From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755893AbbESSkU (ORCPT ); Tue, 19 May 2015 14:40:20 -0400 Received: from e23smtp08.au.ibm.com ([202.81.31.141]:49656 "EHLO e23smtp08.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753471AbbESSkQ (ORCPT ); Tue, 19 May 2015 14:40:16 -0400 Message-ID: <1432060749.4510.155.camel@linux.vnet.ibm.com> Subject: Re: [PATCH 10/8] modsign: Allow password to be specified for signing key From: Mimi Zohar To: David Woodhouse Cc: dhowells@redhat.com, rusty@rustcorp.com.au, mmarek@suse.cz, mjg59@srcf.ucam.org, keyrings@linux-nfs.org, dmitry.kasatkin@gmail.com, mcgrof@suse.com, linux-kernel@vger.kernel.org, seth.forshee@canonical.com, linux-security-module@vger.kernel.org Date: Tue, 19 May 2015 14:39:09 -0400 In-Reply-To: <1432046758.3277.36.camel@infradead.org> References: <20150515123513.16723.96340.stgit@warthog.procyon.org.uk> <1432046758.3277.36.camel@infradead.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.10 (3.12.10-1.fc21) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 15051918-0029-0000-0000-000001929A1D Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2015-05-19 at 15:45 +0100, David Woodhouse wrote: > We don't want this in the Kconfig since it might then get exposed in > /proc/config.gz. So make it a parameter to Kbuild instead. This also > means we don't have to jump through hoops to strip quotes from it, as > we would if it was a config option. Definitely better. (FYI, Dmitry's modsig patches from 2012 used the keyring for safely storing a password. ) Mimi > Signed-off-by: David Woodhouse > --- > Documentation/kbuild/kbuild.txt | 5 +++++ > Documentation/module-signing.txt | 3 +++ > scripts/sign-file.c | 27 ++++++++++++++++++++++++++- > 3 files changed, 34 insertions(+), 1 deletion(-) > > diff --git a/Documentation/kbuild/kbuild.txt b/Documentation/kbuild/kbuild.txt > index 6466704..0ff6a46 100644 > --- a/Documentation/kbuild/kbuild.txt > +++ b/Documentation/kbuild/kbuild.txt > @@ -174,6 +174,11 @@ The output directory is often set using "O=..." on the commandline. > > The value can be overridden in which case the default value is ignored. > > +KBUILD_SIGN_PIN > +-------------------------------------------------- > +This variable allows a passphrase or PIN to be passed to the sign-file > +utility when signing kernel modules, if the private key requires such. > + > KBUILD_MODPOST_WARN > -------------------------------------------------- > KBUILD_MODPOST_WARN can be set to avoid errors in case of undefined > diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt > index c72702e..faaa6ea 100644 > --- a/Documentation/module-signing.txt > +++ b/Documentation/module-signing.txt > @@ -194,6 +194,9 @@ The hash algorithm used does not have to match the one configured, but if it > doesn't, you should make sure that hash algorithm is either built into the > kernel or can be loaded without requiring itself. > > +If the private key requires a passphrase or PIN, it can be provided in the > +$KBUILD_SIGN_PIN environment variable. > + > > ============================ > SIGNED MODULES AND STRIPPING > diff --git a/scripts/sign-file.c b/scripts/sign-file.c > index 39aaabe..720b9bc 100755 > --- a/scripts/sign-file.c > +++ b/scripts/sign-file.c > @@ -80,6 +80,27 @@ static void drain_openssl_errors(void) > } \ > } while(0) > > +static const char *key_pass; > + > +static int pem_pw_cb(char *buf, int len, int w, void *v) > +{ > + int pwlen; > + > + if (!key_pass) > + return -1; > + > + pwlen = strlen(key_pass); > + if (pwlen >= len) > + return -1; > + > + strcpy(buf, key_pass); > + > + /* If it's wrong, don't keep trying it. */ > + key_pass = NULL; > + > + return pwlen; > +} > + > int main(int argc, char **argv) > { > struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; > @@ -96,9 +117,12 @@ int main(int argc, char **argv) > BIO *b, *bd = NULL, *bm; > int opt, n; > > + OpenSSL_add_all_algorithms(); > ERR_load_crypto_strings(); > ERR_clear_error(); > > + key_pass = getenv("KBUILD_SIGN_PIN"); > + > do { > opt = getopt(argc, argv, "dp"); > switch (opt) { > @@ -132,7 +156,8 @@ int main(int argc, char **argv) > */ > b = BIO_new_file(private_key_name, "rb"); > ERR(!b, "%s", private_key_name); > - private_key = PEM_read_bio_PrivateKey(b, NULL, NULL, NULL); > + private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb, NULL); > + ERR(!private_key, "%s", private_key_name); > BIO_free(b); > > b = BIO_new_file(x509_name, "rb"); > -- > 2.4.0 > >