IMA signature generated by evmctl has unexpected key identifier

IMA signature generated by evmctl has unexpected key identifier

[nramas]

Hello,

I am trying to test IMA signature validation using EVMCTL version 1.1
Am running kernel version 5.1.0 rc2 on an Ubuntu desktop.

I have followed the steps given in the README below:
https://sourceforge.net/p/linux-ima/ima-evm-utils/ci/master/tree/README

I have created private\public key pair and the DER encoded certificate for 
the private key. Imported the signed DER encoded cert to IMA keyring.

keyctl show %keyring:.ima
Keyring
1054868458 ---lswrv      0     0  keyring: .ima
  740136756 --als--v      0     0   \_ asymmetric: hostname: whoami signing
key: 85512d09fc12c7f38b9679352651dcb365903336

cat /proc/keys | grep -i signing
2c1d9734 I--Q---     1 perm 39010000     0     0 asymmetri hostname:
whoami signing key: 85512d09fc12c7f38b9679352651dcb365903336: X509.rsa
65903336 []

evmctl ima_sign -a sha256 --key /etc/keys/privkey_evm.pem /boot/vmlinuz-5.1.0-rc2+

In the key identifier set in security.ima attribute the key identifier 
should be 65903336 to match the key in the IMA keyring. But it is 
b8847de9.

getfattr -d -m ima -e hex /boot/vmlinuz-5.1.0-rc2+
getfattr: Removing leading '/' from absolute path names
# file: boot/vmlinuz-5.1.0-rc2+
security.ima=0x030204b8847de90080b06c8d5517a6afea64805c2871581b256a4efcf7ce4ba079a85545e5e70a2603596366c4e342f11052291e9b558ccb1a1208747f12c45bbe4cee59c727f308a46e951c0df9b1f6b443a8c0a4f5ac881d49e0cce9927b64eeab29c5688aba0758e5cfb30c26fd5b131c2206f1b208d48a427c53a77ae5baf98f4994a19f67b163

When trying to verify the IMA signature I get the following error

evmctl ima_verify --key /etc/keys/x509_evm.der /boot/vmlinuz-5.1.0-rc2+
/boot/vmlinuz-5.1.0-rc2+: RSA_public_decrypt() failed: -1
error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid 
padding
error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed

This looks very similar to the issue discussed here
https://sourceforge.net/p/linux-ima/mailman/message/34290588/

But the bug discussed in the above thread looks to be fixed though.

Am I missing something?

Thank you.

  -lakshmi

Re: IMA signature generated by evmctl has unexpected key identifier

[Lakshmi]

On 5/12/19 5:37 PM, nramas@linux.microsoft.com wrote:
> Hello,
> 
> I am trying to test IMA signature validation using EVMCTL version 1.1
> Am running kernel version 5.1.0 rc2 on an Ubuntu desktop.
> 
> I have followed the steps given in the README below:
> https://sourceforge.net/p/linux-ima/ima-evm-utils/ci/master/tree/README
> 
> I have created private\public key pair and the DER encoded certificate 
> for the private key. Imported the signed DER encoded cert to IMA keyring.
> 
> keyctl show %keyring:.ima
> Keyring
> 1054868458 ---lswrv      0     0  keyring: .ima
>   740136756 --als--v      0     0   \_ asymmetric: hostname: whoami signing
> key: 85512d09fc12c7f38b9679352651dcb365903336
> 
> cat /proc/keys | grep -i signing
> 2c1d9734 I--Q---     1 perm 39010000     0     0 asymmetri hostname:
> whoami signing key: 85512d09fc12c7f38b9679352651dcb365903336: X509.rsa
> 65903336 []
> 
> evmctl ima_sign -a sha256 --key /etc/keys/privkey_evm.pem 
> /boot/vmlinuz-5.1.0-rc2+
> 
> In the key identifier set in security.ima attribute the key identifier 
> should be 65903336 to match the key in the IMA keyring. But it is b8847de9.
> 
> getfattr -d -m ima -e hex /boot/vmlinuz-5.1.0-rc2+
> getfattr: Removing leading '/' from absolute path names
> # file: boot/vmlinuz-5.1.0-rc2+
> security.ima=0x030204b8847de90080b06c8d5517a6afea64805c2871581b256a4efcf7ce4ba079a85545e5e70a2603596366c4e342f11052291e9b558ccb1a1208747f12c45bbe4cee59c727f308a46e951c0df9b1f6b443a8c0a4f5ac881d49e0cce9927b64eeab29c5688aba0758e5cfb30c26fd5b131c2206f1b208d48a427c53a77ae5baf98f4994a19f67b163 
> 
> 
> When trying to verify the IMA signature I get the following error
> 
> evmctl ima_verify --key /etc/keys/x509_evm.der /boot/vmlinuz-5.1.0-rc2+
> /boot/vmlinuz-5.1.0-rc2+: RSA_public_decrypt() failed: -1
> error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
> error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed
> 
> This looks very similar to the issue discussed here
> https://sourceforge.net/p/linux-ima/mailman/message/34290588/
> 
> But the bug discussed in the above thread looks to be fixed though.
> 
> Am I missing something?
> 
> Thank you.
> 
>   -lakshmi
> 

