| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Jan 2021 17:04:15 -0800
From: Jaegeuk Kim <jaegeuk@...nel.org>
To: Eric Biggers <ebiggers@...nel.org>
Cc: linux-fscrypt@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net,
linux-api@...r.kernel.org, Theodore Ts'o <tytso@....edu>,
Victor Hsieh <victorhsieh@...gle.com>
Subject: Re: [PATCH 2/6] fs-verity: don't pass whole descriptor to
fsverity_verify_signature()
On 01/15, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@...gle.com>
>
> Now that fsverity_get_descriptor() validates the sig_size field,
> fsverity_verify_signature() doesn't need to do it.
>
> Just change the prototype of fsverity_verify_signature() to take the
> signature directly rather than take a fsverity_descriptor.
>
> Signed-off-by: Eric Biggers <ebiggers@...gle.com>
Reviewed-by: Jaegeuk Kim <jaegeuk@...nel.org>
> ---
> fs/verity/fsverity_private.h | 6 ++----
> fs/verity/open.c | 3 ++-
> fs/verity/signature.c | 20 ++++++--------------
> 3 files changed, 10 insertions(+), 19 deletions(-)
>
> diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h
> index 6c9caccc06021..a7920434bae50 100644
> --- a/fs/verity/fsverity_private.h
> +++ b/fs/verity/fsverity_private.h
> @@ -140,15 +140,13 @@ void __init fsverity_exit_info_cache(void);
>
> #ifdef CONFIG_FS_VERITY_BUILTIN_SIGNATURES
> int fsverity_verify_signature(const struct fsverity_info *vi,
> - const struct fsverity_descriptor *desc,
> - size_t desc_size);
> + const u8 *signature, size_t sig_size);
>
> int __init fsverity_init_signature(void);
> #else /* !CONFIG_FS_VERITY_BUILTIN_SIGNATURES */
> static inline int
> fsverity_verify_signature(const struct fsverity_info *vi,
> - const struct fsverity_descriptor *desc,
> - size_t desc_size)
> + const u8 *signature, size_t sig_size)
> {
> return 0;
> }
> diff --git a/fs/verity/open.c b/fs/verity/open.c
> index a987bb785e9b0..60ff8af7219fe 100644
> --- a/fs/verity/open.c
> +++ b/fs/verity/open.c
> @@ -181,7 +181,8 @@ struct fsverity_info *fsverity_create_info(const struct inode *inode,
> vi->tree_params.hash_alg->name,
> vi->tree_params.digest_size, vi->file_digest);
>
> - err = fsverity_verify_signature(vi, desc, desc_size);
> + err = fsverity_verify_signature(vi, desc->signature,
> + le32_to_cpu(desc->sig_size));
> out:
> if (err) {
> fsverity_free_info(vi);
> diff --git a/fs/verity/signature.c b/fs/verity/signature.c
> index 012468eda2a78..143a530a80088 100644
> --- a/fs/verity/signature.c
> +++ b/fs/verity/signature.c
> @@ -29,21 +29,19 @@ static struct key *fsverity_keyring;
> /**
> * fsverity_verify_signature() - check a verity file's signature
> * @vi: the file's fsverity_info
> - * @desc: the file's fsverity_descriptor
> - * @desc_size: size of @desc
> + * @signature: the file's built-in signature
> + * @sig_size: size of signature in bytes, or 0 if no signature
> *
> - * If the file's fs-verity descriptor includes a signature of the file digest,
> - * verify it against the certificates in the fs-verity keyring.
> + * If the file includes a signature of its fs-verity file digest, verify it
> + * against the certificates in the fs-verity keyring.
> *
> * Return: 0 on success (signature valid or not required); -errno on failure
> */
> int fsverity_verify_signature(const struct fsverity_info *vi,
> - const struct fsverity_descriptor *desc,
> - size_t desc_size)
> + const u8 *signature, size_t sig_size)
> {
> const struct inode *inode = vi->inode;
> const struct fsverity_hash_alg *hash_alg = vi->tree_params.hash_alg;
> - const u32 sig_size = le32_to_cpu(desc->sig_size);
> struct fsverity_formatted_digest *d;
> int err;
>
> @@ -56,11 +54,6 @@ int fsverity_verify_signature(const struct fsverity_info *vi,
> return 0;
> }
>
> - if (sig_size > desc_size - sizeof(*desc)) {
> - fsverity_err(inode, "Signature overflows verity descriptor");
> - return -EBADMSG;
> - }
> -
> d = kzalloc(sizeof(*d) + hash_alg->digest_size, GFP_KERNEL);
> if (!d)
> return -ENOMEM;
> @@ -70,8 +63,7 @@ int fsverity_verify_signature(const struct fsverity_info *vi,
> memcpy(d->digest, vi->file_digest, hash_alg->digest_size);
>
> err = verify_pkcs7_signature(d, sizeof(*d) + hash_alg->digest_size,
> - desc->signature, sig_size,
> - fsverity_keyring,
> + signature, sig_size, fsverity_keyring,
> VERIFYING_UNSPECIFIED_SIGNATURE,
> NULL, NULL);
> kfree(d);
> --
> 2.30.0
Powered by blists - more mailing lists