Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1486712imm; Mon, 3 Sep 2018 01:33:46 -0700 (PDT) X-Google-Smtp-Source: ANB0Vdbs/nJ9T+SbDUoJEoMHlwqNopmKEeun00yt+JI3VD2H2UJFJp5ZusXDW1/QI1e1r3Hr29kD X-Received: by 2002:a63:5c10:: with SMTP id q16-v6mr24938927pgb.452.1535963626448; Mon, 03 Sep 2018 01:33:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535963626; cv=none; d=google.com; s=arc-20160816; b=NjvKc+ag51+kYPVMPCL/l9lsHeC0YgPQe77qLmT0xOu5CICxiI6QwoDdLBNg+Bs0eu Pfd+Otz2CjwvLxTXN2b2fzNVQibkc1FsjIMnF2mdvigI9KSqoiMtnLLLbUCNXUqO4e2a XpYLYQ2Nh2TE7y6h9R+LJvKZfwAjy5siDMaph+M5vJIDitvbB9wSYrz15lXaGRTNXCD9 xqufvSiObKcMloWBOsFmpKIYHhmZcXtkyvK+keTblNeOGYMr4UWQTRRVDR3v8xwHB3V0 gfDhox0GDSIU/Q08e8W0mO7tzEVzMc2wM5O80mHZS3+UKpxpKFVoliQO99ZdsF+7L6/m wsCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:mime-version:dkim-signature :arc-authentication-results; bh=+9chU9q1oG/JYpCVufS+m9SpDSPNFBo0ybiGjUZqGcE=; b=jk55XW1xfUOIIRMX7Nc8D3AiRNUpG1ovbPY4BYOhnw+uxZC0IcNOfjuoZRntgiVoaw S5ihbu1aNKwsBRDFsFU9WAM25LNq7clJPdUNTMGgMR4z13vVKNOD9KOe3vnABZqYThCL YV2paWsDSe8eu9TXZvNuOwbt4thWUmuZBmhSDmS3mNhiX0V7ZCR+0fS40MPmdR+AMW79 CYd4Wm1OhdIU/bjxysTATfTg9jiWJAugbgh0m4JsmKJRjahvV8q6pRscdGIROQVCRegh djofWl+vNygK1SBE191rpWJKV2wl0eJ9MB2hJF1cPk+ia9mNJGdFCWqQ1BYKLt2nXH+p 4GgQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=OGFGETMI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e17-v6si13426109pgb.497.2018.09.03.01.33.19; Mon, 03 Sep 2018 01:33:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=OGFGETMI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727100AbeICMvN (ORCPT + 99 others); Mon, 3 Sep 2018 08:51:13 -0400 Received: from mail-qk1-f194.google.com ([209.85.222.194]:36041 "EHLO mail-qk1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726961AbeICMvN (ORCPT ); Mon, 3 Sep 2018 08:51:13 -0400 Received: by mail-qk1-f194.google.com with SMTP id 93-v6so5160922qks.3; Mon, 03 Sep 2018 01:32:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc :content-transfer-encoding; bh=+9chU9q1oG/JYpCVufS+m9SpDSPNFBo0ybiGjUZqGcE=; b=OGFGETMIXyRoVLVzPLmHq3iiXqHIaukMhCF1xMZfy4ZJOmss+Zyg4SdGDUm9HuO34q SCxZwiNYKpfnw809s2bQbIqRCJUYKGgIuA3Ws5AQLpBELoJxgKLx5xcSRZF1fqnJHu52 5ijQDECw6hh6R8TMkqarNUWJVS4bu+VEpO8hfnyfL+QLAqZsgDNIglMLq4cbmP1DEf1T JgOlHIh49zoJnuy1ZndWlEPy+Kuka3k5y66pKGhLWJtAU1FQwuiTzT51KyLal0aogdks mlwOvmrRvfi1Gzub1acAhad7Hvhs1ImcX2xL/5iVMux/3MlgXfSAL9ASyJUjlCB1Gwu/ s5FA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc :content-transfer-encoding; bh=+9chU9q1oG/JYpCVufS+m9SpDSPNFBo0ybiGjUZqGcE=; b=ICdxpEManxzRxYvmLY3rRR7bIJhQFCAFbF6GcPwJpYOEmy9QMZnJOQOMQ3d9vjhfXI wBJv8aZm+MkE9veeuVhSpwrZ6RjF1tBIVXFdlnCn+fm6XDl35WpOg5I5OLIDRHt1V90y ZCODKBnT0EcTz3lXK3y/9ujiMxAajvd2n0DLBPCjxf3WB68Jz9hqQGOrnvSKN9FqYJKh XRbxElBSrxFlJ4HoWKpH/H9MGceKQqrZ7F4AiefZkZqPsS9faaD9+7l3ehy0qPmWycO7 w6s9/5f2Dg5WsqTYQ9MHZ0DgaYZtAgXBMmM/hDN8kw+ynmswcfwWH9ILas5H8zB5bOIu MyoA== X-Gm-Message-State: APzg51A1JTQGGxshSYdeAbxzSEw9XikzKzUmPagg5HxOj61hbIO2mGul P3KMwTg2JvJAl5AD/7mFCXT5jD5KGwAw2119bQuic1ux X-Received: by 2002:a37:9306:: with SMTP id v6-v6mr23665871qkd.36.1535963528082; Mon, 03 Sep 2018 01:32:08 -0700 (PDT) MIME-Version: 1.0 From: Xiongwei Song Date: Mon, 3 Sep 2018 16:31:56 +0800 Message-ID: Subject: Question about pe file verification To: dhowells@redhat.com, herbert@gondor.apana.org.au, davem@davemloft.net Cc: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Some code logic I don't understand about the function pefile_digest_pe_cont= ents in the file crypto/asymmetric_keys/verify_pefile.c. At the end of pefile_digest_pe_contents, please see the comment [sxw] below= : static int pefile_digest_pe_contents(const void *pebuf, unsigned int pelen, struct pefile_context *ctx, struct shash_desc *desc) { unsigned *canon, tmp, loop, i, hashed_bytes; int ret; ...... =E3=80=80[sxw] I assume the image has signed by sbsign tool, there is a cer= tificate at the end of image file. if (pelen > hashed_bytes) { tmp =3D hashed_bytes + ctx->certs_size; [sxw] The tmp value is the end of certificate. ret =3D crypto_shash_update(desc, pebuf + hashed_bytes, [sxw] The data address is the beginning of the certificate. Why do we need to hash the certification data block? pelen - tmp); [sxw] However, the data length doesn't include the certificate, sometimes it's zero. if (ret < 0) return ret; } return 0; } Is that for a special consider or something else? Regards, Xiongwei