RSA key size not allowed in FIPS

RSA key size not allowed in FIPS

[Tapas Sarangi]

Hello,

I am using vanilla kernel-4.7 source. It crashes with the following when
booted with ³fips=1 boot=/dev/sda1² option at the kernel command line
argument.

[    0.642411] RSA: key size not allowed in FIPS mode
[    0.643099] Problem loading in-kernel X.509 certificate (-22)
[    0.800524] BUG: unable to handle kernel NULL pointer dereference at
0000000000000068
[    0.803075] IP: [<ffffffff811e1ad7>] kernfs_find_ns+0x17/0xf0
[    0.804111] PGD 0
[    0.804111] Oops: 0000 [#1] SMP
[    0.804111] Modules linked in:
[    0.804111] CPU: 0 PID: 6 Comm: kworker/u2:0 Tainted: G        W
4.7.0-1.tos2_5 #1
[    0.804111] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.8.2-20150714_191134- 04/01/2014
[    0.804111] Workqueue: events_unbound async_run_entry_fn
[    0.804111] task: ffff88003e214100 ti: ffff88003e264000 task.ti:
ffff88003e264000
[    0.804111] RIP: 0010:[<ffffffff811e1ad7>]  [<ffffffff811e1ad7>]
kernfs_find_ns+0x17/0xf0
[    0.804111] RSP: 0018:ffff88003e267868  EFLAGS: 00010282
[    0.804111] RAX: ffff88003e214100 RBX: 0000000000000000 RCX:
ffff88003e264008
[    0.804111] RDX: 0000000000000000 RSI: ffffffff8166bb80 RDI:
0000000000000000
[    0.804111] RBP: ffff88003e267898 R08: 0000000000000000 R09:
ffffffff8166bb80
[    0.804111] R10: 00000000000c6000 R11: 0000000000000001 R12:
ffffffff8166bb80
[    0.804111] R13: 0000000000000000 R14: ffffffff8173048a R15:
ffff88003b17b1a0
[    0.804111] FS:  0000000000000000(0000) GS:ffff88003fc00000(0000)
knlGS:0000000000000000
[    0.804111] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.804111] CR2: 0000000000000068 CR3: 0000000001806000 CR4:
00000000000406f0
[    0.804111] Stack:
[    0.804111]  ffff88003e267898 0000000000000000 ffff880000000001
0000000000000000
[    0.804111]  ffffffff8166bb80 0000000000000000 ffff88003e2678c8
ffffffff811e1e77
[    0.804111]  0000000000000096 ffffffff81873d40 ffff88003b152828
0000000000000005
[    0.804111] Call Trace:
[    0.804111]  [<ffffffff811e1e77>] kernfs_find_and_get_ns+0x37/0x60
[    0.804111]  [<ffffffff811e5c58>] sysfs_unmerge_group+0x18/0x60
[    0.804111]  [<ffffffff8139c187>] dpm_sysfs_remove+0x27/0x60



Thanks for any suggestion.
-Tapas
Ps : I could not send any attachment, is it possible to send attachment to
this mailing list ?




________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

Re: RSA key size not allowed in FIPS

[Stephan Mueller]

Am Dienstag, 9. August 2016, 14:10:33 CEST schrieb Tapas Sarangi:

Hi Tapas,

> Hello,
> 
> I am using vanilla kernel-4.7 source. It crashes with the following when
> booted with ³fips=1 boot=/dev/sda1² option at the kernel command line
> argument.

The kernel only allows 2k and 3k RSA keys in FIPS mode. Please check your RSA 
key used for signatures.

                /* In FIPS mode only allow key size 2K & 3K */
                if (n_sz != 256 && n_sz != 384) {
                        pr_err("RSA: key size not allowed in FIPS mode\n");
                        return -EINVAL;
                }

Ciao
Stephan

Re: RSA key size not allowed in FIPS

[Gary R Hook]

On 08/09/2016 09:10 AM, Tapas Sarangi wrote:

> Ps : I could not send any attachment, is it possible to send attachment to
> this mailing list ?

Pretty sure that's frowned upon.

Re: RSA key size not allowed in FIPS

[Tapas Sarangi]

Hi Stephan,

If I understand this correctly, this (CONFIG_MODULE_SIG_HASH=“sha256")
tells about the key size used.
I am using “sha256”. Initially, I was using “sha512” which I thought could
be causing problem, but I am getting same error when change it to
“sha256”.

