[linux-block.git] / crypto / asymmetric_keys / selftest.c

// SPDX-License-Identifier: GPL-2.0-or-later
/* Self-testing for signature checking.
 *
 * Copyright (C) 2022 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 */

#include <crypto/pkcs7.h>
#include <linux/cred.h>
#include <linux/kernel.h>
#include <linux/key.h>
#include <linux/module.h>
#include "selftest.h"
#include "x509_parser.h"

void fips_signature_selftest(const char *name,
			     const u8 *keys, size_t keys_len,
			     const u8 *data, size_t data_len,
			     const u8 *sig, size_t sig_len)
{
	struct key *keyring;
	int ret;

	pr_notice("Running certificate verification %s selftest\n", name);

	keyring = keyring_alloc(".certs_selftest",
				GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
				(KEY_POS_ALL & ~KEY_POS_SETATTR) |
				KEY_USR_VIEW | KEY_USR_READ |
				KEY_USR_SEARCH,
				KEY_ALLOC_NOT_IN_QUOTA,
				NULL, NULL);
	if (IS_ERR(keyring))
		panic("Can't allocate certs %s selftest keyring: %ld\n", name, PTR_ERR(keyring));

	ret = x509_load_certificate_list(keys, keys_len, keyring);
	if (ret < 0)
		panic("Can't allocate certs %s selftest keyring: %d\n", name, ret);

	struct pkcs7_message *pkcs7;

	pkcs7 = pkcs7_parse_message(sig, sig_len);
	if (IS_ERR(pkcs7))
		panic("Certs %s selftest: pkcs7_parse_message() = %d\n", name, ret);

	pkcs7_supply_detached_data(pkcs7, data, data_len);

	ret = pkcs7_verify(pkcs7, VERIFYING_MODULE_SIGNATURE);
	if (ret < 0)
		panic("Certs %s selftest: pkcs7_verify() = %d\n", name, ret);

	ret = pkcs7_validate_trust(pkcs7, keyring);
	if (ret < 0)
		panic("Certs %s selftest: pkcs7_validate_trust() = %d\n", name, ret);

	pkcs7_free_message(pkcs7);

	key_put(keyring);
}

static int __init fips_signature_selftest_init(void)
{
	fips_signature_selftest_rsa();
	fips_signature_selftest_ecdsa();
	return 0;
}

late_initcall(fips_signature_selftest_init);

MODULE_DESCRIPTION("X.509 self tests");
MODULE_AUTHOR("Red Hat, Inc.");
MODULE_LICENSE("GPL");
Commit	Line	Data
8cd9f234	1	// SPDX-License-Identifier: GPL-2.0-or-later
3cde3174 DH	2	/* Self-testing for signature checking.
	3	*
	4	* Copyright (C) 2022 Red Hat, Inc. All Rights Reserved.
	5	* Written by David Howells (dhowells@redhat.com)
	6	*/
	7
04a93202	8	#include <crypto/pkcs7.h>
3cde3174	9	#include <linux/cred.h>
04a93202	10	#include <linux/kernel.h>
3cde3174	11	#include <linux/key.h>
04a93202	12	#include <linux/module.h>
8cd9f234	13	#include "selftest.h"
3cde3174 DH	14	#include "x509_parser.h"
3cde3174 DH	15
8cd9f234 JV	16	void fips_signature_selftest(const char *name,
	17	const u8 *keys, size_t keys_len,
	18	const u8 *data, size_t data_len,
	19	const u8 *sig, size_t sig_len)
3cde3174 DH	20	{
3cde3174 DH	21	struct key *keyring;
8cd9f234	22	int ret;
3cde3174	23
8cd9f234	24	pr_notice("Running certificate verification %s selftest\n", name);
3cde3174 DH	25
	26	keyring = keyring_alloc(".certs_selftest",
	27	GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
	28	(KEY_POS_ALL & ~KEY_POS_SETATTR) \|
	29	KEY_USR_VIEW \| KEY_USR_READ \|
	30	KEY_USR_SEARCH,
	31	KEY_ALLOC_NOT_IN_QUOTA,
	32	NULL, NULL);
	33	if (IS_ERR(keyring))
8cd9f234	34	panic("Can't allocate certs %s selftest keyring: %ld\n", name, PTR_ERR(keyring));
3cde3174	35
8cd9f234	36	ret = x509_load_certificate_list(keys, keys_len, keyring);
3cde3174	37	if (ret < 0)
8cd9f234	38	panic("Can't allocate certs %s selftest keyring: %d\n", name, ret);
3cde3174	39
8cd9f234	40	struct pkcs7_message *pkcs7;
3cde3174	41
8cd9f234 JV	42	pkcs7 = pkcs7_parse_message(sig, sig_len);
	43	if (IS_ERR(pkcs7))
	44	panic("Certs %s selftest: pkcs7_parse_message() = %d\n", name, ret);
3cde3174	45
8cd9f234	46	pkcs7_supply_detached_data(pkcs7, data, data_len);
3cde3174	47
8cd9f234 JV	48	ret = pkcs7_verify(pkcs7, VERIFYING_MODULE_SIGNATURE);
	49	if (ret < 0)
	50	panic("Certs %s selftest: pkcs7_verify() = %d\n", name, ret);
3cde3174	51
8cd9f234 JV	52	ret = pkcs7_validate_trust(pkcs7, keyring);
	53	if (ret < 0)
	54	panic("Certs %s selftest: pkcs7_validate_trust() = %d\n", name, ret);
3cde3174	55
8cd9f234	56	pkcs7_free_message(pkcs7);
3cde3174 DH	57
3cde3174 DH	58	key_put(keyring);
8cd9f234 JV	59	}
	60
	61	static int __init fips_signature_selftest_init(void)
	62	{
	63	fips_signature_selftest_rsa();
747ae818	64	fips_signature_selftest_ecdsa();
3cde3174 DH	65	return 0;
3cde3174 DH	66	}
04a93202	67
8cd9f234	68	late_initcall(fips_signature_selftest_init);
04a93202 HX	69
	70	MODULE_DESCRIPTION("X.509 self tests");
	71	MODULE_AUTHOR("Red Hat, Inc.");
	72	MODULE_LICENSE("GPL");