selftests/bpf: verify_pkcs7_sig: Use 'struct module_signature' from the UAPI headers (55722b3f) · Commits · git / linux-net

tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c

+3 −25

Original line number	Diff line number	Diff line
		@@ -18,6 +18,7 @@
		#include <linux/keyctl.h>
		#include <sys/xattr.h>
		#include <linux/fsverity.h>
		#include <linux/module_signature.h>
		#include <test_progs.h>

		#include "test_verify_pkcs7_sig.skel.h"
		@@ -33,29 +34,6 @@
		#define SHA256_DIGEST_SIZE 32
		#endif

		/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
		#define MODULE_SIG_STRING "~Module signature appended~\n"

		/*
		* Module signature information block.
		*
		* The constituents of the signature section are, in order:
		*
		* - Signer's name
		* - Key identifier
		* - Signature data
		* - Information block
		*/
		struct module_signature {
		__u8 algo; /* Public-key crypto algorithm [0] */
		__u8 hash; /* Digest algorithm [0] */
		__u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */
		__u8 signer_len; /* Length of signer's name [0] */
		__u8 key_id_len; /* Length of key identifier [0] */
		__u8 __pad[3];
		__be32 sig_len; /* Length of signature data */
		};

		struct data {
		__u8 data[MAX_DATA_SIZE];
		__u32 data_len;
		@@ -215,7 +193,7 @@ static int populate_data_item_mod(struct data *data_item)
		return 0;

		modlen = st.st_size;
		marker_len = sizeof(MODULE_SIG_STRING) - 1;
		marker_len = sizeof(MODULE_SIGNATURE_MARKER) - 1;

		fd = open(mod_path, O_RDONLY);
		if (fd == -1)
		@@ -228,7 +206,7 @@ static int populate_data_item_mod(struct data *data_item)
		if (mod == MAP_FAILED)
		return -errno;

		if (strncmp(mod + modlen - marker_len, MODULE_SIG_STRING, marker_len)) {
		if (strncmp(mod + modlen - marker_len, MODULE_SIGNATURE_MARKER, marker_len)) {
		ret = -EINVAL;
		goto out;
		}