17 Jun
2022
17 Jun
'22
3:59 a.m.
On Tue, Jun 14, 2022 at 03:06:21PM +0200, Roberto Sassu wrote:
- if (child_pid == 0) {
snprintf(path, sizeof(path), "%s/signing_key.pem", tmp_dir);return execlp("./sign-file", "./sign-file", "sha256",path, path, signed_file_template, NULL);
Please use sign_only option, so it saves the signature and doesn't do 'struct module_signature' append. Parsing of that is unnecessary for the purpose of the helper. Checking MODULE_SIG_STRING is unnecessary, etc, etc. Long term we won't be following mod sig approach anyway. bpf maps and progs will have a different format.
- }
- waitpid(child_pid, &child_status, 0);
- ret = WEXITSTATUS(child_status);
- if (ret)
goto out;- ret = stat(signed_file_template, &st);
- if (ret == -1) {
ret = -errno;goto out;- }
- if (st.st_size > sizeof(data_item->payload) - sizeof(u32)) {
ret = -EINVAL;goto out;- }
- *(u32 *)data_item->payload = __cpu_to_be32(st.st_size);
- fd = open(signed_file_template, O_RDONLY);
- if (fd == -1) {
ret = -errno;goto out;- }
- ret = read(fd, data_item->payload + sizeof(u32), st.st_size);
- close(fd);
- if (ret != st.st_size) {
ret = -EIO;goto out;- }
- ret = 0;
+out:
- unlink(signed_file_template);
- return ret;
+}
+void test_verify_pkcs7_sig(void) +{
- char tmp_dir_template[] = "/tmp/verify_sigXXXXXX";
- char *tmp_dir;
- char *buf = NULL;
- struct test_verify_pkcs7_sig *skel = NULL;
- struct bpf_map *map;
- struct data data;
- u32 saved_len;
- int ret, zero = 0;
- LIBBPF_OPTS(bpf_object_open_opts, opts);
- /* Trigger creation of session keyring. */
- syscall(__NR_request_key, "keyring", "_uid.0", NULL,
KEY_SPEC_SESSION_KEYRING);
My understanding that user space can receive a specific id here. It should pass it to bpf prog via global variable and prog should use that id instead of max_ulong hack.