Received: by 2002:a25:d783:0:0:0:0:0 with SMTP id o125csp450603ybg; Thu, 19 Mar 2020 02:47:07 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvRETDHr+FmTie0mCwojZHdNRuBwrOYfjuDHY9Z0JjBE+4gV6aiIZm6/ReXrff9tqE/Xngw X-Received: by 2002:a9d:7d8d:: with SMTP id j13mr1615411otn.166.1584611227314; Thu, 19 Mar 2020 02:47:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584611227; cv=none; d=google.com; s=arc-20160816; b=SSVkbrtq/lDTJSNMPK90ae01u1vMDTTfuFrL/+2+D46L8iJz5O5IupR+2hiokpXYmd QqaB5KClBI9QplireGUy3MY2UwwZabJDJsLi3HF4xKJZ8MgQgX6gIqNT0xVjDbEwMMV9 0eo4/ahzbAI5MLz6QeaouivUkJ/TOFSYHPfOIJ4YBgwkUU69DuDfxiaYSa0z+ipkRFMf lAPOymR5A9pV0crIojjTP+CHantGOrl1yfE/Bjealb0gVMNjoaewauW8V92Y3MQa2cev GBd+5OQzIP7UCgptN3ftfBRZJJFFeJGol2pRgQP1i146HkaBb6wVYMMWqQt7U1xmVNiP OILw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject; bh=qZkZERNMdpJSbBmfSROkVdHi8vP6Z/z6O58EgE5JSIY=; b=qKC0JKgl56C+JAMISJA8KXc2k3PBnTdptkxW1inoJuDh4IC1TJW9UF79RgpH+VDlEw FWkbwKlEUd0Y/VUW6wgT6cIZ1wXHEJajMSkAswh7dC6yRbT5wUM/zpfgUX52VBf4J8aw jr2X9R4qmDAKmfbje2AlSSKdQlbERh0jYHIXNvLZJqIl7DVcTKIzajnHdnpYZ7t4owX5 p5gcYZ9Awt5AOYE2sKpVESQ28p9VsZjnzAckvMCr5+BP6rzo3JI1wSrtDITS+HfjoWGl kuPis1LybjgZ2zgxYUeS0g+TBVxdSOu6FBOLI8g5G7rxVA/OqBZHICxUgY8jYIqVmyoS +mzA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p203si807819oic.214.2020.03.19.02.46.54; Thu, 19 Mar 2020 02:47:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726902AbgCSJqF (ORCPT + 99 others); Thu, 19 Mar 2020 05:46:05 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:50140 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726589AbgCSJqF (ORCPT ); Thu, 19 Mar 2020 05:46:05 -0400 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 02J9WqpP104235 for ; Thu, 19 Mar 2020 05:46:04 -0400 Received: from e06smtp04.uk.ibm.com (e06smtp04.uk.ibm.com [195.75.94.100]) by mx0a-001b2d01.pphosted.com with ESMTP id 2yua2byrx7-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 19 Mar 2020 05:46:03 -0400 Received: from localhost by e06smtp04.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 19 Mar 2020 09:46:02 -0000 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp04.uk.ibm.com (192.168.101.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 19 Mar 2020 09:45:59 -0000 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 02J9jwOc54853638 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 19 Mar 2020 09:45:58 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3CECDAE051; Thu, 19 Mar 2020 09:45:58 +0000 (GMT) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AE824AE055; Thu, 19 Mar 2020 09:45:56 +0000 (GMT) Received: from localhost.localdomain (unknown [9.85.203.81]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 19 Mar 2020 09:45:56 +0000 (GMT) Subject: Re: [PATCH v3 7/8] ima: Calculate and extend PCR with digests in ima_template_entry From: Mimi Zohar To: Roberto Sassu , "James.Bottomley@HansenPartnership.com" , "jarkko.sakkinen@linux.intel.com" Cc: "linux-integrity@vger.kernel.org" , "linux-security-module@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Silviu Vlasceanu Date: Thu, 19 Mar 2020 05:45:55 -0400 In-Reply-To: <7df041fd4cd64a5bb61beb4eb8276819@huawei.com> References: <20200210100418.22049-1-roberto.sassu@huawei.com> <1583208222.8544.168.camel@linux.ibm.com> <1584568492.5188.200.camel@linux.ibm.com> <7df041fd4cd64a5bb61beb4eb8276819@huawei.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 20031909-0016-0000-0000-000002F3C23E X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20031909-0017-0000-0000-000033574B39 Message-Id: <1584611155.5188.214.