From: Mimi Zohar <zohar@linux.ibm.com>
To: Roberto Sassu <roberto.sassu@huawei.com>,
"James.Bottomley@HansenPartnership.com"
<James.Bottomley@HansenPartnership.com>,
"jarkko.sakkinen@linux.intel.com"
<jarkko.sakkinen@linux.intel.com>
Cc: "linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Silviu Vlasceanu <Silviu.Vlasceanu@huawei.com>
Subject: Re: [PATCH v3 7/8] ima: Calculate and extend PCR with digests in ima_template_entry
Date: Thu, 19 Mar 2020 05:45:55 -0400 [thread overview]
Message-ID: <1584611155.5188.214.camel@linux.ibm.com> (raw)
In-Reply-To: <7df041fd4cd64a5bb61beb4eb8276819@huawei.com>
On Thu, 2020-03-19 at 08:31 +0000, Roberto Sassu wrote:
> > -----Original Message-----
> > From: linux-integrity-owner@vger.kernel.org [mailto:linux-integrity-
> > owner@vger.kernel.org] On Behalf Of Mimi Zohar
> > Sent: Wednesday, March 18, 2020 10:55 PM
> > To: Roberto Sassu <roberto.sassu@huawei.com>;
> > James.Bottomley@HansenPartnership.com;
> > jarkko.sakkinen@linux.intel.com
> > Cc: linux-integrity@vger.kernel.org; linux-security-module@vger.kernel.org;
> > linux-kernel@vger.kernel.org; Silviu Vlasceanu
> > <Silviu.Vlasceanu@huawei.com>
> > Subject: Re: [PATCH v3 7/8] ima: Calculate and extend PCR with digests in
> > ima_template_entry
> >
> > On Wed, 2020-03-18 at 12:42 +0000, Roberto Sassu wrote:
> > > > -----Original Message-----
> > > > From: owner-linux-security-module@vger.kernel.org [mailto:owner-
> > linux-
> > > > security-module@vger.kernel.org] On Behalf Of Mimi Zohar
> > > > Sent: Tuesday, March 3, 2020 5:04 AM
> > > > To: Roberto Sassu <roberto.sassu@huawei.com>;
> > > > James.Bottomley@HansenPartnership.com;
> > > > jarkko.sakkinen@linux.intel.com
> > > > Cc: linux-integrity@vger.kernel.org; linux-security-
> > module@vger.kernel.org;
> > > > linux-kernel@vger.kernel.org; Silviu Vlasceanu
> > > > <Silviu.Vlasceanu@huawei.com>
> > > > Subject: Re: [PATCH v3 7/8] ima: Calculate and extend PCR with digests
> > in
> > > > ima_template_entry
> > > >
> > > > On Mon, 2020-02-10 at 11:04 +0100, Roberto Sassu wrote:
> > > >
> > > > > @@ -219,6 +214,8 @@ int ima_restore_measurement_entry(struct
> > > > ima_template_entry *entry)
> > > > >
> > > > > int __init ima_init_digests(void)
> > > > > {
> > > > > + u16 digest_size;
> > > > > + u16 crypto_id;
> > > > > int i;
> > > > >
> > > > > if (!ima_tpm_chip)
> > > > > @@ -229,8 +226,17 @@ int __init ima_init_digests(void)
> > > > > if (!digests)
> > > > > return -ENOMEM;
> > > > >
> > > > > - for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++)
> > > > > + for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) {
> > > > > digests[i].alg_id = ima_tpm_chip->allocated_banks[i].alg_id;
> > > > > + digest_size = ima_tpm_chip->allocated_banks[i].digest_size;
> > > > > + crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id;
> > > > > +
> > > > > + /* for unmapped TPM algorithms digest is still a padded
> > > > SHA1 */
> > > > > + if (crypto_id == HASH_ALGO__LAST)
> > > > > + digest_size = SHA1_DIGEST_SIZE;
> > > > > +
> > > > > + memset(digests[i].digest, 0xff, digest_size);
> > > >
> > > > Shouldn't the memset here be of the actual digest size even for
> > > > unmapped TPM algorithms.
> > >
> > > This is consistent with ima_calc_field_array_hash(), so that a verifier
> > > will always pad the SHA1 digest with zeros to obtain the final PCR value.
> > >
> > > I can set all bytes if you prefer.
> >
> > My concern is with violations. The measurement list will be padded
> > with 0's, but the value being extended into the TPM will only
> > partially be 0xFF's. When verifying the measurement list, replacing
> > all 0x00's with all 0xFF's is simpler.
>
> If the TPM algorithm is unknown, the starting point is the SHA1 digest.
> If there is a violation, this should be the one to be modified. Then, after
> that, padding is done for all entries in the same way, regardless of
> whether the entry is a violation or not.
Ok. In the case that the verifier supports the hash algorithm and
calculates the template hash, walking the measurement list will fail
anyway. In the case that the verifier does not support the hash
algorithm, then it will pad/truncate the SHA1 hash consistently. That
works for now with the SHA1 based measurement list and should work
with a hash agile measurement list.
thanks,
Mimi
prev parent reply other threads:[~2020-03-19 9:46 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-10 10:04 [PATCH v3 7/8] ima: Calculate and extend PCR with digests in ima_template_entry Roberto Sassu
2020-03-03 4:03 ` Mimi Zohar
2020-03-18 12:42 ` Roberto Sassu
2020-03-18 21:54 ` Mimi Zohar
2020-03-19 8:31 ` Roberto Sassu
2020-03-19 9:45 ` Mimi Zohar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1584611155.5188.214.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=Silviu.Vlasceanu@huawei.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=roberto.sassu@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).