From: Roberto Sassu <roberto.sassu@huawei.com>
To: <dhowells@redhat.com>, <dwmw2@infradead.org>,
<herbert@gondor.apana.org.au>, <davem@davemloft.net>
Cc: <keyrings@vger.kernel.org>, <linux-crypto@vger.kernel.org>,
<linux-integrity@vger.kernel.org>,
<linux-fscrypt@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<zohar@linux.ibm.com>, <ebiggers@kernel.org>,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH 00/14] KEYS: Add support for PGP keys and signatures
Date: Tue, 11 Jan 2022 19:03:04 +0100 [thread overview]
Message-ID: <20220111180318.591029-1-roberto.sassu@huawei.com> (raw)
Support for PGP keys and signatures was proposed by David long time ago,
before the decision of using PKCS#7 for kernel modules signatures
verification was made. After that, there has been not enough interest to
support PGP too.
Lately, when discussing a proposal of introducing fsverity signatures in
Fedora [1], developers expressed their preference on not having a separate
key for signing, which would complicate the management of the distribution.
They would be more in favor of using the same PGP key, currently used for
signing RPM headers, also for file-based signatures (not only fsverity, but
also IMA ones).
Another envisioned use case would be to add the ability to appraise RPM
headers with their existing PGP signature, so that they can be used as an
authenticated source of reference values for appraising remaining
files [2].
To make these use cases possible, introduce support for PGP keys and
signatures in the kernel, and load provided PGP keys in the built-in
keyring, so that PGP signatures of RPM headers, fsverity digests, and IMA
digests can be verified from this trust anchor.
In addition to the original version of the patch set, also introduce
support for signature verification of PGP keys, so that those keys can be
added to keyrings with a signature-based restriction (e.g. .ima). PGP keys
are searched with partial IDs, provided with signature subtype 16 (Issuer).
Search with full IDs could be supported with
draft-ietf-openpgp-rfc4880bis-10, by retrieving the information from
signature subtype 33 (Issuer Fingerprint). Due to the possibility of ID
collisions, the key_or_keyring restriction is not supported.
The patch set includes two preliminary patches: patch 1 introduces
mpi_key_length(), to get the number of bits and bytes of an MPI; patch 2
introduces rsa_parse_priv_key_raw() and rsa_parse_pub_key_raw(), to parse
an RSA key in RAW format if the ASN.1 parser returns an error.
Patches 3-5 introduce the library necessary to parse PGP keys and
signatures, whose support is added with patches 6-10. Patch 11 introduces
verify_pgp_signature() to be used by kernel subsystems (e.g. fsverity and
IMA). Patch 12 is for testing of PGP signatures. Finally, patches 13-14
allow loading a set of PGP keys from a supplied blob at boot time.
I generated the diff from [3] (rebased). It is available at:
https://github.com/robertosassu/linux/compare/pgp-signatures-v1-orig..pgp-signatures-v1
Changelog
v0 [3]:
- style fixes
- move include/linux/pgp.h and pgplib.h to crypto/asymmetric_keys
- introduce verify_pgp_signature()
- replace KEY_ALLOC_TRUSTED flag with KEY_ALLOC_BUILT_IN
- don't fetch PGP subkeys
- drop support for DSA
- store number of MPIs in pgp_key_algo_p_num_mpi array
- replace dynamic memory allocations with static ones in
pgp_generate_fingerprint()
- store only keys with capability of verifying signatures
- remember selection of PGP signature packet and don't repeat parsing
- move search of the PGP key to verify the signature from the beginning
to the end of the verification process (to be similar with PKCS#7)
- don't retry key search in the session keyring from the signature
verification code, let the caller pass the desired keyring
- for the PGP signature test key type, retry the key search in the session
keyring
- retry key search in restrict_link_by_signature() with a partial ID
(provided in the PGP signature)
[1] https://fedoraproject.org/wiki/Changes/FsVerityRPM
[2] https://fedoraproject.org/wiki/Changes/DIGLIM
[3] https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-modsign.git/log/?h=pgp-parser
David Howells (8):
PGPLIB: PGP definitions (RFC 4880)
PGPLIB: Basic packet parser
