linux/crypto/asymmetric_keys
David Howells 3cde3174eb certs: Add FIPS selftests
Add some selftests for signature checking when FIPS mode is enabled.  These
need to be done before we start actually using the signature checking for
things and must panic the kernel upon failure.

Note that the tests must not check the blacklist lest this provide a way to
prevent a kernel from booting by installing a hash of a test key in the
appropriate UEFI table.

Reported-by: Simo Sorce <simo@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org
Link: https://lore.kernel.org/r/165515742832.1554877.2073456606206090838.stgit@warthog.procyon.org.uk/
2022-06-21 16:05:12 +01:00
..
asymmetric_keys.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
asymmetric_type.c keys: X.509 public key issuer lookup without AKID 2022-01-09 00:18:42 +02:00
Kconfig certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
Makefile certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
mscode_parser.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
mscode.asn1 pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
pkcs7_key_type.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
pkcs7_parser.c certs: Add support for using elliptic curve keys for signing modules 2021-08-23 19:55:42 +03:00
pkcs7_parser.h crypto: asymmetric_keys: fix some comments in pkcs7_parser.h 2021-01-21 16:16:09 +00:00
pkcs7_trust.c keys: X.509 public key issuer lookup without AKID 2022-01-09 00:18:42 +02:00
pkcs7_verify.c KEYS: asymmetric: enforce that sig algo matches key algo 2022-03-10 01:46:59 +02:00
pkcs7.asn1 PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
pkcs8_parser.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
pkcs8.asn1 KEYS: Implement PKCS#8 RSA Private Key parser [ver #2] 2018-10-26 09:30:46 +01:00
public_key.c KEYS: asymmetric: properly validate hash_algo and encoding 2022-03-10 01:47:13 +02:00
restrict.c keys: X.509 public key issuer lookup without AKID 2022-01-09 00:18:42 +02:00
selftest.c certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
signature.c crypto: cleanup comments 2022-03-03 10:49:20 +12:00
verify_pefile.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
verify_pefile.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
x509_akid.asn1 X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
x509_cert_parser.c KEYS: x509: remove unused fields 2022-03-08 10:33:18 +02:00
x509_loader.c certs: Move load_certificate_list() to be with the asymmetric keys code 2022-06-21 16:05:06 +01:00
x509_parser.h certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
x509_public_key.c certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
x509.asn1 KEYS: x509: clearly distinguish between key and signature algorithms 2022-03-08 10:33:18 +02:00