From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
To: Lucas De Marchi <lucas.de.marchi@gmail.com>
Cc: Ferry van Steen <Ferry.van.Steen@citrus.nl>,
"jcm\@jonmasters.org" <jcm@jonmasters.org>,
David Howells <dhowells@redhat.com>,
linux-modules <linux-modules@vger.kernel.org>
Subject: Re: modinfo shows md4 signature instead of sha256
Date: Wed, 31 Jan 2018 22:39:42 +0200 [thread overview]
Message-ID: <xuny4ln1iwz5.fsf@redhat.com> (raw)
In-Reply-To: <CAKi4VALzjGadjp1nHNUme65KsOcOpr=Xm5PzvWyZSaeK4cFbJw@mail.gmail.com> (Lucas De Marchi's message of "Wed, 31 Jan 2018 09:40:47 -0800")
Hi, Lucas!
This is a better bugreport
https://bugzilla.redhat.com/show_bug.cgi?id=1320921
I have a proof of concept realization of PKCS#7 parser based on the kernel
code, but haven't synced the further work with David yet.
>>>>> On Wed, 31 Jan 2018 09:40:47 -0800, Lucas De Marchi wrote:
> Now really CC Yauheni.
> On Wed, Jan 31, 2018 at 9:39 AM, Lucas De Marchi
> <lucas.de.marchi@gmail.com> wrote:
>> Hi Ferry,
>>
>> CC'ing mailing list and Yauheni who worked on fixing modinfo output in
>> the last release.
>>
>>
>> On Wed, Jan 31, 2018 at 1:23 AM, Ferry van Steen
>> <Ferry.van.Steen@citrus.nl> wrote:
>>> Hi,
>>>
>>>
>>> sorry, not sure where to file this. There seems to be a bug in either the
>>> kernel signing modules with a wrong signature algorithm, or modinfo is
>>> reporting it incorrectly. I presume it's the latter.
>>>
>>>
>>> More details are here: https://bugzilla.redhat.com/show_bug.cgi?id=1490975
>>
>> Not showing the output on older versions is a known issue: support for
>> PKCS#7 sig type was
>> only added to kmod in v23.
>>
>> Now for the incorrect info, the problem appears to be in the kernel
>> implementation:
>> it appends a PKCS#7, but doens't fill out the struct module_signature
>> correctly. So in F27 I get this from, e.g.
>> soundcore.ko:
>>
>> $ xxd -c 8 -g 1 mod.ko | tail -n6
>> 00004d80: b9 d5 04 00 00 02 00 00 ........ <<<<<<
>> 00004d88: 00 00 00 00 00 02 d3 7e .......~
>> 00004d90: 4d 6f 64 75 6c 65 20 73 Module s
>> 00004d98: 69 67 6e 61 74 75 72 65 ignature
>> 00004da0: 20 61 70 70 65 6e 64 65 appende
>> 00004da8: 64 7e 0a d~.
>>
>> See line marked above. It should match a struct module_signature. So:
>> id_type == 0x2 // PKCS7
>> hash == 0 // md4
>> algo == 0 // dsa
>>
>> Looking at scripts/sign-file.c, indeed id_type is the only field that
>> is filled out.
>> CC'ing David Howells as well. Any input here?
>>
>> Lucas De Marchi
>>
>>>
>>>
>>> Thanks in advance and kind regards,
>>>
>>>
>>> Ferry van Steen
>>> Linux Developer
>>> Ferry.van.Steen@Citrus.nl
>>>
>>> Citrus Software
>>> ● Almystraat 10A
>>> ● 5061 PA Oisterwijk
>>> ● +31 (0)13 - 529 91 55
>>> ● www.citrus.nl
>>> ______________________________________________________
>>>
>>> This message may contain confidential or privileged information. If you are
>>> not the addressee, please notify the sender and delete it from your files.
>>> Please consider the environmental impact before printing this e-mail.
>>>
>>
>>
>>
>> --
>> Lucas De Marchi
> --
> Lucas De Marchi
--
WBR,
Yauheni Kaliuta
next prev parent reply other threads:[~2018-01-31 20:39 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <093e06b77d7e44af8b9597f1a3701fa7@citrus.nl>
2018-01-31 17:39 ` modinfo shows md4 signature instead of sha256 Lucas De Marchi
2018-01-31 17:40 ` Lucas De Marchi
2018-01-31 20:39 ` Yauheni Kaliuta [this message]
2018-01-31 21:06 ` Yauheni Kaliuta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xuny4ln1iwz5.fsf@redhat.com \
--to=yauheni.kaliuta@redhat.com \
--cc=Ferry.van.Steen@citrus.nl \
--cc=dhowells@redhat.com \
--cc=jcm@jonmasters.org \
--cc=linux-modules@vger.kernel.org \
--cc=lucas.de.marchi@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.