Linux uses either PKCS #7 or CMS for signing modules (see
scripts/sign-file.c). CMS is not supported by LibreSSL or older OpenSSL,
so PKCS #7 is used on systems with these libcrypto providers.
CMS and PKCS #7 formats are very similar. CMS is newer but is as much as
possible backward compatible with PKCS #7 [1]. PKCS #7 is supported in
the latest OpenSSL as well as CMS. The fields used for signing kernel
modules are supported both in PKCS #7 and CMS.
For now modinfo uses CMS with no alternative requiring OpenSSL 1.1.0 or
newer.
Use PKCS #7 for parsing module signature information, so that modinfo
could be used both with OpenSSL and LibreSSL.
[1] https://tools.ietf.org/html/rfc5652#section-1.1
Changes v1->v2:
- Don't use ifdefs for keeping redundant CMS code, just use PKCS #7 both
with OpenSSL and LibreSSL.
Signed-off-by: Stefan Strogin <steils@gentoo.org>
The patch adds data fetching from the PKCS#7 certificate using
openssl library (which is used by scripts/sign-file.c in the linux
kernel to sign modules).
In general the certificate can contain many signatures, but since
kmod (modinfo) supports only one signature at the moment, only first
one is taken.
With the current sign-file.c certificate doesn't contain signer
key's fingerprint, so "serial number" is used for the key id.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
when PKC#7 signing method is used the old structure doesn't contain
any useful data, but the data are encoded in the certificate.
The info getting/showing code is not aware of that at the moment and
since 0 is a valid constant, shows, for example, wrong "md4" for the
hash algo.
The patch splits the 2 mothods of gethering the info and reports
"unknown" for the algo.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
Signature was ignored from the modinfo. Implement its parsing
from the module data and add its output to the modinfo utility.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
A segmentation fault occurs if a module has an empty key attached to
its signature. This is mostly likely due to a corrupted module.
The crash happens because kmod_module_get_info() assumes that
kmod_module_signature_info() returns a signature of at least 1 byte.
The fix is based on a patch from Tobias Stoeckmann
<tobias@stoeckmann.org>, but rather than changing kmod_module_get_info()
to fix the crash, this changes kmod_module_signature_info() to
consider the signature as invalid.
If kmod has been configured with --disable-largefile on a 32 bit
system, off_t will be 32 bit. In that case, the parsed sig_len can
bypass a validation check (it's _unsigned_ 32 bit).
Due to the unlikeliness of people using --disable-largefile, this is
a mere validation fix. With an explicit signed 64 bit cast, there is
no binary change for 99.9% of Linux systems out there. ;)
It has changed in the past, and these days, anyone can get a copy of the
LGPL via the web rather than by post.
Like 657a122 (Remove FSF mailing address) in libabc by Josh Tripplet,
but let the FSF website in which the license can be found.
Older systems may not have the be32toh function defined. Check for this
and fall back to checking the endianness and calling bswap_32 directly
if needed. This works on both old and new systems.
[Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>:
address comments raised by Lucas De Marchi [1], update commit message]
[1] http://www.spinics.net/lists/linux-modules/msg01129.html
From Jan Engelhardt:
Program received signal SIGBUS, Bus error.
[Switching to process 11100]
0x00035278 in kmod_module_signature_info (file=0x4eeb8, sig_info=0xffffc254)
at libkmod/libkmod-signature.c:124
124 sig_len = be32toh(modsig->sig_len);
(gdb) p modsig
$1 = (const struct module_signature *) 0xf7dfe143
modsig->sig_len can be unaligned if modsig is unaligned, so the padding
in the struct has no effect since we are mapping it to the mem buffer.
If the module is built with CONFIG_MODULE_SIG, add the the signer's
name, hexadecimal key id and hash algorithm to the list returned in
kmod_module_get_info(). The modinfo output then looks like this:
filename: /home/mmarek/kmod/testsuite/rootfs-pristine/test-modinfo/ext4-x86_64-sha256.ko
license: GPL
description: Fourth Extended Filesystem
author: Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others
alias: ext3
alias: ext2
depends: mbcache,jbd2
intree: Y
vermagic: 3.7.0 SMP mod_unload
signer: Magrathea: Glacier signing key
sig_key: E3:C8:FC:A7:3F:B3:1D:DE:84:81:EF:38:E3:4C:DE:4B:0C:FD:1B:F9
sig_hashalgo: sha256
The signature algorithm (RSA) and key identifier type (X509) are not
displayed, because they are constant information for every signed
module. But it would be trivial to add this. Note: No attempt is made at
verifying the signature, I don't think that modinfo is the right tool
for this.
Stefan Strogin
Yauheni Kaliuta
Lucas De Marchi
Tobias Stoeckmann
Randy MacLeod
Michal Marek