	default y102	depends on FIPS_SIGNATURE_SELFTEST103	depends on CRYPTO_SHA256=y || CRYPTO_SHA256=FIPS_SIGNATURE_SELFTEST104	depends on CRYPTO_ECDSA=y || CRYPTO_ECDSA=FIPS_SIGNATURE_SELFTEST105 106endif # ASYMMETRIC_KEY_TYPE107