Add support for ML-DSA PQC keys

.github/workflows/ci.yml

@@ -31,7 +31,7 @@ jobs:
         if [ "$count" -eq 0 ]; then
           exit 0
         fi
-        scripts/checkpatch.pl patches/*  --strict --terse  --no-tree --ignore CONST_STRUCT,VOLATILE,SPLIT_STRING,FILE_PATH_CHANGES,EXECUTE_PERMISSIONS,UNKNOWN_COMMIT_ID,BAD_SIGN_OFF,PREFER_DEFINED_ATTRIBUTE_MACRO,PREFER_KERNEL_TYPES
+        scripts/checkpatch.pl patches/*  --strict --terse  --no-tree --ignore CONST_STRUCT,VOLATILE,SPLIT_STRING,FILE_PATH_CHANGES,EXECUTE_PERMISSIONS,UNKNOWN_COMMIT_ID,BAD_SIGN_OFF,PREFER_DEFINED_ATTRIBUTE_MACRO,PREFER_KERNEL_TYPES,EMBEDDED_FUNCTION_NAME
 
   build:
     needs: review

README

@@ -85,7 +85,7 @@ OPTIONS
       --ignore-violations ignore ToMToU measurement violations
       --hmackey      path to symmetric key (default: /etc/keys/evm-key-plain)
       --v2           create V2 signatures; this is the default
-      --v3           create V3 signatures; this requires Linux 7.1 or later
+      --v3           create V3 signatures; this requires Linux 7.2 or later
   -v                 increase verbosity level
   -h, --help         display this help and exit
 
@@ -153,7 +153,8 @@ in the kernel (since kernel 3.9). CONFIG_INTEGRITY_ASYMMETRIC_KEYS must be enabl
 
 For v2 and v3 signatures x509 certificate (containing the public key) could be appended to the
 private key (they both are in PEM format) to automatically extract keyid from its Subject
-Key Identifier (SKID).
+Key Identifier (SKID). v3 signatures can be created with the --v3 option. This signature format
+is required for signing with ML-DSA keys.
 
 Integrity keyrings
 ----------------

examples/functions

@@ -0,0 +1,47 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+ima_genkey_mldsa()
+{
+	keyalgo="$1"
+
+	GENKEY=ima.genkey
+
+	maj=$(openssl version | awk '{print $2}' | cut -d. -f1)
+	min=$(openssl version | awk '{print $2}' | cut -d. -f2)
+
+	if [ "${maj}" -lt 3 ] || { [ "${maj}" -eq 3 ] && [ "${min}" -lt 5 ]; }; then
+		echo "The openssl tool is too old (v${maj}.${min}) to support ML-DSA. Need at least v3.5.0."
+		exit 1
+	fi
+	cat << __EOF__ >$GENKEY
+[ req ]
+distinguished_name = req_distinguished_name
+prompt = no
+string_mask = utf8only
+x509_extensions = v3_usr
+
+[ req_distinguished_name ]
+O = $(hostname)
+CN = $(whoami) signing key
+emailAddress = $(whoami)@$(hostname)
+
+[ v3_usr ]
+basicConstraints=critical,CA:FALSE
+#basicConstraints=CA:FALSE
+keyUsage=digitalSignature
+#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage=critical,codeSigning
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
+#authorityKeyIdentifier=keyid,issuer
+__EOF__
+
+	openssl req -new -nodes -batch -config $GENKEY \
+			-out csr_ima.pem -keyout privkey_ima.pem \
+			-newkey "${keyalgo}" || return $?
+	openssl x509 -req -in csr_ima.pem -days 365 -extfile $GENKEY -extensions v3_usr \
+			-CA ima-local-ca.pem -CAkey ima-local-ca.priv -CAcreateserial \
+			-outform DER -out x509_ima.der
+	return $?
+}

