diff options
| author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2026-05-07 12:13:57 -0700 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2026-05-13 14:36:31 -0400 |
| commit | e410ab6fba37d09e0445216b66b9456fb090712b (patch) | |
| tree | 73277ad3b48ab78d850cd3d91b5c1f6ae315cede /crypto | |
| parent | 9998f4acce113d8a7517251eac566ab5606073c9 (diff) | |
| download | linux-next-history-e410ab6fba37d09e0445216b66b9456fb090712b.tar.gz | |
crypto: pkcs7: add tests for pkcs7_get_authattr
Add example code to the test module pkcs7_key_type.c that verifies a
message and then pulls out a known authenticated attribute.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/asymmetric_keys/pkcs7_key_type.c | 44 |
1 files changed, 43 insertions, 1 deletions
diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c index b930d3bbf1af5..e0b1ce0202f6d 100644 --- a/crypto/asymmetric_keys/pkcs7_key_type.c +++ b/crypto/asymmetric_keys/pkcs7_key_type.c @@ -12,6 +12,7 @@ #include <linux/verification.h> #include <linux/key-type.h> #include <keys/user-type.h> +#include <crypto/pkcs7.h> MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("PKCS#7 testing key type"); @@ -51,16 +52,57 @@ static int pkcs7_view_content(void *ctx, const void *data, size_t len, static int pkcs7_preparse(struct key_preparsed_payload *prep) { enum key_being_used_for usage = pkcs7_usage; + int ret; + struct pkcs7_message *pkcs7; + const void *data; + size_t len; if (usage >= NR__KEY_BEING_USED_FOR) { pr_err("Invalid usage type %d\n", usage); return -EINVAL; } - return verify_pkcs7_signature(NULL, 0, + ret = verify_pkcs7_signature(NULL, 0, prep->data, prep->datalen, VERIFY_USE_SECONDARY_KEYRING, usage, pkcs7_view_content, prep); + if (ret) + return ret; + + pkcs7 = pkcs7_parse_message(prep->data, prep->datalen); + if (IS_ERR(pkcs7)) { + pr_err("pkcs7 parse error\n"); + return PTR_ERR(pkcs7); + } + + /* + * the parsed message has no trusted signer, so nothing should + * be returned here + */ + ret = pkcs7_get_authattr(pkcs7, OID_messageDigest, &data, &len); + if (ret == 0) { + pr_err("OID returned when no trust in signer\n"); + goto out; + } + /* add trust and check again */ + ret = verify_pkcs7_message_sig(NULL, 0, pkcs7, + VERIFY_USE_SECONDARY_KEYRING, usage, + NULL, NULL); + if (ret) { + pr_err("verify_pkcs7_message_sig failed!!\n"); + goto out; + } + /* now we should find the OID */ + ret = pkcs7_get_authattr(pkcs7, OID_messageDigest, &data, &len); + if (ret) { + pr_err("Failed to get message digest\n"); + goto out; + } + pr_info("Correctly Got message hash, size=%zu\n", len); + + out: + pkcs7_free_message(pkcs7); + return 0; } /* |