From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6403E29BDBF; Thu, 11 Dec 2025 02:13:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765419204; cv=none; b=U13xkSwUyukYszMO5QTIhBvwejgzQP4c+hpXiw4Kpgj5x71fg+Q0YhbER/+IeQ9jXBpQVf+Of94BFwK1BTQCXxakHMJvQfrFPbOQ0x/a94NemSzssqlg6HR9wDoDP7tFhdxJBxMs2Yb1JqPKsZroJrQgMDCu9NHjSI+OvKZnvxo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765419204; c=relaxed/simple; bh=uegI1mzPRZliA/TQcX5ABSs2HWFj+P0VOewP5BORp+o=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NA1aEEsXOT6rQwXSD6UoN9XGKIXWuysUyfZCtL476Gc8C5NIpGg/7ydlxHs32tk/2igbo7MBQVO8JT3K16ShvpRMTvUQBMKsOmV+bwO5G+G/PeNP6uY+g04nEK/DhXDNDkgQPEVa6Iugszb+6ol3h+xNIx2WI+ASWHxOb1ZLjjw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=mE5MEPr8; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="mE5MEPr8" Received: from narnia.corp.microsoft.com (unknown [40.78.12.133]) by linux.microsoft.com (Postfix) with ESMTPSA id 7DF7A2116049; Wed, 10 Dec 2025 18:13:19 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 7DF7A2116049 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1765419200; bh=++dNq3pik3ds/FgQ3gbpQEqGwqt1ddB5Lw7Ccqc/7dA=; h=From:To:Subject:Date:In-Reply-To:References:From; b=mE5MEPr8pkJe6GrDwQy6WSXJvbzb6Vhk6o2M/64U4BF24h8HPIvf1lBIfXpU56h94 EIyO9BQSD3TUFMwMl4mZv8+KAngAaw+iZR1htM/7VtvWHVCl0S3z/23nFH6J3w9HOu vYy6rpXeaYqj/b1nng71vYIKPSKK30Rb9XX/JY0E= From: Blaise Boscaccy To: Blaise Boscaccy , Jonathan Corbet , Paul Moore , James Morris , "Serge E. Hallyn" , =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , =?UTF-8?q?G=C3=BCnther=20Noack?= , "Dr. David Alan Gilbert" , Andrew Morton , James.Bottomley@HansenPartnership.com, dhowells@redhat.com, linux-security-module@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [RFC 07/11] crypto: pkcs7: add tests for pkcs7_get_authattr Date: Wed, 10 Dec 2025 18:12:02 -0800 Message-ID: <20251211021257.1208712-8-bboscaccy@linux.microsoft.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251211021257.1208712-1-bboscaccy@linux.microsoft.com> References: <20251211021257.1208712-1-bboscaccy@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-doc@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: James Bottomley Add example code to the test module pkcs7_key_type.c that verifies a message and then pulls out a known authenticated attribute. Signed-off-by: James Bottomley Acked-by: David Howells --- crypto/asymmetric_keys/pkcs7_key_type.c | 42 ++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c index b930d3bbf1af5..5a1ecb5501b2b 100644 --- a/crypto/asymmetric_keys/pkcs7_key_type.c +++ b/crypto/asymmetric_keys/pkcs7_key_type.c @@ -12,6 +12,7 @@ #include #include #include +#include MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("PKCS#7 testing key type"); @@ -51,16 +52,55 @@ static int pkcs7_view_content(void *ctx, const void *data, size_t len, static int pkcs7_preparse(struct key_preparsed_payload *prep) { enum key_being_used_for usage = pkcs7_usage; + int ret; + struct pkcs7_message *pkcs7; + const void *data; + size_t len; if (usage >= NR__KEY_BEING_USED_FOR) { pr_err("Invalid usage type %d\n", usage); return -EINVAL; } - return verify_pkcs7_signature(NULL, 0, + ret = verify_pkcs7_signature(NULL, 0, prep->data, prep->datalen, VERIFY_USE_SECONDARY_KEYRING, usage, pkcs7_view_content, prep); + if (ret) + return ret; + + pkcs7 = pkcs7_parse_message(prep->data, prep->datalen); + if (IS_ERR(pkcs7)) { + pr_err("pkcs7 parse error\n"); + return PTR_ERR(pkcs7); + } + + /* + * the parsed message has no trusted signer, so nothing should + * be returned here + */ + ret = pkcs7_get_authattr(pkcs7, OID_messageDigest, &data, &len); + if (ret == 0) { + pr_err("OID returned when no trust in signer\n"); + goto out; + } + /* add trust and check again */ + ret = validate_pkcs7_trust(pkcs7, VERIFY_USE_SECONDARY_KEYRING); + if (ret) { + pr_err("validate_pkcs7_trust failed!!\n"); + goto out; + } + /* now we should find the OID */ + ret = pkcs7_get_authattr(pkcs7, OID_messageDigest, &data, &len); + if (ret) { + pr_err("Failed to get message digest\n"); + goto out; + } + pr_info("Correctly Got message hash, size=%ld\n", len); + + out: + pkcs7_free_message(pkcs7); + return 0; } /* -- 2.52.0