From: David Howells <dhowells@redhat.com>
To: rusty@rustcorp.com.au
Cc: dhowells@redhat.com, kyle@mcmartin.ca, dmitry.kasatkin@intel.com,
zohar@linux.vnet.ibm.com, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, keyrings@linux-nfs.org
Subject: Re: [PATCH 00/23] Crypto keys and module signing
Date: Fri, 25 May 2012 16:42:19 +0100 [thread overview]
Message-ID: <26029.1337960539@redhat.com> (raw)
In-Reply-To: <20120522230218.24007.3556.stgit@warthog.procyon.org.uk>
Hi Rusty,
If you prefer to have userspace extract the module signature and pass it in
uargs, here's a tree that will do that:
http://git.kernel.org/?p=linux/kernel/git/dhowells/linux-modsign.git;a=shortlog;h=refs/heads/modsign-uarg
You can use it with the attached patch to kmod.git. I've passed the signature
length in the argument as it permits the kernel to preallocate the buffer it
decodes the signature into, but that's not actually necessary.
David
---
commit e4c9290fc949bc41f942f00a1460d9d90fc1775c
Author: David Howells <dhowells@redhat.com>
Date: Fri May 25 16:35:19 2012 +0100
libkmod: Extract module signature and prepend on module argument list
Extract the module signature from the module image, if present, and prepend on
the module argument list hexcoded as
"modsign=l,x "
Where "l" is the length of the signature as a decimal number and "x" is the
hex-encoded signature data.
Signed-off-by: David Howells <dhowells@redhat.com>
diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
index f5384a7..d358eec 100644
--- a/libkmod/libkmod-module.c
+++ b/libkmod/libkmod-module.c
@@ -756,6 +756,88 @@ KMOD_EXPORT int kmod_module_remove_module(struct kmod_module *mod,
return err;
}
+static const char kmod_modsign_magic[] = "This Is A Crypto Signed Module";
+static const char kmod_arg_key[] = "modsign=";
+
+/**
+ * kmod_find_signature:
+ * @mod: kmod module
+ * @mem: The module contents
+ * @_size: The size of the module contents (updated if sig removed)
+ * @args: Argument string
+ * @_new_args: Where to place the updated argument list
+ *
+ * Returns: 0 on success or < 0 on failure. -ELIBBAD is returned is the module
+ * format cannot be parsed.
+ */
+static int kmod_find_signature(struct kmod_module *mod,
+ const void *mem, off_t *_size,
+ const char *args, char **_new_args)
+{
+ const unsigned char *sig, *data = mem;
+ const char *cp;
+ char *new_args, *dp, *end;
+ size_t magic_size, sig_size, mod_size, arg_size, new_arg_size, size = *_size;
+
+ INFO(mod->ctx, "Look for signature in module image\n");
+
+ magic_size = sizeof(kmod_modsign_magic) - 1;
+ if (size <= 5 + magic_size)
+ return 0;
+
+ if (memcmp(data + size - magic_size, kmod_modsign_magic, magic_size) != 0)
+ /* Probably want to check for IMA signature file or xattr here */
+ return 0;
+ size -= 5 + magic_size;
+
+ INFO(mod->ctx, "Signature marker found in module\n");
+
+ cp = (const char *)data + size;
+ sig_size = strtoul(cp, &end, 10);
+ if (sig_size >= size || (*end != ' ' && *end != 'T'))
+ return -ELIBBAD;
+
+ mod_size = size - sig_size;
+ INFO(mod->ctx, "Module size %zu Signature size %zu\n", mod_size, sig_size);
+ if (sig_size <= 0)
+ return -ENOMSG;
+ if (sig_size > 65535)
+ return -EMSGSIZE;
+
+ sig = data + mod_size;
+ INFO(mod->ctx, "Signature dump: %02x%02x%02x%02x%02x%02x%02x%02x\n",
+ sig[0], sig[1], sig[2], sig[3],
+ sig[4], sig[5], sig[6], sig[7]);
+
+ arg_size = strlen(args) + 1;
+ new_arg_size = sizeof(kmod_arg_key) - 1 + 5 + 1 + sig_size * 2 + 1 + arg_size;
+ new_args = malloc(new_arg_size);
+ if (!new_args)
+ return -ENOMEM;
+
+ /* Hex encode the signature as "modsign=l,xxxxxx " at the front of the
+ * argument list.
