Received: by 2002:a05:7412:1e0b:b0:fc:a2b0:25d7 with SMTP id kr11csp1291064rdb; Fri, 16 Feb 2024 10:48:09 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWCNr8I8UWZdOXXqS+NWFz/d0yeNO2/bOMOg2Pi7M9sH53K/t06LVTEJKZbv2qUuv9O2ugTQu/5qOfnYEK/7KyccGosUJrZNce7Xv40rw== X-Google-Smtp-Source: AGHT+IGemYKFB26RZxhf0HX+F1Lh8Synb+g/f9kQ9dYunV4jpWjiLHoW82iW3JAmL/+Qk4V/Efhg X-Received: by 2002:ac8:5a8f:0:b0:42d:eb71:8add with SMTP id c15-20020ac85a8f000000b0042deb718addmr952321qtc.60.1708109289655; Fri, 16 Feb 2024 10:48:09 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708109289; cv=pass; d=google.com; s=arc-20160816; b=oxxX26L5gVdWrjtzXZdV7mo3Gz50gClKRL5N7/4tJaDSA6TDw/8ePe+b8ld1CaMf0U Xi3D6i0JJchVfNTRKdimmRwAUqhlb4lh9YaLtFYckSlTKymP8y8BqUXCgWZ9HegZnFDq UrF3h2120dLRx0YfODp+fIccuee6faeo7eGz4J6GcKulGSq6ZERIi60hCGLVdn9Mouoj pykoWlImRHIt4OunHfNd4vMBiaIOOLb/N0hCl7vdJkja+4nfCBe0YE13iq5AKel31wPR ZlncjhvUKsYWXSIraJxvz87tlxLwVc8kriEVxvTbdqTC7egGMnL58MxDEXls5J+QyY1b Ed6Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=JPht/1NFabyfyAOA5BnhQyFPe9WOLuLC26kmHTjwpJ4=; fh=Ysex++z953zBieCvJXZoLHAuUZ87OEDibDRM4rZAXzw=; b=YwssycUU6wDtCk5MngMiQUpoYhuUWOsg9I7gqn/A9ADSmAmlpVYO4a2jM2is8ON478 bf8dM+1R9O0Qlt3Jb46IpuFv63MyUtB4zS1atOcAVM1XBCnGP7brVSWPjyynDB8Nn8WQ AzOcmVdEg45FNccdfyNjxjMz0x0GN4fZynkQkeJRMI1j2NvbqGqBVVv0hiVGB4Sb/Hx+ jN6sZwjMllswQ7hwAsBNsk4DLzX8hWkV5PXYufFBXWoqkg3MMTX9Q/wwyDCzNBRK0gac +d09dy6TeA5A+RfYvWA4PsP8LmyJsJk9uOwQ30GfVk2gYt/OG+oIvhWYzVVC5d28dHCK 7Rwg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=WnwjsxD1; arc=pass (i=1 dkim=pass dkdomain=infradead.org); spf=pass (google.com: domain of linux-kernel+bounces-69200-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-69200-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id f3-20020ac85d03000000b0042c80b42eacsi452535qtx.735.2024.02.16.10.48.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Feb 2024 10:48:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-69200-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=WnwjsxD1; arc=pass (i=1 dkim=pass dkdomain=infradead.org); spf=pass (google.com: domain of linux-kernel+bounces-69200-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-69200-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 6AED41C21D34 for ; Fri, 16 Feb 2024 18:48:09 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 67BE0145FF0; Fri, 16 Feb 2024 18:44:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="WnwjsxD1" Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D921A1350DA; Fri, 16 Feb 2024 18:44:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=90.155.50.34 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708109080; cv=none; b=FHe6ktGz0p66+Rd7oaL/FWUphn2e9LLTPhdLllA2vCVrpVwFc3sZ7Ozm1LAfKW3xKbZWSyk8AWoDNOd8RXpmX9xwiydfu4qRB925+Ybiox/ist5A69Eng/MyHlrBqQEGPRf1P3tG2FPSg1pNSi2kw8i0d3QdEMSnc2BcdLMoWqI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708109080; c=relaxed/simple; bh=hJV2Di9TWXWAH3jf5tFtKbA4cNPOaMlqPYf8O81MJlc=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=SzX8HJuw3lTLzPe7/rhqkaaQ+nessS4K0+m5lHCzexDwlQQmcb/XwwwEBrQ12ckP9JUrYJRvXYqitKYq2WNgZDZs04tOURTu58Prpx8UGhnxGVUPMm38A4O8ctjHLwJlnooUaldcVXze+9qy7AvXUk+fnNVb6jEJfOLIyEpLKyM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=WnwjsxD1; arc=none smtp.client-ip=90.155.50.34 