mbox series

[RFC,00/10] KEYS: Introduce user asymmetric keys and signatures

Message ID 20230706144225.1046544-1-roberto.sassu@huaweicloud.com
Headers show
Series KEYS: Introduce user asymmetric keys and signatures | expand

Message

Roberto Sassu July 6, 2023, 2:42 p.m. UTC
From: Roberto Sassu <roberto.sassu@huawei.com>

Define a new TLV-based format for keys and signatures, aiming to store and
use in the kernel the crypto material from other unsupported formats
(e.g. PGP).

TLV fields have been defined to fill the corresponding kernel structures
public_key, public_key_signature and key_preparsed_payload.

Keys:
                struct public_key {     struct key_preparsed_payload {
KEY_PUB       -->  void *key;
                   u32 keylen;         --> prep->payload.data[asym_crypto]
KEY_ALGO      -->  const char *pkey_algo;
KEY_KID0
KEY_KID1                               --> prep->payload.data[asym_key_ids]
KEY_KID2  
KEY_DESC                               --> prep->description


Signatures:
                struct public_key_signature {
SIG_S         -->  u8 *s;
                   u32 s_size;
SIG_KEY_ALGO  -->  const char *pkey_algo;
SIG_HASH_ALGO -->  const char *hash_algo;
                   u32 digest_size;
SIG_ENC       -->  const char *encoding;   
SIG_KID0
SIG_KID1      -->  struct asymmetric_key_id *auth_ids[3];
SIG_KID2  


For keys, since the format conversion has to be done in user space, user
space is assumed to be trusted, in this proposal. Without this assumption,
a malicious conversion tool could make a user load to the kernel a
different key than the one expected.

That should not be a particular problem for keys that are embedded in the
kernel image and loaded at boot, since the conversion happens in a trusted
environment such as the building infrastructure of the Linux distribution
vendor.

In the other cases, such as enrolling a key through the Machine Owner Key
(MOK) mechanism, the user is responsible to ensure that the crypto material
carried in the original format remains the same after the conversion.

For signatures, assuming the strength of the crypto algorithms, altering
the crypto material is simply a Denial-of-Service (DoS), as data can be
validated only with the right signature.


This patch set also offers the following contributions:

- An API similar to the PKCS#7 one, to verify the authenticity of system
  data through user asymmetric keys and signatures

- A mechanism to store a keyring blob in the kernel image and to extract
  and load the keys at system boot
  
- eBPF binding, so that data authenticity verification with user asymmetric
  keys and signatures can be carried out also with eBPF programs

- A new command for gnupg (in user space), to convert keys and signatures
  from PGP to the new kernel format


The primary use case for this patch set is to verify the authenticity of
RPM package headers with the PGP keys of the Linux distribution. Once their
authenticity is verified, file digests can be extracted from those RPM
headers and used as reference values for IMA Appraisal.


Compared to the previous patch set, the main difference is not relying on
User Mode Drivers (UMDs) for the conversion from the original format to the
kernel format, due to the concern that full isolation of the UMD process
cannot be achieved against a fully privileged system user (root).

The discussion is still ongoing here:

https://lore.kernel.org/linux-integrity/eb31920bd00e2c921b0aa6ebed8745cb0130b0e1.camel@huaweicloud.com/

This however does not prevent the goal mentioned above of verifying the
authenticity of RPM headers to be achieved. The fact that Linux
distribution vendors do the conversion in their infrastructure is a good
enough guarantee.


A very quick way to test the patch set is to execute:

# gpg --conv-kernel /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-rawhide-primary | keyctl padd asymmetric "" @u

# keyctl show @u
Keyring
 762357580 --alswrv      0 65534  keyring: _uid.0
 567216072 --als--v      0     0   \_ asymmetric: PGP: 18b8e74c


Patches 1-2 preliminarly export some definitions to user space so that
conversion tools can specify the right public key algorithms and signature
encodings (digest algorithms are already exported).

Patches 3-5 introduce the user asymmetric keys and signatures.

Patches 6 introduces a system API for verifying the authenticity of system
data through user asymmetric keys and signatures.

Patch 7-8 introduce a mechanism to store a keyring blob with user
asymmetric keys in the kernel image, and load them at system boot.

Patches 9-10 introduce the eBPF binding and corresponding test (which can
be enabled only after the gnupg patches are upstreamed).

Patches 1-2 [GNUPG] introduce the new gpg command --conv-kernel to convert
PGP keys and signatures to the new kernel format.

