Re: [PATCH 00/23] Crypto keys and module signing

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: David Howells <dhowells@redhat.com>
To: rusty@rustcorp.com.au
Cc: dhowells@redhat.com, kyle@mcmartin.ca,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org, keyrings@linux-nfs.org
Subject: Re: [PATCH 00/23] Crypto keys and module signing
Date: Fri, 25 May 2012 13:18:23 +0100	[thread overview]
Message-ID: <10579.1337948303@redhat.com> (raw)
In-Reply-To: <20120522230218.24007.3556.stgit@warthog.procyon.org.uk>


I've posted a new version with Tetsuo's comments fixed and
module_verify_signature() reduced to:

static int module_verify_signature(const void *data, size_t size)
{
	struct crypto_key_verify_context *mod_sig;
	const char *cp, *sig;
	char *end;
	size_t magic_size, sig_size, mod_size;
	int ret;

	magic_size = sizeof(modsign_magic) - 1;
	if (size <= 5 + magic_size)
		return 1;

	if (memcmp(data + size - magic_size, modsign_magic, magic_size) != 0)
		return 1;
	size -= 5 + magic_size;

	cp = data + size;
	sig_size = simple_strtoul(cp, &end, 10);
	if (sig_size >= size || (*end != ' ' && *end != 'T'))
		return -ELIBBAD;

	mod_size = size - sig_size;
	sig = data + mod_size;

	/* Find the crypto key for the module signature
	 * - !!! if this tries to load the required hash algorithm module,
	 *       we will deadlock!!!
	 */
	mod_sig = verify_sig_begin(modsign_keyring, sig, sig_size);
	if (IS_ERR(mod_sig)) {
		pr_err("Couldn't initiate module signature verification: %ld\n",
		       PTR_ERR(mod_sig));
		return PTR_ERR(mod_sig);
	}

	/* Load the module contents into the digest */
	ret = verify_sig_add_data(mod_sig, data, mod_size);
	if (ret < 0) {
		verify_sig_cancel(mod_sig);
		return ret;
	}

	/* Do the actual signature verification */
	ret = verify_sig_end(mod_sig, sig, sig_size);
	pr_devel("verify-sig : %d\n", ret);
	return ret;
}

See:

http://git.kernel.org/?p=linux/kernel/git/dhowells/linux-modsign.git;a=shortlog;h=refs/heads/modsign-rusty

David

next prev parent reply	other threads:[~2012-05-25 12:18 UTC|newest]

Thread overview: 55+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-05-22 23:02 [PATCH 00/23] Crypto keys and module signing David Howells
2012-05-22 23:02 ` [PATCH 01/23] Guard check in module loader against integer overflow David Howells
2012-05-22 23:02 ` [PATCH 02/23] KEYS: Move the key config into security/keys/Kconfig David Howells
2012-05-22 23:02 ` [PATCH 03/23] KEYS: Announce key type (un)registration David Howells
2012-05-22 23:02 ` [PATCH 04/23] KEYS: Reorganise keys Makefile David Howells
2012-05-22 23:02 ` [PATCH 05/23] KEYS: Create a key type that can be used for general cryptographic operations David Howells
2012-05-22 23:03 ` [PATCH 06/23] KEYS: Add signature verification facility David Howells
2012-05-22 23:03 ` [PATCH 07/23] KEYS: Asymmetric public-key algorithm crypto key subtype David Howells
2012-05-22 23:03 ` [PATCH 08/23] KEYS: RSA signature verification algorithm David Howells
2012-05-22 23:03 ` [PATCH 09/23] Fix signature verification for shorter signatures David Howells
2012-05-22 23:03 ` [PATCH 10/23] PGPLIB: PGP definitions (RFC 4880) David Howells
2012-05-22 23:03 ` [PATCH 11/23] PGPLIB: Basic packet parser David Howells
2012-05-22 23:03 ` [PATCH 12/23] PGPLIB: Signature parser David Howells
2012-05-22 23:03 ` [PATCH 13/23] KEYS: PGP data parser David Howells
2012-05-22 23:04 ` [PATCH 14/23] KEYS: PGP-based public key signature verification David Howells
2012-05-22 23:04 ` [PATCH 15/23] KEYS: PGP format signature parser David Howells
2012-05-22 23:04 ` [PATCH 16/23] KEYS: Provide a function to load keys from a PGP keyring blob David Howells
2012-05-22 23:04 ` [PATCH 17/23] MODSIGN: Provide gitignore and make clean rules for extra files David Howells
2012-05-22 23:04 ` [PATCH 18/23] MODSIGN: Provide Documentation and Kconfig options David Howells
2012-05-22 23:04 ` [PATCH 19/23] MODSIGN: Sign modules during the build process David Howells
2012-05-22 23:04 ` [PATCH 20/23] MODSIGN: Provide module signing public keys to the kernel David Howells
2012-05-22 23:05 ` [PATCH 21/23] MODSIGN: Module signature verification David Howells
2012-05-22 23:05 ` [PATCH 22/23] MODSIGN: Automatically generate module signing keys if missing David Howells
2012-05-22 23:05 ` [PATCH 23/23] MODSIGN: Panic the kernel if FIPS is enabled upon module signing failure David Howells
2012-05-23 12:51 ` [PATCH 00/23] Crypto keys and module signing Rusty Russell
2012-05-23 14:20   ` David Howells
2012-05-24 12:04     ` Rusty Russell
2012-05-24 14:00       ` David Howells
2012-05-27  5:41         ` Rusty Russell
2012-05-31 14:11           ` David Howells
2012-05-31 15:35           ` Josh Boyer
2012-06-04  1:16             ` Rusty Russell
2012-06-04 13:38               ` Josh Boyer
2012-06-05  0:23                 ` Rusty Russell
2012-06-22  1:53           ` Greg KH
2012-06-22  3:29             ` Lucas De Marchi
2012-06-22  4:05             ` Rusty Russell
2012-06-22 11:03               ` David Howells
2012-06-23  0:20                 ` Rusty Russell
2012-05-25 11:15       ` Kasatkin, Dmitry
2012-05-25 11:37         ` David Howells
2012-05-25 13:08           ` Mimi Zohar
2012-05-25 13:53             ` David Howells
2012-05-25 14:40               ` Mimi Zohar
2012-05-25 12:18 ` David Howells [this message]
2012-05-25 15:42 ` David Howells
2012-06-04  1:31   ` Rusty Russell
2012-06-04 12:47     ` Mimi Zohar
2012-06-05  1:05       ` Rusty Russell
2012-06-05 11:39         ` Mimi Zohar
2012-06-05 13:37           ` David Howells
2012-06-05 14:36             ` Kasatkin, Dmitry
2012-06-05 13:35     ` David Howells
2012-06-10  5:47       ` Rusty Russell
2012-06-11  8:30         ` Kasatkin, Dmitry

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=10579.1337948303@redhat.com \
    --to=dhowells@redhat.com \
    --cc=keyrings@linux-nfs.org \
    --cc=kyle@mcmartin.ca \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=rusty@rustcorp.com.au \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).