| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Sep 2012 18:44:35 +0300
From: "Kasatkin, Dmitry" <dmitry.kasatkin@...el.com>
To: David Howells <dhowells@...hat.com>
Cc: herbert@...dor.hengli.com.au, rusty@...tcorp.com.au,
pjones@...hat.com, jwboyer@...hat.com,
linux-crypto@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, keyrings@...ux-nfs.org
Subject: Re: [GIT PULL] Asymmetric keys and module signing
Hello David,
As I can see API has changed towards our discussion on KS.
Now digest can be supplied to the verify_signature in a
public_key_signature argument.
It looks that in such away we can use this API for IMA/EVM as well.
Just one question about key description...
request_asymmetric_key uses format for key description: "<signer>: <key-id>".
Preparsing code creates description from those values.
I see that key id is not 8 bytes anymore but full hash size of 20 bytes.
For practical reasons for IMA it might be nice to save some space in
xattrs and use shorter key id/description.
As I understand from implementation, if key name is provided with
"keyctl add", it will not be replaced with
preparsed value.
Right?
And we can actually use any keyid we want?
- Dmitry
On Tue, Sep 25, 2012 at 3:07 AM, David Howells <dhowells@...hat.com> wrote:
>
> Hi Herbert, Rusty,
>
> Here are my latest module signing patches on top of the asymmetric key crypto
> patches, which I hope Herbert will consider taking, at least from the
> crypto-keys-post-KS branch:
>
> http://git.kernel.org/?p=linux/kernel/git/dhowells/linux-modsign.git;a=shortlog;h=refs/heads/crypto-keys-post-KS
>
> The module signing patches go on top of those, and the set can be found here:
>
> http://git.kernel.org/?p=linux/kernel/git/dhowells/linux-modsign.git;a=shortlog;h=refs/heads/modsign-post-KS
>
> Do you want the patches posting to the lists? I've tried posting the series
> as one, but there seems to be a problem posting the merge commit in the middle
> because it has two parents:-/
>
> Anyway...
>
>
> The module signing patches provide:
>
> - Some fixes to Rusty's patch. Also an additional patch to extend the policy
> handling for modules signed with an unknown key and to handle FIPS mode.
>
> - Module signature generation and checking. The signature format is:
>
> <signer-id-string>
> <binary-key-id>
> <binary-signature>
> <sig-information-block>
>
> The fixed-length sig-information-block indicates the crypto algorithm (RSA
> only for the moment), the hash type (SHA512 for example) and the identifier
> scope (X.509 in this case), plus the lengths of the other three parts.
>
> The binary-key-id could be rendered as hex and pasted onto the end of the
> signer-id-string so that the kernel doesn't have to do the conversion.
>
> A script is provided in one of the patches to generate the signer name and
> key ID parts from the X.509 cert for later inclusion in module signatures
> during the build.
>
> - A transient X.509 cert will be automatically generated if one is not given
> and will be used to automatically sign the modules after they've been
> thoroughly stripped.
>
> Note that this may prove not to be the best way for distributions to do
> things. We're currently looking at the best way being to do the stripping
> and signing manually from the RPM spec file after the make modules_install
> step and after the debuginfo has been extracted, so automatic signing may
> need to go away, or at least become optional.
>
> To make this easier, a script is provided to sign a module and this can be
> called either from the Makefile or the spec file.
>
> - An 'extra_certificates' file can be placed in the root of the kernel build
> containing a number of supplementary X.509 certs just cat'd together. These
> will get added to the internal keyring and can then be used to check module
> signatures also.
>
>
> I have also fixed a number of things in the crypto patches:
>
> - GeneralizedTime and GeneralString were transposed in the ASN.1 compiler
> directive table and enum token_type ('S' comes before 'i' to strcmp()),
> resulting in it not being possible to use either.
>
> - I had made it a requirement that the X.509 certificate subjectKeyIdentifier
> and authorityKeyIdentifier extensions exist so that we can validate the
> X.509 signature if possible, but I hadn't put in any checks that they'd been
> found before using the values extracted, leading to a crash.
>
> - I fixed header length computation in ASN.1 decoder resulting making it
> possible to discard one of the x509.asn1 callback actions (we can locate the
> start of the TBS container directly now by subtraction).
>
> - I got rid of the fingerprint bit at the end of the public_key struct as it's
> superfluous (the asymmetric key type stores the fingerprint attached to
> key->type_data.p[1]).
>
> - I made the X.509 parser render the key description in a more compact manner:
>
> The description is split into two parts: "<signer>: <key-id>".
>
> The <key-id> is a hex rendering of the key identifier - in the case of X.509
> that would be the contents of the subjectKeyIdentifier extension field with
> the ASN.1 OctetString wrapper removed.
>
> The <signer> is (in order) one of:
>
> - The O and CN attributes as "<O-attr>: <CN-attr>" if the CN attribute
> isn't prefixed with the O attribute, and, if longer, doesn't share
> the same first seven chars (say a company name such as Red Hat Inc.).
