Hi everyone
I'm following the discussion of using Sequoia PGP for rpm.
Recently, I submitted a patch set for the kernel to support new keys
and signature formats transparently. Parsing those formats is offloaded
to user space. The kernel gets from user space only minimal
information: the public key or signature, the algorithm, the key
fingerprint, etc.
This is the link of the patch set:
https://lore.kernel.org/bpf/20230425173557.724688-1-roberto.sassu@huaweiclo…
I was wondering if Sequoia PGP can be used on user space side. It gets
the key or signature blob, parses them, and replies to the kernel with
the information the latter needs.
I had a brief look at the documentation of the openpgp crate, and maybe
it could be done, but I don't have a precise idea.
Just wanted to ask your opinion on this, as the part of Sequoia PGP I
would need is very minimal (the parsing part). Also the binary itself
should be statically linked (I aim to execute it early in the boot to
load the GPG keys of the Linux distribution to the kernel).
Another point would be to avoid external dependencies, like a crypto
library, and to use the kernel Crypto API instead (through
socket(AF_ALG) in user space). Not the highest priority (as it would
require to rewrite some parts of your library), but nice to have.
What do you think?
Thanks
Roberto
Hi Kernel Crypto folks,
I've got a question about the Kernel Crypto API.
I'm working on adding a cryptographic backend based on the Kernel Crypto
API to Sequoia PGP [0][1]. Sequoia supports several cryptographical
backends already but using Kernel Crypto would allow us to significantly
reduce dependencies when running on Linux.
After implementing hashes, AEAD encryption and symmetric ciphers, I
noticed that the libkcapi API for asymmetric ciphers (and ECDH) is not
working. The libkcapi maintainer kindly explained [2] that the patches
that they proposed for inclusion in the kernel [3] were not merged.
I looked up the relevant thread [4], read it thoroughly and from what I
can see most of the arguments are about private keys not being
sufficiently protected and extensibility concerns with regards to keys
stored in hardware security modules (TPMs etc.).
However, these are mostly irrelevant to the Sequoia PGP use case, since
private keys in software that we read do not need additional protection
(as they are available for software anyway). We'd still like to use them
for signing, decryption, verification and encryption. As for keys stored
in HSMs we handle access to them in userland via our keystore module [5].
My question is: Would it be possible to revisit the decision to expose
operations with asymmetric keys (including ECDH) in Linux Crypto thus
allowing libkcapi to work with non-patched kernels?
I'd like to help make this happen and I think there are other projects
that are interested in a complete cryptographic suite of Kernel Crypto
functions available in user-land.
Thank you for your time!
Kind regards,
Wiktor
[0]: https://gitlab.com/sequoia-pgp/sequoia/-/issues/1030
[1]:
https://lists.sequoia-pgp.org/hyperkitty/list/devel@lists.sequoia-pgp.org/t…
[2]: https://github.com/smuellerDD/libkcapi/issues/164
[3]:
https://github.com/smuellerDD/libkcapi/blob/master/kernel-patches/4.15-rc3/…
[4]:
https://lkml.kernel.org/lkml/9859277.cZClo5B21s@tauon.atsec.com/T/#m0dfdbd3…
[5]: https://gitlab.com/sequoia-pgp/sequoia-keystore
From: Roberto Sassu <roberto.sassu(a)huawei.com>
Define a new TLV-based format for keys and signatures, aiming to store and
use in the kernel the crypto material from other unsupported formats
(e.g. PGP).
TLV fields have been defined to fill the corresponding kernel structures
public_key, public_key_signature and key_preparsed_payload.
Keys:
struct public_key { struct key_preparsed_payload {
KEY_PUB --> void *key;
u32 keylen; --> prep->payload.data[asym_crypto]
KEY_ALGO --> const char *pkey_algo;
KEY_KID0
KEY_KID1 ---------------------------> prep->payload.data[asym_key_ids]
KEY_KID2
KEY_DESC ---------------------------> prep->description
Signatures:
struct public_key_signature {
SIG_S --> u8 *s;
u32 s_size;
SIG_KEY_ALGO --> const char *pkey_algo;
SIG_HASH_ALGO --> const char *hash_algo;
u32 digest_size;
SIG_ENC --> const char *encoding;
SIG_KID0
SIG_KID1 --> struct asymmetric_key_id *auth_ids[3];
SIG_KID2
For keys, since the format conversion has to be done in user space, user
space is assumed to be trusted, in this proposal. Without this assumption,
a malicious conversion tool could make a user load to the kernel a
different key than the one expected.
