| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260113145635.YfSTBhVs@linutronix.de>
Date: Tue, 13 Jan 2026 15:56:35 +0100
From: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
To: Thomas Weißschuh <linux@...ssschuh.net>
Cc: Nathan Chancellor <nathan@...nel.org>, Arnd Bergmann <arnd@...db.de>,
Luis Chamberlain <mcgrof@...nel.org>,
Petr Pavlu <petr.pavlu@...e.com>,
Sami Tolvanen <samitolvanen@...gle.com>,
Daniel Gomez <da.gomez@...sung.com>,
Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Jonathan Corbet <corbet@....net>,
Madhavan Srinivasan <maddy@...ux.ibm.com>,
Michael Ellerman <mpe@...erman.id.au>,
Nicholas Piggin <npiggin@...il.com>,
Naveen N Rao <naveen@...nel.org>, Mimi Zohar <zohar@...ux.ibm.com>,
Roberto Sassu <roberto.sassu@...wei.com>,
Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
Eric Snowberg <eric.snowberg@...cle.com>,
Nicolas Schier <nicolas.schier@...ux.dev>,
Daniel Gomez <da.gomez@...nel.org>,
Aaron Tomlin <atomlin@...mlin.com>,
"Christophe Leroy (CS GROUP)" <chleroy@...nel.org>,
Nicolas Schier <nsc@...nel.org>,
Nicolas Bouchinet <nicolas.bouchinet@....cyber.gouv.fr>,
Xiu Jianfeng <xiujianfeng@...wei.com>,
Fabian Grünbichler <f.gruenbichler@...xmox.com>,
Arnout Engelen <arnout@...t.net>,
Mattia Rizzolo <mattia@...reri.org>, kpcyrd <kpcyrd@...hlinux.org>,
Christian Heusel <christian@...sel.eu>,
Câju Mihai-Drosi <mcaju95@...il.com>,
linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-arch@...r.kernel.org, linux-modules@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-doc@...r.kernel.org,
linuxppc-dev@...ts.ozlabs.org, linux-integrity@...r.kernel.org
Subject: Re: [PATCH v4 15/17] module: Introduce hash-based integrity checking
On 2026-01-13 13:28:59 [+0100], Thomas Weißschuh wrote:
> --- /dev/null
> +++ b/scripts/modules-merkle-tree.c
> @@ -0,0 +1,467 @@
…
> +static void build_proof(struct mtree *mt, unsigned int n, int fd)
> +{
> + unsigned char cur[EVP_MAX_MD_SIZE];
> + unsigned char tmp[EVP_MAX_MD_SIZE];
This and a few other instances below could be optimized to avoid
hashing. I probably forgot to let you know.
-> https://git.kernel.org/pub/scm/linux/kernel/git/bigeasy/mtree-hashed-mods.git/commit/?id=10b565c123c731da37befe862de13678b7c54877
> + struct file_entry *fe, *fe_sib;
> +
> + fe = &fh_list[n];
> +
> + if ((n & 1) == 0) {
> + /* No pair, hash with itself */
> + if (n + 1 == num_files)
> + fe_sib = fe;
> + else
> + fe_sib = &fh_list[n + 1];
> + } else {
> + fe_sib = &fh_list[n - 1];
> + }
> + /* First comes the node position into the file */
> + write_be_int(fd, n);
> +
> + if ((n & 1) == 0)
> + hash_entry(fe->hash, fe_sib->hash, cur);
> + else
> + hash_entry(fe_sib->hash, fe->hash, cur);
> +
> + /* Next is the sibling hash, followed by hashes in the tree */
> + write_hash(fd, fe_sib->hash);
> +
> + for (unsigned int i = 0; i < mt->levels - 1; i++) {
> + n >>= 1;
> + if ((n & 1) == 0) {
> + void *h;
> +
> + /* No pair, hash with itself */
> + if (n + 1 == mt->entries[i])
> + h = cur;
> + else
> + h = mt->l[i][n + 1].hash;
> +
> + hash_entry(cur, h, tmp);
> + write_hash(fd, h);
> + } else {
> + hash_entry(mt->l[i][n - 1].hash, cur, tmp);
> + write_hash(fd, mt->l[i][n - 1].hash);
> + }
> + memcpy(cur, tmp, hash_size);
> + }
> +
> + /* After all that, the end hash should match the root hash */
> + if (memcmp(cur, mt->l[mt->levels - 1][0].hash, hash_size))
> + errx(1, "hash mismatch");
> +}
Sebastian
Powered by blists - more mailing lists