73 lines · c
1// SPDX-License-Identifier: GPL-2.0-or-later2/* Self-testing for signature checking.3 *4 * Copyright (C) 2022 Red Hat, Inc. All Rights Reserved.5 * Written by David Howells (dhowells@redhat.com)6 */7 8#include <crypto/pkcs7.h>9#include <linux/cred.h>10#include <linux/kernel.h>11#include <linux/key.h>12#include <linux/module.h>13#include "selftest.h"14#include "x509_parser.h"15 16void fips_signature_selftest(const char *name,17 const u8 *keys, size_t keys_len,18 const u8 *data, size_t data_len,19 const u8 *sig, size_t sig_len)20{21 struct key *keyring;22 int ret;23 24 pr_notice("Running certificate verification %s selftest\n", name);25 26 keyring = keyring_alloc(".certs_selftest",27 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),28 (KEY_POS_ALL & ~KEY_POS_SETATTR) |29 KEY_USR_VIEW | KEY_USR_READ |30 KEY_USR_SEARCH,31 KEY_ALLOC_NOT_IN_QUOTA,32 NULL, NULL);33 if (IS_ERR(keyring))34 panic("Can't allocate certs %s selftest keyring: %ld\n", name, PTR_ERR(keyring));35 36 ret = x509_load_certificate_list(keys, keys_len, keyring);37 if (ret < 0)38 panic("Can't allocate certs %s selftest keyring: %d\n", name, ret);39 40 struct pkcs7_message *pkcs7;41 42 pkcs7 = pkcs7_parse_message(sig, sig_len);43 if (IS_ERR(pkcs7))44 panic("Certs %s selftest: pkcs7_parse_message() = %d\n", name, ret);45 46 pkcs7_supply_detached_data(pkcs7, data, data_len);47 48 ret = pkcs7_verify(pkcs7, VERIFYING_MODULE_SIGNATURE);49 if (ret < 0)50 panic("Certs %s selftest: pkcs7_verify() = %d\n", name, ret);51 52 ret = pkcs7_validate_trust(pkcs7, keyring);53 if (ret < 0)54 panic("Certs %s selftest: pkcs7_validate_trust() = %d\n", name, ret);55 56 pkcs7_free_message(pkcs7);57 58 key_put(keyring);59}60 61static int __init fips_signature_selftest_init(void)62{63 fips_signature_selftest_rsa();64 fips_signature_selftest_ecdsa();65 return 0;66}67 68late_initcall(fips_signature_selftest_init);69 70MODULE_DESCRIPTION("X.509 self tests");71MODULE_AUTHOR("Red Hat, Inc.");72MODULE_LICENSE("GPL");73