That should not be a particular problem for keys that are embedded in the
kernel image and loaded at boot, since the conversion happens in a trusted
environment such as the building infrastructure of the Linux distribution
vendor.
In the other cases, such as enrolling a key through the Machine Owner Key
(MOK) mechanism, the user is responsible to ensure that the crypto material
carried in the original format remains the same after the conversion.
For signatures, assuming the strength of the crypto algorithms, altering
the crypto material is simply a Denial-of-Service (DoS), as data can be
validated only with the right signature.
This patch set also offers the following contributions:
- A library for parsing TLV-formatted data, usable also by other kernel
subsystems
- An API similar to the PKCS#7 one, to verify the authenticity of system
data through user asymmetric keys and signatures
- IMA support for user asymmetric keys and signatures embedded in a
module-style appended signature (through the new API)
- A mechanism to store a keyring blob in the kernel image and to extract
and load the keys at system boot
- A new command for gnupg (in user space), to convert keys and signatures
from PGP to the new kernel format
The primary use case for this patch set is to verify the authenticity of
RPM package headers with the PGP keys of the Linux distribution. Once their
authenticity is verified, file digests can be extracted from those RPM
headers and used as reference values for IMA Appraisal.
Compared to the previous patch set, the main difference is not relying on
User Mode Drivers (UMDs) for the conversion from the original format to the
kernel format, due to the concern that full isolation of the UMD process
cannot be achieved against a fully privileged system user (root).
The discussion is still ongoing here:
https://lore.kernel.org/linux-integrity/eb31920bd00e2c921b0aa6ebed8745cb013…
This however does not prevent the goal mentioned above of verifying the
authenticity of RPM headers to be achieved. The fact that Linux
distribution vendors do the conversion in their infrastructure is a good
enough guarantee.
A very quick way to test the patch set is to execute:
$ gpg --conv-kernel /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-rawhide-primary | keyctl padd asymmetric "" @u
$ keyctl show @u
Keyring
762357580 --alswrv 0 65534 keyring: _uid.0
567216072 --als--v 0 0 \_ asymmetric: PGP: 18b8e74c
Patch 1 introduces a common library for parsing TLV-formatted data. It is
generic enough to support other use cases other than this one.
Patches 2-3 preliminarly export some definitions to user space so that
conversion tools can specify the right public key algorithms and signature
encodings (digest algorithms are already exported).
Patches 4-5 introduce the user asymmetric keys and signatures.
Patches 6 introduces a system API for verifying the authenticity of system
data through user asymmetric keys and signatures.
Patch 7-8 introduce a mechanism to store a keyring blob with user
asymmetric keys in the kernel image, and load them at system boot.
Patch 9 adds support for verifying user asymmetric key signatures with IMA.
Patches 1-2 [GNUPG] introduce the new gpg command --conv-kernel to convert
PGP keys and signatures to the new kernel format.
