From 051dbb918c7fb7da8e64a2cd0d804ba73399709f Mon Sep 17 00:00:00 2001
From: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Date: Fri, 14 Oct 2011 15:25:16 +0300
Subject: crypto: digital signature verification support

This patch implements RSA digital signature verification using GnuPG library.

The format of the signature and the public key is defined by their respective
headers. The signature header contains version information, algorithm,
and keyid, which was used to generate the signature.
The key header contains version and algorythim type.
The payload of the signature and the key are multi-precision integers.

The signing and key management utilities evm-utils provide functionality
to generate signatures and load keys into the kernel keyring.
When the key is added to the kernel keyring, the keyid defines the name
of the key.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
---
 lib/Kconfig | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'lib/Kconfig')

diff --git a/lib/Kconfig b/lib/Kconfig
index d411de5..c1a8918 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -293,4 +293,12 @@ config MPILIB_EXTRA
 	  This code in unnecessary for RSA digital signature verification,
 	  and can be compiled if needed.
 
+config DIGSIG
+	tristate "In-kernel signature checker"
+	depends on CRYPTO
+	select MPILIB
+	help
+	  Digital signature verification. Currently only RSA is supported.
+	  Implementation is done using GnuPG MPI library
+
 endmenu
-- 
cgit v1.1