> I admit this is entirely arbitrary and biased towards companies with
> 7 chars or more in there name, but it does remove duplication of the
> organisation's name if it's in both the O and the CN. Can anyone
> suggest a better heuristic?
>
> - The CN attribute.
>
> - The O attribute.
>
> - The email address.
>
> - Omitted (with ": " omitted too).
>
> As an example:
>
> Magrathea: Glacier signing key: 5dd0839552bd6af498253f8af1e65da3472941c6
>
> which is "<O-attr>: <CN-attr>: <key-id>" in form, or:
>
> Red Hat Test Certificate: 3580cf35d76b3b667a40df66691cbcf87353b23c
>
> which is just "<CN-attr>: <key-id>" in form.
>
> - I no longer extract the bits of the X.509 certificate I don't currently use
> (such as the version number).
>
> Note, this implementation of the X.509 certificate parser uses a couple of
> patterns to drive a reusable ASN.1 decoder. I do, however, have a direct
> in-line decoder implementation also that can only decode X.509 certs. The
> stack space usage is greater, but the code size is simpler and slightly smaller
> and the code is less capable (it can't handle indefinite-length elements for
> example), and it can't be reused for anything else (such as CIFS, netfilter,
> PKCS#7, Kerberos tickets), whereas the pattern-based decoder can. I'll post
> this separately to see what people think.
>
> As far as testing goes, I have posted a number of testing scripts that I have
> used to punish the crypto keys side of things. The "keyctl padd" command makes
> this straightforward.
>
> Hopefully, later this week the patches will appear in the Fedora 18 kernel.
>
> David
> ---
> The following changes since commit eeea3ac912207dcf759b95b2b4c36f96bce583bf:
>
> Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc (2012-09-06 10:23:58 -0700)
>
> are available in the git repository at:
>
>
> git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-modsign.git modsign-post-KS
>
> for you to fetch changes up to 8d4f62638e9aae069d1145dfeb7300c58077be49:
>
> MODSIGN: Extend the policy on signature check failure (2012-09-24 20:51:59 +0100)
>
> ----------------------------------------------------------------
> (from the branch description for modsign-post-KS local branch)
>
> post Kernel-Summit module signing
> ----------------------------------------------------------------
> David Howells (26):
> KEYS: Add payload preparsing opportunity prior to key instantiate or update
> MPILIB: Provide count_leading/trailing_zeros() based on arch functions
> KEYS: Document asymmetric key type
> KEYS: Implement asymmetric key type
> KEYS: Asymmetric key pluggable data parsers
> KEYS: Asymmetric public-key algorithm crypto key subtype
> KEYS: Provide signature verification with an asymmetric key
> MPILIB: Reinstate mpi_cmp[_ui]() and export for RSA signature verification
> RSA: Implement signature verification algorithm [PKCS#1 / RFC3447]
> RSA: Fix signature verification for shorter signatures
> X.509: Implement simple static OID registry
> X.509: Add utility functions to render OIDs as strings
> X.509: Add simple ASN.1 grammar compiler
> X.509: Add an ASN.1 decoder
> MPILIB: Provide a function to read raw data into an MPI
> X.509: Add a crypto key parser for binary (DER) X.509 certificates
> Merge Rusty's module signature checking hook into modsign-post-KS
> MOD: Fix Rusty's module_sig_check()
> MODSIGN: Provide gitignore and make clean rules for extra files
> MODSIGN: Provide Kconfig options
> MODSIGN: Automatically generate module signing keys if missing
> MODSIGN: Provide module signing public keys to the kernel
> MODSIGN: Implement module signature checking
> MODSIGN: Provide a script for generating a key ID from an X.509 cert
> MODSIGN: Sign modules during the build process
> MODSIGN: Extend the policy on signature check failure
>
> Rusty Russell (1):
> module: signature checking hook
>
> .gitignore | 13 +
> Documentation/crypto/asymmetric-keys.txt | 312 ++++++
> Documentation/kernel-parameters.txt | 6 +
> Documentation/security/keys.txt | 50 +-
> Makefile | 1 +
> crypto/Kconfig | 1 +
> crypto/Makefile | 1 +
> crypto/asymmetric_keys/.gitignore | 1 +
> crypto/asymmetric_keys/Kconfig | 38 +
