crypto/asymmetric_keys/selftest.c

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /* Self-testing for signature checking.
   3  *
   4  * Copyright (C) 2022 Red Hat, Inc. All Rights Reserved.
   5  * Written by David Howells (dhowells@redhat.com)
   6  */
   7
   8 #include <crypto/pkcs7.h>
   9 #include <linux/cred.h>
  10 #include <linux/kernel.h>
  11 #include <linux/key.h>
  12 #include <linux/module.h>
  13 #include "selftest.h"
  14 #include "x509_parser.h"
  15
  16 void fips_signature_selftest(const char *name,
  17                              const u8 *keys, size_t keys_len,
  18                              const u8 *data, size_t data_len,
  19                              const u8 *sig, size_t sig_len)
  20 {
  21         struct key *keyring;
  22         int ret;
  23
  24         pr_notice("Running certificate verification %s selftest\n", name);
  25
  26         keyring = keyring_alloc(".certs_selftest",
  27                                 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
  28                                 (KEY_POS_ALL & ~KEY_POS_SETATTR) |
  29                                 KEY_USR_VIEW | KEY_USR_READ |
  30                                 KEY_USR_SEARCH,
  31                                 KEY_ALLOC_NOT_IN_QUOTA,
  32                                 NULL, NULL);
  33         if (IS_ERR(keyring))
  34                 panic("Can't allocate certs %s selftest keyring: %ld\n", name, PTR_ERR(keyring));
  35
  36         ret = x509_load_certificate_list(keys, keys_len, keyring);
  37         if (ret < 0)
  38                 panic("Can't allocate certs %s selftest keyring: %d\n", name, ret);
  39
  40         struct pkcs7_message *pkcs7;
  41
  42         pkcs7 = pkcs7_parse_message(sig, sig_len);
  43         if (IS_ERR(pkcs7))
  44                 panic("Certs %s selftest: pkcs7_parse_message() = %d\n", name, ret);
  45
  46         pkcs7_supply_detached_data(pkcs7, data, data_len);
  47
  48         ret = pkcs7_verify(pkcs7, VERIFYING_MODULE_SIGNATURE);
  49         if (ret < 0)
  50                 panic("Certs %s selftest: pkcs7_verify() = %d\n", name, ret);
  51
  52         ret = pkcs7_validate_trust(pkcs7, keyring);
  53         if (ret < 0)
  54                 panic("Certs %s selftest: pkcs7_validate_trust() = %d\n", name, ret);
  55
  56         pkcs7_free_message(pkcs7);
  57
  58         key_put(keyring);
  59 }
  60
  61 static int __init fips_signature_selftest_init(void)
  62 {
  63         fips_signature_selftest_rsa();
  64         fips_signature_selftest_ecdsa();
  65         return 0;
  66 }
  67
  68 late_initcall(fips_signature_selftest_init);
  69
  70 MODULE_DESCRIPTION("X.509 self tests");
  71 MODULE_AUTHOR("Red Hat, Inc.");
  72 MODULE_LICENSE("GPL");