On Thu, Jul 06, 2023 at 04:42:13PM +0200, Roberto Sassu wrote:
From: Roberto Sassu roberto.sassu@huawei.com
Define a new TLV-based format for keys and signatures, aiming to store and use in the kernel the crypto material from other unsupported formats (e.g. PGP).
TLV fields have been defined to fill the corresponding kernel structures public_key, public_key_signature and key_preparsed_payload.
Keys: struct public_key { struct key_preparsed_payload { KEY_PUB --> void *key; u32 keylen; --> prep->payload.data[asym_crypto] KEY_ALGO --> const char *pkey_algo; KEY_KID0 KEY_KID1 --> prep->payload.data[asym_key_ids] KEY_KID2 KEY_DESC --> prep->description
Signatures: struct public_key_signature { SIG_S --> u8 *s; u32 s_size; SIG_KEY_ALGO --> const char *pkey_algo; SIG_HASH_ALGO --> const char *hash_algo; u32 digest_size; SIG_ENC --> const char *encoding; SIG_KID0 SIG_KID1 --> struct asymmetric_key_id *auth_ids[3]; SIG_KID2
For keys, since the format conversion has to be done in user space, user space is assumed to be trusted, in this proposal. Without this assumption, a malicious conversion tool could make a user load to the kernel a different key than the one expected.
That should not be a particular problem for keys that are embedded in the kernel image and loaded at boot, since the conversion happens in a trusted environment such as the building infrastructure of the Linux distribution vendor.
In the other cases, such as enrolling a key through the Machine Owner Key (MOK) mechanism, the user is responsible to ensure that the crypto material carried in the original format remains the same after the conversion.
For signatures, assuming the strength of the crypto algorithms, altering the crypto material is simply a Denial-of-Service (DoS), as data can be validated only with the right signature.
This patch set also offers the following contributions:
An API similar to the PKCS#7 one, to verify the authenticity of system data through user asymmetric keys and signatures
A mechanism to store a keyring blob in the kernel image and to extract and load the keys at system boot
eBPF binding, so that data authenticity verification with user asymmetric keys and signatures can be carried out also with eBPF programs
Nack to bpf bits. You've convinced us that bpf_verify_pkcs7_signature() is what you need. Yet, 9 month later there are no users of it and you came back with this new bpf_verify_uasym_signature() helper that practically not much different.
Instead of brand new "public key info" format sign your rpms via existing pkcs7 mechanism and verify with bpf_verify_pkcs7_signature().