Commit | Line | Data |
---|---|---|
8cd9f234 | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
3cde3174 DH |
2 | /* Self-testing for signature checking. |
3 | * | |
4 | * Copyright (C) 2022 Red Hat, Inc. All Rights Reserved. | |
5 | * Written by David Howells (dhowells@redhat.com) | |
6 | */ | |
7 | ||
04a93202 | 8 | #include <crypto/pkcs7.h> |
3cde3174 | 9 | #include <linux/cred.h> |
04a93202 | 10 | #include <linux/kernel.h> |
3cde3174 | 11 | #include <linux/key.h> |
04a93202 | 12 | #include <linux/module.h> |
8cd9f234 | 13 | #include "selftest.h" |
3cde3174 DH |
14 | #include "x509_parser.h" |
15 | ||
8cd9f234 JV |
16 | void fips_signature_selftest(const char *name, |
17 | const u8 *keys, size_t keys_len, | |
18 | const u8 *data, size_t data_len, | |
19 | const u8 *sig, size_t sig_len) | |
3cde3174 DH |
20 | { |
21 | struct key *keyring; | |
8cd9f234 | 22 | int ret; |
3cde3174 | 23 | |
8cd9f234 | 24 | pr_notice("Running certificate verification %s selftest\n", name); |
3cde3174 DH |
25 | |
26 | keyring = keyring_alloc(".certs_selftest", | |
27 | GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(), | |
28 | (KEY_POS_ALL & ~KEY_POS_SETATTR) | | |
29 | KEY_USR_VIEW | KEY_USR_READ | | |
30 | KEY_USR_SEARCH, | |
31 | KEY_ALLOC_NOT_IN_QUOTA, | |
32 | NULL, NULL); | |
33 | if (IS_ERR(keyring)) | |
8cd9f234 | 34 | panic("Can't allocate certs %s selftest keyring: %ld\n", name, PTR_ERR(keyring)); |
3cde3174 | 35 | |
8cd9f234 | 36 | ret = x509_load_certificate_list(keys, keys_len, keyring); |
3cde3174 | 37 | if (ret < 0) |
8cd9f234 | 38 | panic("Can't allocate certs %s selftest keyring: %d\n", name, ret); |
3cde3174 | 39 | |
8cd9f234 | 40 | struct pkcs7_message *pkcs7; |
3cde3174 | 41 | |
8cd9f234 JV |
42 | pkcs7 = pkcs7_parse_message(sig, sig_len); |
43 | if (IS_ERR(pkcs7)) | |
44 | panic("Certs %s selftest: pkcs7_parse_message() = %d\n", name, ret); | |
3cde3174 | 45 | |
8cd9f234 | 46 | pkcs7_supply_detached_data(pkcs7, data, data_len); |
3cde3174 | 47 | |
8cd9f234 JV |
48 | ret = pkcs7_verify(pkcs7, VERIFYING_MODULE_SIGNATURE); |
49 | if (ret < 0) | |
50 | panic("Certs %s selftest: pkcs7_verify() = %d\n", name, ret); | |
3cde3174 | 51 | |
8cd9f234 JV |
52 | ret = pkcs7_validate_trust(pkcs7, keyring); |
53 | if (ret < 0) | |
54 | panic("Certs %s selftest: pkcs7_validate_trust() = %d\n", name, ret); | |
3cde3174 | 55 | |
8cd9f234 | 56 | pkcs7_free_message(pkcs7); |
3cde3174 DH |
57 | |
58 | key_put(keyring); | |
8cd9f234 JV |
59 | } |
60 | ||
61 | static int __init fips_signature_selftest_init(void) | |
62 | { | |
63 | fips_signature_selftest_rsa(); | |
747ae818 | 64 | fips_signature_selftest_ecdsa(); |
3cde3174 DH |
65 | return 0; |
66 | } | |
04a93202 | 67 | |
8cd9f234 | 68 | late_initcall(fips_signature_selftest_init); |
04a93202 HX |
69 | |
70 | MODULE_DESCRIPTION("X.509 self tests"); | |
71 | MODULE_AUTHOR("Red Hat, Inc."); | |
72 | MODULE_LICENSE("GPL"); |