Does IMA support SHA-256 PCR banks?

Does IMA support SHA-256 PCR banks?

[Lakshmi Ramasubramanian]

Hi,

I noticed that even when SHA-256 is selected as the digest algorithm for 
IMA measurement, the PCR hash is still SHA-1.

A net search found the text given below in the following wiki:
    https://wiki.strongswan.org/projects/strongswan/wiki/IMA

**********************************************************************
Since SHA-1 has been "shattered" we recommend to use SHA-256 for the 
file measurement hashes.

IMA implementation does not support SHA-256 PCR banks yet, so the 
SHA-256 file hashes are extended into SHA-1 PCR registers.
**********************************************************************

Is the above still true?

In ima_init_digests() the digest algorithm for PCR extend is set from 
the digest algorithm set in the PCR banks.

Is there a way to configure IMA to use SHA-256 PCR banks?

int __init ima_init_digests(void)
{
...
	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++)
		digests[i].alg_id = ima_tpm_chip->allocated_banks[i].alg_id;
...
	
}

thanks,
  -lakshmi

RE: Does IMA support SHA-256 PCR banks?

[Roberto Sassu]

> -----Original Message-----
> From: linux-integrity-owner@vger.kernel.org [mailto:linux-integrity-
> owner@vger.kernel.org] On Behalf Of Lakshmi Ramasubramanian
> Sent: Tuesday, December 10, 2019 11:37 PM
> To: James Bottomley <James.Bottomley@HansenPartnership.com>;
> jarkko.sakkinen@linux.intel.com; Mimi Zohar <zohar@linux.ibm.com>;
> linux-integrity@vger.kernel.org
> Subject: Does IMA support SHA-256 PCR banks?
> 
> Hi,
> 
> I noticed that even when SHA-256 is selected as the digest algorithm for
> IMA measurement, the PCR hash is still SHA-1.
> 
> A net search found the text given below in the following wiki:
>     https://wiki.strongswan.org/projects/strongswan/wiki/IMA
> 
> **********************************************************
> ************
> Since SHA-1 has been "shattered" we recommend to use SHA-256 for the
> file measurement hashes.
> 
> IMA implementation does not support SHA-256 PCR banks yet, so the
> SHA-256 file hashes are extended into SHA-1 PCR registers.
> **********************************************************
> ************
> 
> Is the above still true?
> 
> In ima_init_digests() the digest algorithm for PCR extend is set from
> the digest algorithm set in the PCR banks.
> 
> Is there a way to configure IMA to use SHA-256 PCR banks?
> 
> int __init ima_init_digests(void)
> {
> ...
> 	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++)
> 		digests[i].alg_id = ima_tpm_chip->allocated_banks[i].alg_id;
> ...

Hi Lakshmi

currently the SHA256 PCR bank is extended with a padded SHA1.

Some time ago, I posted some patches to support the TGC Crypto Agile format:

https://lkml.org/lkml/2017/5/16/369

However, this is a bit complicate because the current format does not follow
the TCG standard. A work to support the new IMA Canonical Event Log format
has been presented at LSS:

https://static.sched.com/hosted_files/lssna18/03/lss_2018_slides_V4.pdf

Given that the patches are very invasive, to me seems a good idea to split this
work in two parts: first, extend PCRs with the correct digest and second
change the measurement list format.

For the first part, the patch will be very simple, as IMA will just query the TPM
to get the list of hash algorithms and will calculate all the digests in
ima_calc_field_array_hash().

Also, the first part would be sufficient for remote attestation, as the data used
to calculate the digests is passed to the verifier. The verifier can calculate by
himself the digest of non-SHA1 PCR banks, even if they are not included in the
measurement list.

Roberto

Re: Does IMA support SHA-256 PCR banks?

[Lakshmi Ramasubramanian]

On 12/11/19 12:45 AM, Roberto Sassu wrote:

> 
> Hi Lakshmi
> 
> currently the SHA256 PCR bank is extended with a padded SHA1.
> 
> Some time ago, I posted some patches to support the TGC Crypto Agile format:
> 
> https://lkml.org/lkml/2017/5/16/369
> 
> However, this is a bit complicate because the current format does not follow
> the TCG standard. A work to support the new IMA Canonical Event Log format
> has been presented at LSS:
> 
> https://static.sched.com/hosted_files/lssna18/03/lss_2018_slides_V4.pdf
> 
> Given that the patches are very invasive, to me seems a good idea to split this
> work in two parts: first, extend PCRs with the correct digest and second
> change the measurement list format.
> 
> For the first part, the patch will be very simple, as IMA will just query the TPM
> to get the list of hash algorithms and will calculate all the digests in
> ima_calc_field_array_hash().
> 
> Also, the first part would be sufficient for remote attestation, as the data used
> to calculate the digests is passed to the verifier. The verifier can calculate by
> himself the digest of non-SHA1 PCR banks, even if they are not included in the
> measurement list.
> 
> Roberto
> 

Thanks Roberto for the info and the link to the related patches posted 
earlier. I'll take a look at the patches.

thanks,
  -lakshmi

Re: Does IMA support SHA-256 PCR banks?

[Ken Goldman]

On 12/11/2019 3:45 AM, Roberto Sassu wrote:
> 
> For the first part, the patch will be very simple, as IMA will just query the TPM
> to get the list of hash algorithms and will calculate all the digests in
> ima_calc_field_array_hash().

This query is probably for the allocated PCR banks.  I.e., a TPM may 
implement more hash algorithms than it allocates PCR banks.

For example, my hardware TPM reports 3 implemented hash algorithms, but
it only allocates 2 PCR banks.

$ getcapability -cap 5
3 PCR selections
     hash TPM_ALG_SHA1
     TPMS_PCR_SELECTION length 3
     ff ff ff
     hash TPM_ALG_SHA256
     TPMS_PCR_SELECTION length 3
     ff ff ff
     hash TPM_ALG_SHA384
     TPMS_PCR_SELECTION length 3
     00 00 00

RE: Does IMA support SHA-256 PCR banks?

[Roberto Sassu]

> -----Original Message-----
> From: Ken Goldman [mailto:kgold@linux.ibm.com]
> Sent: Wednesday, December 25, 2019 5:47 PM
> To: Roberto Sassu <roberto.sassu@huawei.com>; linux-
> integrity@vger.kernel.org
> Subject: Re: Does IMA support SHA-256 PCR banks?
> 
> On 12/11/2019 3:45 AM, Roberto Sassu wrote:
> >
> > For the first part, the patch will be very simple, as IMA will just query the
> TPM
> > to get the list of hash algorithms and will calculate all the digests in
> > ima_calc_field_array_hash().
> 
> This query is probably for the allocated PCR banks.  I.e., a TPM may
> implement more hash algorithms than it allocates PCR banks.

Yes, correct. The TPM driver determines the allocated banks at initialization
time and stores them in the tpm_chip structure which is retrieved by IMA.

Roberto