linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v3 7/8] ima: Calculate and extend PCR with digests in ima_template_entry
@ 2020-02-10 10:04 Roberto Sassu
  2020-03-03  4:03 ` Mimi Zohar
  0 siblings, 1 reply; 6+ messages in thread
From: Roberto Sassu @ 2020-02-10 10:04 UTC (permalink / raw)
  To: zohar, James.Bottomley, jarkko.sakkinen
  Cc: linux-integrity, linux-security-module, linux-kernel,
	silviu.vlasceanu, Roberto Sassu

This patch modifies ima_calc_field_array_hash() to calculate a template
digest for each allocated PCR bank and SHA1. It also passes the tpm_digest
array of the template entry to ima_pcr_extend() or in case of a violation,
the pre-initialized digests array filled with 0xff.

Padding with zeros is still done if the mapping between TPM algorithm ID
and crypto ID is unknown.

This patch calculates again the template digest when a measurement list is
restored. Copying only the SHA1 digest (due to the limitation of the
current measurement list format) is not sufficient, as hash collision
detection will be done on the digest calculated with the default IMA hash
algorithm.

Changelog
v2:
- replace ima_num_template_digests with
  NR_BANKS(ima_tpm_chip) + ima_extra_slots (suggested by Mimi)

v1:
- replace ima_tpm_chip->nr_allocated_banks with ima_num_template_digests
  (suggested by Mimi)
- retrieve alg_id only if i < ima_tpm_chip->nr_allocated_banks
- check if ima_tpm_chip is NULL

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 security/integrity/ima/ima_crypto.c   | 29 +++++++++++++++++++++++++-
 security/integrity/ima/ima_queue.c    | 30 ++++++++++++++++-----------
 security/integrity/ima/ima_template.c | 14 +++++++++++--
 3 files changed, 58 insertions(+), 15 deletions(-)

diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index d57d3c95c4f9..5ebe31576f7b 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -617,9 +617,36 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
 int ima_calc_field_array_hash(struct ima_field_data *field_data,
 			      struct ima_template_entry *entry)
 {
-	int rc;
+	u16 alg_id;
+	int rc, i;
 
 	rc = ima_calc_field_array_hash_tfm(field_data, entry, ima_sha1_idx);
+	if (rc)
+		return rc;
+
+	entry->digests[ima_sha1_idx].alg_id = TPM_ALG_SHA1;
+
+	for (i = 0; i < NR_BANKS(ima_tpm_chip) + ima_extra_slots; i++) {
+		if (i == ima_sha1_idx)
+			continue;
+
+		if (i < NR_BANKS(ima_tpm_chip)) {
+			alg_id = ima_tpm_chip->allocated_banks[i].alg_id;
+			entry->digests[i].alg_id = alg_id;
+		}
+
+		/* for unmapped TPM algorithms digest is still a padded SHA1 */
+		if (!ima_algo_array[i].tfm) {
+			memcpy(entry->digests[i].digest,
+			       entry->digests[ima_sha1_idx].digest,
+			       TPM_DIGEST_SIZE);
+			continue;
+		}
+
+		rc = ima_calc_field_array_hash_tfm(field_data, entry, i);
+		if (rc)
+			return rc;
+	}
 	return rc;
 }
 
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index bcd99db9722c..7f7509774b85 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -137,18 +137,14 @@ unsigned long ima_get_binary_runtime_size(void)
 		return binary_runtime_size + sizeof(struct ima_kexec_hdr);
 };
 
-static int ima_pcr_extend(const u8 *hash, int pcr)
+static int ima_pcr_extend(struct tpm_digest *digests_arg, int pcr)
 {
 	int result = 0;
-	int i;
 
 	if (!ima_tpm_chip)
 		return result;
 