+ */
+ dp = memcpy(new_args, kmod_arg_key, sizeof(kmod_arg_key) - 1);
+ dp += sizeof(kmod_arg_key) - 1;
+ dp += sprintf(dp, "%zu,", sig_size);
+ do {
+ dp += sprintf(dp, "%02x", *sig++);
+ } while (--sig_size > 0);
+ *dp++ = ' ';
+ memcpy(dp, args, arg_size);
+
+ dp += arg_size;
+ if (dp > new_args + new_arg_size) {
+ fprintf(stderr, "%p > %p\n", dp, new_args + new_arg_size);
+ abort();
+ }
+
+ *_new_args = new_args;
+ *_size = mod_size;
+ return 0;
+}
+
extern long init_module(const void *mem, unsigned long len, const char *args);
/**
@@ -782,6 +864,7 @@ KMOD_EXPORT int kmod_module_insert_module(struct kmod_module *mod,
struct kmod_elf *elf = NULL;
const char *path;
const char *args = options ? options : "";
+ char *new_args = NULL;
if (mod == NULL)
return -ENOENT;
@@ -823,6 +906,12 @@ KMOD_EXPORT int kmod_module_insert_module(struct kmod_module *mod,
mem = kmod_elf_get_memory(elf);
}
+ err = kmod_find_signature(mod, mem, &size, args, &new_args);
+ if (err < 0)
+ goto elf_failed;
+ if (new_args)
+ args = new_args;
+
err = init_module(mem, size, args);
if (err < 0) {
err = -errno;
@@ -831,6 +920,7 @@ KMOD_EXPORT int kmod_module_insert_module(struct kmod_module *mod,
if (elf != NULL)
kmod_elf_unref(elf);
+ free(new_args);
elf_failed:
kmod_file_unref(file);
next prev parent reply other threads:[~2012-05-25 15:42 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-22 23:02 [PATCH 00/23] Crypto keys and module signing David Howells
2012-05-22 23:02 ` [PATCH 01/23] Guard check in module loader against integer overflow David Howells
2012-05-22 23:02 ` [PATCH 02/23] KEYS: Move the key config into security/keys/Kconfig David Howells
2012-05-22 23:02 ` [PATCH 03/23] KEYS: Announce key type (un)registration David Howells
2012-05-22 23:02 ` [PATCH 04/23] KEYS: Reorganise keys Makefile David Howells
2012-05-22 23:02 ` [PATCH 05/23] KEYS: Create a key type that can be used for general cryptographic operations David Howells
2012-05-22 23:03 ` [PATCH 06/23] KEYS: Add signature verification facility David Howells
2012-05-22 23:03 ` [PATCH 07/23] KEYS: Asymmetric public-key algorithm crypto key subtype David Howells
2012-05-22 23:03 ` [PATCH 08/23] KEYS: RSA signature verification algorithm David Howells
2012-05-22 23:03 ` [PATCH 09/23] Fix signature verification for shorter signatures David Howells
2012-05-22 23:03 ` [PATCH 10/23] PGPLIB: PGP definitions (RFC 4880) David Howells
2012-05-22 23:03 ` [PATCH 11/23] PGPLIB: Basic packet parser David Howells
2012-05-22 23:03 ` [PATCH 12/23] PGPLIB: Signature parser David Howells
2012-05-22 23:03 ` [PATCH 13/23] KEYS: PGP data parser David Howells
2012-05-22 23:04 ` [PATCH 14/23] KEYS: PGP-based public key signature verification David Howells
2012-05-22 23:04 ` [PATCH 15/23] KEYS: PGP format signature parser David Howells
2012-05-22 23:04 ` [PATCH 16/23] KEYS: Provide a function to load keys from a PGP keyring blob David Howells
2012-05-22 23:04 ` [PATCH 17/23] MODSIGN: Provide gitignore and make clean rules for extra files David Howells
2012-05-22 23:04 ` [PATCH 18/23] MODSIGN: Provide Documentation and Kconfig options David Howells
2012-05-22 23:04 ` [PATCH 19/23] MODSIGN: Sign modules during the build process David Howells
2012-05-22 23:04 ` [PATCH 20/23] MODSIGN: Provide module signing public keys to the kernel David Howells
2012-05-22 23:05 ` [PATCH 21/23] MODSIGN: Module signature verification David Howells
2012-05-22 23:05 ` [PATCH 22/23] MODSIGN: Automatically generate module signing keys if missing David Howells
2012-05-22 23:05 ` [PATCH 23/23] MODSIGN: Panic the kernel if FIPS is enabled upon module signing failure David Howells
2012-05-23 12:51 ` [PATCH 00/23] Crypto keys and module signing Rusty Russell
2012-05-23 14:20 ` David Howells
2012-05-24 12:04 ` Rusty Russell
2012-05-24 14:00 ` David Howells
2012-05-27 5:41 ` Rusty Russell
2012-05-31 14:11 ` David Howells
2012-05-31 15:35 ` Josh Boyer
2012-06-04 1:16 ` Rusty Russell
2012-06-04 13:38 ` Josh Boyer
2012-06-05 0:23 ` Rusty Russell
2012-06-22 1:53 ` Greg KH
2012-06-22 3:29 ` Lucas De Marchi
2012-06-22 4:05 ` Rusty Russell
2012-06-22 11:03 ` David Howells
2012-06-23 0:20 ` Rusty Russell
2012-05-25 11:15 ` Kasatkin, Dmitry
2012-05-25 11:37 ` David Howells
2012-05-25 13:08 ` Mimi Zohar
2012-05-25 13:53 ` David Howells
2012-05-25 14:40 ` Mimi Zohar
2012-05-25 12:18 ` David Howells
2012-05-25 15:42 ` David Howells [this message]
2012-06-04 1:31 ` Rusty Russell
2012-06-04 12:47 ` Mimi Zohar
2012-06-05 1:05 ` Rusty Russell
2012-06-05 11:39 ` Mimi Zohar
2012-06-05 13:37 ` David Howells
2012-06-05 14:36 ` Kasatkin, Dmitry
2012-06-05 13:35 ` David Howells
2012-06-10 5:47 ` Rusty Russell
2012-06-11 8:30 ` Kasatkin, Dmitry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=26029.1337960539@redhat.com \
--to=dhowells@redhat.com \
--cc=dmitry.kasatkin@intel.com \
--cc=keyrings@linux-nfs.org \
--cc=kyle@mcmartin.ca \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).