lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <a40e660e-5a45-420a-8d37-51324242ab9b@kzalloc.com>
Date: Wed, 27 Aug 2025 03:58:35 +0900
From: Yunseong Kim <ysk@...lloc.com>
To: Luis Chamberlain <mcgrof@...nel.org>, Petr Pavlu <petr.pavlu@...e.com>,
 Daniel Gomez <da.gomez@...nel.org>,
 "Sami Tolvanen <samitolvanen@...gle.com> David Howells"
 <dhowells@...hat.com>, David Woodhouse <dwmw2@...radead.org>
Cc: linux-modules@...r.kernel.org, keyrings@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: [Question] Non-usage of PKEY_ID_PGP and PKEY_ID_X509 in module
 signing

I would like to inquire about the purpose of the PKEY_ID_PGP and
PKEY_ID_X509 identifiers defined in include/linux/module_signature.h.

The enum pkey_id_type is defined as follows:

 enum pkey_id_type {
     PKEY_ID_PGP,        /* OpenPGP generated key ID */
     PKEY_ID_X509,       /* X.509 arbitrary subjectKeyIdentifier */
     PKEY_ID_PKCS7,      /* Signature in PKCS#7 message */
 };

While examining the module signing and verification process, it appears
that the current implementation strictly assumes the use of PKCS#7, making
PKEY_ID_PGP and PKEY_ID_X509 seem unused in this context.

I observed the following:

1. In scripts/sign-file.c, the module_signature structure is explicitly
initialized assuming PKCS#7:

 /* Key identifier type [PKEY_ID_PKCS7] */
 struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 };

2. In kernel/module_signature.c, the verification function mod_check_sig()
strictly enforces this type and rejects others:

 int mod_check_sig(const struct module_signature *ms, size_t file_len,
           const char *name)
 {
     if (be32_to_cpu(ms->sig_len) >= file_len - sizeof(*ms))
         return -EBADMSG;
 
     if (ms->id_type != PKEY_ID_PKCS7) {
         pr_err("%s: not signed with expected PKCS#7 message\n",
                name);
         return -ENOPKG;
     }
     // ...
 }


3. Furthermore, I noticed that certs/extract-cert.c only defines
   PKEY_ID_PKCS7 locally, seemingly without utilizing the definitions from
   the header for the other types:

#define PKEY_ID_PKCS7 2

Given that the module signature infrastructure seems hardcoded to use
PKCS#7, could anyone clarify if PKEY_ID_PGP and PKEY_ID_X509 are used
elsewhere in the kernel? Are they perhaps placeholders for future
implementations or remnants of past ones?

If they are indeed unused and there are no plans to support them, would
a patch to clean up these unused enum values be welcome? Or is there
another reason for keeping them?

Thank you for your time and clarification.


Best regards,
Yunseong Kim

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