[root@localhost ~]# grep MODULE_SIG /boot/config-4.7.0-1.tos2_5

CONFIG_MODULE_SIG=y
# CONFIG_MODULE_SIG_FORCE is not set
CONFIG_MODULE_SIG_ALL=y
# CONFIG_MODULE_SIG_SHA1 is not set
# CONFIG_MODULE_SIG_SHA224 is not set
CONFIG_MODULE_SIG_SHA256=y
# CONFIG_MODULE_SIG_SHA384 is not set
# CONFIG_MODULE_SIG_SHA512 is not set
CONFIG_MODULE_SIG_HASH="sha256"
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"

Thanks


-Tapas


On 8/9/16, 9:29 AM, "Stephan Mueller" <smueller@chronox.de> wrote:

>Am Dienstag, 9. August 2016, 14:10:33 CEST schrieb Tapas Sarangi:
>
>Hi Tapas,
>
>> Hello,
>>
>> I am using vanilla kernel-4.7 source. It crashes with the following when
>> booted with ³fips=1 boot=/dev/sda1² option at the kernel command line
>> argument.
>
>The kernel only allows 2k and 3k RSA keys in FIPS mode. Please check your
>RSA
>key used for signatures.
>
>                /* In FIPS mode only allow key size 2K & 3K */
>                if (n_sz != 256 && n_sz != 384) {
>                        pr_err("RSA: key size not allowed in FIPS
>mode\n");
>                        return -EINVAL;
>                }
>
>Ciao
>Stephan


________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

Re: RSA key size not allowed in FIPS

[Tapas Sarangi]

Looking at the kernel compilation log, it seems to be generating a 4k
(4096 bits) private key, although I am specifying
CONFIG_MODULE_SIG_HASH=“sha256”. How can I generate RSA key that is within
2k-3k bits ?

Here is a snippet from the compilation log:

### Now generating an X.509 key pair to be used for signing modules.
###
### If this takes a long time, you might wish to run rngd in the
### background to keep the supply of entropy topped up.  It
### needs to be run as root, and uses a hardware random
### number generator if one is available.
###
Generating a 4096 bit RSA private key

Thanks a lot.
-Tapas





On 8/9/16, 9:39 AM, "Tapas Sarangi" <TSarangi@trustwave.com> wrote:

>Hi Stephan,
>
>If I understand this correctly, this (CONFIG_MODULE_SIG_HASH=“sha256")
>tells about the key size used.
>I am using “sha256”. Initially, I was using “sha512” which I thought could
>be causing problem, but I am getting same error when change it to
>“sha256”.
>
>[root@localhost ~]# grep MODULE_SIG /boot/config-4.7.0-1.tos2_5
>
>CONFIG_MODULE_SIG=y
># CONFIG_MODULE_SIG_FORCE is not set
>CONFIG_MODULE_SIG_ALL=y
># CONFIG_MODULE_SIG_SHA1 is not set
># CONFIG_MODULE_SIG_SHA224 is not set
>CONFIG_MODULE_SIG_SHA256=y
># CONFIG_MODULE_SIG_SHA384 is not set
># CONFIG_MODULE_SIG_SHA512 is not set
>CONFIG_MODULE_SIG_HASH="sha256"
>CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
>
>Thanks
>
>
>-Tapas
>
>
>On 8/9/16, 9:29 AM, "Stephan Mueller" <smueller@chronox.de> wrote:
>
>>Am Dienstag, 9. August 2016, 14:10:33 CEST schrieb Tapas Sarangi:
>>
>>Hi Tapas,
>>
>>> Hello,
>>>
>>> I am using vanilla kernel-4.7 source. It crashes with the following
>>>when
>>> booted with ³fips=1 boot=/dev/sda1² option at the kernel command line
>>> argument.
>>
>>The kernel only allows 2k and 3k RSA keys in FIPS mode. Please check your
>>RSA
>>key used for signatures.
>>
>>                /* In FIPS mode only allow key size 2K & 3K */
>>                if (n_sz != 256 && n_sz != 384) {
>>                        pr_err("RSA: key size not allowed in FIPS
>>mode\n");
>>                        return -EINVAL;
>>                }
>>
>>Ciao
>>Stephan
>


________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

Re: RSA key size not allowed in FIPS

[Stephan Mueller]

Am Dienstag, 9. August 2016, 14:39:03 CEST schrieb Tapas Sarangi:

Hi Tapas, David,

> Hi Stephan,
> 
> If I understand this correctly, this (CONFIG_MODULE_SIG_HASH=“sha256")
> tells about the key size used.
> I am using “sha256”. Initially, I was using “sha512” which I thought could
> be causing problem, but I am getting same error when change it to
> “sha256”.
> 
> [root@localhost ~]# grep MODULE_SIG /boot/config-4.7.0-1.tos2_5
> 
> CONFIG_MODULE_SIG=y
> # CONFIG_MODULE_SIG_FORCE is not set
> CONFIG_MODULE_SIG_ALL=y
> # CONFIG_MODULE_SIG_SHA1 is not set
> # CONFIG_MODULE_SIG_SHA224 is not set
> CONFIG_MODULE_SIG_SHA256=y
> # CONFIG_MODULE_SIG_SHA384 is not set
> # CONFIG_MODULE_SIG_SHA512 is not set
> CONFIG_MODULE_SIG_HASH="sha256"
> CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"

It is rather the question how signing_key.pem is generated.