Changelog

v1:
- Remove useless check in validate_key() (suggested by Yonghong)
- Don't rely on User Mode Drivers for the conversion from the original
  format to the kernel format
- Use the more extensible TLV format, instead of a fixed structure

Roberto Sassu (10):
  crypto: Export public key algorithm information
  crypto: Export signature encoding information
  KEYS: asymmetric: Introduce a parser for user asymmetric keys and sigs
  KEYS: asymmetric: Introduce the user asymmetric key parser
  KEYS: asymmetric: Introduce the user asymmetric key signature parser
  verification: Add verify_uasym_signature() and
    verify_uasym_sig_message()
  KEYS: asymmetric: Preload user asymmetric keys from a keyring blob
  KEYS: Introduce load_uasym_keyring()
  bpf: Introduce bpf_verify_uasym_signature() kfunc
  selftests/bpf: Prepare a test for user asymmetric key signatures

 MAINTAINERS                                   |   1 +
 certs/Kconfig                                 |  11 +
 certs/Makefile                                |   7 +
 certs/system_certificates.S                   |  18 +
 certs/system_keyring.c                        | 166 +++++-
 crypto/Kconfig                                |   6 +
 crypto/Makefile                               |   2 +
 crypto/asymmetric_keys/Kconfig                |  14 +
 crypto/asymmetric_keys/Makefile               |  10 +
 crypto/asymmetric_keys/asymmetric_type.c      |   3 +-
 crypto/asymmetric_keys/uasym_key_parser.c     | 229 ++++++++
 crypto/asymmetric_keys/uasym_key_preload.c    |  99 ++++
 crypto/asymmetric_keys/uasym_parser.c         | 201 +++++++
 crypto/asymmetric_keys/uasym_parser.h         |  43 ++
 crypto/asymmetric_keys/uasym_sig_parser.c     | 491 ++++++++++++++++++
 crypto/pub_key_info.c                         |  20 +
 crypto/sig_enc_info.c                         |  16 +
 include/crypto/pub_key_info.h                 |  15 +
 include/crypto/sig_enc_info.h                 |  15 +
 include/crypto/uasym_keys_sigs.h              |  82 +++
 include/keys/asymmetric-type.h                |   1 +
 include/linux/verification.h                  |  50 ++
 include/uapi/linux/pub_key_info.h             |  22 +
 include/uapi/linux/sig_enc_info.h             |  18 +
 include/uapi/linux/uasym_parser.h             | 107 ++++
 kernel/trace/bpf_trace.c                      |  68 ++-
 ...y_pkcs7_sig.c => verify_pkcs7_uasym_sig.c} | 159 +++++-
 ...s7_sig.c => test_verify_pkcs7_uasym_sig.c} |  18 +-
 .../testing/selftests/bpf/verify_sig_setup.sh |  82 ++-
 29 files changed, 1924 insertions(+), 50 deletions(-)
 create mode 100644 crypto/asymmetric_keys/uasym_key_parser.c
 create mode 100644 crypto/asymmetric_keys/uasym_key_preload.c
 create mode 100644 crypto/asymmetric_keys/uasym_parser.c
 create mode 100644 crypto/asymmetric_keys/uasym_parser.h
 create mode 100644 crypto/asymmetric_keys/uasym_sig_parser.c
 create mode 100644 crypto/pub_key_info.c
 create mode 100644 crypto/sig_enc_info.c
 create mode 100644 include/crypto/pub_key_info.h
 create mode 100644 include/crypto/sig_enc_info.h
 create mode 100644 include/crypto/uasym_keys_sigs.h
 create mode 100644 include/uapi/linux/pub_key_info.h
 create mode 100644 include/uapi/linux/sig_enc_info.h
 create mode 100644 include/uapi/linux/uasym_parser.h
 rename tools/testing/selftests/bpf/prog_tests/{verify_pkcs7_sig.c => verify_pkcs7_uasym_sig.c} (69%)
 rename tools/testing/selftests/bpf/progs/{test_verify_pkcs7_sig.c => test_verify_pkcs7_uasym_sig.c} (82%)

Comments

Alexei Starovoitov July 6, 2023, 11:27 p.m. UTC | #1
On Thu, Jul 06, 2023 at 04:42:13PM +0200, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu@huawei.com>
> 
> Define a new TLV-based format for keys and signatures, aiming to store and
> use in the kernel the crypto material from other unsupported formats
> (e.g. PGP).
> 
> TLV fields have been defined to fill the corresponding kernel structures
> public_key, public_key_signature and key_preparsed_payload.
> 
> Keys:
>                 struct public_key {     struct key_preparsed_payload {
> KEY_PUB       -->  void *key;
>                    u32 keylen;         --> prep->payload.data[asym_crypto]
> KEY_ALGO      -->  const char *pkey_algo;
> KEY_KID0
> KEY_KID1                               --> prep->payload.data[asym_key_ids]
> KEY_KID2  
> KEY_DESC                               --> prep->description
> 
> 
> Signatures:
>                 struct public_key_signature {
> SIG_S         -->  u8 *s;
>                    u32 s_size;
> SIG_KEY_ALGO  -->  const char *pkey_algo;
> SIG_HASH_ALGO -->  const char *hash_algo;
>                    u32 digest_size;
> SIG_ENC       -->  const char *encoding;   
> SIG_KID0
> SIG_KID1      -->  struct asymmetric_key_id *auth_ids[3];
> SIG_KID2  
> 
> 
> For keys, since the format conversion has to be done in user space, user
> space is assumed to be trusted, in this proposal. Without this assumption,
> a malicious conversion tool could make a user load to the kernel a
> different key than the one expected.
> 
> That should not be a particular problem for keys that are embedded in the
> kernel image and loaded at boot, since the conversion happens in a trusted
> environment such as the building infrastructure of the Linux distribution
> vendor.
> 
> In the other cases, such as enrolling a key through the Machine Owner Key
> (MOK) mechanism, the user is responsible to ensure that the crypto material
> carried in the original format remains the same after the conversion.
> 
> For signatures, assuming the strength of the crypto algorithms, altering
> the crypto material is simply a Denial-of-Service (DoS), as data can be
> validated only with the right signature.
> 
> 
> This patch set also offers the following contributions:
> 
> - An API similar to the PKCS#7 one, to verify the authenticity of system
>   data through user asymmetric keys and signatures
> 
> - A mechanism to store a keyring blob in the kernel image and to extract
>   and load the keys at system boot
>   
> - eBPF binding, so that data authenticity verification with user asymmetric
>   keys and signatures can be carried out also with eBPF programs

