From: Lukas Wunner <lukas@wunner.de>
To: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
Cc: Paul Moore <paul@paul-moore.com>,
jarkko@kernel.org, zeffron@riotgames.com,
xiyou.wangcong@gmail.com, kysrinivasan@gmail.com,
code@tyhicks.com, linux-security-module@vger.kernel.org,
roberto.sassu@huawei.com, James.Bottomley@hansenpartnership.com,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
John Fastabend <john.fastabend@gmail.com>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>, David Howells <dhowells@redhat.com>,
Ignat Korchagin <ignat@cloudflare.com>,
Quentin Monnet <qmo@kernel.org>,
Jason Xing <kerneljasonxing@gmail.com>,
Willem de Bruijn <willemb@google.com>,
Anton Protopopov <aspsk@isovalent.com>,
Jordan Rome <linux@jordanrome.com>,
Martin Kelly <martin.kelly@crowdstrike.com>,
Alan Maguire <alan.maguire@oracle.com>,
Matteo Croce <teknoraver@meta.com>,
bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: Re: [PATCH 1/3] bpf: Add bpf_check_signature
Date: Thu, 29 May 2025 21:31:49 +0200 [thread overview]
Message-ID: <aDi2JWk0jtbUpMhD@wunner.de> (raw)
In-Reply-To: <87msave8kk.fsf@microsoft.com>
On Thu, May 29, 2025 at 08:32:43AM -0700, Blaise Boscaccy wrote:
> Lukas Wunner <lukas@wunner.de> writes:
> > Constraining oneself to sha256 doesn't seem future-proof.
>
> Definitely not a bad idea, curious, how would you envision that looking
> from an UAPI perspective?
If possible, extend the anonymous struct used by BPF_PROG_LOAD command
with an additional parameter to select the hash algorithm.
Alternatively, create a new command to set the hash algorithm for
subsequent BPF_PROG_LOAD commands.
Use enum hash_algo in include/uapi/linux/hash_info.h to encode the
selected algorithm. You don't need to support all of these
(some of them are deprecated), but at least the sha3 and possibly
sha2 family is a good idea.
Note that CNSA 2.0 has raised the minimum approved hash size to
384 bits both for sha2 and sha3 in light of PQC:
https://www.fortanix.com/blog/which-post-quantum-cryptography-pqc-algorithm-should-i-use
https://media.defense.gov/2022/Sep/07/2003071836/-1/-1/0/CSI_CNSA_2.0_FAQ_.PDF
Granted, there's no mainline support for PQC signature algorithms yet,
but there's at least one out-of-tree implementation, it's only a question
of when not if something like this is submitted for mainline:
https://github.com/smuellerDD/leancrypto
Thanks,
Lukas
next prev parent reply other threads:[~2025-05-29 19:31 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-28 21:49 [PATCH 0/3] BPF signature verification Blaise Boscaccy
2025-05-28 21:49 ` [PATCH 1/3] bpf: Add bpf_check_signature Blaise Boscaccy
2025-05-29 7:39 ` kernel test robot
2025-05-29 10:11 ` Lukas Wunner
2025-05-29 15:32 ` Blaise Boscaccy
2025-05-29 19:31 ` Lukas Wunner [this message]
2025-05-29 19:36 ` James Bottomley
2025-06-02 22:40 ` Paul Moore
2025-06-04 16:25 ` Jarkko Sakkinen
2025-05-28 21:49 ` [PATCH 2/3] bpf: Support light-skeleton signatures in autogenerated code Blaise Boscaccy
2025-05-28 21:49 ` [PATCH 3/3] bpftool: Allow signing of light-skeleton programs Blaise Boscaccy
2025-05-30 16:42 ` [PATCH 0/3] BPF signature verification KP Singh
2025-05-30 20:14 ` Paul Moore
2025-05-30 20:44 ` KP Singh
2025-05-30 21:19 ` Blaise Boscaccy
2025-05-30 21:32 ` KP Singh
2025-05-30 21:33 ` KP Singh
2025-05-30 22:15 ` Blaise Boscaccy
2025-05-30 22:14 ` Blaise Boscaccy
2025-05-30 22:19 ` KP Singh
2025-05-30 22:27 ` Blaise Boscaccy
2025-05-30 22:47 ` KP Singh
2025-05-30 23:25 ` Blaise Boscaccy
2025-05-30 23:32 ` KP Singh
2025-06-02 15:01 ` Blaise Boscaccy
2025-06-04 16:22 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aDi2JWk0jtbUpMhD@wunner.de \
--to=lukas@wunner.de \
--cc=James.Bottomley@hansenpartnership.com \
--cc=alan.maguire@oracle.com \
--cc=andrii@kernel.org \
--cc=aspsk@isovalent.com \
--cc=ast@kernel.org \
--cc=bboscaccy@linux.microsoft.com \
--cc=bpf@vger.kernel.org \
--cc=code@tyhicks.com \
--cc=daniel@iogearbox.net \
--cc=dhowells@redhat.com \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=ignat@cloudflare.com \
--cc=jarkko@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kerneljasonxing@gmail.com \
--cc=keyrings@vger.kernel.org \
--cc=kpsingh@kernel.org \
--cc=kysrinivasan@gmail.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux@jordanrome.com \
--cc=martin.kelly@crowdstrike.com \
--cc=martin.lau@linux.dev \
--cc=paul@paul-moore.com \
--cc=qmo@kernel.org \
--cc=roberto.sassu@huawei.com \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=teknoraver@meta.com \
--cc=willemb@google.com \
--cc=xiyou.wangcong@gmail.com \
--cc=yonghong.song@linux.dev \
--cc=zeffron@riotgames.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.