Do you have the file certs/x509.genkey? If yes, what is the default_bits 
value?

David, the x509.genkey file seems to generate a 4k RSA key per default. This 
will cause a panic with fips=1 as only 2k and 3k keys are allowed.

Ciao
Stephan

Re: RSA key size not allowed in FIPS

[Tapas Sarangi]

Embarrassing! Yes, I just saw this while you are pressing send on that
replyŠ default bits were set to 4096 in x509.genkey. :-(

I am trying out with 2048 bits. I will confirm.

-Tapas


On 8/9/16, 9:55 AM, "Stephan Mueller" <smueller@chronox.de> wrote:

>Am Dienstag, 9. August 2016, 14:39:03 CEST schrieb Tapas Sarangi:
>
>Hi Tapas, David,
>
>> Hi Stephan,
>>
>> If I understand this correctly, this (CONFIG_MODULE_SIG_HASH=³sha256")
>> tells about the key size used.
>> I am using ³sha256². Initially, I was using ³sha512² which I thought
>>could
>> be causing problem, but I am getting same error when change it to
>> ³sha256².
>>
>> [root@localhost ~]# grep MODULE_SIG /boot/config-4.7.0-1.tos2_5
>>
>> CONFIG_MODULE_SIG=y
>> # CONFIG_MODULE_SIG_FORCE is not set
>> CONFIG_MODULE_SIG_ALL=y
>> # CONFIG_MODULE_SIG_SHA1 is not set
>> # CONFIG_MODULE_SIG_SHA224 is not set
>> CONFIG_MODULE_SIG_SHA256=y
>> # CONFIG_MODULE_SIG_SHA384 is not set
>> # CONFIG_MODULE_SIG_SHA512 is not set
>> CONFIG_MODULE_SIG_HASH="sha256"
>> CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
>
>It is rather the question how signing_key.pem is generated.
>
>Do you have the file certs/x509.genkey? If yes, what is the default_bits
>value?
>
>David, the x509.genkey file seems to generate a 4k RSA key per default.
>This
>will cause a panic with fips=1 as only 2k and 3k keys are allowed.
>
>Ciao
>Stephan


________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

Re: RSA key size not allowed in FIPS

[Tapas Sarangi]

Hi Stephan,


Thanks for your responses. I am past this error now.

I am still NOT out of trouble. Now, test integrity fails while trying to
get into FIPS mode. Here is the snippet of error messages.  I will create
a separate thread for this,

/boot/vmlinuz-4.7.0-1.tos2_5: OK
modprobe: ERROR: could not insert 'drbg': Unknown symbol in module, or
unknown parameter (see dmesg)
[    1.193406] dracut: FATAL: FIPS integrity test failed
[    1.194086] dracut: Refusing to continue

[    1.195820] Kernel panic - not syncing: Attempted to kill init!
exitcode=0x00000100
[    1.195820]


-Tapas



On 8/9/16, 10:00 AM, "Tapas Sarangi" <TSarangi@trustwave.com> wrote:

>Embarrassing! Yes, I just saw this while you are pressing send on that
>replyŠ default bits were set to 4096 in x509.genkey. :-(
>
>I am trying out with 2048 bits. I will confirm.
>
>-Tapas
>
>
>On 8/9/16, 9:55 AM, "Stephan Mueller" <smueller@chronox.de> wrote:
>
>>Am Dienstag, 9. August 2016, 14:39:03 CEST schrieb Tapas Sarangi:
>>
>>Hi Tapas, David,
>>
>>> Hi Stephan,
>>>
>>> If I understand this correctly, this (CONFIG_MODULE_SIG_HASH=³sha256")
>>> tells about the key size used.
>>> I am using ³sha256². Initially, I was using ³sha512² which I thought
>>>could
>>> be causing problem, but I am getting same error when change it to
>>> ³sha256².
>>>
>>> [root@localhost ~]# grep MODULE_SIG /boot/config-4.7.0-1.tos2_5
>>>
>>> CONFIG_MODULE_SIG=y
>>> # CONFIG_MODULE_SIG_FORCE is not set
>>> CONFIG_MODULE_SIG_ALL=y
>>> # CONFIG_MODULE_SIG_SHA1 is not set
>>> # CONFIG_MODULE_SIG_SHA224 is not set
>>> CONFIG_MODULE_SIG_SHA256=y
>>> # CONFIG_MODULE_SIG_SHA384 is not set
>>> # CONFIG_MODULE_SIG_SHA512 is not set
>>> CONFIG_MODULE_SIG_HASH="sha256"
>>> CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
>>
>>It is rather the question how signing_key.pem is generated.
>>
>>Do you have the file certs/x509.genkey? If yes, what is the default_bits
>>value?
>>
>>David, the x509.genkey file seems to generate a 4k RSA key per default.
>>This
>>will cause a panic with fips=1 as only 2k and 3k keys are allowed.
>>
>>Ciao
>>Stephan
>


