Linux/tools/testing/selftests/bpf/verify_sig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

1 #!/bin/bash 1 #!/bin/bash 2 # SPDX-License-Identifier: GPL-2.0 2 # SPDX-License-Identifier: GPL-2.0 3 3 4 set -e 4 set -e 5 set -u 5 set -u 6 set -o pipefail 6 set -o pipefail 7 7 8 VERBOSE="${SELFTESTS_VERBOSE:=0}" 8 VERBOSE="${SELFTESTS_VERBOSE:=0}" 9 LOG_FILE="$(mktemp /tmp/verify_sig_setup.log.X 9 LOG_FILE="$(mktemp /tmp/verify_sig_setup.log.XXXXXX)" 10 10 11 x509_genkey_content="\ 11 x509_genkey_content="\ 12 [ req ] 12 [ req ] 13 default_bits = 2048 13 default_bits = 2048 14 distinguished_name = req_distinguished_name 14 distinguished_name = req_distinguished_name 15 prompt = no 15 prompt = no 16 string_mask = utf8only 16 string_mask = utf8only 17 x509_extensions = myexts 17 x509_extensions = myexts 18 18 19 [ req_distinguished_name ] 19 [ req_distinguished_name ] 20 CN = eBPF Signature Verification Testing Key 20 CN = eBPF Signature Verification Testing Key 21 21 22 [ myexts ] 22 [ myexts ] 23 basicConstraints=critical,CA:FALSE 23 basicConstraints=critical,CA:FALSE 24 keyUsage=digitalSignature 24 keyUsage=digitalSignature 25 subjectKeyIdentifier=hash 25 subjectKeyIdentifier=hash 26 authorityKeyIdentifier=keyid 26 authorityKeyIdentifier=keyid 27 " 27 " 28 28 29 usage() 29 usage() 30 { 30 { 31 echo "Usage: $0 <setup|cleanup <existi 31 echo "Usage: $0 <setup|cleanup <existing_tmp_dir>" 32 exit 1 32 exit 1 33 } 33 } 34 34 35 setup() 35 setup() 36 { 36 { 37 local tmp_dir="$1" 37 local tmp_dir="$1" 38 38 39 echo "${x509_genkey_content}" > ${tmp_ 39 echo "${x509_genkey_content}" > ${tmp_dir}/x509.genkey 40 40 41 openssl req -new -nodes -utf8 -sha256 41 openssl req -new -nodes -utf8 -sha256 -days 36500 \ 42 -batch -x509 -config $ 42 -batch -x509 -config ${tmp_dir}/x509.genkey \ 43 -outform PEM -out ${tm 43 -outform PEM -out ${tmp_dir}/signing_key.pem \ 44 -keyout ${tmp_dir}/sig 44 -keyout ${tmp_dir}/signing_key.pem 2>&1 45 45 46 openssl x509 -in ${tmp_dir}/signing_ke 46 openssl x509 -in ${tmp_dir}/signing_key.pem -out \ 47 ${tmp_dir}/signing_key.der -ou 47 ${tmp_dir}/signing_key.der -outform der 48 48 49 key_id=$(cat ${tmp_dir}/signing_key.de 49 key_id=$(cat ${tmp_dir}/signing_key.der | keyctl padd asymmetric ebpf_testing_key @s) 50 50 51 keyring_id=$(keyctl newring ebpf_testi 51 keyring_id=$(keyctl newring ebpf_testing_keyring @s) 52 keyctl link $key_id $keyring_id 52 keyctl link $key_id $keyring_id 53 } 53 } 54 54 55 cleanup() { 55 cleanup() { 56 local tmp_dir="$1" 56 local tmp_dir="$1" 57 57 58 keyctl unlink $(keyctl search @s asymm 58 keyctl unlink $(keyctl search @s asymmetric ebpf_testing_key) @s 59 keyctl unlink $(keyctl search @s keyri 59 keyctl unlink $(keyctl search @s keyring ebpf_testing_keyring) @s 60 rm -rf ${tmp_dir} 60 rm -rf ${tmp_dir} 61 } 61 } 62 62 63 fsverity_create_sign_file() { 63 fsverity_create_sign_file() { 64 local tmp_dir="$1" 64 local tmp_dir="$1" 65 65 66 data_file=${tmp_dir}/data-file 66 data_file=${tmp_dir}/data-file 67 sig_file=${tmp_dir}/sig-file 67 sig_file=${tmp_dir}/sig-file 68 dd if=/dev/urandom of=$data_file bs=1 68 dd if=/dev/urandom of=$data_file bs=1 count=12345 2> /dev/null 69 fsverity sign --key ${tmp_dir}/signing 69 fsverity sign --key ${tmp_dir}/signing_key.pem $data_file $sig_file 70 70 71 # We do not want to enable fsverity on 71 # We do not want to enable fsverity on $data_file yet. Try whether 72 # the file system support fsverity on 72 # the file system support fsverity on a different file. 73 touch ${tmp_dir}/tmp-file 73 touch ${tmp_dir}/tmp-file 74 fsverity enable ${tmp_dir}/tmp-file 74 fsverity enable ${tmp_dir}/tmp-file 75 } 75 } 76 76 77 fsverity_enable_file() { 77 fsverity_enable_file() { 78 local tmp_dir="$1" 78 local tmp_dir="$1" 79 79 80 data_file=${tmp_dir}/data-file 80 data_file=${tmp_dir}/data-file 81 fsverity enable $data_file 81 fsverity enable $data_file 82 } 82 } 83 83 84 catch() 84 catch() 85 { 85 { 86 local exit_code="$1" 86 local exit_code="$1" 87 local log_file="$2" 87 local log_file="$2" 88 88 89 if [[ "${exit_code}" -ne 0 ]]; then 89 if [[ "${exit_code}" -ne 0 ]]; then 90 cat "${log_file}" >&3 90 cat "${log_file}" >&3 91 fi 91 fi 92 92 93 rm -f "${log_file}" 93 rm -f "${log_file}" 94 exit ${exit_code} 94 exit ${exit_code} 95 } 95 } 96 96 97 main() 97 main() 98 { 98 { 99 [[ $# -ne 2 ]] && usage 99 [[ $# -ne 2 ]] && usage 100 100 101 local action="$1" 101 local action="$1" 102 local tmp_dir="$2" 102 local tmp_dir="$2" 103 103 104 [[ ! -d "${tmp_dir}" ]] && echo "Direc 104 [[ ! -d "${tmp_dir}" ]] && echo "Directory ${tmp_dir} doesn't exist" && exit 1 105 105 106 if [[ "${action}" == "setup" ]]; then 106 if [[ "${action}" == "setup" ]]; then 107 setup "${tmp_dir}" 107 setup "${tmp_dir}" 108 elif [[ "${action}" == "cleanup" ]]; t 108 elif [[ "${action}" == "cleanup" ]]; then 109 cleanup "${tmp_dir}" 109 cleanup "${tmp_dir}" 110 elif [[ "${action}" == "fsverity-creat 110 elif [[ "${action}" == "fsverity-create-sign" ]]; then 111 fsverity_create_sign_file "${t 111 fsverity_create_sign_file "${tmp_dir}" 112 elif [[ "${action}" == "fsverity-enabl 112 elif [[ "${action}" == "fsverity-enable" ]]; then 113 fsverity_enable_file "${tmp_di 113 fsverity_enable_file "${tmp_dir}" 114 else 114 else 115 echo "Unknown action: ${action 115 echo "Unknown action: ${action}" 116 exit 1 116 exit 1 117 fi 117 fi 118 } 118 } 119 119 120 trap 'catch "$?" "${LOG_FILE}"' EXIT 120 trap 'catch "$?" "${LOG_FILE}"' EXIT 121 121 122 if [[ "${VERBOSE}" -eq 0 ]]; then 122 if [[ "${VERBOSE}" -eq 0 ]]; then 123 # Save the stderr to 3 so that we can 123 # Save the stderr to 3 so that we can output back to 124 # it incase of an error. 124 # it incase of an error. 125 exec 3>&2 1>"${LOG_FILE}" 2>&1 125 exec 3>&2 1>"${LOG_FILE}" 2>&1 126 fi 126 fi 127 127 128 main "$@" 128 main "$@" 129 rm -f "${LOG_FILE}" 129 rm -f "${LOG_FILE}"

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/bpf/verify_sig_setup.sh

Diff markup

Differences between /tools/testing/selftests/bpf/verify_sig_setup.sh (Architecture i386) and /tools/testing/selftests/bpf/verify_sig_setup.sh (Architecture sparc64)

TOMOYO Linux Cross Reference Linux/tools/testing/selftests/bpf/verify_sig_setup.sh

Diff markup

Differences between /tools/testing/selftests/bpf/verify_sig_setup.sh (Architecture i386) and /tools/testing/selftests/bpf/verify_sig_setup.sh (Architecture sparc64)

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/bpf/verify_sig_setup.sh