linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Michal Suchánek" <msuchanek@suse.de>
To: Luis Chamberlain <mcgrof@kernel.org>
Cc: David Howells <dhowells@redhat.com>,
	keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
	linux-integrity@vger.kernel.org, kexec@lists.infradead.org,
	Philipp Rudo <prudo@redhat.com>, Mimi Zohar <zohar@linux.ibm.com>,
	Nayna <nayna@linux.vnet.ibm.com>, Rob Herring <robh@kernel.org>,
	linux-s390@vger.kernel.org, Vasily Gorbik <gor@linux.ibm.com>,
	Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
	Heiko Carstens <hca@linux.ibm.com>, Jessica Yu <jeyu@kernel.org>,
	linux-kernel@vger.kernel.org,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Paul Mackerras <paulus@samba.org>,
	Hari Bathini <hbathini@linux.ibm.com>,
	Alexander Gordeev <agordeev@linux.ibm.com>,
	linuxppc-dev@lists.ozlabs.org,
	Frank van der Linden <fllinden@amazon.com>,
	Thiago Jung Bauermann <bauerman@linux.ibm.com>,
	Daniel Axtens <dja@axtens.net>,
	buendgen@de.ibm.com, Michael Ellerman <mpe@ellerman.id.au>,
	Benjamin Herrenschmidt <benh@kernel.crashing.org>,
	Christian Borntraeger <borntraeger@linux.ibm.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
	James Morris <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Sven Schnelle <svens@linux.ibm.com>, Baoquan He <bhe@redhat.com>,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH v5 3/6] kexec_file: Don't opencode appended signature verification.
Date: Thu, 3 Feb 2022 11:49:26 +0100	[thread overview]
Message-ID: <20220203104926.GA3113@kunlun.suse.cz> (raw)
In-Reply-To: <YfBafIXgnLzf0QMb@bombadil.infradead.org>

Hello,

thanks for the review.

On Tue, Jan 25, 2022 at 12:15:56PM -0800, Luis Chamberlain wrote:
> On Tue, Jan 11, 2022 at 12:37:45PM +0100, Michal Suchanek wrote:
> > diff --git a/include/linux/verification.h b/include/linux/verification.h
> > index a655923335ae..32db9287a7b0 100644
> > --- a/include/linux/verification.h
> > +++ b/include/linux/verification.h
> > @@ -60,5 +60,8 @@ extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
> >  				   enum key_being_used_for usage);
> >  #endif
> >  
> > +int verify_appended_signature(const void *data, unsigned long *len,
> > +			      struct key *trusted_keys, const char *what);
> > +
> 
> Looks very non-module specific.

Which it is now that the same signature format is used for kernels.

> 
> > diff --git a/kernel/module_signing.c b/kernel/module_signing.c
> > index 8723ae70ea1f..30149969f21f 100644
> > --- a/kernel/module_signing.c
> > +++ b/kernel/module_signing.c
> > @@ -14,32 +14,38 @@
> >  #include <crypto/public_key.h>
> >  #include "module-internal.h"
> >  
> > -/*
> > - * Verify the signature on a module.
> > +/**
> > + * verify_appended_signature - Verify the signature on a module with the
> > + * signature marker stripped.
> > + * @data: The data to be verified
> > + * @len: Size of @data.
> > + * @trusted_keys: Keyring to use for verification
> > + * @what: Informational string for log messages
> >   */
> > -int mod_verify_sig(const void *mod, struct load_info *info)
> > +int verify_appended_signature(const void *data, unsigned long *len,
> > +			      struct key *trusted_keys, const char *what)
> >  {
> > -	struct module_signature ms;
> > -	size_t sig_len, modlen = info->len;
> > +	struct module_signature *ms;
> 
> There goes the abstraction, so why not make this clear where we re-use
> the struct module_signature for various things and call it as it is,
> verify_mod_appended_signature() or some such?

It sounds like the abstraction is actually improved by callers no longer
dealing with struct module_signature when verifying signature on a
kernel. That is the structure is misnamed but it is now hidden behind
an abstraction.

Or am I missing something?

Thanks

Michal

  reply	other threads:[~2022-02-03 10:49 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-11 11:37 [PATCH v5 0/6] KEXEC_SIG with appended signature Michal Suchanek
2022-01-11 11:37 ` [PATCH v5 1/6] s390/kexec_file: Don't opencode appended signature check Michal Suchanek
2022-01-11 11:37 ` [PATCH v5 2/6] powerpc/kexec_file: Add KEXEC_SIG support Michal Suchanek
2022-02-09  4:43   ` Michael Ellerman
2022-02-09  6:44   ` Paul Menzel
2022-02-09 12:01     ` Michal Suchánek
2022-02-11 15:31       ` Paul Menzel
2022-02-13 17:50       ` Mimi Zohar
2022-02-14  2:59   ` Mimi Zohar
2022-02-14 15:14     ` Mimi Zohar
2022-02-14 15:55       ` Michal Suchánek
2022-02-14 17:09         ` Mimi Zohar
2022-01-11 11:37 ` [PATCH v5 3/6] kexec_file: Don't opencode appended signature verification Michal Suchanek
2022-01-25 20:15   ` Luis Chamberlain
2022-02-03 10:49     ` Michal Suchánek [this message]
2022-01-11 11:37 ` [PATCH v5 4/6] module: strip the signature marker in the verification function Michal Suchanek
2022-01-25 20:23   ` Luis Chamberlain
2022-01-11 11:37 ` [PATCH v5 5/6] module: Use key_being_used_for for log messages in verify_appended_signature Michal Suchanek
2022-01-25 20:24   ` Luis Chamberlain
2022-01-11 11:37 ` [PATCH v5 6/6] module: Move duplicate mod_check_sig users code to mod_parse_sig Michal Suchanek
2022-01-25 20:27   ` Luis Chamberlain
2022-01-25 20:30 ` [PATCH v5 0/6] KEXEC_SIG with appended signature Luis Chamberlain
2022-02-09  4:46   ` Michael Ellerman
2022-02-10 23:30     ` Luis Chamberlain
2022-02-13 18:53 ` Mimi Zohar
2022-02-13 20:27 ` Mimi Zohar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220203104926.GA3113@kunlun.suse.cz \
    --to=msuchanek@suse.de \
    --cc=agordeev@linux.ibm.com \
    --cc=bauerman@linux.ibm.com \
    --cc=benh@kernel.crashing.org \
    --cc=bhe@redhat.com \
    --cc=borntraeger@de.ibm.com \
    --cc=borntraeger@linux.ibm.com \
    --cc=buendgen@de.ibm.com \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=dja@axtens.net \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=fllinden@amazon.com \
    --cc=gor@linux.ibm.com \
    --cc=hbathini@linux.ibm.com \
    --cc=hca@linux.ibm.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jeyu@kernel.org \
    --cc=jmorris@namei.org \
    --cc=kexec@lists.infradead.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-s390@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=mcgrof@kernel.org \
    --cc=mpe@ellerman.id.au \
    --cc=nayna@linux.vnet.ibm.com \
    --cc=nramas@linux.microsoft.com \
    --cc=paulus@samba.org \
    --cc=prudo@redhat.com \
    --cc=robh@kernel.org \
    --cc=serge@hallyn.com \
    --cc=svens@linux.ibm.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).