module: Do not offer sha224 for built-in module signing

Message ID	20231010212633.64042-1-dimitri.ledkov@canonical.com (mailing list archive)
State	New, archived
Headers	show Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0380A186C for <linux-modules@vger.kernel.org>; Tue, 10 Oct 2023 21:26:57 +0000 (UTC) From: Dimitri John Ledkov <dimitri.ledkov@canonical.com> To: Luis Chamberlain <mcgrof@kernel.org> Cc: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au, linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] module: Do not offer sha224 for built-in module signing Date: Tue, 10 Oct 2023 22:26:33 +0100 Message-Id: <20231010212633.64042-1-dimitri.ledkov@canonical.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	module: Do not offer sha224 for built-in module signing \| expand module: Do not offer sha224 for built-in module signing

Message ID

20231010212633.64042-1-dimitri.ledkov@canonical.com (mailing list archive)

State

New, archived

Headers

From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
To: Luis Chamberlain <mcgrof@kernel.org>
Cc: linux-crypto@vger.kernel.org,
	herbert@gondor.apana.org.au,
	linux-modules@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH] module: Do not offer sha224 for built-in module signing
Date: Tue, 10 Oct 2023 22:26:33 +0100
Message-Id: <20231010212633.64042-1-dimitri.ledkov@canonical.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

module: Do not offer sha224 for built-in module signing | expand

Commit Message

Dimitri John Ledkov Oct. 10, 2023, 9:26 p.m. UTC

sha224 does not provide enough security against collision attacks
relative to the default keys used for signing (RSA 4k & P-384). Also
sha224 never became popular, as sha256 got widely adopter ahead of
sha224 being introduced.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
---
 kernel/module/Kconfig | 5 -----
 1 file changed, 5 deletions(-)

Comments

Herbert Xu Oct. 20, 2023, 5:54 a.m. UTC | #1

On Tue, Oct 10, 2023 at 10:26:33PM +0100, Dimitri John Ledkov wrote:
> sha224 does not provide enough security against collision attacks
> relative to the default keys used for signing (RSA 4k & P-384). Also
> sha224 never became popular, as sha256 got widely adopter ahead of
> sha224 being introduced.
> 
> Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
> ---
>  kernel/module/Kconfig | 5 -----
>  1 file changed, 5 deletions(-)

Patch applied.  Thanks.

diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig
index 19a53d5e77..9d7d45525f 100644
--- a/kernel/module/Kconfig
+++ b/kernel/module/Kconfig
@@ -236,10 +236,6 @@  choice
 	  possible to load a signed module containing the algorithm to check
 	  the signature on that module.
 
-config MODULE_SIG_SHA224
-	bool "Sign modules with SHA-224"
-	select CRYPTO_SHA256
-
 config MODULE_SIG_SHA256
 	bool "Sign modules with SHA-256"
 	select CRYPTO_SHA256
@@ -257,7 +253,6 @@  endchoice
 config MODULE_SIG_HASH
 	string
 	depends on MODULE_SIG || IMA_APPRAISE_MODSIG
-	default "sha224" if MODULE_SIG_SHA224
 	default "sha256" if MODULE_SIG_SHA256
 	default "sha384" if MODULE_SIG_SHA384
 	default "sha512" if MODULE_SIG_SHA512