Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2395337imu; Sun, 6 Jan 2019 00:12:18 -0800 (PST) X-Google-Smtp-Source: ALg8bN4hxqUAOS5qf8rbidKZZ+yjppMqOJS+u3enJn0Pgj3FXPfMBz2y4k59jCrHw2oxaB4yHA+i X-Received: by 2002:a17:902:bf44:: with SMTP id u4mr47409873pls.5.1546762338408; Sun, 06 Jan 2019 00:12:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546762338; cv=none; d=google.com; s=arc-20160816; b=RthqW8GaAtmVSVuPsAyl7PWLkBRg3CnGAtiQPQMtwNO9lo9FQMmRoZiVLyWUSx6lEk ANu4nH3tuiZDEAXCZT07OJnI0XGbFkANwHfNmWcDgB5sX7/Qy2Vqd7XdGegOwPgvqM0Q o3z6eXP9B7wLWcpN4SzkYkugEBwKzcqBr6a4y32diKnGDlZLM89I6vcPs+xSiWUpkSMY YBOMwlwbQ8F79TNQFPXcGoh1XWASEgAae+CDJy2wX9RUR4mmWpM80W87JK0/7qUaju46 XEWdFwo+br0fjxsiL5j+CvWGrq0Qggmp2qxX2xPbhTMdiUeRLLzrKJaCdpN248kaJFlP QcbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=9CdnDbymRW1jSlQOftp+D5+4J55KrkgnjNl7ojXt46k=; b=dfE95Jgt+d8OC/zxOA3lX1M5ujNzuHxadty6zbaaYtzuvYurGrTimFlI/Xweyxs8M9 N7H697aTZhow+OquAi9lgeIiBOPStuI99CNtqQEmBWjXIhj21qOxt/Pbqe6oqICTm2r8 T4pDG6/Oa1xkmR0E9CO3+THRYMMw2rIJvj7xTPF/2ng3JG3ymSat/pqQ97AjcHI+ssYZ 1Lt6ySKXrNzLEnoITJOY8VtF/crqwZStEJ/ezWEWhCBQRKdPTkXc1ssLWqjC5cTabjIX V14PGep/OMsjzeUp0oCmadukaFaFl5fv52B7idqMWoUlaXsXIVNSyxfrmBVBFTiaVp3X nWiw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=ghl0EsNM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i1si60658750pgr.569.2019.01.06.00.12.03; Sun, 06 Jan 2019 00:12:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=ghl0EsNM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726577AbfAFIKp (ORCPT + 99 others); Sun, 6 Jan 2019 03:10:45 -0500 Received: from mo4-p02-ob.smtp.rzone.de ([85.215.255.80]:25484 "EHLO mo4-p02-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726479AbfAFIKX (ORCPT ); Sun, 6 Jan 2019 03:10:23 -0500 X-Greylist: delayed 498 seconds by postgrey-1.27 at vger.kernel.org; Sun, 06 Jan 2019 03:10:22 EST DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1546762221; s=strato-dkim-0002; d=chronox.de; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=9CdnDbymRW1jSlQOftp+D5+4J55KrkgnjNl7ojXt46k=; b=ghl0EsNM1RYbkVIPzUOmbhAPxr9V8+bEG2J5pta48w144/hEpRfBNBPEtZ+Vqiw7Re W1z4WprW0YSBGJRKJv35DDjDgeYTjvlBD3tXyZn+Y7jVh+IkRmnNdB21TxTjXl64PaC4 oWX8memTiMSQCFVnk7UGGb/kyP8dMGcl3MU8jTWF/4b69coUzGGmkyNA/UkwcxDQP30F HPQTpAM4KTMmUQhE+v4rlTLs2jBD3/zM20FFKjKRVzQO+CTH4xYE+Aa/m4BV8QnR/D+f dvIf8ZF5v8JG/LjWKrh9IC5LrVoT//ODvRUQE7pkDrwBhKbKU+CaMtuP9UPhGRRYbNw0 M+qA== X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9xmwdNnzGHXPbI/Scimcp" X-RZG-CLASS-ID: mo00 Received: from tauon.chronox.de by smtp.strato.de (RZmta 44.9 DYNA|AUTH) with ESMTPSA id 309bcfv0689R7oi (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate); Sun, 6 Jan 2019 09:09:27 +0100 (CET) From: Stephan Mueller To: "Lee, Chun-Yi" Cc: "Rafael J . Wysocki" , Pavel Machek , linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org, keyrings@vger.kernel.org, "Lee, Chun-Yi" , "Rafael J. Wysocki" , Chen Yu , Oliver Neukum , Ryan Chen , David Howells , Giovanni Gherdovich , Randy Dunlap , Jann Horn , Andy Lutomirski Subject: Re: [PATCH 2/5] PM / hibernate: Generate and verify signature for snapshot image Date: Sun, 06 Jan 2019 09:09:27 +0100 Message-ID: <1703775.N7MsT5WVgv@tauon.chronox.de> In-Reply-To: <20190103143227.9138-3-jlee@suse.com> References: <20190103143227.9138-1-jlee@suse.com> <20190103143227.9138-3-jlee@suse.