1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* Self-testing for signature checking. 3 * 4 * Copyright (C) 2022 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8 #include <crypto/pkcs7.h> 9 #include <linux/cred.h> 10 #include <linux/kernel.h> 11 #include <linux/key.h> 12 #include <linux/module.h> 13 #include "selftest.h" 14 #include "x509_parser.h" 15 16 void fips_signature_selftest(const char *name, 17 const u8 *keys, size_t keys_len, 18 const u8 *data, size_t data_len, 19 const u8 *sig, size_t sig_len) 20 { 21 struct key *keyring; 22 int ret; 23 24 pr_notice("Running certificate verification %s selftest\n", name); 25 26 keyring = keyring_alloc(".certs_selftest", 27 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(), 28 (KEY_POS_ALL & ~KEY_POS_SETATTR) | 29 KEY_USR_VIEW | KEY_USR_READ | 30 KEY_USR_SEARCH, 31 KEY_ALLOC_NOT_IN_QUOTA, 32 NULL, NULL); 33 if (IS_ERR(keyring)) 34 panic("Can't allocate certs %s selftest keyring: %ld\n", name, PTR_ERR(keyring)); 35 36 ret = x509_load_certificate_list(keys, keys_len, keyring); 37 if (ret < 0) 38 panic("Can't allocate certs %s selftest keyring: %d\n", name, ret); 39 40 struct pkcs7_message *pkcs7; 41 42 pkcs7 = pkcs7_parse_message(sig, sig_len); 43 if (IS_ERR(pkcs7)) 44 panic("Certs %s selftest: pkcs7_parse_message() = %d\n", name, ret); 45 46 pkcs7_supply_detached_data(pkcs7, data, data_len); 47 48 ret = pkcs7_verify(pkcs7, VERIFYING_MODULE_SIGNATURE); 49 if (ret < 0) 50 panic("Certs %s selftest: pkcs7_verify() = %d\n", name, ret); 51 52 ret = pkcs7_validate_trust(pkcs7, keyring); 53 if (ret < 0) 54 panic("Certs %s selftest: pkcs7_validate_trust() = %d\n", name, ret); 55 56 pkcs7_free_message(pkcs7); 57 58 key_put(keyring); 59 } 60 61 static int __init fips_signature_selftest_init(void) 62 { 63 fips_signature_selftest_rsa(); 64 fips_signature_selftest_ecdsa(); 65 return 0; 66 } 67 68 late_initcall(fips_signature_selftest_init); 69 70 MODULE_DESCRIPTION("X.509 self tests"); 71 MODULE_AUTHOR("Red Hat, Inc."); 72 MODULE_LICENSE("GPL"); 73
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.