1*fc975906SRoberto Sassu#!/bin/bash 2*fc975906SRoberto Sassu# SPDX-License-Identifier: GPL-2.0 3*fc975906SRoberto Sassu 4*fc975906SRoberto Sassuset -e 5*fc975906SRoberto Sassuset -u 6*fc975906SRoberto Sassuset -o pipefail 7*fc975906SRoberto Sassu 8*fc975906SRoberto SassuVERBOSE="${SELFTESTS_VERBOSE:=0}" 9*fc975906SRoberto SassuLOG_FILE="$(mktemp /tmp/verify_sig_setup.log.XXXXXX)" 10*fc975906SRoberto Sassu 11*fc975906SRoberto Sassux509_genkey_content="\ 12*fc975906SRoberto Sassu[ req ] 13*fc975906SRoberto Sassudefault_bits = 2048 14*fc975906SRoberto Sassudistinguished_name = req_distinguished_name 15*fc975906SRoberto Sassuprompt = no 16*fc975906SRoberto Sassustring_mask = utf8only 17*fc975906SRoberto Sassux509_extensions = myexts 18*fc975906SRoberto Sassu 19*fc975906SRoberto Sassu[ req_distinguished_name ] 20*fc975906SRoberto SassuCN = eBPF Signature Verification Testing Key 21*fc975906SRoberto Sassu 22*fc975906SRoberto Sassu[ myexts ] 23*fc975906SRoberto SassubasicConstraints=critical,CA:FALSE 24*fc975906SRoberto SassukeyUsage=digitalSignature 25*fc975906SRoberto SassusubjectKeyIdentifier=hash 26*fc975906SRoberto SassuauthorityKeyIdentifier=keyid 27*fc975906SRoberto Sassu" 28*fc975906SRoberto Sassu 29*fc975906SRoberto Sassuusage() 30*fc975906SRoberto Sassu{ 31*fc975906SRoberto Sassu echo "Usage: $0 <setup|cleanup <existing_tmp_dir>" 32*fc975906SRoberto Sassu exit 1 33*fc975906SRoberto Sassu} 34*fc975906SRoberto Sassu 35*fc975906SRoberto Sassusetup() 36*fc975906SRoberto Sassu{ 37*fc975906SRoberto Sassu local tmp_dir="$1" 38*fc975906SRoberto Sassu 39*fc975906SRoberto Sassu echo "${x509_genkey_content}" > ${tmp_dir}/x509.genkey 40*fc975906SRoberto Sassu 41*fc975906SRoberto Sassu openssl req -new -nodes -utf8 -sha256 -days 36500 \ 42*fc975906SRoberto Sassu -batch -x509 -config ${tmp_dir}/x509.genkey \ 43*fc975906SRoberto Sassu -outform PEM -out ${tmp_dir}/signing_key.pem \ 44*fc975906SRoberto Sassu -keyout ${tmp_dir}/signing_key.pem 2>&1 45*fc975906SRoberto Sassu 46*fc975906SRoberto Sassu openssl x509 -in ${tmp_dir}/signing_key.pem -out \ 47*fc975906SRoberto Sassu ${tmp_dir}/signing_key.der -outform der 48*fc975906SRoberto Sassu 49*fc975906SRoberto Sassu key_id=$(cat ${tmp_dir}/signing_key.der | keyctl padd asymmetric ebpf_testing_key @s) 50*fc975906SRoberto Sassu 51*fc975906SRoberto Sassu keyring_id=$(keyctl newring ebpf_testing_keyring @s) 52*fc975906SRoberto Sassu keyctl link $key_id $keyring_id 53*fc975906SRoberto Sassu} 54*fc975906SRoberto Sassu 55*fc975906SRoberto Sassucleanup() { 56*fc975906SRoberto Sassu local tmp_dir="$1" 57*fc975906SRoberto Sassu 58*fc975906SRoberto Sassu keyctl unlink $(keyctl search @s asymmetric ebpf_testing_key) @s 59*fc975906SRoberto Sassu keyctl unlink $(keyctl search @s keyring ebpf_testing_keyring) @s 60*fc975906SRoberto Sassu rm -rf ${tmp_dir} 61*fc975906SRoberto Sassu} 62*fc975906SRoberto Sassu 63*fc975906SRoberto Sassucatch() 64*fc975906SRoberto Sassu{ 65*fc975906SRoberto Sassu local exit_code="$1" 66*fc975906SRoberto Sassu local log_file="$2" 67*fc975906SRoberto Sassu 68*fc975906SRoberto Sassu if [[ "${exit_code}" -ne 0 ]]; then 69*fc975906SRoberto Sassu cat "${log_file}" >&3 70*fc975906SRoberto Sassu fi 71*fc975906SRoberto Sassu 72*fc975906SRoberto Sassu rm -f "${log_file}" 73*fc975906SRoberto Sassu exit ${exit_code} 74*fc975906SRoberto Sassu} 75*fc975906SRoberto Sassu 76*fc975906SRoberto Sassumain() 77*fc975906SRoberto Sassu{ 78*fc975906SRoberto Sassu [[ $# -ne 2 ]] && usage 79*fc975906SRoberto Sassu 80*fc975906SRoberto Sassu local action="$1" 81*fc975906SRoberto Sassu local tmp_dir="$2" 82*fc975906SRoberto Sassu 83*fc975906SRoberto Sassu [[ ! -d "${tmp_dir}" ]] && echo "Directory ${tmp_dir} doesn't exist" && exit 1 84*fc975906SRoberto Sassu 85*fc975906SRoberto Sassu if [[ "${action}" == "setup" ]]; then 86*fc975906SRoberto Sassu setup "${tmp_dir}" 87*fc975906SRoberto Sassu elif [[ "${action}" == "cleanup" ]]; then 88*fc975906SRoberto Sassu cleanup "${tmp_dir}" 89*fc975906SRoberto Sassu else 90*fc975906SRoberto Sassu echo "Unknown action: ${action}" 91*fc975906SRoberto Sassu exit 1 92*fc975906SRoberto Sassu fi 93*fc975906SRoberto Sassu} 94*fc975906SRoberto Sassu 95*fc975906SRoberto Sassutrap 'catch "$?" "${LOG_FILE}"' EXIT 96*fc975906SRoberto Sassu 97*fc975906SRoberto Sassuif [[ "${VERBOSE}" -eq 0 ]]; then 98*fc975906SRoberto Sassu # Save the stderr to 3 so that we can output back to 99*fc975906SRoberto Sassu # it incase of an error. 100*fc975906SRoberto Sassu exec 3>&2 1>"${LOG_FILE}" 2>&1 101*fc975906SRoberto Sassufi 102*fc975906SRoberto Sassu 103*fc975906SRoberto Sassumain "$@" 104*fc975906SRoberto Sassurm -f "${LOG_FILE}" 105