* [PATCH 1/2 v2] lib/crypto: Enable more algorithms in cert verification
@ 2022-01-19 11:54 Ilias Apalodimas
2022-01-19 11:54 ` [PATCH 2/2 v2] efi_loader: Ignore sha1 on signature verification Ilias Apalodimas
0 siblings, 1 reply; 3+ messages in thread
From: Ilias Apalodimas @ 2022-01-19 11:54 UTC (permalink / raw)
To: xypron.glpk, takahiro.akashi; +Cc: Ilias Apalodimas, Alexander Graf, u-boot
Right now the code explicitly limits us to sha1,256 hashes with RSA2048
encryption. But the limitation is artificial since U-Boot supports
a wider range of algorithms.
The internal image_get_[checksum|crypto]_algo() functions expect an
argument in the format of <checksum>,<crypto>. So let's remove the size
checking and create the needed string on the fly in order to support
more hash/signing combinations.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
changes since v1:
- added patch [2/2] explicitly disabling sha1
- removed a TODO comment
- added a print notifying wrt to image_get_(checksum|crypto)_algo usage
lib/crypto/public_key.c | 35 ++++++++++++++++-------------------
1 file changed, 16 insertions(+), 19 deletions(-)
diff --git a/lib/crypto/public_key.c b/lib/crypto/public_key.c
index df6033cdb499..3671ed138559 100644
--- a/lib/crypto/public_key.c
+++ b/lib/crypto/public_key.c
@@ -97,6 +97,7 @@ int public_key_verify_signature(const struct public_key *pkey,
const struct public_key_signature *sig)
{
struct image_sign_info info;
+ char algo[256];
int ret;
pr_devel("==>%s()\n", __func__);
@@ -108,30 +109,26 @@ int public_key_verify_signature(const struct public_key *pkey,
return -EINVAL;
memset(&info, '\0', sizeof(info));
+ memset(algo, 0, sizeof(algo));
info.padding = image_get_padding_algo("pkcs-1.5");
- /*
- * Note: image_get_[checksum|crypto]_algo takes a string
- * argument like "<checksum>,<crypto>"
- * TODO: support other hash algorithms
- */
- if (strcmp(sig->pkey_algo, "rsa") || (sig->s_size * 8) != 2048) {
- pr_warn("Encryption is not RSA2048: %s%d\n",
- sig->pkey_algo, sig->s_size * 8);
- return -ENOPKG;
- }
- if (!strcmp(sig->hash_algo, "sha1")) {
- info.checksum = image_get_checksum_algo("sha1,rsa2048");
- info.name = "sha1,rsa2048";
- } else if (!strcmp(sig->hash_algo, "sha256")) {
- info.checksum = image_get_checksum_algo("sha256,rsa2048");
- info.name = "sha256,rsa2048";
- } else {
- pr_warn("unknown msg digest algo: %s\n", sig->hash_algo);
+ if (strcmp(sig->pkey_algo, "rsa")) {
+ pr_err("Encryption is not RSA: %s\n", sig->pkey_algo);
return -ENOPKG;
}
+ ret = snprintf(algo, sizeof(algo), "%s,%s%d", sig->hash_algo,
+ sig->pkey_algo, sig->s_size * 8);
+
+ if (ret >= sizeof(algo))
+ return -EINVAL;
+
+ info.checksum = image_get_checksum_algo((const char *)algo);
+ info.name = (const char *)algo;
info.crypto = image_get_crypto_algo(info.name);
- if (IS_ERR(info.checksum) || IS_ERR(info.crypto))
+ if (!info.checksum || !info.crypto) {
+ pr_err("<%s> not supported on image_get_(checksum|crypto)_algo()\n",
+ algo);
return -ENOPKG;
+ }
info.key = pkey->key;
info.keylen = pkey->keylen;
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2 v2] efi_loader: Ignore sha1 on signature verification
2022-01-19 11:54 [PATCH 1/2 v2] lib/crypto: Enable more algorithms in cert verification Ilias Apalodimas
@ 2022-01-19 11:54 ` Ilias Apalodimas
2022-01-19 15:03 ` Ilias Apalodimas
0 siblings, 1 reply; 3+ messages in thread
From: Ilias Apalodimas @ 2022-01-19 11:54 UTC (permalink / raw)
To: xypron.glpk, takahiro.akashi; +Cc: Ilias Apalodimas, Alexander Graf, u-boot
Since SHA1 has know collisions disable it on EFI verification for
variables and executables
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
lib/efi_loader/efi_signature.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
index 6e3ee3c0c004..1903adc89ed0 100644
--- a/lib/efi_loader/efi_signature.c
+++ b/lib/efi_loader/efi_signature.c
@@ -476,6 +476,11 @@ bool efi_signature_verify(struct efi_image_regions *regs,
if (ret < 0 || !signer)
goto out;
+ if (!strcmp(signer->sig->hash_algo, "sha1")) {
+ pr_err("SHA1 support is disabled for EFI\n");
+ goto out;
+ }
+
if (sinfo->blacklisted)
goto out;
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 2/2 v2] efi_loader: Ignore sha1 on signature verification
2022-01-19 11:54 ` [PATCH 2/2 v2] efi_loader: Ignore sha1 on signature verification Ilias Apalodimas
@ 2022-01-19 15:03 ` Ilias Apalodimas
0 siblings, 0 replies; 3+ messages in thread
From: Ilias Apalodimas @ 2022-01-19 15:03 UTC (permalink / raw)
To: xypron.glpk, takahiro.akashi; +Cc: Alexander Graf, u-boot
Heinrich
Replying to myself here but...
On Wed, 19 Jan 2022 at 13:54, Ilias Apalodimas
<ilias.apalodimas@linaro.org> wrote:
>
> Since SHA1 has know collisions disable it on EFI verification for
> variables and executables
>
> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> ---
> lib/efi_loader/efi_signature.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
> index 6e3ee3c0c004..1903adc89ed0 100644
> --- a/lib/efi_loader/efi_signature.c
> +++ b/lib/efi_loader/efi_signature.c
> @@ -476,6 +476,11 @@ bool efi_signature_verify(struct efi_image_regions *regs,
> if (ret < 0 || !signer)
> goto out;
>
> + if (!strcmp(signer->sig->hash_algo, "sha1")) {
> + pr_err("SHA1 support is disabled for EFI\n");
> + goto out;
> + }
> +
> if (sinfo->blacklisted)
> goto out;
>
> --
> 2.30.2
>
This patch gets the job done, but rejects the sha1 cert signed images
overall without checking db or dbx. Since I am planning to refactor
the secure boot checking sequence a bit, it would make more sense for
me to fix this in a less hacky way in upcoming patches. You can ofc
pickup 1/2 whic is fixing an actual issue.
Cheers
/Ilias
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-01-19 15:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-19 11:54 [PATCH 1/2 v2] lib/crypto: Enable more algorithms in cert verification Ilias Apalodimas
2022-01-19 11:54 ` [PATCH 2/2 v2] efi_loader: Ignore sha1 on signature verification Ilias Apalodimas
2022-01-19 15:03 ` Ilias Apalodimas
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.