-	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++)
-		memcpy(digests[i].digest, hash, TPM_DIGEST_SIZE);
-
-	result = tpm_pcr_extend(ima_tpm_chip, pcr, digests);
+	result = tpm_pcr_extend(ima_tpm_chip, pcr, digests_arg);
 	if (result != 0)
 		pr_err("Error Communicating to TPM chip, result: %d\n", result);
 	return result;
@@ -166,7 +162,8 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
 			   const char *op, struct inode *inode,
 			   const unsigned char *filename)
 {
-	u8 digest[TPM_DIGEST_SIZE];
+	u8 *digest = entry->digests[ima_sha1_idx].digest;
+	struct tpm_digest *digests_arg = entry->digests;
 	const char *audit_cause = "hash_added";
 	char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX];
 	int audit_info = 1;
@@ -174,8 +171,6 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
 
 	mutex_lock(&ima_extend_list_mutex);
 	if (!violation) {
-		memcpy(digest, entry->digests[ima_sha1_idx].digest,
-		       sizeof(digest));
 		if (ima_lookup_digest_entry(digest, entry->pcr)) {
 			audit_cause = "hash_exists";
 			result = -EEXIST;
@@ -191,9 +186,9 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
 	}
 
 	if (violation)		/* invalidate pcr */
-		memset(digest, 0xff, sizeof(digest));
+		digests_arg = digests;
 
-	tpmresult = ima_pcr_extend(digest, entry->pcr);
+	tpmresult = ima_pcr_extend(digests_arg, entry->pcr);
 	if (tpmresult != 0) {
 		snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",
 			 tpmresult);
@@ -219,6 +214,8 @@ int ima_restore_measurement_entry(struct ima_template_entry *entry)
 
 int __init ima_init_digests(void)
 {
+	u16 digest_size;
+	u16 crypto_id;
 	int i;
 
 	if (!ima_tpm_chip)
@@ -229,8 +226,17 @@ int __init ima_init_digests(void)
 	if (!digests)
 		return -ENOMEM;
 
-	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++)
+	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) {
 		digests[i].alg_id = ima_tpm_chip->allocated_banks[i].alg_id;
+		digest_size = ima_tpm_chip->allocated_banks[i].digest_size;
+		crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id;
+
+		/* for unmapped TPM algorithms digest is still a padded SHA1 */
+		if (crypto_id == HASH_ALGO__LAST)
+			digest_size = SHA1_DIGEST_SIZE;
+
+		memset(digests[i].digest, 0xff, digest_size);
+	}
 
 	return 0;
 }
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index 586e9fd9fc12..db984313ba1e 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -356,6 +356,7 @@ static int ima_restore_template_data(struct ima_template_desc *template_desc,
 int ima_restore_measurement_list(loff_t size, void *buf)
 {
 	char template_name[MAX_TEMPLATE_NAME_LEN];
+	unsigned char zero[TPM_DIGEST_SIZE] = { 0 };
 
 	struct ima_kexec_hdr *khdr = buf;
 	struct ima_field_data hdr[HDR__LAST] = {
@@ -455,8 +456,17 @@ int ima_restore_measurement_list(loff_t size, void *buf)
 		if (ret < 0)
 			break;
 
-		memcpy(entry->digests[ima_sha1_idx].digest,
-		       hdr[HDR_DIGEST].data, hdr[HDR_DIGEST].len);
+		if (memcmp(hdr[HDR_DIGEST].data, zero, sizeof(zero))) {
+			ret = ima_calc_field_array_hash(
+						&entry->template_data[0],
+						entry);
+			if (ret < 0) {
+				pr_err("cannot calculate template digest\n");
+				ret = -EINVAL;
+				break;
+			}
+		}
+
 		entry->pcr = !ima_canonical_fmt ? *(hdr[HDR_PCR].data) :
 			     le32_to_cpu(*(hdr[HDR_PCR].data));
 		ret = ima_restore_measurement_entry(entry);
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH v3 7/8] ima: Calculate and extend PCR with digests in ima_template_entry
  2020-02-10 10:04 [PATCH v3 7/8] ima: Calculate and extend PCR with digests in ima_template_entry Roberto Sassu
@ 2020-03-03  4:03 ` Mimi Zohar
  2020-03-18 12:42   ` Roberto Sassu
  0 siblings, 1 reply; 6+ messages in thread
From: Mimi Zohar @ 2020-03-03  4:03 UTC (permalink / raw)
  To: Roberto Sassu, James.Bottomley, jarkko.sakkinen
  Cc: linux-integrity, linux-security-module, linux-kernel, silviu.vlasceanu

On Mon, 2020-02-10 at 11:04 +0100, Roberto Sassu wrote:

> @@ -219,6 +214,8 @@ int ima_restore_measurement_entry(struct ima_template_entry *entry)
>  
>  int __init ima_init_digests(void)
>  {
> +	u16 digest_size;
> +	u16 crypto_id;
>  	int i;
>  
>  	if (!ima_tpm_chip)
> @@ -229,8 +226,17 @@ int __init ima_init_digests(void)
>  	if (!digests)
>  		return -ENOMEM;
>  
> -	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++)
> +	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) {
>  		digests[i].alg_id = ima_tpm_chip->allocated_banks[i].alg_id;
> +		digest_size = ima_tpm_chip->allocated_banks[i].digest_size;
> +		crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id;
> +
> +		/* for unmapped TPM algorithms digest is still a padded SHA1 */
> +		if (crypto_id == HASH_ALGO__LAST)
> +			digest_size = SHA1_DIGEST_SIZE;
> +
> +		memset(digests[i].digest, 0xff, digest_size);

Shouldn't the memset here be of the actual digest size even for
unmapped TPM algorithms.

> +	}
>  
>  	return 0;
>  }


^ permalink raw reply	[flat|nested] 6+ messages in thread

* RE: [PATCH v3 7/8] ima: Calculate and extend PCR with digests in ima_template_entry
  2020-03-03  4:03 ` Mimi Zohar
@ 2020-03-18 12:42   ` Roberto Sassu
  2020-03-18 21:54     ` Mimi Zohar
  0 siblings, 1 reply; 6+ messages in thread
From: Roberto Sassu @ 2020-03-18 12:42 UTC (permalink / raw)
  To: Mimi Zohar, James.Bottomley, jarkko.sakkinen
  Cc: linux-integrity, linux-security-module, linux-kernel, Silviu Vlasceanu

> -----Original Message-----
> From: owner-linux-security-module@vger.kernel.org [mailto:owner-linux-
> security-module@vger.kernel.org] On Behalf Of Mimi Zohar
> Sent: Tuesday, March 3, 2020 5:04 AM
> To: Roberto Sassu <roberto.sassu@huawei.com>;
> James.Bottomley@HansenPartnership.com;
> jarkko.sakkinen@linux.intel.com
> Cc: linux-integrity@vger.kernel.org; linux-security-module@vger.kernel.org;
> linux-kernel@vger.kernel.org; Silviu Vlasceanu
> <Silviu.Vlasceanu@huawei.com>
> Subject: Re: [PATCH v3 7/8] ima: Calculate and extend PCR with digests in
> ima_template_entry
> 
> On Mon, 2020-02-10 at 11:04 +0100, Roberto Sassu wrote:
> 
> > @@ -219,6 +214,8 @@ int ima_restore_measurement_entry(struct
> ima_template_entry *entry)
> >
> >  int __init ima_init_digests(void)
> >  {
> > +	u16 digest_size;
> > +	u16 crypto_id;
> >  	int i;
> >
> >  	if (!ima_tpm_chip)
> > @@ -229,8 +226,17 @@ int __init ima_init_digests(void)
> >  	if (!digests)
> >  		return -ENOMEM;
> >
> > -	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++)
> > +	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) {
> >  		digests[i].alg_id = ima_tpm_chip->allocated_banks[i].alg_id;
> > +		digest_size = ima_tpm_chip->allocated_banks[i].digest_size;
> > +		crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id;
> > +
> > +		/* for unmapped TPM algorithms digest is still a padded
> SHA1 */
> > +		if (crypto_id == HASH_ALGO__LAST)
> > +			digest_size = SHA1_DIGEST_SIZE;
> > +
> > +		memset(digests[i].digest, 0xff, digest_size);
> 
> Shouldn't the memset here be of the actual digest size even for
> unmapped TPM algorithms.

This is consistent with ima_calc_field_array_hash(), so that a verifier
will always pad the SHA1 digest with zeros to obtain the final PCR value.

I can set all bytes if you prefer.

