lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 12 Dec 2011 16:11:27 +0000
From:	David Howells <dhowells@...hat.com>
To:	Rusty Russell <rusty@...abs.org>
Cc:	dhowells@...hat.com, keyrings@...ux-nfs.org,
	linux-crypto@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org, dmitry.kasatkin@...el.com,
	zohar@...ux.vnet.ibm.com, arjan.van.de.ven@...el.com,
	alan.cox@...el.com, Jon Masters <jcm@...masters.org>
Subject: Re: [PATCH 21/21] MODSIGN: Apply signature checking to modules on module load [ver #3]

Rusty Russell <rusty@...abs.org> wrote:

> OK, then you need to generate stripped modules as part of the build,
> too.  It's a bit of a pain, sure, but hardly a showstopper.

They'd have to be maximally stripped so that mkinitrd doesn't do anything to
them, but you'd then get the debuginfo from them into the packaging if you're
on some distribution or other.  And you also provide an option to not strip
them if whoever wants them unstripped.

> A signature contains a magic marker

I don't like this particularly - you can't guarantee that this won't be
generated by the assembler quite by accident.  You should find the end of the
ELF and work from there.  It should be a simple matter of parsing the header
and the section table only, right?  Then you can look at the file offset +
length of the last section in the file.  At that point, assuming this isn't
coincident with the actual end of the file, you can try parsing what's
thereafter as a signature.  If it is actual PGP, then an RFC4880 parser should
recognise it as valid, and a signature packet should be seen.

> A signature contains a magic marker: it signs everything up to the
> magic marker (ie. just append them):
> 	SUM=`md5sum drivers/block/loop.ko | cut -d\  -f1`; echo "@Module signature:$SUM" >> drivers/block/loop.ko

That's not a useful signature, but I suspect you're just showing this as an
example.

> We can have false positives, but at worst that make us report EINVAL
> (bad signature) instead of ENOENT (no signature).

EKEYREJECTED please; that way it's the same as RHEL does now.

> Took me longer to figure out the damn crypto API

You don't actually need to use that.  The crypto API for the moment doesn't do
crytographic signature verification.

Look at:

	http://git.kernel.org/?p=linux/kernel/git/dhowells/linux-modsign.git;a=shortlog;h=refs/heads/devel

>From tag cryptokeys-2011-12-07.  That's my crypto signature verification stuff
in the kernel.  You can build on that.  The last patch in the sequence has
some of the bits you need for actually generating the signature, though rather
than editing the ELF, you'd just append all the signatures you actually need.

The following file:

http://git.kernel.org/?p=linux/kernel/git/dhowells/linux-modsign.git;a=blob;f=kernel/module-verify-sig.c;h=ced56816b2c47307a36cce0c6f829ea23fc5f2e6;hb=d71374f23e3a8c88c3ae20f62f04fb07a641f805

has an example of how it can be used, but it's basically:

	struct crypto_key_verify_context *mod_sig;
	u8 *sig = <signature data>;
	size_t sig_size = <signature data size>;

	/* Find the crypto key for the module signature
	 * - !!! if this tries to load the required hash algorithm module,
	 *       we will deadlock!!!
	 */
	mod_sig = verify_sig_begin(modsign_keyring, sig, sig_size);
	if (IS_ERR(mod_sig))
		...

returns -EBADMSG if none of its parsers recognise the signature, -ENOPKG if
the signature is recognised, but we can't handle it (for instance if it's an
unsupported hash algorithm), -ENOKEY if we recognise it, but there's no key
available or -EKEYREJECTED if we recognised it, found the matching key, but
the key couldn't be used to verify the signature for some reason.

	/* Call repeatedly to shovel data into the crypto hash */
	verify_sig_add_data(mod_sig, dataptr, datasize);

	/* Call to finalise and actually perform the verification */
	ret = verify_sig_end(mod_sig, sig, sig_size);

or:

	/* Call to cancel the verification */
	verify_sig_cancel(mod_sig);

This does all the work for you.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