Nack to bpf bits.
You've convinced us that bpf_verify_pkcs7_signature() is what you need.
Yet, 9 month later there are no users of it and you came back with this new
bpf_verify_uasym_signature() helper that practically not much different.

Instead of brand new "public key info" format sign your rpms via
existing pkcs7 mechanism and verify with bpf_verify_pkcs7_signature().
Roberto Sassu July 7, 2023, 7:03 a.m. UTC | #2
On Thu, 2023-07-06 at 16:27 -0700, Alexei Starovoitov wrote:
> On Thu, Jul 06, 2023 at 04:42:13PM +0200, Roberto Sassu wrote:
> > From: Roberto Sassu <roberto.sassu@huawei.com>
> > 
> > Define a new TLV-based format for keys and signatures, aiming to store and
> > use in the kernel the crypto material from other unsupported formats
> > (e.g. PGP).
> > 
> > TLV fields have been defined to fill the corresponding kernel structures
> > public_key, public_key_signature and key_preparsed_payload.
> > 
> > Keys:
> >                 struct public_key {     struct key_preparsed_payload {
> > KEY_PUB       -->  void *key;
> >                    u32 keylen;         --> prep->payload.data[asym_crypto]
> > KEY_ALGO      -->  const char *pkey_algo;
> > KEY_KID0
> > KEY_KID1                               --> prep->payload.data[asym_key_ids]
> > KEY_KID2  
> > KEY_DESC                               --> prep->description
> > 
> > 
> > Signatures:
> >                 struct public_key_signature {
> > SIG_S         -->  u8 *s;
> >                    u32 s_size;
> > SIG_KEY_ALGO  -->  const char *pkey_algo;
> > SIG_HASH_ALGO -->  const char *hash_algo;
> >                    u32 digest_size;
> > SIG_ENC       -->  const char *encoding;   
> > SIG_KID0
> > SIG_KID1      -->  struct asymmetric_key_id *auth_ids[3];
> > SIG_KID2  
> > 
> > 
> > For keys, since the format conversion has to be done in user space, user
> > space is assumed to be trusted, in this proposal. Without this assumption,
> > a malicious conversion tool could make a user load to the kernel a
> > different key than the one expected.
> > 
> > That should not be a particular problem for keys that are embedded in the
> > kernel image and loaded at boot, since the conversion happens in a trusted
> > environment such as the building infrastructure of the Linux distribution
> > vendor.
> > 
> > In the other cases, such as enrolling a key through the Machine Owner Key
> > (MOK) mechanism, the user is responsible to ensure that the crypto material
> > carried in the original format remains the same after the conversion.
> > 
> > For signatures, assuming the strength of the crypto algorithms, altering
> > the crypto material is simply a Denial-of-Service (DoS), as data can be
> > validated only with the right signature.
> > 
> > 
> > This patch set also offers the following contributions:
> > 
> > - An API similar to the PKCS#7 one, to verify the authenticity of system
> >   data through user asymmetric keys and signatures
> > 
> > - A mechanism to store a keyring blob in the kernel image and to extract
> >   and load the keys at system boot
> >   
> > - eBPF binding, so that data authenticity verification with user asymmetric
> >   keys and signatures can be carried out also with eBPF programs
> 
> Nack to bpf bits.

Sure, no problem. Will remove them in the next iteration.

> You've convinced us that bpf_verify_pkcs7_signature() is what you need.
> Yet, 9 month later there are no users of it and you came back with this new
> bpf_verify_uasym_signature() helper that practically not much different.
> 
> Instead of brand new "public key info" format sign your rpms via
> existing pkcs7 mechanism and verify with bpf_verify_pkcs7_signature().

Asking Linux distribution vendors to execute gpg in their kernel build,
or asking them to revisit their PKI, rebuild all their packages, and
adapting all their tools dealing with the current mechanism?

Which solution do you think it is better?

Thanks

Roberto