Re: [PATCH 5/5] MODSIGN: Use PKCS#7 messages as module signatures

From: Mimi Zohar
Date: Mon Nov 24 2014 - 09:06:21 EST


On Thu, 2014-11-20 at 16:54 +0000, David Howells wrote:

>
> /*
> @@ -186,12 +81,8 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
> */
> int mod_verify_sig(const void *mod, unsigned long *_modlen)
> {
> - struct public_key_signature *pks;
> struct module_signature ms;
> - struct key *key;
> - const void *sig;
> size_t modlen = *_modlen, sig_len;
> - int ret;
>
> pr_devel("==>%s(,%zu)\n", __func__, modlen);
>
> @@ -205,46 +96,23 @@ int mod_verify_sig(const void *mod, unsigned long *_modlen)
> if (sig_len >= modlen)
> return -EBADMSG;
> modlen -= sig_len;
> - if ((size_t)ms.signer_len + ms.key_id_len >= modlen)
> - return -EBADMSG;
> - modlen -= (size_t)ms.signer_len + ms.key_id_len;
> -
> *_modlen = modlen;
> - sig = mod + modlen;
> -
> - /* For the moment, only support RSA and X.509 identifiers */
> - if (ms.algo != PKEY_ALGO_RSA ||
> - ms.id_type != PKEY_ID_X509)
> - return -ENOPKG;
>
> - if (ms.hash >= PKEY_HASH__LAST ||
> - !hash_algo_name[ms.hash])
> + if (ms.id_type != PKEY_ID_PKCS7) {
> + pr_err("Module is not signed with expected PKCS#7 message\n");
> return -ENOPKG;

Perhaps because modules are resigned with each kernel build, it is
acceptable to totally replace one signature format with another like
this, and fail the old method.

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/