Message ID | 20231010212755.64744-1-dimitri.ledkov@canonical.com (mailing list archive) |
---|---|
State | Accepted |
Delegated to: | Herbert Xu |
Headers | show |
Series | crypto: Limit MODULE_SIG_KEY_TYPE_ECDSA to SHA384 or SHA512 | expand |
On Tue, Oct 10, 2023 at 10:27:55PM +0100, Dimitri John Ledkov wrote: > NIST FIPS 186-5 states that it is recommended that the security > strength associated with the bit length of n and the security strength > of the hash function be the same, or higher upon agreement. Given NIST > P384 curve is used, force using either SHA384 or SHA512. > > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> > --- I'd imagine this could go through crypto tree, as folks more in tune with these requirements would be more aligned with what we need. Luis
On Tue, Oct 10, 2023 at 10:27:55PM +0100, Dimitri John Ledkov wrote: > NIST FIPS 186-5 states that it is recommended that the security > strength associated with the bit length of n and the security strength > of the hash function be the same, or higher upon agreement. Given NIST > P384 curve is used, force using either SHA384 or SHA512. > > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> > --- > certs/Kconfig | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) Patch applied. Thanks.
On Tue, Oct 10, 2023 at 10:27:55PM +0100, Dimitri John Ledkov wrote: > NIST FIPS 186-5 states that it is recommended that the security > strength associated with the bit length of n and the security strength > of the hash function be the same, or higher upon agreement. Given NIST > P384 curve is used, force using either SHA384 or SHA512. > > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> > --- > certs/Kconfig | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) Patch applied. Thanks.
diff --git a/certs/Kconfig b/certs/Kconfig index 1f109b0708..84582de66b 100644 --- a/certs/Kconfig +++ b/certs/Kconfig @@ -30,9 +30,11 @@ config MODULE_SIG_KEY_TYPE_RSA config MODULE_SIG_KEY_TYPE_ECDSA bool "ECDSA" select CRYPTO_ECDSA + depends on MODULE_SIG_SHA384 || MODULE_SIG_SHA512 help - Use an elliptic curve key (NIST P384) for module signing. Consider - using a strong hash like sha256 or sha384 for hashing modules. + Use an elliptic curve key (NIST P384) for module signing. Use + a strong hash of same or higher bit length, i.e. sha384 or + sha512 for hashing modules. Note: Remove all ECDSA signing keys, e.g. certs/signing_key.pem, when falling back to building Linux 5.14 and older kernels.
NIST FIPS 186-5 states that it is recommended that the security strength associated with the bit length of n and the security strength of the hash function be the same, or higher upon agreement. Given NIST P384 curve is used, force using either SHA384 or SHA512. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> --- certs/Kconfig | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)