Thanks

Roberto

HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Li Jian, Shi Yanli

> > +	}
> >
> >  	return 0;
> >  }


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v3 7/8] ima: Calculate and extend PCR with digests in ima_template_entry
  2020-03-18 12:42   ` Roberto Sassu
@ 2020-03-18 21:54     ` Mimi Zohar
  2020-03-19  8:31       ` Roberto Sassu
  0 siblings, 1 reply; 6+ messages in thread
From: Mimi Zohar @ 2020-03-18 21:54 UTC (permalink / raw)
  To: Roberto Sassu, James.Bottomley, jarkko.sakkinen
  Cc: linux-integrity, linux-security-module, linux-kernel, Silviu Vlasceanu

On Wed, 2020-03-18 at 12:42 +0000, Roberto Sassu wrote:
> > -----Original Message-----
> > From: owner-linux-security-module@vger.kernel.org [mailto:owner-linux-
> > security-module@vger.kernel.org] On Behalf Of Mimi Zohar
> > Sent: Tuesday, March 3, 2020 5:04 AM
> > To: Roberto Sassu <roberto.sassu@huawei.com>;
> > James.Bottomley@HansenPartnership.com;
> > jarkko.sakkinen@linux.intel.com
> > Cc: linux-integrity@vger.kernel.org; linux-security-module@vger.kernel.org;
> > linux-kernel@vger.kernel.org; Silviu Vlasceanu
> > <Silviu.Vlasceanu@huawei.com>
> > Subject: Re: [PATCH v3 7/8] ima: Calculate and extend PCR with digests in
> > ima_template_entry
> > 
> > On Mon, 2020-02-10 at 11:04 +0100, Roberto Sassu wrote:
> > 
> > > @@ -219,6 +214,8 @@ int ima_restore_measurement_entry(struct
> > ima_template_entry *entry)
> > >
> > >  int __init ima_init_digests(void)
> > >  {
> > > +	u16 digest_size;
> > > +	u16 crypto_id;
> > >  	int i;
> > >
> > >  	if (!ima_tpm_chip)
> > > @@ -229,8 +226,17 @@ int __init ima_init_digests(void)
> > >  	if (!digests)
> > >  		return -ENOMEM;
> > >
> > > -	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++)
> > > +	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) {
> > >  		digests[i].alg_id = ima_tpm_chip->allocated_banks[i].alg_id;
> > > +		digest_size = ima_tpm_chip->allocated_banks[i].digest_size;
> > > +		crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id;
> > > +
> > > +		/* for unmapped TPM algorithms digest is still a padded
> > SHA1 */
> > > +		if (crypto_id == HASH_ALGO__LAST)
> > > +			digest_size = SHA1_DIGEST_SIZE;
> > > +
> > > +		memset(digests[i].digest, 0xff, digest_size);
> > 
> > Shouldn't the memset here be of the actual digest size even for
> > unmapped TPM algorithms.
> 
> This is consistent with ima_calc_field_array_hash(), so that a verifier
> will always pad the SHA1 digest with zeros to obtain the final PCR value.
> 
> I can set all bytes if you prefer.

My concern is with violations.  The measurement list will be padded
with 0's, but the value being extended into the TPM will only
partially be 0xFF's.  When verifying the measurement list, replacing
all 0x00's with all 0xFF's is simpler.

Mimi


^ permalink raw reply	[flat|nested] 6+ messages in thread

* RE: [PATCH v3 7/8] ima: Calculate and extend PCR with digests in ima_template_entry
  2020-03-18 21:54     ` Mimi Zohar
@ 2020-03-19  8:31       ` Roberto Sassu
  2020-03-19  9:45         ` Mimi Zohar
  0 siblings, 1 reply; 6+ messages in thread
From: Roberto Sassu @ 2020-03-19  8:31 UTC (permalink / raw)
  To: Mimi Zohar, James.Bottomley, jarkko.sakkinen
  Cc: linux-integrity, linux-security-module, linux-kernel, Silviu Vlasceanu

