crypto: mscode_parser: remove sha224 authenticode support

Message ID 20231010212530.63470-1-dimitri.ledkov@canonical.com
State New
Headers
Series crypto: mscode_parser: remove sha224 authenticode support |

Commit Message

Dimitri John Ledkov Oct. 10, 2023, 9:25 p.m. UTC
  It is possible to stand up own certificates and sign PE-COFF binaries
using SHA-224. However it never became popular or needed since it has
similar costs as SHA-256. Windows Authenticode infrastructure never
had support for SHA-224, and all secureboot keys used fro linux
vmlinuz have always been using at least SHA-256.

Given the point of mscode_parser is to support interoperatiblity with
typical de-facto hashes, remove support for SHA-224 to avoid
posibility of creating interoperatibility issues with rhboot/shim,
grub, and non-linux systems trying to sign or verify vmlinux.

SHA-224 itself is not removed from the kernel, as it is truncated
SHA-256. If requested I can write patches to remove SHA-224 support
across all of the drivers.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
---
 crypto/asymmetric_keys/mscode_parser.c | 3 ---
 1 file changed, 3 deletions(-)
  

Comments

Ard Biesheuvel Oct. 11, 2023, 8:42 a.m. UTC | #1
On Tue, 10 Oct 2023 at 23:25, Dimitri John Ledkov
<dimitri.ledkov@canonical.com> wrote:
>
> It is possible to stand up own certificates and sign PE-COFF binaries
> using SHA-224. However it never became popular or needed since it has
> similar costs as SHA-256. Windows Authenticode infrastructure never
> had support for SHA-224, and all secureboot keys used fro linux

fro

> vmlinuz have always been using at least SHA-256.
>
> Given the point of mscode_parser is to support interoperatiblity with

interoperatibility

> typical de-facto hashes, remove support for SHA-224 to avoid
> posibility

the possibility

> of creating interoperatibility

interoperability

> issues with rhboot/shim,
> grub, and non-linux systems trying to sign or verify vmlinux.
>
> SHA-224 itself is not removed from the kernel, as it is truncated
> SHA-256. If requested I can write patches to remove SHA-224 support
> across all of the drivers.
>

We can stop using it but we cannot remove it.

As you say, it is just SHA-256 with a different initial state and a
truncated hash, so removing support entirely achieves very little. And
there are plenty of other algorithms we'd be happy to remove first if
we were only sure that nobody was relying on them. (Note that AF_ALG
supports AEAD so someone somewhere could be using the kernel's sha224
from user space)

> Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>

Acked-by: Ard Biesheuvel <ardb@kernel.org>

> ---
>  crypto/asymmetric_keys/mscode_parser.c | 3 ---
>  1 file changed, 3 deletions(-)
>
> diff --git a/crypto/asymmetric_keys/mscode_parser.c b/crypto/asymmetric_keys/mscode_parser.c
> index 6416bded0e..855cbc46a9 100644
> --- a/crypto/asymmetric_keys/mscode_parser.c
> +++ b/crypto/asymmetric_keys/mscode_parser.c
> @@ -84,9 +84,6 @@ int mscode_note_digest_algo(void *context, size_t hdrlen,
>         case OID_sha512:
>                 ctx->digest_algo = "sha512";
>                 break;
> -       case OID_sha224:
> -               ctx->digest_algo = "sha224";
> -               break;
>
>         case OID__NR:
>                 sprint_oid(value, vlen, buffer, sizeof(buffer));
> --
> 2.34.1
>
  
Herbert Xu Oct. 20, 2023, 5:54 a.m. UTC | #2
On Tue, Oct 10, 2023 at 10:25:29PM +0100, Dimitri John Ledkov wrote:
> It is possible to stand up own certificates and sign PE-COFF binaries
> using SHA-224. However it never became popular or needed since it has
> similar costs as SHA-256. Windows Authenticode infrastructure never
> had support for SHA-224, and all secureboot keys used fro linux
> vmlinuz have always been using at least SHA-256.
> 
> Given the point of mscode_parser is to support interoperatiblity with
> typical de-facto hashes, remove support for SHA-224 to avoid
> posibility of creating interoperatibility issues with rhboot/shim,
> grub, and non-linux systems trying to sign or verify vmlinux.
> 
> SHA-224 itself is not removed from the kernel, as it is truncated
> SHA-256. If requested I can write patches to remove SHA-224 support
> across all of the drivers.
> 
> Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
> ---
>  crypto/asymmetric_keys/mscode_parser.c | 3 ---
>  1 file changed, 3 deletions(-)

Patch applied.  Thanks.
  

Patch

diff --git a/crypto/asymmetric_keys/mscode_parser.c b/crypto/asymmetric_keys/mscode_parser.c
index 6416bded0e..855cbc46a9 100644
--- a/crypto/asymmetric_keys/mscode_parser.c
+++ b/crypto/asymmetric_keys/mscode_parser.c
@@ -84,9 +84,6 @@  int mscode_note_digest_algo(void *context, size_t hdrlen,
 	case OID_sha512:
 		ctx->digest_algo = "sha512";
 		break;
-	case OID_sha224:
-		ctx->digest_algo = "sha224";
-		break;
 
 	case OID__NR:
 		sprint_oid(value, vlen, buffer, sizeof(buffer));