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Am Donnerstag, 3. Januar 2019, 15:32:24 CET schrieb Lee, Chun-Yi: Hi Chun, > +int snapshot_image_verify_decrypt(void) > +{ > + int ret, i; > + > + if (!h_buf) { > + ret = -ENOMEM; > + goto error; > + } > + > + ret = snapshot_key_init(); > + if (ret) > + goto error_prep; > + > + ret = snapshot_prepare_hash(true); > + if (ret || !s4_verify_desc) > + goto error_prep; > + > + for (i = 0; i < nr_copy_pages; i++) { > + ret = crypto_shash_update(s4_verify_desc, *(h_buf + i), PAGE_SIZE); > + if (ret) > + goto error_shash; > + } > + > + ret = crypto_shash_final(s4_verify_desc, s4_verify_digest); > + if (ret) > + goto error_shash; > + > + pr_debug("Signature %*phN\n", SNAPSHOT_DIGEST_SIZE, signature); > + pr_debug("Digest %*phN\n", SNAPSHOT_DIGEST_SIZE, s4_verify_digest); > + if (memcmp(signature, s4_verify_digest, SNAPSHOT_DIGEST_SIZE)) > + ret = -EKEYREJECTED; > + > + error_shash: > + snapshot_finish_hash(); > + > + error_prep: > + vfree(h_buf); > + if (ret) > + pr_warn("Signature verification failed: %d\n", ret); > + error: > + sig_verify_ret = ret; > + return ret; > +} May I ask why the authentication part is done manually here? Why not using an AEAD cipher like the authenc() ciphers, or CCM (I would not recommend GCM though)? In this case, the encryption/decryption operation would automatically perform the creation of the hash and the verification of the hash. I.e. decryption can return EBADMSG which indicates an authentication failure. > + > +static int > +__copy_data_pages(struct memory_bitmap *copy_bm, struct memory_bitmap > *orig_bm) +{ > + unsigned long pfn, dst_pfn; > + struct page *d_page; > + void *crypto_buffer = NULL; > + int ret = 0; > + > + memory_bm_position_reset(orig_bm); > + memory_bm_position_reset(copy_bm); > + for (;;) { > + pfn = memory_bm_next_pfn(orig_bm); > + if (unlikely(pfn == BM_END_OF_MAP)) > + break; > + dst_pfn = memory_bm_next_pfn(copy_bm); > + copy_data_page(dst_pfn, pfn); > + > + /* Setup buffer */ > + d_page = pfn_to_page(dst_pfn); > + if (PageHighMem(d_page)) { > + void *kaddr = kmap_atomic(d_page); > + > + copy_page(buffer, kaddr); > + kunmap_atomic(kaddr); > + crypto_buffer = buffer; > + } else { > + crypto_buffer = page_address(d_page); > + } > + > + /* Generate digest */ > + if (!s4_verify_desc) > + continue; > + ret = crypto_shash_update(s4_verify_desc, crypto_buffer, > + PAGE_SIZE); Same here, the creation of the hash would be implicit during the encryption. Ciao Stephan