I have tried the above on Linux kernel 4.18.0-17 as well and am seeing 
the same behavior.

I am unable to find older versions (prior to Version 1.1) of evmctl to 
check if the behavior is different.

Thanks,
  -lakshmi

Re: IMA signature generated by evmctl has unexpected key identifier

[Mimi Zohar]

On Tue, 2019-05-14 at 10:18 -0700, Lakshmi wrote:
> On 5/12/19 5:37 PM, nramas@linux.microsoft.com wrote:
> > Hello,
> > 
> > I am trying to test IMA signature validation using EVMCTL version 1.1
> > Am running kernel version 5.1.0 rc2 on an Ubuntu desktop.
> > 
> > I have followed the steps given in the README below:
> > https://sourceforge.net/p/linux-ima/ima-evm-utils/ci/master/tree/README
> > 
> > I have created private\public key pair and the DER encoded certificate 
> > for the private key. Imported the signed DER encoded cert to IMA keyring.
> > 
> > keyctl show %keyring:.ima
> > Keyring
> > 1054868458 ---lswrv      0     0  keyring: .ima
> >   740136756 --als--v      0     0   \_ asymmetric: hostname: whoami signing
> > key: 85512d09fc12c7f38b9679352651dcb365903336
> > 
> > cat /proc/keys | grep -i signing
> > 2c1d9734 I--Q---     1 perm 39010000     0     0 asymmetri hostname:
> > whoami signing key: 85512d09fc12c7f38b9679352651dcb365903336: X509.rsa
> > 65903336 []
> > 
> > evmctl ima_sign -a sha256 --key /etc/keys/privkey_evm.pem 
> > /boot/vmlinuz-5.1.0-rc2+
> > 
> > In the key identifier set in security.ima attribute the key identifier 
> > should be 65903336 to match the key in the IMA keyring. But it is b8847de9.
> > 
> > getfattr -d -m ima -e hex /boot/vmlinuz-5.1.0-rc2+
> > getfattr: Removing leading '/' from absolute path names
> > # file: boot/vmlinuz-5.1.0-rc2+
> > security.ima=0x030204b8847de90080b06c8d5517a6afea64805c2871581b256a4efcf7ce4ba079a85545e5e70a2603596366c4e342f11052291e9b558ccb1a1208747f12c45bbe4cee59c727f308a46e951c0df9b1f6b443a8c0a4f5ac881d49e0cce9927b64eeab29c5688aba0758e5cfb30c26fd5b131c2206f1b208d48a427c53a77ae5baf98f4994a19f67b163 
> > 
> > 
> > When trying to verify the IMA signature I get the following error
> > 
> > evmctl ima_verify --key /etc/keys/x509_evm.der /boot/vmlinuz-5.1.0-rc2+
> > /boot/vmlinuz-5.1.0-rc2+: RSA_public_decrypt() failed: -1
> > error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
> > error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed
> > 
> > This looks very similar to the issue discussed here
> > https://sourceforge.net/p/linux-ima/mailman/message/34290588/
> > 
> > But the bug discussed in the above thread looks to be fixed though.
> > 
> > Am I missing something?
> > 
> > Thank you.
> > 
> >   -lakshmi
> > 
> 
> I have tried the above on Linux kernel 4.18.0-17 as well and am seeing 
> the same behavior.
> 
> I am unable to find older versions (prior to Version 1.1) of evmctl to 
> check if the behavior is different.

