From: Andy Lutomirski <luto@kernel.org>
To: David Howells <dhowells@redhat.com>, Luis Rodriguez <mcgrof@suse.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>,
keyrings@linux-nfs.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Kyle McMartin <kyle@kernel.org>,
linux-wireless@vger.kernel.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Seth Forshee <seth.forshee@canonical.com>,
LSM List <linux-security-module@vger.kernel.org>,
Mimi Zohar <zohar@us.ibm.com>,
David Woodhouse <dwmw2@infradead.org>
Subject: Re: [PATCH 16/20] PKCS#7: Add an optional authenticated attribute to hold firmware name [ver #5]
Date: Thu, 28 May 2015 18:30:25 -0700 [thread overview]
Message-ID: <5567C131.8050005@kernel.org> (raw)
In-Reply-To: <20150528154834.1259.22434.stgit@warthog.procyon.org.uk>
[resending with further gmane screwups fixed]
On 05/28/2015 08:48 AM, David Howells wrote:
> Modify the sign-file program to take a "-F <firmware name>" parameter. The
> name is a utf8 string that, if given, is inserted in a PKCS#7 authenticated
> attribute from where it can be extracted by the kernel. Authenticated
> attributes are added to the signature digest.
>
> If the attribute is present, the signature would be assumed to be for
> firmware and would not be permitted with module signing or kexec. The name
> associated with the attribute would be compared to the name passed to
> request_firmware() and the load request would be denied if they didn't
> match.
This is insecure because PKCS#7 authenticated attributes are broken (see
RFC2315 section 9.4 note 4). You need to either require that everything
have authenticated attributes or require that nothing have authenticated
attributes. Maybe this insecurity doesn't matter in practice, but I
don't wouldn't want to bet on it.
On top of that, this is a ton of code to support something trivial. And
it requires an OID to be registered (ick).
Earlier you suggested just appending the signature purpose to the thing
being signed. What's wrong with that? It's probably much less code, it
doesn't require reviewing details of the godawful PKCS#7 spec, and it
will continue working if and when someone adds a more sensible signature
format. And you could tear out PKCS#7 authenticated attribute support
on top of it.
P.S. Or you could stop using PKCS#7 if possible. Holy crap, maybe it's
a standard, but it's a standard that we don't actually have to follow
and it *has trivial collisions by construction*.
For Pete's sake, there are already 1262 lines of code just implementing
PKCS#7. In contrast, the *entire* tweetnacl library, which uses better
crypto and is actually correct (no built-in collisions) fits a complete
signature implementation and the underlying crypto in barely half that
many lines. This is actually unfair to tweetnacl, as tweetnacl also
includes an AEAD, which could be removed to shorten it by a decent amount.
--Andy
next prev parent reply other threads:[~2015-05-29 1:30 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-28 15:46 [PATCH 00/20] MODSIGN: Use PKCS#7 for module signatures [ver #5] David Howells
2015-05-28 15:46 ` [PATCH 01/20] X.509: Extract both parts of the AuthorityKeyIdentifier " David Howells
2015-05-28 15:46 ` [PATCH 02/20] X.509: Support X.509 lookup by Issuer+Serial form " David Howells
2015-05-28 15:46 ` [PATCH 03/20] PKCS#7: Allow detached data to be supplied for signature checking purposes " David Howells
2015-05-28 15:46 ` [PATCH 04/20] MODSIGN: Provide a utility to append a PKCS#7 signature to a module " David Howells
2015-05-28 15:46 ` [PATCH 05/20] MODSIGN: Use PKCS#7 messages as module signatures " David Howells
2015-05-28 15:47 ` [PATCH 06/20] sign-file: Add option to only create signature file " David Howells
2015-05-28 15:47 ` [PATCH 07/20] system_keyring.c doesn't need to #include module-internal.h " David Howells
2015-05-28 15:47 ` [PATCH 08/20] MODSIGN: Extract the blob PKCS#7 signature verifier from module signing " David Howells
2015-05-28 15:47 ` [PATCH 09/20] modsign: Abort modules_install when signing fails " David Howells
2015-05-28 15:47 ` [PATCH 10/20] modsign: Allow password to be specified for signing key " David Howells
2015-05-28 15:47 ` [PATCH 11/20] modsign: Allow signing key to be PKCS#11 " David Howells
2015-05-28 15:47 ` [PATCH 12/20] modsign: Allow external signing key to be specified " David Howells
2015-05-28 15:48 ` [PATCH 13/20] modsign: Extract signing cert from CONFIG_MODULE_SIG_KEY if needed " David Howells
2015-05-28 15:48 ` [PATCH 14/20] modsign: Use single PEM file for autogenerated key " David Howells
2015-05-28 15:48 ` [PATCH 15/20] modsign: Add explicit CONFIG_SYSTEM_TRUSTED_KEYS option " David Howells
2015-05-28 15:48 ` [PATCH 16/20] PKCS#7: Add an optional authenticated attribute to hold firmware name " David Howells
2015-05-29 1:30 ` Andy Lutomirski [this message]
2015-05-29 12:40 ` David Howells
2015-05-29 18:38 ` Andy Lutomirski
2015-06-01 15:50 ` David Howells
2015-06-01 17:06 ` Andy Lutomirski
2015-05-28 15:48 ` [PATCH 17/20] X.509: Restrict the usage of a key based on information in X.509 certificate " David Howells
2015-05-28 15:48 ` [PATCH 18/20] X.509: Parse the keyUsage extension to detect key-signing keys " David Howells
2015-05-28 15:49 ` [PATCH 19/20] KEYS: Restrict signature verification to keys appropriate to the purpose " David Howells
2015-05-28 15:49 ` [PATCH 20/20] sign-file: use .p7s instead of .pkcs7 file extension " David Howells
2015-05-28 15:52 ` [PATCH 00/20] MODSIGN: Use PKCS#7 for module signatures " David Woodhouse
2015-05-28 15:57 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5567C131.8050005@kernel.org \
--to=luto@kernel.org \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=gregkh@linuxfoundation.org \
--cc=keyrings@linux-nfs.org \
--cc=kyle@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=mcgrof@suse.com \
--cc=mjg59@srcf.ucam.org \
--cc=seth.forshee@canonical.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).