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=JPht/1NFabyfyAOA5BnhQyFPe9WOLuLC26kmHTjwpJ4=; b=WnwjsxD1L1lvhPKHcta+fg5QNv mNvLs2E2BVgDiXG1+rHXoVpgxMdweoF9Z2/QMR1miNan5T+p9pxwVUexrD0fzJRd32j1ZQc+rUOE/ rFRXTBwu9OXwEiyLB5XvSnD0fXw8C0xLmH8XSGYVkSYh3kCbEqTrLeMy/O5Iz+S43136WS33xxVyg 43ePNyMUTLCyiv58BFK8ket/CJEtNsLx2PMuTmHc70Y4WGS99GrItcIBoXuAseN071UXVmNrJagnq 8EyLtNzGZ1LrbvCNbw3qhKQe7coIJR2tNt21j+DZ5ta3RSeWN0Mp9pEejrT/Xdqa5Aqfdtj/4Zlz9 Fc7OTCpw==; Received: from willy by casper.infradead.org with local (Exim 4.97.1 #2 (Red Hat Linux)) id 1rb3Bz-00000005ODb-2ifl; Fri, 16 Feb 2024 18:44:11 +0000 Date: Fri, 16 Feb 2024 18:44:11 +0000 From: Matthew Wilcox To: Roberto Sassu Cc: Petr Tesarik , Dave Hansen , Petr =?utf-8?B?VGVzYcWZw61r?= , Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" , "H. Peter Anvin" , Andy Lutomirski , Oleg Nesterov , Peter Zijlstra , Xin Li , Arnd Bergmann , Andrew Morton , Rick Edgecombe , Kees Cook , "Masami Hiramatsu (Google)" , Pengfei Xu , Josh Poimboeuf , Ze Gao , "Kirill A. Shutemov" , Kai Huang , David Woodhouse , Brian Gerst , Jason Gunthorpe , Joerg Roedel , "Mike Rapoport (IBM)" , Tina Zhang , Jacob Pan , "open list:DOCUMENTATION" , open list , David Howells , Petr Tesarik Subject: Re: [RFC 6/8] KEYS: PGP data parser Message-ID: References: <20240216152435.1575-1-petrtesarik@huaweicloud.com> <20240216152435.1575-7-petrtesarik@huaweicloud.com> <5916fa3ac3d0ce2ade71e7ed1c9eb6923e374c1f.camel@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5916fa3ac3d0ce2ade71e7ed1c9eb6923e374c1f.camel@huaweicloud.com> On Fri, Feb 16, 2024 at 05:53:01PM +0100, Roberto Sassu wrote: > On Fri, 2024-02-16 at 16:44 +0000, Matthew Wilcox wrote: > > On Fri, Feb 16, 2024 at 04:24:33PM +0100, Petr Tesarik wrote: > > > From: David Howells > > > > > > Implement a PGP data parser for the crypto key type to use when > > > instantiating a key. > > > > > > This parser attempts to parse the instantiation data as a PGP packet > > > sequence (RFC 4880) and if it parses okay, attempts to extract a public-key > > > algorithm key or subkey from it. > > > > I don't understand why we want to do this in-kernel instead of in > > userspace and then pass in the actual key. > > Sigh, this is a long discussion. Well, yes. When you don't lay out why this is of value, it turns into a long discussion. This isn't fun for me either. > PGP keys would be used as a system-wide trust anchor to verify RPM > package headers, which already contain file digests that can be used as > reference values for kernel-enforced integrity appraisal. The one example we have of usage comes in patch 7 of this series and is: gpg --dearmor < | keyctl padd asymmetric "" @u And you're already using two userspace programs there. Why not a third? gpg --dearmor < | ./scripts/parse-pgp-packets | keyctl padd asymmetric "" @u > With the assumptions that: > > - In a locked-down system the kernel has more privileges than root > - The kernel cannot offload this task to an user space process due to > insufficient isolation > > the only available option is to do it in the kernel (that is what I got > as suggestion). This sounds like there's some other way of getting the key into the kernel which doesn't rely on userspace. Or are you assuming that nobody bothered to trojan 'cat'?