Missing from this log is the list of keys on the .ima keyring.

Mimi

Re: IMA signature generated by evmctl has unexpected key identifier

[Lakshmi]

> 
> Missing from this log is the list of keys on the .ima keyring.
> 
> Mimi
> 

Below is the list of keys in the IMA keyring

keyctl show %keyring:.ima

Keyring
1054868458 ---lswrv      0     0  keyring: .ima
   740136756 --als--v      0     0   \_ asymmetric: hostname: whoami signing
key: 85512d09fc12c7f38b9679352651dcb365903336

Please let me know if you need more information.

thanks,
  -lakshmi

Re: IMA signature generated by evmctl has unexpected key identifier

[Mimi Zohar]

On Tue, 2019-05-14 at 10:57 -0700, Lakshmi wrote:

> Below is the list of keys in the IMA keyring
> 
> keyctl show %keyring:.ima
> 
> Keyring
> 1054868458 ---lswrv      0     0  keyring: .ima
>    740136756 --als--v      0     0   \_ asymmetric: hostname: whoami signing
> key: 85512d09fc12c7f38b9679352651dcb365903336
> 
> Please let me know if you need more information.

I should have asked you to make sure that the last 8 bytes of "X509v3
Subject Key Identifier" in the certificate used to sign the kernel
image is the same as above.

Mimi

Re: IMA signature generated by evmctl has unexpected key identifier

[Lakshmi]

On 5/14/19 2:38 PM, Mimi Zohar wrote:

 >> Keyring
 >> 1054868458 ---lswrv      0     0  keyring: .ima
 >>     740136756 --als--v      0     0   \_ asymmetric: hostname: 
whoami signing
 >> key: 85512d09fc12c7f38b9679352651dcb365903336
> 
> I should have asked you to make sure that the last 8 bytes of "X509v3
> Subject Key Identifier" in the certificate used to sign the kernel
> image is the same as above.
> 
> Mimi
> 

Yes - the Subject Key Identifier matches the output from keyctl.

Please see below:

X509v3 Subject Key Identifier:
                 85:51:2D:09:FC:12:C7:F3:8B:96:79:35:26:51:DC:B3:65:90:33:36

thanks,
  -lakshmi

Re: IMA signature generated by evmctl has unexpected key identifier

[Lakshmi]

On 5/14/19 3:07 PM, Lakshmi wrote:

Hi Mimi,

>>
>> I should have asked you to make sure that the last 8 bytes of "X509v3
>> Subject Key Identifier" in the certificate used to sign the kernel
>> image is the same as above.
>>
>> Mimi
>>
> 
> Yes - the Subject Key Identifier matches the output from keyctl.
> 
> Please see below:
> 
> X509v3 Subject Key Identifier:
>                  
> 85:51:2D:09:FC:12:C7:F3:8B:96:79:35:26:51:DC:B3:65:90:33:36
> 
> thanks,
>   -lakshmi
> 

Please let me know if you need more information\logs on this issue.

Thanks,
  -lakshmi

Re: IMA signature generated by evmctl has unexpected key identifier

[Mimi Zohar]

On Tue, 2019-05-21 at 10:48 -0700, Lakshmi wrote:
> On 5/14/19 3:07 PM, Lakshmi wrote:
> >>
> >> I should have asked you to make sure that the last 8 bytes of "X509v3
> >> Subject Key Identifier" in the certificate used to sign the kernel
> >> image is the same as above.
> >>
> >> Mimi
> >>
> > 
> > Yes - the Subject Key Identifier matches the output from keyctl.
> > 
> > Please see below:
> > 
> > X509v3 Subject Key Identifier:
> >                  
> > 85:51:2D:09:FC:12:C7:F3:8B:96:79:35:26:51:DC:B3:65:90:33:36
> 
> Please let me know if you need more information\logs on this issue.

Have you tried using "evmctl ima_verify" to verify the signature after
signing the file?

Perhaps it's something with the key.  If you haven't already used the
scripts for generating the keys in the ima-evm-utils examples/
directory, you might try that.

I just pushed out the ima-evm-utils master branch.  See if the new
"master" branch works.

