| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Feb 2016 00:04:04 -0500
From: Mimi Zohar <zohar@...ux.vnet.ibm.com>
To: David Howells <dhowells@...hat.com>
Cc: keyrings@...r.kernel.org, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, tadeusz.struk@...el.com
Subject: Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto
layer
On Fri, 2016-02-19 at 17:18 +0000, David Howells wrote:
> /*
> * Verify a signature using a public key.
> */
> int public_key_verify_signature(const struct public_key *pkey,
> const struct public_key_signature *sig)
> {
> + struct public_key_completion compl;
> + struct crypto_akcipher *tfm;
> + struct akcipher_request *req;
> + struct scatterlist sig_sg, digest_sg;
> + int ret = -ENOMEM;
> +
> + pr_devel("==>%s()\n", __func__);
> +
> BUG_ON(!pkey);
> BUG_ON(!sig);
> BUG_ON(!sig->digest);
> BUG_ON(!sig->s);
>
> - if (pkey->pkey_algo >= PKEY_ALGO__LAST)
> - return -ENOPKG;
> + tfm = crypto_alloc_akcipher(pkey_algo_name[sig->pkey_algo], 0, 0);
> + if (IS_ERR(tfm))
> + return PTR_ERR(tfm);
IMA fails here. The security.ima xattr header includes the hash
algorithm as defined in
include/uapi/linux/hash_info.h.
struct signature_v2_hdr {
uint8_t type; /* xattr type */
uint8_t version; /* signature format version */
uint8_t hash_algo; /* Digest algorithm [enum pkey_hash_algo] */
uint32_t keyid; /* IMA key identifier - not X509/PGP specific */
uint16_t sig_size; /* signature size */
uint8_t sig[0]; /* signature payload */
} __packed;
Mimi
Powered by blists - more mailing lists