Changelog
v2:
- Make the TLV parser a generic library and use it for user asymmetric keys
and signatures
- Modify types in TLV header and data to u64 (future-proof)
- Move struct uasym_sig_message definition to uasym_sig_parser.c
- Remove eBPF patches (nacked by Alexei)
- Add IMA patch to support modsigs with a user asymmetric key signature
v1:
- Remove useless check in validate_key() (suggested by Yonghong)
- Don't rely on User Mode Drivers for the conversion from the original
format to the kernel format
- Use the more extensible TLV format, instead of a fixed structure
Roberto Sassu (9):
lib: Add TLV parser
crypto: Export public key algorithm information
crypto: Export signature encoding information
KEYS: asymmetric: Introduce the user asymmetric key parser
KEYS: asymmetric: Introduce the user asymmetric key signature parser
verification: Add verify_uasym_signature() and
verify_uasym_sig_message()
KEYS: asymmetric: Preload user asymmetric keys from a keyring blob
KEYS: Introduce load_uasym_keyring()
ima: Support non-PKCS#7 modsig types
MAINTAINERS | 9 +
certs/Kconfig | 11 +
certs/Makefile | 7 +
certs/system_certificates.S | 18 +
certs/system_keyring.c | 166 ++++++-
crypto/Kconfig | 6 +
crypto/Makefile | 2 +
crypto/asymmetric_keys/Kconfig | 14 +
crypto/asymmetric_keys/Makefile | 8 +
crypto/asymmetric_keys/asymmetric_type.c | 3 +-
crypto/asymmetric_keys/uasym_key_parser.c | 240 ++++++++++
crypto/asymmetric_keys/uasym_key_preload.c | 102 +++++
crypto/asymmetric_keys/uasym_parser.h | 26 ++
crypto/asymmetric_keys/uasym_sig_parser.c | 497 +++++++++++++++++++++
crypto/pub_key_info.c | 20 +
crypto/sig_enc_info.c | 16 +
include/crypto/pub_key_info.h | 15 +
include/crypto/sig_enc_info.h | 15 +
include/crypto/uasym_keys_sigs.h | 81 ++++
include/keys/asymmetric-type.h | 1 +
include/linux/tlv_parser.h | 28 ++
include/linux/verification.h | 46 ++
include/uapi/linux/pub_key_info.h | 22 +
include/uapi/linux/sig_enc_info.h | 18 +
include/uapi/linux/tlv_parser.h | 59 +++
include/uapi/linux/uasym_parser.h | 59 +++
lib/Kconfig | 3 +
lib/Makefile | 3 +
lib/tlv_parser.c | 203 +++++++++
lib/tlv_parser.h | 17 +
security/integrity/ima/ima_modsig.c | 79 +++-
31 files changed, 1771 insertions(+), 23 deletions(-)
create mode 100644 crypto/asymmetric_keys/uasym_key_parser.c
create mode 100644 crypto/asymmetric_keys/uasym_key_preload.c
create mode 100644 crypto/asymmetric_keys/uasym_parser.h
create mode 100644 crypto/asymmetric_keys/uasym_sig_parser.c
create mode 100644 crypto/pub_key_info.c
create mode 100644 crypto/sig_enc_info.c
create mode 100644 include/crypto/pub_key_info.h
create mode 100644 include/crypto/sig_enc_info.h
create mode 100644 include/crypto/uasym_keys_sigs.h
create mode 100644 include/linux/tlv_parser.h
create mode 100644 include/uapi/linux/pub_key_info.h
create mode 100644 include/uapi/linux/sig_enc_info.h
create mode 100644 include/uapi/linux/tlv_parser.h
create mode 100644 include/uapi/linux/uasym_parser.h
create mode 100644 lib/tlv_parser.c
create mode 100644 lib/tlv_parser.h
--
2.34.1
From: Roberto Sassu <roberto.sassu(a)huawei.com>
Define a new TLV-based format for keys and signatures, aiming to store and
use in the kernel the crypto material from other unsupported formats
(e.g. PGP).
TLV fields have been defined to fill the corresponding kernel structures
public_key, public_key_signature and key_preparsed_payload.
Keys:
struct public_key { struct key_preparsed_payload {
KEY_PUB --> void *key;
u32 keylen; --> prep->payload.data[asym_crypto]
KEY_ALGO --> const char *pkey_algo;
KEY_KID0
KEY_KID1 --> prep->payload.data[asym_key_ids]
KEY_KID2
KEY_DESC --> prep->description
Signatures:
struct public_key_signature {
SIG_S --> u8 *s;
u32 s_size;
SIG_KEY_ALGO --> const char *pkey_algo;
SIG_HASH_ALGO --> const char *hash_algo;
u32 digest_size;
SIG_ENC --> const char *encoding;
SIG_KID0
SIG_KID1 --> struct asymmetric_key_id *auth_ids[3];
SIG_KID2
For keys, since the format conversion has to be done in user space, user
space is assumed to be trusted, in this proposal. Without this assumption,
a malicious conversion tool could make a user load to the kernel a
different key than the one expected.