> -----Original Message-----
> From: linux-integrity-owner@vger.kernel.org [mailto:linux-integrity-
> owner@vger.kernel.org] On Behalf Of Mimi Zohar
> Sent: Wednesday, March 18, 2020 10:55 PM
> To: Roberto Sassu <roberto.sassu@huawei.com>;
> James.Bottomley@HansenPartnership.com;
> jarkko.sakkinen@linux.intel.com
> Cc: linux-integrity@vger.kernel.org; linux-security-module@vger.kernel.org;
> linux-kernel@vger.kernel.org; Silviu Vlasceanu
> <Silviu.Vlasceanu@huawei.com>
> Subject: Re: [PATCH v3 7/8] ima: Calculate and extend PCR with digests in
> ima_template_entry
> 
> On Wed, 2020-03-18 at 12:42 +0000, Roberto Sassu wrote:
> > > -----Original Message-----
> > > From: owner-linux-security-module@vger.kernel.org [mailto:owner-
> linux-
> > > security-module@vger.kernel.org] On Behalf Of Mimi Zohar
> > > Sent: Tuesday, March 3, 2020 5:04 AM
> > > To: Roberto Sassu <roberto.sassu@huawei.com>;
> > > James.Bottomley@HansenPartnership.com;
> > > jarkko.sakkinen@linux.intel.com
> > > Cc: linux-integrity@vger.kernel.org; linux-security-
> module@vger.kernel.org;
> > > linux-kernel@vger.kernel.org; Silviu Vlasceanu
> > > <Silviu.Vlasceanu@huawei.com>
> > > Subject: Re: [PATCH v3 7/8] ima: Calculate and extend PCR with digests
> in
> > > ima_template_entry
> > >
> > > On Mon, 2020-02-10 at 11:04 +0100, Roberto Sassu wrote:
> > >
> > > > @@ -219,6 +214,8 @@ int ima_restore_measurement_entry(struct
> > > ima_template_entry *entry)
> > > >
> > > >  int __init ima_init_digests(void)
> > > >  {
> > > > +	u16 digest_size;
> > > > +	u16 crypto_id;
> > > >  	int i;
> > > >
> > > >  	if (!ima_tpm_chip)
> > > > @@ -229,8 +226,17 @@ int __init ima_init_digests(void)
> > > >  	if (!digests)
> > > >  		return -ENOMEM;
> > > >
> > > > -	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++)
> > > > +	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) {
> > > >  		digests[i].alg_id = ima_tpm_chip->allocated_banks[i].alg_id;
> > > > +		digest_size = ima_tpm_chip->allocated_banks[i].digest_size;
> > > > +		crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id;
> > > > +
> > > > +		/* for unmapped TPM algorithms digest is still a padded
> > > SHA1 */
> > > > +		if (crypto_id == HASH_ALGO__LAST)
> > > > +			digest_size = SHA1_DIGEST_SIZE;
> > > > +
> > > > +		memset(digests[i].digest, 0xff, digest_size);
> > >
> > > Shouldn't the memset here be of the actual digest size even for
> > > unmapped TPM algorithms.
> >
> > This is consistent with ima_calc_field_array_hash(), so that a verifier
> > will always pad the SHA1 digest with zeros to obtain the final PCR value.
> >
> > I can set all bytes if you prefer.
> 
> My concern is with violations.  The measurement list will be padded
> with 0's, but the value being extended into the TPM will only
> partially be 0xFF's.  When verifying the measurement list, replacing
> all 0x00's with all 0xFF's is simpler.

If the TPM algorithm is unknown, the starting point is the SHA1 digest.
If there is a violation, this should be the one to be modified. Then, after
that, padding is done for all entries in the same way, regardless of
whether the entry is a violation or not.

Roberto

HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Li Jian, Shi Yanli

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v3 7/8] ima: Calculate and extend PCR with digests in ima_template_entry
  2020-03-19  8:31       ` Roberto Sassu
@ 2020-03-19  9:45         ` Mimi Zohar
  0 siblings, 0 replies; 6+ messages in thread
From: Mimi Zohar @ 2020-03-19  9:45 UTC (permalink / raw)
  To: Roberto Sassu, James.Bottomley, jarkko.sakkinen
  Cc: linux-integrity, linux-security-module, linux-kernel, Silviu Vlasceanu