PGPLIB: Signature parser
KEYS: PGP data parser
KEYS: Provide PGP key description autogeneration
KEYS: PGP-based public key signature verification
PGP: Provide a key type for testing PGP signatures
KEYS: Provide a function to load keys from a PGP keyring blob
Roberto Sassu (6):
mpi: Introduce mpi_key_length()
rsa: add parser of raw format
KEYS: Retry asym key search with partial ID in
restrict_link_by_signature()
KEYS: Calculate key digest and get signature of the key
verification: introduce verify_pgp_signature()
KEYS: Introduce load_pgp_public_keyring()
MAINTAINERS | 1 +
certs/Kconfig | 11 +
certs/Makefile | 7 +
certs/system_certificates.S | 18 +
certs/system_keyring.c | 91 ++++
crypto/asymmetric_keys/Kconfig | 38 ++
crypto/asymmetric_keys/Makefile | 13 +
crypto/asymmetric_keys/pgp.h | 206 ++++++++
crypto/asymmetric_keys/pgp_library.c | 620 ++++++++++++++++++++++++
crypto/asymmetric_keys/pgp_parser.h | 18 +
crypto/asymmetric_keys/pgp_preload.c | 110 +++++
crypto/asymmetric_keys/pgp_public_key.c | 484 ++++++++++++++++++
crypto/asymmetric_keys/pgp_signature.c | 507 +++++++++++++++++++
crypto/asymmetric_keys/pgp_test_key.c | 129 +++++
crypto/asymmetric_keys/pgplib.h | 74 +++
crypto/asymmetric_keys/restrict.c | 10 +-
crypto/rsa.c | 14 +-
crypto/rsa_helper.c | 69 +++
include/crypto/internal/rsa.h | 6 +
include/crypto/pgp.h | 35 ++
include/linux/mpi.h | 2 +
include/linux/verification.h | 23 +
lib/mpi/mpicoder.c | 33 +-
23 files changed, 2506 insertions(+), 13 deletions(-)
create mode 100644 crypto/asymmetric_keys/pgp.h
create mode 100644 crypto/asymmetric_keys/pgp_library.c
create mode 100644 crypto/asymmetric_keys/pgp_parser.h
create mode 100644 crypto/asymmetric_keys/pgp_preload.c
create mode 100644 crypto/asymmetric_keys/pgp_public_key.c
create mode 100644 crypto/asymmetric_keys/pgp_signature.c
create mode 100644 crypto/asymmetric_keys/pgp_test_key.c
create mode 100644 crypto/asymmetric_keys/pgplib.h
create mode 100644 include/crypto/pgp.h
--
2.32.0
next reply other threads:[~2022-01-11 18:04 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-11 18:03 Roberto Sassu [this message]
2022-01-11 18:03 ` [PATCH 01/14] mpi: Introduce mpi_key_length() Roberto Sassu
2022-01-11 18:03 ` [PATCH 02/14] rsa: add parser of raw format Roberto Sassu
2022-01-11 18:03 ` [PATCH 03/14] PGPLIB: PGP definitions (RFC 4880) Roberto Sassu
2022-01-11 18:03 ` [PATCH 04/14] PGPLIB: Basic packet parser Roberto Sassu
2022-01-11 18:03 ` [PATCH 05/14] PGPLIB: Signature parser Roberto Sassu
2022-01-11 18:03 ` [PATCH 06/14] KEYS: PGP data parser Roberto Sassu
2022-01-11 18:03 ` [PATCH 07/14] KEYS: Provide PGP key description autogeneration Roberto Sassu
2022-01-11 18:03 ` [PATCH 08/14] KEYS: PGP-based public key signature verification Roberto Sassu
2022-01-11 18:03 ` [PATCH 09/14] KEYS: Retry asym key search with partial ID in restrict_link_by_signature() Roberto Sassu
2022-01-11 18:03 ` [PATCH 10/14] KEYS: Calculate key digest and get signature of the key Roberto Sassu
2022-01-11 18:03 ` [PATCH 11/14] verification: introduce verify_pgp_signature() Roberto Sassu
2022-01-11 18:03 ` [PATCH 12/14] PGP: Provide a key type for testing PGP signatures Roberto Sassu
2022-01-11 18:03 ` [PATCH 13/14] KEYS: Provide a function to load keys from a PGP keyring blob Roberto Sassu
2022-01-11 18:03 ` [PATCH 14/14] KEYS: Introduce load_pgp_public_keyring() Roberto Sassu
2022-01-11 20:33 ` [PATCH 00/14] KEYS: Add support for PGP keys and signatures Maciej S. Szmigiero
2022-01-12 9:16 ` Roberto Sassu
2022-01-12 20:15 ` Maciej S. Szmigiero
2022-01-13 9:11 ` Roberto Sassu
2022-01-17 14:34 ` Jason A. Donenfeld
2022-01-17 15:02 ` James Bottomley
2022-01-18 20:50 ` Antony Vennard
2022-01-18 23:03 ` Eric Biggers
2022-01-19 13:25 ` Roberto Sassu
2022-01-21 16:50 ` Roberto Sassu
2022-01-23 21:00 ` Antony Vennard
2022-01-19 13:02 ` Roberto Sassu
2022-01-17 15:21 ` Roberto Sassu
2022-01-18 18:49 ` Jason A. Donenfeld
2022-01-17 16:59 ` Konstantin Ryabitsev
2022-01-17 17:04 ` Konstantin Ryabitsev
2022-01-17 20:59 ` Maciej S. Szmigiero
2022-01-17 21:54 ` Konstantin Ryabitsev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220111180318.591029-1-roberto.sassu@huawei.com \
--to=roberto.sassu@huawei.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).