from:"lee joey"

Re: [PATCH] X.509: Fix test for self-signed certificate

2016-02-16 Thread lee joey

2016-02-11 21:34 GMT+08:00 Michal Marek :
> If either the Subject + subjectKeyId or the Issuer + Serial number
> differs between the certificate and the CA, the certificate is not
> self-signed. In practice, both will be equal for self-signed
> certificates and both will differ for CA-signed certificates. It is only
> an issue if the CA used the same serial number for its own self-signed
> certificate and the certificate we are checking. This is probably not
> valid / recommended, but we should not assume that the certificate is
> self-signed because of that.
>
> Fixes: 4573b64a31cd ("X.509: Support X.509 lookup by Issuer+Serial form 
> AuthorityKeyIdentifier")
> Signed-off-by: Michal Marek 

Tested-by: Lee, Chun-Yi 


Regards

Joey Lee

> ---
>  crypto/asymmetric_keys/x509_public_key.c | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/crypto/asymmetric_keys/x509_public_key.c 
> b/crypto/asymmetric_keys/x509_public_key.c
> index 7092d5cbb5d3..2c46e022a2a3 100644
> --- a/crypto/asymmetric_keys/x509_public_key.c
> +++ b/crypto/asymmetric_keys/x509_public_key.c
> @@ -308,9 +308,10 @@ static int x509_key_preparse(struct 
> key_preparsed_payload *prep)
> cert->pub->id_type = PKEY_ID_X509;
>
> /* Check the signature on the key if it appears to be self-signed */
> -   if ((!cert->akid_skid && !cert->akid_id) ||
> -   asymmetric_key_id_same(cert->skid, cert->akid_skid) ||
> -   asymmetric_key_id_same(cert->id, cert->akid_id)) {
> +   if ((!cert->akid_skid ||
> +   asymmetric_key_id_same(cert->skid, cert->akid_skid)) 
> &&
> +   (!cert->akid_id ||
> +   asymmetric_key_id_same(cert->id, cert->akid_id))) {
> ret = x509_check_signature(cert->pub, cert); /* self-signed */
> if (ret < 0)
> goto error_free_cert;
> --
> 2.1.4
>

Re: [PATCH] X.509: Fix test for self-signed certificate

2016-02-16 Thread lee joey

2016-02-11 21:34 GMT+08:00 Michal Marek :
> If either the Subject + subjectKeyId or the Issuer + Serial number
> differs between the certificate and the CA, the certificate is not
> self-signed. In practice, both will be equal for self-signed
> certificates and both will differ for CA-signed certificates. It is only
> an issue if the CA used the same serial number for its own self-signed
> certificate and the certificate we are checking. This is probably not
> valid / recommended, but we should not assume that the certificate is
> self-signed because of that.
>
> Fixes: 4573b64a31cd ("X.509: Support X.509 lookup by Issuer+Serial form 
> AuthorityKeyIdentifier")
> Signed-off-by: Michal Marek 

Tested-by: Lee, Chun-Yi 


Regards

Joey Lee

> ---
>  crypto/asymmetric_keys/x509_public_key.c | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/crypto/asymmetric_keys/x509_public_key.c 
> b/crypto/asymmetric_keys/x509_public_key.c
> index 7092d5cbb5d3..2c46e022a2a3 100644
> --- a/crypto/asymmetric_keys/x509_public_key.c
> +++ b/crypto/asymmetric_keys/x509_public_key.c
> @@ -308,9 +308,10 @@ static int x509_key_preparse(struct 
> key_preparsed_payload *prep)
> cert->pub->id_type = PKEY_ID_X509;
>
> /* Check the signature on the key if it appears to be self-signed */
> -   if ((!cert->akid_skid && !cert->akid_id) ||
> -   asymmetric_key_id_same(cert->skid, cert->akid_skid) ||
> -   asymmetric_key_id_same(cert->id, cert->akid_id)) {
> +   if ((!cert->akid_skid ||
> +   asymmetric_key_id_same(cert->skid, cert->akid_skid)) 
> &&
> +   (!cert->akid_id ||
> +   asymmetric_key_id_same(cert->id, cert->akid_id))) {
> ret = x509_check_signature(cert->pub, cert); /* self-signed */
> if (ret < 0)
> goto error_free_cert;
> --
> 2.1.4
>

Re: [PATCH RFC 0/4] Add firmware signature file check

2012-11-05 Thread lee joey

2012/11/6 Ming Lei :
> On Tue, Nov 6, 2012 at 1:18 AM, Takashi Iwai  wrote:
>>
>> To be noted, it doesn't support the firmwares via udev but only the
>> direct loading, and the check for built-in firmware is missing, too.
>
> Generally, both direct loading and udev may request one same firmware
> image. And after check failed, current firmware load will fallback on udev
> to complete loading, so looks a check-failed firmware still can be loaded
> into kernel no matter if there is firmware signature check or not.
>
>
> Thanks,
> --
> Ming Lei
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

The udev direct write firmware through data attribute, maybe we can do
the same signature verification in firmware_data_write? The following
patch didn't test yet.