________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

Re: RSA key size not allowed in FIPS

[Stephan Mueller]

Am Dienstag, 9. August 2016, 16:07:06 CEST schrieb Tapas Sarangi:

Hi Tapas,

> Hi Stephan,
> 
> 
> Thanks for your responses. I am past this error now.
> 
> I am still NOT out of trouble. Now, test integrity fails while trying to
> get into FIPS mode. Here is the snippet of error messages.  I will create
> a separate thread for this,
> 
> /boot/vmlinuz-4.7.0-1.tos2_5: OK
> modprobe: ERROR: could not insert 'drbg': Unknown symbol in module, or
> unknown parameter (see dmesg)

Do you see which symbol is missing?


> [    1.193406] dracut: FATAL: FIPS integrity test failed
> [    1.194086] dracut: Refusing to continue
> 
> [    1.195820] Kernel panic - not syncing: Attempted to kill init!
> exitcode=0x00000100
> [    1.195820]
> 
> 
> -Tapas
> 
> 
> 
> On 8/9/16, 10:00 AM, "Tapas Sarangi" <TSarangi@trustwave.com> wrote:
> 
> 
> >Embarrassing! Yes, I just saw this while you are pressing send on that
> >replyŠ default bits were set to 4096 in x509.genkey. :-(
> >
> >I am trying out with 2048 bits. I will confirm.
> >
> >-Tapas
> >
> >
> >On 8/9/16, 9:55 AM, "Stephan Mueller" <smueller@chronox.de> wrote:
> >
> >
> >>Am Dienstag, 9. August 2016, 14:39:03 CEST schrieb Tapas Sarangi:
> >>
> >>Hi Tapas, David,
> >>
> >>
> >>> Hi Stephan,
> >>>
> >>>
> >>>
> >>> If I understand this correctly, this (CONFIG_MODULE_SIG_HASH=³sha256")
> >>> tells about the key size used.
> >>> I am using ³sha256². Initially, I was using ³sha512² which I thought
> >>>
> >>>could
> >>>
> >>> be causing problem, but I am getting same error when change it to
> >>> ³sha256².
> >>>
> >>>
> >>>
> >>> [root@localhost ~]# grep MODULE_SIG /boot/config-4.7.0-1.tos2_5
> >>>
> >>>
> >>>
> >>> CONFIG_MODULE_SIG=y
> >>> # CONFIG_MODULE_SIG_FORCE is not set
> >>> CONFIG_MODULE_SIG_ALL=y
> >>> # CONFIG_MODULE_SIG_SHA1 is not set
> >>> # CONFIG_MODULE_SIG_SHA224 is not set
> >>> CONFIG_MODULE_SIG_SHA256=y
> >>> # CONFIG_MODULE_SIG_SHA384 is not set
> >>> # CONFIG_MODULE_SIG_SHA512 is not set
> >>> CONFIG_MODULE_SIG_HASH="sha256"
> >>> CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
> >>
> >>
> >>It is rather the question how signing_key.pem is generated.
> >>
> >>Do you have the file certs/x509.genkey? If yes, what is the default_bits
> >>value?
> >>
> >>David, the x509.genkey file seems to generate a 4k RSA key per default.
> >>This
> >>will cause a panic with fips=1 as only 2k and 3k keys are allowed.
> >>
> >>Ciao
> >>Stephan
> >
> >
> 
> 
> 
> ________________________________
> 
> This transmission may contain information that is privileged, confidential,
> and/or exempt from disclosure under applicable law. If you are not the
> intended recipient, you are hereby notified that any disclosure, copying,
> distribution, or use of the information contained herein (including any
> reliance thereon) is strictly prohibited. If you received this transmission
> in error, please immediately contact the sender and destroy the material in
> its entirety, whether in electronic or hard copy format.



Ciao
Stephan

Re: RSA key size not allowed in FIPS

[Stephan Mueller]

Am Dienstag, 9. August 2016, 16:55:52 CEST schrieb Stephan Mueller:

Hi Tapas, David,
> 
> David, the x509.genkey file seems to generate a 4k RSA key per default. This
> will cause a panic with fips=1 as only 2k and 3k keys are allowed.

Just yesterday, a new ruling came out from NIST allowing any key size >= 2048 
provided that at least either 2048 or 3072 is a usable key size to allow CAVS 
testing.

I will send a patch that changes this in the code.

Thanks
Stephan