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.645 definitions=2020-03-19_01:2020-03-18,2020-03-18 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 mlxlogscore=999 malwarescore=0 suspectscore=0 clxscore=1015 phishscore=0 priorityscore=1501 adultscore=0 bulkscore=0 spamscore=0 mlxscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2003190043 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2020-03-19 at 08:31 +0000, Roberto Sassu wrote: > > -----Original Message----- > > From: linux-integrity-owner@vger.kernel.org [mailto:linux-integrity- > > owner@vger.kernel.org] On Behalf Of Mimi Zohar > > Sent: Wednesday, March 18, 2020 10:55 PM > > To: Roberto Sassu ; > > James.Bottomley@HansenPartnership.com; > > jarkko.sakkinen@linux.intel.com > > Cc: linux-integrity@vger.kernel.org; linux-security-module@vger.kernel.org; > > linux-kernel@vger.kernel.org; Silviu Vlasceanu > > > > Subject: Re: [PATCH v3 7/8] ima: Calculate and extend PCR with digests in > > ima_template_entry > > > > On Wed, 2020-03-18 at 12:42 +0000, Roberto Sassu wrote: > > > > -----Original Message----- > > > > From: owner-linux-security-module@vger.kernel.org [mailto:owner- > > linux- > > > > security-module@vger.kernel.org] On Behalf Of Mimi Zohar > > > > Sent: Tuesday, March 3, 2020 5:04 AM > > > > To: Roberto Sassu ; > > > > James.Bottomley@HansenPartnership.com; > > > > jarkko.sakkinen@linux.intel.com > > > > Cc: linux-integrity@vger.kernel.org; linux-security- > > module@vger.kernel.org; > > > > linux-kernel@vger.kernel.org; Silviu Vlasceanu > > > > > > > > Subject: Re: [PATCH v3 7/8] ima: Calculate and extend PCR with digests > > in > > > > ima_template_entry > > > > > > > > On Mon, 2020-02-10 at 11:04 +0100, Roberto Sassu wrote: > > > > > > > > > @@ -219,6 +214,8 @@ int ima_restore_measurement_entry(struct > > > > ima_template_entry *entry) > > > > > > > > > > int __init ima_init_digests(void) > > > > > { > > > > > + u16 digest_size; > > > > > + u16 crypto_id; > > > > > int i; > > > > > > > > > > if (!ima_tpm_chip) > > > > > @@ -229,8 +226,17 @@ int __init ima_init_digests(void) > > > > > if (!digests) > > > > > return -ENOMEM; > > > > > > > > > > - for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) > > > > > + for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) { > > > > > digests[i].alg_id = ima_tpm_chip->allocated_banks[i].alg_id; > > > > > + digest_size = ima_tpm_chip->allocated_banks[i].digest_size; > > > > > + crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id; > > > > > + > > > > > + /* for unmapped TPM algorithms digest is still a padded > > > > SHA1 */ > > > > > + if (crypto_id == HASH_ALGO__LAST) > > > > > + digest_size = SHA1_DIGEST_SIZE; > > > > > + > > > > > + memset(digests[i].digest, 0xff, digest_size); > > > > > > > > Shouldn't the memset here be of the actual digest size even for > > > > unmapped TPM algorithms. > > > > > > This is consistent with ima_calc_field_array_hash(), so that a verifier > > > will always pad the SHA1 digest with zeros to obtain the final PCR value. > > > > > > I can set all bytes if you prefer. > > > > My concern is with violations.  The measurement list will be padded > > with 0's, but the value being extended into the TPM will only > > partially be 0xFF's.  When verifying the measurement list, replacing > > all 0x00's with all 0xFF's is simpler. > > If the TPM algorithm is unknown, the starting point is the SHA1 digest. > If there is a violation, this should be the one to be modified. Then, after > that, padding is done for all entries in the same way, regardless of > whether the entry is a violation or not. Ok.  In the case that the verifier supports the hash algorithm and calculates the template hash, walking the measurement list will fail anyway.  In the case that the verifier does not support the hash algorithm, then it will pad/truncate the SHA1 hash consistently.  That works for now with the SHA1 based measurement list and should work with a hash agile measurement list. thanks, Mimi