That should not be a particular problem for keys that are embedded in the
kernel image and loaded at boot, since the conversion happens in a trusted
environment such as the building infrastructure of the Linux distribution
vendor.
In the other cases, such as enrolling a key through the Machine Owner Key
(MOK) mechanism, the user is responsible to ensure that the crypto material
carried in the original format remains the same after the conversion.
For signatures, assuming the strength of the crypto algorithms, altering
the crypto material is simply a Denial-of-Service (DoS), as data can be
validated only with the right signature.
This patch set also offers the following contributions:
- An API similar to the PKCS#7 one, to verify the authenticity of system
data through user asymmetric keys and signatures
- A mechanism to store a keyring blob in the kernel image and to extract
and load the keys at system boot
- eBPF binding, so that data authenticity verification with user asymmetric
keys and signatures can be carried out also with eBPF programs
- A new command for gnupg (in user space), to convert keys and signatures
from PGP to the new kernel format
The primary use case for this patch set is to verify the authenticity of
RPM package headers with the PGP keys of the Linux distribution. Once their
authenticity is verified, file digests can be extracted from those RPM
headers and used as reference values for IMA Appraisal.
Compared to the previous patch set, the main difference is not relying on
User Mode Drivers (UMDs) for the conversion from the original format to the
kernel format, due to the concern that full isolation of the UMD process
cannot be achieved against a fully privileged system user (root).
The discussion is still ongoing here:
https://lore.kernel.org/linux-integrity/eb31920bd00e2c921b0aa6ebed8745cb013…
This however does not prevent the goal mentioned above of verifying the
authenticity of RPM headers to be achieved. The fact that Linux
distribution vendors do the conversion in their infrastructure is a good
enough guarantee.
A very quick way to test the patch set is to execute:
# gpg --conv-kernel /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-rawhide-primary | keyctl padd asymmetric "" @u
# keyctl show @u
Keyring
762357580 --alswrv 0 65534 keyring: _uid.0
567216072 --als--v 0 0 \_ asymmetric: PGP: 18b8e74c
Patches 1-2 preliminarly export some definitions to user space so that
conversion tools can specify the right public key algorithms and signature
encodings (digest algorithms are already exported).
Patches 3-5 introduce the user asymmetric keys and signatures.
Patches 6 introduces a system API for verifying the authenticity of system
data through user asymmetric keys and signatures.
Patch 7-8 introduce a mechanism to store a keyring blob with user
asymmetric keys in the kernel image, and load them at system boot.
Patches 9-10 introduce the eBPF binding and corresponding test (which can
be enabled only after the gnupg patches are upstreamed).
Patches 1-2 [GNUPG] introduce the new gpg command --conv-kernel to convert
PGP keys and signatures to the new kernel format.
Changelog
v1:
- Remove useless check in validate_key() (suggested by Yonghong)
- Don't rely on User Mode Drivers for the conversion from the original
format to the kernel format
- Use the more extensible TLV format, instead of a fixed structure
Roberto Sassu (10):
crypto: Export public key algorithm information
crypto: Export signature encoding information
KEYS: asymmetric: Introduce a parser for user asymmetric keys and sigs
KEYS: asymmetric: Introduce the user asymmetric key parser
KEYS: asymmetric: Introduce the user asymmetric key signature parser
verification: Add verify_uasym_signature() and
verify_uasym_sig_message()
KEYS: asymmetric: Preload user asymmetric keys from a keyring blob