Mimi

Re: IMA signature generated by evmctl has unexpected key identifier

[Lakshmi]

On 5/21/19 5:30 PM, Mimi Zohar wrote:
> 
> Have you tried using "evmctl ima_verify" to verify the signature after
> signing the file?
Yes - I have. It fails with the following error. I have tried multiple 
signing keys, but no luck.

evmctl ima_verify --key /etc/keys/x509_evm.der /boot/vmlinuz-5.1.0-rc2+
/boot/vmlinuz-5.1.0-rc2+: RSA_public_decrypt() failed: -1
error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed

> 
> Perhaps it's something with the key.  If you haven't already used the
> scripts for generating the keys in the ima-evm-utils examples/
> directory, you might try that.
I'll give this a try.

Thanks,
  -lakshmi

Re: IMA signature generated by evmctl has unexpected key identifier

[Lakshmi]

On 5/21/19 6:39 PM, Lakshmi wrote:

> 
>>
>> Perhaps it's something with the key.  If you haven't already used the
>> scripts for generating the keys in the ima-evm-utils examples/
>> directory, you might try that.

Looks like it is something with the key I'd generated earlier. I 
generated new key using the script and that worked fine.

Sorry about the false alarm.

I'll investigate what's wrong with the key(s) I used earlier.

Thanks,
  -lakshmi

Re: IMA signature generated by evmctl has unexpected key identifier

[Lakshmi]

On 5/21/19 5:30 PM, Mimi Zohar wrote:

I did some more investigation on this one and see different behavior 
when the IMA signing key is self-signed and signed by a another key.

>>> Perhaps it's something with the key.  If you haven't already used the
>>> scripts for generating the keys in the ima-evm-utils examples/
>>> directory, you might try that.

When the IMA signer key is self-signed x509v3 Subject Key ID and 
Authority Key ID are the same - please see below.

In this case, the ima-evm-utils sets the 4 byte key ID correctly in the 
IMA Signature set in security.ima.
ima_verify successfully verifies the IMA signature.

         X509v3 extensions:
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage:
                 Digital Signature
             X509v3 Subject Key Identifier:
36:41:D8:3B:59:04:BB:D3:4B:23:DE:45:70:43:D6:1C:15:F3:74:10

             X509v3 Authority Key Identifier:
keyid:36:41:D8:3B:59:04:BB:D3:4B:23:DE:45:70:43:D6:1C:15:F3:74:10

root@Lakshmi-ThinkStation-P520:/etc/keys# getfattr -d -e hex -m security 
/home/lakshmi/msftsrc/myfiles/myfile.txt
getfattr: Removing leading '/' from absolute path names
# file: home/lakshmi/msftsrc/myfiles/myfile.txt
security.ima=0x03020415f374100080c11a06d7fc7626467d6abb08a8a573f27412fd2dcf726f40f238f226792b1787cddee1aac094e695795f6b7e07fc8749902623e78b69566b1d0c22c311f6e5b4b76a2af981eaa2cb69c326cc9566e29d5ff8ea37188bb262fa3bef991deacd58ee6350299c0f4beaf49f20ae1ac1ceac58ff593a544f14603c2e600cf116a6e5


But if the IMA signer key is signed by another key (For instance, a key 
in the "BuiltIn Trusted Keys"), x509v3 SKI and AKI are different. Please 
see below:

In this case, the ima-evm-utils sets a 4 byte key ID that does not match 
the last 4 bytes of SKI.
ima_verify fails in this case.

	X509v3 extensions:
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage:
                 Digital Signature
             X509v3 Subject Key Identifier:
85:51:2D:09:FC:12:C7:F3:8B:96:79:35:26:51:DC:B3:65:90:33:36

             X509v3 Authority Key Identifier:
keyid:87:DC:69:C9:EC:ED:27:10:0C:8C:CA:1B:A9:DE:51:1C:6D:00:5D:E5

root@Lakshmi-ThinkStation-P520:/etc/keys# getfattr -d -e hex -m security 
/home/lakshmi/msftsrc/myfiles/myfile.txt
getfattr: Removing leading '/' from absolute path names
# file: home/lakshmi/msftsrc/myfiles/myfile.txt
security.ima=0x030204b8847de90080a3e5d6e72fd7fa2f247f68ae675fa56f5b81f9274cb42c597b4c5507da3bfeba5c8636ea23857bcf1730a37fa871c7f592c254e0dd701b8b062f12cbc0db78f21495d5a7728c218b741c675053e998528cc0c8d12bef0e0671a28e64a7d933d36d76c1ec2633a07334b3480c7c0c4031d9c037a77085852f15a3669f2fdc3c7e

Is this expected?

