On Mon, Jan 21, 2013 at 02:32:53PM +0000, David Howells wrote:
> Michal Marek <mmarek@xxxxxxx> wrote:
>
> > So do you think that it makes sense to display the name of the signature
> > algorithm in modinfo?
>
> It's perhaps not doing it for now - or only do it if it's not X.509 and RSA
> perhaps.
Like this?
>From 6d7d34cff635e9d3689c9eebb1d440f2ce0dc72d Mon Sep 17 00:00:00 2001
From: Michal Marek <mmarek@xxxxxxx>
Date: Mon, 21 Jan 2013 15:59:37 +0100
Subject: [PATCH] libkmod: Return unknown signature information as "unknown"
This helps in case the kernel supports more module signature types in
the future. For the same reason, return the signature algorithm name
and the identifier type if it is different than RSA and X509,
respectively.
---
libkmod/libkmod-module.c | 24 +++++++++++++++++++-----
libkmod/libkmod-signature.c | 26 +++++++++++++++++++-------
2 files changed, 38 insertions(+), 12 deletions(-)
diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
index b1d40b1..6dba389 100644
--- a/libkmod/libkmod-module.c
+++ b/libkmod/libkmod-module.c
@@ -2122,7 +2122,8 @@ static struct kmod_list *kmod_module_info_append(struct kmod_list **list, const
* alias, license, depends, vermagic and other keys with respective
* values. If the module is signed (CONFIG_MODULE_SIG), information
* about the module signature is included as well: signer,
- * sig_key and sig_hashalgo.
+ * sig_key, sig_hashalgo, and, if different from the default values "RSA"
+ * and "X509", sig_algo and sig_idtype.
*
* After use, free the @list by calling kmod_module_info_free_list().
*
@@ -2196,6 +2197,15 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
goto list_error;
count++;
+ if (sig_info.algo) {
+ n = kmod_module_info_append(list,
+ "sig_algo", strlen("sig_algo"),
+ sig_info.algo, strlen(sig_info.algo));
+ if (n == NULL)
+ goto list_error;
+ count++;
+ }
+
n = kmod_module_info_append(list,
"sig_hashalgo", strlen("sig_hashalgo"),
sig_info.hash_algo, strlen(sig_info.hash_algo));
@@ -2203,10 +2213,14 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
goto list_error;
count++;
- /*
- * Omit sig_info.id_type and sig_info.algo for now, as these
- * are currently constant.
- */
+ if (sig_info.id_type) {
+ n = kmod_module_info_append(list,
+ "sig_idtype", strlen("sig_idtype"),
+ sig_info.id_type, strlen(sig_info.id_type));
+ if (n == NULL)
+ goto list_error;
+ count++;
+ }
}
ret = count;
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 6b80caa..2e4c9bf 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -117,10 +117,6 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
return false;
size -= sizeof(struct module_signature);
modsig = (struct module_signature *)(mem + size);
- if (modsig->algo >= PKEY_ALGO__LAST ||
- modsig->hash >= PKEY_HASH__LAST ||
- modsig->id_type >= PKEY_ID_TYPE__LAST)
- return false;
sig_len = be32toh(modsig->sig_len);
if (size < (off_t)(modsig->signer_len + modsig->key_id_len + sig_len))
return false;
@@ -133,9 +129,25 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
sig_info->signer = mem + size;
sig_info->signer_len = modsig->signer_len;
- sig_info->algo = pkey_algo[modsig->algo];
- sig_info->hash_algo = pkey_hash_algo[modsig->hash];
- sig_info->id_type = pkey_id_type[modsig->id_type];
+ if (modsig->algo == PKEY_ALGO_RSA)
+ /*
+ * Current kernels only support RSA, exclude it to not
+ * pollute modinfo output with obvious information.
+ */
+ sig_info->algo = NULL;
+ else
+ sig_info->algo = modsig->algo < PKEY_ALGO__LAST ?
+ pkey_algo[modsig->algo] : "unknown";
+
+ sig_info->hash_algo = modsig->hash < PKEY_HASH__LAST ?
+ pkey_hash_algo[modsig->hash] : "unknown";
+
+ if (modsig->id_type == PKEY_ID_X509)
+ /* Current kernels only support X.509. */
+ sig_info->id_type = NULL;
+ else
+ sig_info->id_type = modsig->id_type < PKEY_ID_TYPE__LAST ?
+ pkey_id_type[modsig->id_type] : "unknown";
return true;
}
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe linux-modules" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
