[PATCH 8/8] selftests/bpf: verify_pkcs7_sig: Use 'struct module_signature' from the UAPI headers

Mon, 02 Mar 2026 04:52:39 -0800 

Now that the UAPI headers provide the required definitions, use those.
Some symbols have been renamed, adapt to those.

Signed-off-by: Thomas Weißschuh <[email protected]>
---
 .../selftests/bpf/prog_tests/verify_pkcs7_sig.c    | 28 +++-------------------
 1 file changed, 3 insertions(+), 25 deletions(-)

diff --git a/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c 
b/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
index 4d69d9d55e17..f327feb8e38c 100644
--- a/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
+++ b/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
@@ -18,6 +18,7 @@
 #include <linux/keyctl.h>
 #include <sys/xattr.h>
 #include <linux/fsverity.h>
+#include <linux/module_signature.h>
 #include <test_progs.h>
 
 #include "test_verify_pkcs7_sig.skel.h"
@@ -33,29 +34,6 @@
 #define SHA256_DIGEST_SIZE      32
 #endif
 
-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
-#define MODULE_SIG_STRING "~Module signature appended~\n"
-
-/*
- * Module signature information block.
- *
- * The constituents of the signature section are, in order:
- *
- *     - Signer's name
- *     - Key identifier
- *     - Signature data
- *     - Information block
- */
-struct module_signature {
-       __u8    algo;           /* Public-key crypto algorithm [0] */
-       __u8    hash;           /* Digest algorithm [0] */
-       __u8    id_type;        /* Key identifier type [PKEY_ID_PKCS7] */
-       __u8    signer_len;     /* Length of signer's name [0] */
-       __u8    key_id_len;     /* Length of key identifier [0] */
-       __u8    __pad[3];
-       __be32  sig_len;        /* Length of signature data */
-};
-
 struct data {
        __u8 data[MAX_DATA_SIZE];
        __u32 data_len;
@@ -215,7 +193,7 @@ static int populate_data_item_mod(struct data *data_item)
                return 0;
 
        modlen = st.st_size;
-       marker_len = sizeof(MODULE_SIG_STRING) - 1;
+       marker_len = sizeof(MODULE_SIGNATURE_MARKER) - 1;
 
        fd = open(mod_path, O_RDONLY);
        if (fd == -1)
@@ -228,7 +206,7 @@ static int populate_data_item_mod(struct data *data_item)
        if (mod == MAP_FAILED)
                return -errno;
 
-       if (strncmp(mod + modlen - marker_len, MODULE_SIG_STRING, marker_len)) {
+       if (strncmp(mod + modlen - marker_len, MODULE_SIGNATURE_MARKER, 
marker_len)) {
                ret = -EINVAL;
                goto out;
        }

-- 
2.53.0

Reply via email to