diff options
| author | Yauheni Kaliuta <yauheni.kaliuta@redhat.com> | 2019-02-01 22:36:41 +0200 |
|---|---|---|
| committer | Lucas De Marchi <lucas.demarchi@intel.com> | 2019-02-04 13:49:13 -0800 |
| commit | dec990483bcb5f36557ab34918256a2251a6cf25 (patch) | |
| tree | 93b97397f865b70306252a38c4b61ea9f3a02342 | |
| parent | aca61d37212c65ddbcff32a3a201a2999ad12b67 (diff) | |
| download | kmod-dec990483bcb5f36557ab34918256a2251a6cf25.tar.gz kmod-dec990483bcb5f36557ab34918256a2251a6cf25.tar.bz2 kmod-dec990483bcb5f36557ab34918256a2251a6cf25.zip | |
testsuite: add modinfo pkcs7 signature test
Use the same approach to generate the signed module, like in the
old signature test: just append the pregenerated binary signature
to the module (the signature check will fail).
In case of need of generating correct signature, from the linux
kernel makefiles (certs/Makefile) it could be like:
$ openssl req -new -nodes -utf8 -sha256 -days 36500 -batch -x509
-config ./x509.genkey -outform PEM -out signing_key.pem -keyout signing_key.pem
$ /lib/modules/$(uname -r)/build/scripts/extract-cert signing_key.pem signing_key.x509
$ /lib/modules/$(uname -r)/build/scripts/sign-file sha256 signing_key.pem signing_key.x509 module.ko
where x509.genkey is:
```
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts
[ req_distinguished_name ]
CN = Build time autogenerated kernel key
[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
```
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
| -rw-r--r-- | testsuite/module-playground/dummy.pkcs7 | bin | 0 -> 721 bytes | |||
| -rwxr-xr-x | testsuite/populate-modules.sh | 9 | ||||
| -rw-r--r-- | testsuite/rootfs-pristine/test-modinfo/correct-sig_hashalgo.txt | 2 | ||||
| -rw-r--r-- | testsuite/rootfs-pristine/test-modinfo/correct-sig_key.txt | 2 | ||||
| -rw-r--r-- | testsuite/rootfs-pristine/test-modinfo/correct-signer.txt | 2 | ||||
| -rw-r--r-- | testsuite/test-modinfo.c | 3 |
6 files changed, 14 insertions, 4 deletions
diff --git a/testsuite/module-playground/dummy.pkcs7 b/testsuite/module-playground/dummy.pkcs7 Binary files differnew file mode 100644 index 0000000..bcdb902 --- /dev/null +++ b/testsuite/module-playground/dummy.pkcs7 diff --git a/testsuite/populate-modules.sh b/testsuite/populate-modules.sh index ba68a69..5140f7a 100755 --- a/testsuite/populate-modules.sh +++ b/testsuite/populate-modules.sh @@ -58,6 +58,7 @@ map=( ["test-modinfo/mod-simple-sparc64.ko"]="mod-simple-sparc64.ko" ["test-modinfo/mod-simple-sha1.ko"]="mod-simple.ko" ["test-modinfo/mod-simple-sha256.ko"]="mod-simple.ko" + ["test-modinfo/mod-simple-pkcs7.ko"]="mod-simple.ko" ["test-modinfo/external/lib/modules/external/mod-simple.ko"]="mod-simple.ko" ["test-tools/insert/lib/modules/4.4.4/kernel/"]="mod-simple.ko" ["test-tools/remove/lib/modules/4.4.4/kernel/"]="mod-simple.ko" @@ -77,6 +78,10 @@ attach_sha1_array=( "test-modinfo/mod-simple-sha1.ko" ) +attach_pkcs7_array=( + "test-modinfo/mod-simple-pkcs7.ko" + ) + for k in ${!map[@]}; do dst=${ROOTFS}/$k src=${MODULE_PLAYGROUND}/${map[$k]} @@ -103,3 +108,7 @@ done for m in "${attach_sha256_array[@]}"; do cat ${MODULE_PLAYGROUND}/dummy.sha256 >> ${ROOTFS}/$m done + +for m in "${attach_pkcs7_array[@]}"; do + cat ${MODULE_PLAYGROUND}/dummy.pkcs7 >> ${ROOTFS}/$m +done diff --git a/testsuite/rootfs-pristine/test-modinfo/correct-sig_hashalgo.txt b/testsuite/rootfs-pristine/test-modinfo/correct-sig_hashalgo.txt index 6d0223e..f97c4fa 100644 --- a/testsuite/rootfs-pristine/test-modinfo/correct-sig_hashalgo.txt +++ b/testsuite/rootfs-pristine/test-modinfo/correct-sig_hashalgo.txt @@ -1,3 +1,3 @@ sha1 sha256 - +sha256 diff --git a/testsuite/rootfs-pristine/test-modinfo/correct-sig_key.txt b/testsuite/rootfs-pristine/test-modinfo/correct-sig_key.txt index 7dc4c6a..25a75a8 100644 --- a/testsuite/rootfs-pristine/test-modinfo/correct-sig_key.txt +++ b/testsuite/rootfs-pristine/test-modinfo/correct-sig_key.txt @@ -1,3 +1,3 @@ E3:C8:FC:A7:3F:B3:1D:DE:84:81:EF:38:E3:4C:DE:4B:0C:FD:1B:F9 E3:C8:FC:A7:3F:B3:1D:DE:84:81:EF:38:E3:4C:DE:4B:0C:FD:1B:F9 - +26:DA:C3:EB:0F:0D:1A:56:A2:D8:B2:13:F0:D7:53:47:1D:0D:48:68 diff --git a/testsuite/rootfs-pristine/test-modinfo/correct-signer.txt b/testsuite/rootfs-pristine/test-modinfo/correct-signer.txt index afe83df..2b979f9 100644 --- a/testsuite/rootfs-pristine/test-modinfo/correct-signer.txt +++ b/testsuite/rootfs-pristine/test-modinfo/correct-signer.txt @@ -1,3 +1,3 @@ Magrathea: Glacier signing key Magrathea: Glacier signing key - +Build time autogenerated kernel key diff --git a/testsuite/test-modinfo.c b/testsuite/test-modinfo.c index 8fdfe35..504d9dd 100644 --- a/testsuite/test-modinfo.c +++ b/testsuite/test-modinfo.c @@ -56,7 +56,8 @@ DEFINE_TEST(test_modinfo_##_field, \ #define DEFINE_MODINFO_SIGN_TEST(_field) \ DEFINE_MODINFO_TEST(_field, \ "/mod-simple-sha1.ko", \ - "/mod-simple-sha256.ko") + "/mod-simple-sha256.ko", \ + "/mod-simple-pkcs7.ko") DEFINE_MODINFO_GENERIC_TEST(filename); DEFINE_MODINFO_GENERIC_TEST(author); |