Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp2349036pxb; Thu, 3 Feb 2022 04:54:15 -0800 (PST) X-Google-Smtp-Source: ABdhPJw+n7uxl8JU9xkK8LAKd4v7l/K5aT54oI98y8qddxjkcqX1iqmH+FdJMnpoDcSQ4BPhvpGo X-Received: by 2002:a05:6402:524d:: with SMTP id t13mr35521903edd.260.1643892854815; Thu, 03 Feb 2022 04:54:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643892854; cv=none; d=google.com; s=arc-20160816; b=NKBZuYLjPeHOAOOPA040IVUChRWFDGaEk48yTGZqod/BJKfbXuLAn0RZcKpyYY6h5S sfljQ/l2+990p1PQBS6ABGv6wQEm1NM+TAk0I6zx6edT/hknXXcNeC5POGVd1sm/VLt0 aT7HK990/FNpD7LEadtWeWT+ba6FoyB7FEeJqv2SnPrf3pLQ4UZRtpBVYfZ1dqJpN8aT eoXCh8jX5VqwJs57g9mFmfc6jdogXATMdWa+p8Z4nA2CP1CAinbP6j1d/EnhIpPGDgrZ KvCAGpQJml1d3CuRcF/SdVbnNhm4B9fL3e1t//zdJZoTqPixDgVoVOwL1LSnaMOQNIQz YFdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature:dkim-signature; bh=a6gXtaxF4sUpqNbpvqW3e+eeQ67Q3V181j1MpX5xCXw=; b=XpgsY3u4yRiaVuXyDJ/fMF++zKiaa0Mzbv7VKPYzajLPqv2zKx3Fi5jOZPC2VkIjwI 7l6u8Byoku7ddKyrqjLEkviht1Ms1KbLxTNTtXJYtsxnfdWSG2VIb6QPOgVPx6y+Y1ZE UzVlXPofLXSICr12VtWfQCX4bCwxSo8jkUJgSzpHlxBvsM8q4iKguhXww5H4uqGDpodh 0LKvfsTVi57eURKG+bxMPu+SbRak/PIuDyR/Vj2kvrnW6YPl2GPrL3sH/GqTXKsOd206 SlOam1gbEExTS1DHONyTzeb/L3W4h5V5J8eXI5KNsrG9TCvS3dQkr1Upm9NwhG8KsKip KyxA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=HaY3A8a7; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=4EJKGBft; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 15si13167537ejg.398.2022.02.03.04.53.39; Thu, 03 Feb 2022 04:54:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=HaY3A8a7; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=4EJKGBft; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233621AbiBCKtc (ORCPT + 99 others); Thu, 3 Feb 2022 05:49:32 -0500 Received: from smtp-out2.suse.de ([195.135.220.29]:40092 "EHLO smtp-out2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230016AbiBCKtb (ORCPT ); Thu, 3 Feb 2022 05:49:31 -0500 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out2.suse.de (Postfix) with ESMTP id 831C61F399; Thu, 3 Feb 2022 10:49:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1643885369; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=a6gXtaxF4sUpqNbpvqW3e+eeQ67Q3V181j1MpX5xCXw=; b=HaY3A8a7CHu+p6SkQfzXFxoRVgaixyso1zTY8l10onfr+4M1WM6Keh9Ypvjdw1ey18+Cq8 Pz48XGKgBpP8Ki2zWHuhHY1Gy46s/PE0MAZ4LbmxhJWmPuIQIKdMYbozDUo4+Q7MCpXRpB UgCTlfrM191QhW6/Am1jz3JKp4une/4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1643885369; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=a6gXtaxF4sUpqNbpvqW3e+eeQ67Q3V181j1MpX5xCXw=; b=4EJKGBft4bAsvWMXkRCyg9VCRvMq2sAKI0INSYlhae42A7n/QFT0juKBfObRurO+3478Iw wdlekzqTUvDT8pBQ== Received: from kunlun.suse.cz (unknown [10.100.128.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 7AACFA3B85; Thu, 3 Feb 2022 10:49:27 +0000 (UTC) Date: Thu, 3 Feb 2022 11:49:26 +0100 From: Michal =?iso-8859-1?Q?Such=E1nek?= To: Luis Chamberlain Cc: David Howells , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, Philipp Rudo , Mimi Zohar , Nayna , Rob Herring , linux-s390@vger.kernel.org, Vasily Gorbik , Lakshmi Ramasubramanian , Heiko Carstens , Jessica Yu , linux-kernel@vger.kernel.org, Christian Borntraeger , Paul Mackerras , Hari Bathini , Alexander Gordeev , linuxppc-dev@lists.ozlabs.org, Frank van der Linden , Thiago Jung Bauermann , Daniel Axtens , buendgen@de.ibm.com, Michael Ellerman , Benjamin Herrenschmidt , Christian Borntraeger , Herbert Xu , "David S. Miller" , Dmitry Kasatkin , James Morris , "Serge E. Hallyn" , Sven Schnelle , Baoquan He , linux-security-module@vger.kernel.org Subject: Re: [PATCH v5 3/6] kexec_file: Don't opencode appended signature verification. Message-ID: <20220203104926.GA3113@kunlun.suse.cz> References: <7834eb187ef67cd88fc67f10e831130e3717d776.1641900831.git.msuchanek@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hello, thanks for the review. On Tue, Jan 25, 2022 at 12:15:56PM -0800, Luis Chamberlain wrote: > On Tue, Jan 11, 2022 at 12:37:45PM +0100, Michal Suchanek wrote: > > diff --git a/include/linux/verification.h b/include/linux/verification.h > > index a655923335ae..32db9287a7b0 100644 > > --- a/include/linux/verification.h > > +++ b/include/linux/verification.h > > @@ -60,5 +60,8 @@ extern int verify_pefile_signature(const void *pebuf, unsigned pelen, > > enum key_being_used_for usage); > > #endif > > > > +int verify_appended_signature(const void *data, unsigned long *len, > > + struct key *trusted_keys, const char *what); > > + > > Looks very non-module specific. Which it is now that the same signature format is used for kernels. > > > diff --git a/kernel/module_signing.c b/kernel/module_signing.c > > index 8723ae70ea1f..30149969f21f 100644 > > --- a/kernel/module_signing.c > > +++ b/kernel/module_signing.c > > @@ -14,32 +14,38 @@ > > #include > > #include "module-internal.h" > > > > -/* > > - * Verify the signature on a module. > > +/** > > + * verify_appended_signature - Verify the signature on a module with the > > + * signature marker stripped. > > + * @data: The data to be verified > > + * @len: Size of @data. > > + * @trusted_keys: Keyring to use for verification > > + * @what: Informational string for log messages > > */ > > -int mod_verify_sig(const void *mod, struct load_info *info) > > +int verify_appended_signature(const void *data, unsigned long *len, > > + struct key *trusted_keys, const char *what) > > { > > - struct module_signature ms; > > - size_t sig_len, modlen = info->len; > > + struct module_signature *ms; > > There goes the abstraction, so why not make this clear where we re-use > the struct module_signature for various things and call it as it is, > verify_mod_appended_signature() or some such? It sounds like the abstraction is actually improved by callers no longer dealing with struct module_signature when verifying signature on a kernel. That is the structure is misnamed but it is now hidden behind an abstraction. Or am I missing something? Thanks Michal