Re: modinfo shows md4 signature instead of sha256

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
To: Lucas De Marchi <lucas.de.marchi@gmail.com>
Cc: Ferry van Steen <Ferry.van.Steen@citrus.nl>,
	 "jcm\@jonmasters.org" <jcm@jonmasters.org>,
	 David Howells <dhowells@redhat.com>,
	 linux-modules <linux-modules@vger.kernel.org>
Subject: Re: modinfo shows md4 signature instead of sha256
Date: Wed, 31 Jan 2018 23:06:19 +0200	[thread overview]
Message-ID: <xunyzi4thh6c.fsf@redhat.com> (raw)
In-Reply-To: <xuny4ln1iwz5.fsf@redhat.com> (Yauheni Kaliuta's message of "Wed, 31 Jan 2018 22:39:42 +0200")


>>>>> On Wed, 31 Jan 2018 22:39:42 +0200, Yauheni Kaliuta  wrote:

 > Hi, Lucas!
 > This is a better bugreport
 > https://bugzilla.redhat.com/show_bug.cgi?id=1320921 

 > I have a proof of concept realization of PKCS#7 parser based on the kernel

"implementation" of course :)

 > code, but haven't synced the further work with David yet.

>>>>> On Wed, 31 Jan 2018 09:40:47 -0800, Lucas De Marchi  wrote:

 >> Now really CC Yauheni.
 >> On Wed, Jan 31, 2018 at 9:39 AM, Lucas De Marchi
 >> <lucas.de.marchi@gmail.com> wrote:
 >>> Hi Ferry,
 >>> 
 >>> CC'ing mailing list and Yauheni who worked on fixing modinfo output in
 >>> the last release.
 >>> 
 >>> 
 >>> On Wed, Jan 31, 2018 at 1:23 AM, Ferry van Steen
 >>> <Ferry.van.Steen@citrus.nl> wrote:
 >>>> Hi,
 >>>> 
 >>>> 
 >>>> sorry, not sure where to file this. There seems to be a bug in either the
 >>>> kernel signing modules with a wrong signature algorithm, or modinfo is
 >>>> reporting it incorrectly. I presume it's the latter.
 >>>> 
 >>>> 
 >>>> More details are here: https://bugzilla.redhat.com/show_bug.cgi?id=1490975
 >>> 
 >>> Not showing the output on older versions is a known issue: support for
 >>> PKCS#7 sig type was
 >>> only added to kmod in v23.
 >>> 
 >>> Now for the incorrect info, the problem appears to be in the kernel
 >>> implementation:
 >>> it appends a PKCS#7, but doens't fill out the struct module_signature
 >>> correctly. So in F27 I get this from, e.g.
 >>> soundcore.ko:
 >>> 
 >>> $ xxd -c 8 -g 1 mod.ko | tail -n6
 >>> 00004d80: b9 d5 04 00 00 02 00 00  ........   <<<<<<
 >>> 00004d88: 00 00 00 00 00 02 d3 7e  .......~
 >>> 00004d90: 4d 6f 64 75 6c 65 20 73  Module s
 >>> 00004d98: 69 67 6e 61 74 75 72 65  ignature
 >>> 00004da0: 20 61 70 70 65 6e 64 65   appende
 >>> 00004da8: 64 7e 0a                 d~.
 >>> 
 >>> See line marked above. It should match a struct module_signature. So:
 >>> id_type == 0x2 // PKCS7
 >>> hash == 0 // md4
 >>> algo == 0 // dsa
 >>> 
 >>> Looking at scripts/sign-file.c, indeed id_type is the only field that
 >>> is filled out.
 >>> CC'ing  David Howells as well. Any input here?
 >>> 
 >>> Lucas De Marchi
 >>> 
 >>>> 
 >>>> 
 >>>> Thanks in advance and kind regards,
 >>>> 
 >>>> 
 >>>> Ferry van Steen
 >>>> Linux Developer
 >>>> Ferry.van.Steen@Citrus.nl
 >>>> 
 >>>> Citrus Software
 >>>> ●  Almystraat 10A
 >>>> ●  5061 PA Oisterwijk
 >>>> ●  +31 (0)13 - 529 91 55
 >>>> ●  www.citrus.nl
 >>>> ______________________________________________________
 >>>> 
 >>>> This message may contain confidential or privileged information. If you are
 >>>> not the addressee, please notify the sender and delete it from your files.
 >>>> Please consider the environmental impact before printing this e-mail.
 >>>> 
 >>> 
 >>> 
 >>> 
 >>> --
 >>> Lucas De Marchi



 >> -- 
 >> Lucas De Marchi

 > -- 
 > WBR,
 > Yauheni Kaliuta
 > --
 > To unsubscribe from this list: send the line "unsubscribe linux-modules" in
 > the body of a message to majordomo@vger.kernel.org
 > More majordomo info at  http://vger.kernel.org/majordomo-info.html

-- 
WBR,
Yauheni Kaliuta

     prev parent reply	other threads:[~2018-01-31 21:06 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <093e06b77d7e44af8b9597f1a3701fa7@citrus.nl>
2018-01-31 17:39 ` modinfo shows md4 signature instead of sha256 Lucas De Marchi
2018-01-31 17:40   ` Lucas De Marchi
2018-01-31 20:39     ` Yauheni Kaliuta
2018-01-31 21:06       ` Yauheni Kaliuta [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=xunyzi4thh6c.fsf@redhat.com \
    --to=yauheni.kaliuta@redhat.com \
    --cc=Ferry.van.Steen@citrus.nl \
    --cc=dhowells@redhat.com \
    --cc=jcm@jonmasters.org \
    --cc=linux-modules@vger.kernel.org \
    --cc=lucas.de.marchi@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.