Thanks
Joey Lee

>From 035dde5fadc9e7f4b7811b18d3a5094ef88e8bbb Mon Sep 17 00:00:00 2001
From: Lee, Chun-Yi 
Date: Tue, 6 Nov 2012 13:07:04 +0800
Subject: [PATCH] firmware: Add signature check to firmware_data_write

---
 drivers/base/firmware_class.c |   18 ++
 1 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
index 8945f4e..40d8cc6 100644
--- a/drivers/base/firmware_class.c
+++ b/drivers/base/firmware_class.c
@@ -621,6 +621,7 @@ static ssize_t firmware_data_write(struct file
*filp, struct kobject *kobj,
struct firmware_priv *fw_priv = to_firmware_priv(dev);
struct firmware_buf *buf;
ssize_t retval;
+   bool success = false;

if (!capable(CAP_SYS_RAWIO))
return -EPERM;
@@ -655,6 +656,23 @@ static ssize_t firmware_data_write(struct file
*filp, struct kobject *kobj,
}

buf->size = max_t(size_t, offset, buf->size);
+
+#ifdef CONFIG_FIRMWARE_SIG
+   for (i = 0; i < ARRAY_SIZE(fw_path); i++) {
+   snprintf(path, PATH_MAX, "%s/%s.sig", fw_path[i], buf->fw_id);
+   if (verify_signature(buf, path))
+   success = true;
+   }
+   if (!success) {
+   pr_err("Invalid signature file %s\n", path);
+   if (sig_enforce) {
+   vfree(buf->data);
+   buf->data = NULL;
+   buf->size = 0;
+   }
+   retval = -ENOENT;
+   }
+#endif /* CONFIG_FIRMWARE_SIG */
 out:
mutex_unlock(_lock);
return retval;
-- 
1.6.4.2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH RFC 0/4] Add firmware signature file check

2012-11-05 Thread lee joey

2012/11/6 Ming Lei tom.leim...@gmail.com:
 On Tue, Nov 6, 2012 at 1:18 AM, Takashi Iwai ti...@suse.de wrote:

 To be noted, it doesn't support the firmwares via udev but only the
 direct loading, and the check for built-in firmware is missing, too.

 Generally, both direct loading and udev may request one same firmware
 image. And after check failed, current firmware load will fallback on udev
 to complete loading, so looks a check-failed firmware still can be loaded
 into kernel no matter if there is firmware signature check or not.


 Thanks,
 --
 Ming Lei
 --
 To unsubscribe from this list: send the line unsubscribe linux-kernel in
 the body of a message to majord...@vger.kernel.org
 More majordomo info at  http://vger.kernel.org/majordomo-info.html
 Please read the FAQ at  http://www.tux.org/lkml/

The udev direct write firmware through data attribute, maybe we can do
the same signature verification in firmware_data_write? The following
patch didn't test yet.


Thanks
Joey Lee

From 035dde5fadc9e7f4b7811b18d3a5094ef88e8bbb Mon Sep 17 00:00:00 2001
From: Lee, Chun-Yi j...@suse.com
Date: Tue, 6 Nov 2012 13:07:04 +0800
Subject: [PATCH] firmware: Add signature check to firmware_data_write

---
 drivers/base/firmware_class.c |   18 ++
 1 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
index 8945f4e..40d8cc6 100644
--- a/drivers/base/firmware_class.c
+++ b/drivers/base/firmware_class.c
@@ -621,6 +621,7 @@ static ssize_t firmware_data_write(struct file
*filp, struct kobject *kobj,
struct firmware_priv *fw_priv = to_firmware_priv(dev);
struct firmware_buf *buf;
ssize_t retval;
+   bool success = false;

if (!capable(CAP_SYS_RAWIO))
return -EPERM;
@@ -655,6 +656,23 @@ static ssize_t firmware_data_write(struct file
*filp, struct kobject *kobj,
}

buf-size = max_t(size_t, offset, buf-size);
+
+#ifdef CONFIG_FIRMWARE_SIG
+   for (i = 0; i  ARRAY_SIZE(fw_path); i++) {
+   snprintf(path, PATH_MAX, %s/%s.sig, fw_path[i], buf-fw_id);
+   if (verify_signature(buf, path))
+   success = true;
+   }
+   if (!success) {
+   pr_err(Invalid signature file %s\n, path);
+   if (sig_enforce) {
+   vfree(buf-data);
+   buf-data = NULL;
+   buf-size = 0;
+   }
+   retval = -ENOENT;
+   }
+#endif /* CONFIG_FIRMWARE_SIG */
 out:
mutex_unlock(fw_lock);
return retval;
-- 
1.6.4.2
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] X.509: Fix test for self-signed certificate

Re: [PATCH] X.509: Fix test for self-signed certificate

Re: [PATCH RFC 0/4] Add firmware signature file check

Re: [PATCH RFC 0/4] Add firmware signature file check

4 matches

Site Navigation

Mail list logo

Footer information