> crypto/asymmetric_keys/Makefile | 27 +
> crypto/asymmetric_keys/asymmetric_keys.h | 15 +
> crypto/asymmetric_keys/asymmetric_type.c | 274 +++++
> crypto/asymmetric_keys/public_key.c | 108 ++
> crypto/asymmetric_keys/public_key.h | 30 +
> crypto/asymmetric_keys/rsa.c | 277 ++++++
> crypto/asymmetric_keys/signature.c | 49 +
> crypto/asymmetric_keys/x509.asn1 | 60 ++
> crypto/asymmetric_keys/x509_cert_parser.c | 497 ++++++++++
> crypto/asymmetric_keys/x509_parser.h | 36 +
> crypto/asymmetric_keys/x509_public_key.c | 207 ++++
> crypto/asymmetric_keys/x509_rsakey.asn1 | 4 +
> fs/cifs/cifs_spnego.c | 6 +-
> fs/cifs/cifsacl.c | 8 +-
> include/asm-generic/bitops/count_zeros.h | 57 ++
> include/crypto/public_key.h | 108 ++
> include/keys/asymmetric-parser.h | 37 +
> include/keys/asymmetric-subtype.h | 55 +
> include/keys/asymmetric-type.h | 25 +
> include/keys/user-type.h | 6 +-
> include/linux/asn1.h | 67 ++
> include/linux/asn1_ber_bytecode.h | 87 ++
> include/linux/asn1_decoder.h | 24 +
> include/linux/key-type.h | 35 +-
> include/linux/module.h | 8 +
> include/linux/mpi.h | 1 +
> include/linux/oid_registry.h | 92 ++
> init/Kconfig | 68 ++
> kernel/Makefile | 57 ++
> kernel/modsign_pubkey.c | 112 +++
> kernel/module-internal.h | 16 +
> kernel/module.c | 100 +-
> kernel/module_signing.c | 247 +++++
> lib/.gitignore | 2 +-
> lib/Kconfig | 5 +
> lib/Makefile | 18 +
> lib/asn1_decoder.c | 477 +++++++++
> lib/build_OID_registry | 209 ++++
> lib/mpi/Makefile | 1 +
> lib/mpi/longlong.h | 138 +--
> lib/mpi/mpi-bit.c | 2 +-
> lib/mpi/mpi-cmp.c | 70 ++
> lib/mpi/mpi-pow.c | 4 +-
> lib/mpi/mpicoder.c | 55 +
> lib/oid_registry.c | 170 ++++
> net/ceph/crypto.c | 9 +-
> net/dns_resolver/dns_key.c | 6 +-
> net/rxrpc/ar-key.c | 40 +-
> scripts/.gitignore | 1 +
> scripts/Makefile | 2 +
> scripts/Makefile.build | 11 +
> scripts/Makefile.modpost | 75 +-
> scripts/asn1_compiler.c | 1545 +++++++++++++++++++++++++++++
> scripts/sign-file | 115 +++
> scripts/x509keyid | 268 +++++
> security/keys/encrypted-keys/encrypted.c | 16 +-
> security/keys/key.c | 114 ++-
> security/keys/keyctl.c | 18 +-
> security/keys/keyring.c | 6 +-
> security/keys/request_key_auth.c | 8 +-
> security/keys/trusted.c | 16 +-
> security/keys/user_defined.c | 14 +-
> 71 files changed, 6394 insertions(+), 244 deletions(-)
> create mode 100644 Documentation/crypto/asymmetric-keys.txt
> create mode 100644 crypto/asymmetric_keys/.gitignore
> create mode 100644 crypto/asymmetric_keys/Kconfig
> create mode 100644 crypto/asymmetric_keys/Makefile
> create mode 100644 crypto/asymmetric_keys/asymmetric_keys.h
> create mode 100644 crypto/asymmetric_keys/asymmetric_type.c
> create mode 100644 crypto/asymmetric_keys/public_key.c
> create mode 100644 crypto/asymmetric_keys/public_key.h
> create mode 100644 crypto/asymmetric_keys/rsa.c
> create mode 100644 crypto/asymmetric_keys/signature.c
> create mode 100644 crypto/asymmetric_keys/x509.asn1
> create mode 100644 crypto/asymmetric_keys/x509_cert_parser.c
> create mode 100644 crypto/asymmetric_keys/x509_parser.h
> create mode 100644 crypto/asymmetric_keys/x509_public_key.c
> create mode 100644 crypto/asymmetric_keys/x509_rsakey.asn1
> create mode 100644 include/asm-generic/bitops/count_zeros.h
> create mode 100644 include/crypto/public_key.h
> create mode 100644 include/keys/asymmetric-parser.h
> create mode 100644 include/keys/asymmetric-subtype.h
> create mode 100644 include/keys/asymmetric-type.h
> create mode 100644 include/linux/asn1.h
> create mode 100644 include/linux/asn1_ber_bytecode.h
> create mode 100644 include/linux/asn1_decoder.h
> create mode 100644 include/linux/oid_registry.h
> create mode 100644 kernel/modsign_pubkey.c
> create mode 100644 kernel/module-internal.h
> create mode 100644 kernel/module_signing.c
> create mode 100644 lib/asn1_decoder.c
> create mode 100755 lib/build_OID_registry
> create mode 100644 lib/mpi/mpi-cmp.c
> create mode 100644 lib/oid_registry.c
> create mode 100644 scripts/asn1_compiler.c
> create mode 100644 scripts/sign-file
> create mode 100755 scripts/x509keyid
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists