testsuite: add modinfo pkcs7 signature test

Use the same approach to generate the signed module, like in the
old signature test: just append the pregenerated binary signature
to the module (the signature check will fail).

In case of need of generating correct signature, from the linux
kernel makefiles (certs/Makefile) it could be like:

$ openssl req -new -nodes -utf8  -sha256 -days 36500 -batch -x509
-config  ./x509.genkey -outform PEM -out signing_key.pem -keyout signing_key.pem
$ /lib/modules/$(uname -r)/build/scripts/extract-cert signing_key.pem signing_key.x509
$ /lib/modules/$(uname -r)/build/scripts/sign-file sha256 signing_key.pem signing_key.x509 module.ko

where x509.genkey is:

```
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts

[ req_distinguished_name ]
CN = Build time autogenerated kernel key

[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
```

Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>

diff --git a/testsuite/module-playground/dummy.pkcs7 b/testsuite/module-playground/dummy.pkcs7
new file mode 100644 (file)
index 0000000..bcdb902
Binary files /dev/null and b/testsuite/module-playground/dummy.pkcs7 differ

diff --git a/testsuite/populate-modules.sh b/testsuite/populate-modules.sh
index ba68a69..5140f7a 100755 (executable)
--- a/testsuite/populate-modules.sh
+++ b/testsuite/populate-modules.sh
@@ -58,6 +58,7 @@ map=(
     ["test-modinfo/mod-simple-sparc64.ko"]="mod-simple-sparc64.ko"
     ["test-modinfo/mod-simple-sha1.ko"]="mod-simple.ko"
     ["test-modinfo/mod-simple-sha256.ko"]="mod-simple.ko"
+    ["test-modinfo/mod-simple-pkcs7.ko"]="mod-simple.ko"
     ["test-modinfo/external/lib/modules/external/mod-simple.ko"]="mod-simple.ko"
     ["test-tools/insert/lib/modules/4.4.4/kernel/"]="mod-simple.ko"
     ["test-tools/remove/lib/modules/4.4.4/kernel/"]="mod-simple.ko"
@@ -77,6 +78,10 @@ attach_sha1_array=(
     "test-modinfo/mod-simple-sha1.ko"
     )
 
+attach_pkcs7_array=(
+    "test-modinfo/mod-simple-pkcs7.ko"
+    )
+
 for k in ${!map[@]}; do
     dst=${ROOTFS}/$k
     src=${MODULE_PLAYGROUND}/${map[$k]}
@@ -103,3 +108,7 @@ done
 for m in "${attach_sha256_array[@]}"; do
     cat ${MODULE_PLAYGROUND}/dummy.sha256 >> ${ROOTFS}/$m
 done
+
+for m in "${attach_pkcs7_array[@]}"; do
+    cat ${MODULE_PLAYGROUND}/dummy.pkcs7 >> ${ROOTFS}/$m
+done

diff --git a/testsuite/rootfs-pristine/test-modinfo/correct-sig_hashalgo.txt b/testsuite/rootfs-pristine/test-modinfo/correct-sig_hashalgo.txt
index 6d0223e..f97c4fa 100644 (file)
--- a/testsuite/rootfs-pristine/test-modinfo/correct-sig_hashalgo.txt
+++ b/testsuite/rootfs-pristine/test-modinfo/correct-sig_hashalgo.txt
@@ -1,3 +1,3 @@
 sha1
 sha256
-
+sha256

diff --git a/testsuite/rootfs-pristine/test-modinfo/correct-sig_key.txt b/testsuite/rootfs-pristine/test-modinfo/correct-sig_key.txt
index 7dc4c6a..25a75a8 100644 (file)
--- a/testsuite/rootfs-pristine/test-modinfo/correct-sig_key.txt
+++ b/testsuite/rootfs-pristine/test-modinfo/correct-sig_key.txt
@@ -1,3 +1,3 @@
 E3:C8:FC:A7:3F:B3:1D:DE:84:81:EF:38:E3:4C:DE:4B:0C:FD:1B:F9
 E3:C8:FC:A7:3F:B3:1D:DE:84:81:EF:38:E3:4C:DE:4B:0C:FD:1B:F9
-
+26:DA:C3:EB:0F:0D:1A:56:A2:D8:B2:13:F0:D7:53:47:1D:0D:48:68

diff --git a/testsuite/rootfs-pristine/test-modinfo/correct-signer.txt b/testsuite/rootfs-pristine/test-modinfo/correct-signer.txt
index afe83df..2b979f9 100644 (file)
--- a/testsuite/rootfs-pristine/test-modinfo/correct-signer.txt
+++ b/testsuite/rootfs-pristine/test-modinfo/correct-signer.txt
@@ -1,3 +1,3 @@
 Magrathea: Glacier signing key
 Magrathea: Glacier signing key
-
+Build time autogenerated kernel key

diff --git a/testsuite/test-modinfo.c b/testsuite/test-modinfo.c
index 8fdfe35..504d9dd 100644 (file)
--- a/testsuite/test-modinfo.c
+++ b/testsuite/test-modinfo.c
@@ -56,7 +56,8 @@ DEFINE_TEST(test_modinfo_##_field, \
 #define DEFINE_MODINFO_SIGN_TEST(_field) \
        DEFINE_MODINFO_TEST(_field, \
                            "/mod-simple-sha1.ko", \
-                           "/mod-simple-sha256.ko")
+                           "/mod-simple-sha256.ko",    \
+                           "/mod-simple-pkcs7.ko")
 
 DEFINE_MODINFO_GENERIC_TEST(filename);
 DEFINE_MODINFO_GENERIC_TEST(author);