1 // SPDX-License-Identifier: GPL-2.0-or-later 1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* Self-testing for signature checking. 2 /* Self-testing for signature checking.
3 * 3 *
4 * Copyright (C) 2022 Red Hat, Inc. All Rights 4 * Copyright (C) 2022 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.c 5 * Written by David Howells (dhowells@redhat.com)
6 */ 6 */
7 7
8 #include <crypto/pkcs7.h> 8 #include <crypto/pkcs7.h>
9 #include <linux/cred.h> 9 #include <linux/cred.h>
10 #include <linux/kernel.h> 10 #include <linux/kernel.h>
11 #include <linux/key.h> 11 #include <linux/key.h>
12 #include <linux/module.h> 12 #include <linux/module.h>
13 #include "selftest.h" 13 #include "selftest.h"
14 #include "x509_parser.h" 14 #include "x509_parser.h"
15 15
16 void fips_signature_selftest(const char *name, 16 void fips_signature_selftest(const char *name,
17 const u8 *keys, s 17 const u8 *keys, size_t keys_len,
18 const u8 *data, s 18 const u8 *data, size_t data_len,
19 const u8 *sig, si 19 const u8 *sig, size_t sig_len)
20 { 20 {
21 struct key *keyring; 21 struct key *keyring;
22 int ret; 22 int ret;
23 23
24 pr_notice("Running certificate verific 24 pr_notice("Running certificate verification %s selftest\n", name);
25 25
26 keyring = keyring_alloc(".certs_selfte 26 keyring = keyring_alloc(".certs_selftest",
27 GLOBAL_ROOT_UI 27 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
28 (KEY_POS_ALL & 28 (KEY_POS_ALL & ~KEY_POS_SETATTR) |
29 KEY_USR_VIEW | 29 KEY_USR_VIEW | KEY_USR_READ |
30 KEY_USR_SEARCH 30 KEY_USR_SEARCH,
31 KEY_ALLOC_NOT_ 31 KEY_ALLOC_NOT_IN_QUOTA,
32 NULL, NULL); 32 NULL, NULL);
33 if (IS_ERR(keyring)) 33 if (IS_ERR(keyring))
34 panic("Can't allocate certs %s 34 panic("Can't allocate certs %s selftest keyring: %ld\n", name, PTR_ERR(keyring));
35 35
36 ret = x509_load_certificate_list(keys, 36 ret = x509_load_certificate_list(keys, keys_len, keyring);
37 if (ret < 0) 37 if (ret < 0)
38 panic("Can't allocate certs %s 38 panic("Can't allocate certs %s selftest keyring: %d\n", name, ret);
39 39
40 struct pkcs7_message *pkcs7; 40 struct pkcs7_message *pkcs7;
41 41
42 pkcs7 = pkcs7_parse_message(sig, sig_l 42 pkcs7 = pkcs7_parse_message(sig, sig_len);
43 if (IS_ERR(pkcs7)) 43 if (IS_ERR(pkcs7))
44 panic("Certs %s selftest: pkcs 44 panic("Certs %s selftest: pkcs7_parse_message() = %d\n", name, ret);
45 45
46 pkcs7_supply_detached_data(pkcs7, data 46 pkcs7_supply_detached_data(pkcs7, data, data_len);
47 47
48 ret = pkcs7_verify(pkcs7, VERIFYING_MO 48 ret = pkcs7_verify(pkcs7, VERIFYING_MODULE_SIGNATURE);
49 if (ret < 0) 49 if (ret < 0)
50 panic("Certs %s selftest: pkcs 50 panic("Certs %s selftest: pkcs7_verify() = %d\n", name, ret);
51 51
52 ret = pkcs7_validate_trust(pkcs7, keyr 52 ret = pkcs7_validate_trust(pkcs7, keyring);
53 if (ret < 0) 53 if (ret < 0)
54 panic("Certs %s selftest: pkcs 54 panic("Certs %s selftest: pkcs7_validate_trust() = %d\n", name, ret);
55 55
56 pkcs7_free_message(pkcs7); 56 pkcs7_free_message(pkcs7);
57 57
58 key_put(keyring); 58 key_put(keyring);
59 } 59 }
60 60
61 static int __init fips_signature_selftest_init 61 static int __init fips_signature_selftest_init(void)
62 { 62 {
63 fips_signature_selftest_rsa(); 63 fips_signature_selftest_rsa();
64 fips_signature_selftest_ecdsa(); 64 fips_signature_selftest_ecdsa();
65 return 0; 65 return 0;
66 } 66 }
67 67
68 late_initcall(fips_signature_selftest_init); 68 late_initcall(fips_signature_selftest_init);
69 69
70 MODULE_DESCRIPTION("X.509 self tests"); 70 MODULE_DESCRIPTION("X.509 self tests");
71 MODULE_AUTHOR("Red Hat, Inc."); 71 MODULE_AUTHOR("Red Hat, Inc.");
72 MODULE_LICENSE("GPL"); 72 MODULE_LICENSE("GPL");
73 73
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.