On Thu, 2020-03-19 at 08:31 +0000, Roberto Sassu wrote:
> > -----Original Message-----
> > From: linux-integrity-owner@vger.kernel.org [mailto:linux-integrity-
> > owner@vger.kernel.org] On Behalf Of Mimi Zohar
> > Sent: Wednesday, March 18, 2020 10:55 PM
> > To: Roberto Sassu <roberto.sassu@huawei.com>;
> > James.Bottomley@HansenPartnership.com;
> > jarkko.sakkinen@linux.intel.com
> > Cc: linux-integrity@vger.kernel.org; linux-security-module@vger.kernel.org;
> > linux-kernel@vger.kernel.org; Silviu Vlasceanu
> > <Silviu.Vlasceanu@huawei.com>
> > Subject: Re: [PATCH v3 7/8] ima: Calculate and extend PCR with digests in
> > ima_template_entry
> > 
> > On Wed, 2020-03-18 at 12:42 +0000, Roberto Sassu wrote:
> > > > -----Original Message-----
> > > > From: owner-linux-security-module@vger.kernel.org [mailto:owner-
> > linux-
> > > > security-module@vger.kernel.org] On Behalf Of Mimi Zohar
> > > > Sent: Tuesday, March 3, 2020 5:04 AM
> > > > To: Roberto Sassu <roberto.sassu@huawei.com>;
> > > > James.Bottomley@HansenPartnership.com;
> > > > jarkko.sakkinen@linux.intel.com
> > > > Cc: linux-integrity@vger.kernel.org; linux-security-
> > module@vger.kernel.org;
> > > > linux-kernel@vger.kernel.org; Silviu Vlasceanu
> > > > <Silviu.Vlasceanu@huawei.com>
> > > > Subject: Re: [PATCH v3 7/8] ima: Calculate and extend PCR with digests
> > in
> > > > ima_template_entry
> > > >
> > > > On Mon, 2020-02-10 at 11:04 +0100, Roberto Sassu wrote:
> > > >
> > > > > @@ -219,6 +214,8 @@ int ima_restore_measurement_entry(struct
> > > > ima_template_entry *entry)
> > > > >
> > > > >  int __init ima_init_digests(void)
> > > > >  {
> > > > > +	u16 digest_size;
> > > > > +	u16 crypto_id;
> > > > >  	int i;
> > > > >
> > > > >  	if (!ima_tpm_chip)
> > > > > @@ -229,8 +226,17 @@ int __init ima_init_digests(void)
> > > > >  	if (!digests)
> > > > >  		return -ENOMEM;
> > > > >
> > > > > -	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++)
> > > > > +	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) {
> > > > >  		digests[i].alg_id = ima_tpm_chip->allocated_banks[i].alg_id;
> > > > > +		digest_size = ima_tpm_chip->allocated_banks[i].digest_size;
> > > > > +		crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id;
> > > > > +
> > > > > +		/* for unmapped TPM algorithms digest is still a padded
> > > > SHA1 */
> > > > > +		if (crypto_id == HASH_ALGO__LAST)
> > > > > +			digest_size = SHA1_DIGEST_SIZE;
> > > > > +
> > > > > +		memset(digests[i].digest, 0xff, digest_size);
> > > >
> > > > Shouldn't the memset here be of the actual digest size even for
> > > > unmapped TPM algorithms.
> > >
> > > This is consistent with ima_calc_field_array_hash(), so that a verifier
> > > will always pad the SHA1 digest with zeros to obtain the final PCR value.
> > >
> > > I can set all bytes if you prefer.
> > 
> > My concern is with violations.  The measurement list will be padded
> > with 0's, but the value being extended into the TPM will only
> > partially be 0xFF's.  When verifying the measurement list, replacing
> > all 0x00's with all 0xFF's is simpler.
> 
> If the TPM algorithm is unknown, the starting point is the SHA1 digest.
> If there is a violation, this should be the one to be modified. Then, after
> that, padding is done for all entries in the same way, regardless of
> whether the entry is a violation or not.

Ok.  In the case that the verifier supports the hash algorithm and
calculates the template hash, walking the measurement list will fail
anyway.  In the case that the verifier does not support the hash
algorithm, then it will pad/truncate the SHA1 hash consistently.  That
works for now with the SHA1 based measurement list and should work
with a hash agile measurement list.

thanks,

Mimi


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2020-03-19  9:46 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-10 10:04 [PATCH v3 7/8] ima: Calculate and extend PCR with digests in ima_template_entry Roberto Sassu
2020-03-03  4:03 ` Mimi Zohar
2020-03-18 12:42   ` Roberto Sassu
2020-03-18 21:54     ` Mimi Zohar
2020-03-19  8:31       ` Roberto Sassu
2020-03-19  9:45         ` Mimi Zohar

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).