examples/ima-gen-local-ca-mldsa65.sh

@@ -0,0 +1,29 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+GENKEY=ima-local-ca.genkey
+
+cat << __EOF__ >$GENKEY
+[ req ]
+distinguished_name = req_distinguished_name
+prompt = no
+string_mask = utf8only
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+O = IMA-CA
+CN = IMA/EVM certificate signing key
+emailAddress = ca@ima-ca
+
+[ v3_ca ]
+basicConstraints=CA:TRUE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer
+keyUsage = cRLSign, keyCertSign
+__EOF__
+
+openssl req -new -x509 -utf8 -days 3650 -batch -config $GENKEY \
+		-outform DER -out ima-local-ca.x509 -keyout ima-local-ca.priv \
+		-newkey mldsa65
+
+openssl x509 -inform DER -in ima-local-ca.x509 -out ima-local-ca.pem

examples/ima-genkey-mldsa44.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+DIR=$(dirname "$0")
+
+cd "${DIR}" 1>/dev/null || exit 1
+
+. ./functions
+ima_genkey_mldsa mldsa44
+exit "$?"
+

examples/ima-genkey-mldsa65.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+DIR=$(dirname "$0")
+
+cd "${DIR}" 1>/dev/null || exit 1
+
+. ./functions
+ima_genkey_mldsa mldsa65
+exit "$?"
+

examples/ima-genkey-mldsa87.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+DIR=$(dirname "$0")
+
+cd "${DIR}" 1>/dev/null || exit 1
+
+. ./functions
+ima_genkey_mldsa mldsa87
+exit "$?"
+

src/evmctl.c

@@ -347,7 +347,7 @@ static int calc_evm_hash(const char *file, const char *hash_algo,
 	EVP_MD_CTX *pctx;
 	unsigned int mdlen;
 	char **xattrname;
-	char xattr_value[1024];
+	char xattr_value[MAX_SIGNATURE_SIZE];
 	char list[1024];
 	ssize_t list_size;
 	char uuid[16];
@@ -617,6 +617,10 @@ static int sign_evm(const char *file, char *hash_algo, const char *key)
 		if (err < 0) {
 			log_errno_reset(LOG_ERR, "Setting EVM xattr failed: %s",
 					file);
+			if (len >= 4096)
+				log_err("The signature with %zu bytes is likely too large for the file "
+					"extended attribute. Consider using a different key type.\n",
+					len);
 			return err;
 		}
 	}
@@ -3012,7 +3016,7 @@ static void usage(void)
 		"      --hmackey      path to symmetric key (default: /etc/keys/evm-key-plain)\n"
 #endif
 		"      --v2           create V2 signatures; this is the default\n"
-		"      --v3           create V3 signatures; this requires Linux 7.1 or later\n"
+		"      --v3           create V3 signatures; this requires Linux 7.2 or later\n"
 		"  -v                 increase verbosity level\n"
 		"  -h, --help         display this help and exit\n"
 		"\n"
@@ -3176,6 +3180,7 @@ static ENGINE *setup_engine(const char *engine_id)
 
 int main(int argc, char *argv[])
 {
+	bool version_chosen = false;
 	int err = 0, c, lind;
 	unsigned long keyid;
 	char *eptr;
@@ -3369,9 +3374,19 @@ int main(int argc, char *argv[])
 			break;
 #endif
 		case 150: /* --v2 */
+			if (version_chosen &&
+			    g_signature_version != SIGNATURE_V2) {
+				log_info("Switching to use v2 signatures.\n");
+			}
+			version_chosen = true;
 			g_signature_version = SIGNATURE_V2;
 			break;
 		case 151: /* --v3 */
+			if (version_chosen &&
+			    g_signature_version != SIGNATURE_V3) {
+				log_info("Switching to use v3 signatures.\n");
+			}
+			version_chosen = true;
 			g_signature_version = SIGNATURE_V3;
 			break;
 		case '?':

src/imaevm.h

@@ -74,8 +74,11 @@ typedef struct ossl_provider_st OSSL_PROVIDER;
 #define	DATA_SIZE	4096
 #define SHA1_HASH_LEN   20
 
+#define ML_DSA_87_SIGNATURE_SIZE	4627
+
 #define MAX_DIGEST_SIZE		64
-#define MAX_SIGNATURE_SIZE	1024
+#define MAX_SIGNATURE_SIZE	(1 + sizeof(struct signature_v2_hdr) + \
+				 ML_DSA_87_SIGNATURE_SIZE)
 
 /*
  * The maximum template data size is dependent on the template format. For