In my setup, IMA signing key will be signed by a key in the "BuiltIn 
Trusted Keys".

Thanks,
  -lakshmi

Re: IMA signature generated by evmctl has unexpected key identifier

[Mimi Zohar]

On Wed, 2019-05-22 at 18:10 -0700, Lakshmi wrote:

> In my setup, IMA signing key will be signed by a key in the "BuiltIn 
> Trusted Keys".

That is exactly how it is meant to be used.  In conjunction with the
examples/ scripts, please follow the "Generate trusted keys" section
of the README.  The last two steps show how to create a certificate
signing request (CSR) and sign the certificate with a CA key.  The CA
public key should be loaded onto the builtin keyring.

Mimi

Re: IMA signature generated by evmctl has unexpected key identifier

[Lakshmi]

On 5/23/19 6:26 AM, Mimi Zohar wrote:

> The last two steps show how to create a certificate
> signing request (CSR) and sign the certificate with a CA key.  The CA
> public key should be loaded onto the builtin keyring.

Yes - I followed those steps in the README to create a CSR and signed 
the IMA signing cert with the CA key.
The CA public key is loaded into the builtin keyring.
IMA cert is loaded to IMA keyring.

The problem I am facing is:

When the IMA cert is signed with the CA key, the key id set by 
ima-evm-utils does not match the last 4 bytes of SKI.
I also hit ima_verify error.

Please see below:

             X509v3 Subject Key Identifier:
85:51:2D:09:FC:12:C7:F3:8B:96:79:35:26:51:DC:B3:65:90:33:36

             X509v3 Authority Key Identifier:
keyid:87:DC:69:C9:EC:ED:27:10:0C:8C:CA:1B:A9:DE:51:1C:6D:00:5D:E5

root@Lakshmi-ThinkStation-P520:/etc/keys# getfattr -d -e hex -m security 
/home/lakshmi/msftsrc/myfiles/myfile.txt
getfattr: Removing leading '/' from absolute path names
# file: home/lakshmi/msftsrc/myfiles/myfile.txt
security.ima=0x030204b8847de90080a3e5d6e72fd7fa2f247f68ae675fa56f5b81f9274cb42c597b4c5507da3bfeba5c8636ea23857bcf1730a37fa871c7f592c254e0dd701b8b062f12cbc0db78f21495d5a7728c218b741c675053e998528cc0c8d12bef0e0671a28e64a7d933d36d76c1ec2633a07334b3480c7c0c4031d9c037a77085852f15a3669f2fdc3c7e


  => But if I don't sign the IMA cert with the CA cert, everything works 
as expected: Key Id matches the last 4 bytes of the SKI, ima_verify 
works fine.

		X509v3 Subject Key Identifier:
36:41:D8:3B:59:04:BB:D3:4B:23:DE:45:70:43:D6:1C:15:F3:74:10

		X509v3 Authority Key Identifier:
keyid:36:41:D8:3B:59:04:BB:D3:4B:23:DE:45:70:43:D6:1C:15:F3:74:10

root@Lakshmi-ThinkStation-P520:/etc/keys# getfattr -d -e hex -m security 
/home/lakshmi/msftsrc/myfiles/myfile.txt
getfattr: Removing leading '/' from absolute path names
# file: home/lakshmi/msftsrc/myfiles/myfile.txt
security.ima=0x03020415f374100080c11a06d7fc7626467d6abb08a8a573f27412fd2dcf726f40f238f226792b1787cddee1aac094e695795f6b7e07fc8749902623e78b69566b1d0c22c311f6e5b4b76a2af981eaa2cb69c326cc9566e29d5ff8ea37188bb262fa3bef991deacd58ee6350299c0f4beaf49f20ae1ac1ceac58ff593a544f14603c2e600cf116a6e5

Thanks,
  -lakshmi