KEYS: Introduce load_uasym_keyring()
bpf: Introduce bpf_verify_uasym_signature() kfunc
selftests/bpf: Prepare a test for user asymmetric key signatures
MAINTAINERS | 1 +
certs/Kconfig | 11 +
certs/Makefile | 7 +
certs/system_certificates.S | 18 +
certs/system_keyring.c | 166 +++++-
crypto/Kconfig | 6 +
crypto/Makefile | 2 +
crypto/asymmetric_keys/Kconfig | 14 +
crypto/asymmetric_keys/Makefile | 10 +
crypto/asymmetric_keys/asymmetric_type.c | 3 +-
crypto/asymmetric_keys/uasym_key_parser.c | 229 ++++++++
crypto/asymmetric_keys/uasym_key_preload.c | 99 ++++
crypto/asymmetric_keys/uasym_parser.c | 201 +++++++
crypto/asymmetric_keys/uasym_parser.h | 43 ++
crypto/asymmetric_keys/uasym_sig_parser.c | 491 ++++++++++++++++++
crypto/pub_key_info.c | 20 +
crypto/sig_enc_info.c | 16 +
include/crypto/pub_key_info.h | 15 +
include/crypto/sig_enc_info.h | 15 +
include/crypto/uasym_keys_sigs.h | 82 +++
include/keys/asymmetric-type.h | 1 +
include/linux/verification.h | 50 ++
include/uapi/linux/pub_key_info.h | 22 +
include/uapi/linux/sig_enc_info.h | 18 +
include/uapi/linux/uasym_parser.h | 107 ++++
kernel/trace/bpf_trace.c | 68 ++-
...y_pkcs7_sig.c => verify_pkcs7_uasym_sig.c} | 159 +++++-
...s7_sig.c => test_verify_pkcs7_uasym_sig.c} | 18 +-
.../testing/selftests/bpf/verify_sig_setup.sh | 82 ++-
29 files changed, 1924 insertions(+), 50 deletions(-)
create mode 100644 crypto/asymmetric_keys/uasym_key_parser.c
create mode 100644 crypto/asymmetric_keys/uasym_key_preload.c
create mode 100644 crypto/asymmetric_keys/uasym_parser.c
create mode 100644 crypto/asymmetric_keys/uasym_parser.h
create mode 100644 crypto/asymmetric_keys/uasym_sig_parser.c
create mode 100644 crypto/pub_key_info.c
create mode 100644 crypto/sig_enc_info.c
create mode 100644 include/crypto/pub_key_info.h
create mode 100644 include/crypto/sig_enc_info.h
create mode 100644 include/crypto/uasym_keys_sigs.h
create mode 100644 include/uapi/linux/pub_key_info.h
create mode 100644 include/uapi/linux/sig_enc_info.h
create mode 100644 include/uapi/linux/uasym_parser.h
rename tools/testing/selftests/bpf/prog_tests/{verify_pkcs7_sig.c => verify_pkcs7_uasym_sig.c} (69%)
rename tools/testing/selftests/bpf/progs/{test_verify_pkcs7_sig.c => test_verify_pkcs7_uasym_sig.c} (82%)
--
2.34.1
Hi everyone,
I'm pleased to announce the release of version 0.31.0 of Sequoia sq, our
general-purpose command-line tool for Sequoia PGP.
We have released sequoia-sq on crates.io:
https://crates.io/crates/sequoia-sq
You can also fetch version 0.31.0 using the v0.31.0 tag:
https://gitlab.com/sequoia-pgp/sequoia-sq/-/tags/v0.31.0
which has been signed by Neal H. Walfield:
$ git verify-tag v0.31.0
gpg: Signature made 2023-07-05T14:21:36 CEST
gpg: using RSA key C03FA6411B03AE12576461187223B56678E02528
gpg: Good signature from "Neal H. Walfield <neal(a)walfield.org>" [full]
gpg: aka "Neal H. Walfield <neal(a)pep-project.org>" [full]
gpg: aka "Neal H. Walfield <neal(a)sequoia-pgp.org>" [full]
gpg: aka "Neal H. Walfield <neal(a)gnupg.org>" [full]
gpg: aka "Neal H. Walfield <neal(a)pep.foundation>" [full]
This release introduces a few changes to the commandline interface as well as a
new feature.
Most notably, it is now possible to create and attach new subkeys to existing
certificates using `sq key subkey add`.
The revocation commands below `sq revoke` have been split up and moved to `sq
key revoke`, `sq key subkey revoke` and `sq key userid revoke`.
The `--expires` and `--expires-in` parameters have been unified as `--expiry`.
The command for generating new certificates (`sq key generate`) now uses the
more generalized `--output` instead of `--export` for writing to file.
More information is available here:
https://sequoia-pgp.org/blog/2023/07/05/202307-sq-commandline-improvements/
David on behalf of the whole Sequoia PGP team