Received: by 2002:a05:6a10:6006:0:0:0:0 with SMTP id w6csp353189pxa; Wed, 26 Aug 2020 12:24:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw/Zwwfkinnrewz+X8D+f0GL71v91hr+DKaE7hJqQs14VaKbJHsIodHE5SuhVU5F9qrEQ73 X-Received: by 2002:a17:907:426e:: with SMTP id nx22mr12326016ejb.340.1598469891929; Wed, 26 Aug 2020 12:24:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598469891; cv=none; d=google.com; s=arc-20160816; b=Ajdsvm1nQp0satnSoqdf1rMVNyyuL5ZaGindmevkSbqhJcyEDZ11tQ8VoWDgFtmKOx hFXNqibj8t4WyVC/k8+vPoBsFvvUMf82Cy5Ea06t48dd+I2dZ+x02Y9UDET3VSWPpOOt UMmlN6mVnH8pVqld9FQFJZJb94hajxEhOdD8wxuNQyNIwwXL4/5eNPvq+yGGqCZE9qeV rhvjmuc7qERwCSrijcS5CYteuPQWca5fJAFkRxTqjDZrpcCgUPe5R9kixEIj2tPRxg3z 2+6OxuYF8tXAJ/sEWcTqJMJlhGxK5BVvuzd3hIgGeO5gy6rOfj7LB1u7d5rLROSUfEym 8F9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=Eo75JQZE9mrVCru9nMOYA0IQ+b92Abmj8F3aV3Gfzp0=; b=MrfCHL+MyIfBIV1fDMY/maomKaKTTs8gItk8UhBiFsqJuKPB0CTXJv7AZIZch3xOUG 0ToaruyPaTrwwZnRW3tB0u+7Qm/IddPfaMmAn24QiMjoYMcrupROihADIlsAAd3CJo9F uUGyXQ0tLgS8XYqZS2kCIDJ/D8UoAqt+DS6wFef5oRkWUiP/I475GEuPHVoi4GC7weiW kWnUBmYDWr0rsThC/EqsLPjdUnpgSpU3aoPVCp+2HtX4OZi68H/cacKzi4h81OMaSjrh KP0BA4glPdTCuJfKe/KWFZ++RWYFFTyiqWMEG5PaHcH5wlB7b6tSO5prjzxfArnFES+z D74Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="r/HvpQv0"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w22si2109873ejk.590.2020.08.26.12.24.18; Wed, 26 Aug 2020 12:24:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="r/HvpQv0"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726802AbgHZTYG (ORCPT + 99 others); Wed, 26 Aug 2020 15:24:06 -0400 Received: from mail.kernel.org ([198.145.29.99]:44046 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726790AbgHZTYG (ORCPT ); Wed, 26 Aug 2020 15:24:06 -0400 Received: from gmail.com (unknown [104.132.1.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D5FA52078A; Wed, 26 Aug 2020 19:24:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598469845; bh=SaUbEt3IVf9LXgdJkwNfYVM7lY/VyHQBl54Q5ymJrAo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=r/HvpQv0yE4VHw2tJRO5UvM8d8HAIrOqTPIeihv3QrH3Tuvl+fxgIPnDdi3PBt7+i jHarVbPirtqhl9zoGmOr/cu4l/S98dGmBTCD9Y3egES1fseDGMqZcpJGTG1ddLJwfv 5aYSvkUkAU6dJ86fdhyphzpVhbilVfGJ4VHirM3U= Date: Wed, 26 Aug 2020 12:24:03 -0700 From: Eric Biggers To: Chuck Lever Cc: linux-fscrypt@vger.kernel.org, linux-integrity@vger.kernel.org, Linux NFS Mailing List Subject: Re: IMA metadata format to support fs-verity Message-ID: <20200826192403.GD2239109@gmail.com> References: <760DF127-CA5F-4E86-9703-596E95CEF12F@oracle.com> <20200826183116.GC2239109@gmail.com> <6C2D16FB-C098-43F3-A7D3-D8AC783D1AB5@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6C2D16FB-C098-43F3-A7D3-D8AC783D1AB5@oracle.com> Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Wed, Aug 26, 2020 at 02:56:45PM -0400, Chuck Lever wrote: > > > On Aug 26, 2020, at 2:31 PM, Eric Biggers wrote: > > > > On Wed, Aug 26, 2020 at 10:13:43AM -0700, Chuck Lever wrote: > >> Hi Eric- > >> > >> I'm trying to construct a viable IMA metadata format (ie, what > >> goes into security.ima) to support Merkle trees. > >> > >> Rather than storing an entire Merkle tree per file, Mimi would > >> like to have a metadata format that can store the root hash of > >> a Merkle tree. Instead of reading the whole tree, an NFS client > >> (for example) would generate the parts of the file's fs-verity > >> Merkle tree on-demand. The tree itself would not be exposed or > >> transported by the NFS protocol. > > > > This won't work because you'd need to reconstruct the whole Merkle tree when > > reading the first byte from the file. Check the fs-verity FAQ > > (https://www.kernel.org/doc/html/latest/filesystems/fsverity.html#faq) where I > > explained this in more detail (fourth question). > > We agree there are inefficiencies with the proposed scheme. The > Merkle tree would be rehydrated at measurement time, and used at > read time to verify the results of each subsequent NFS READ. > > We assume that parts of the tree and parts of the file content > can be evicted from the client's memory at any time. So verifying > READ results may require rehydration of some or all of the Merkle > tree. If we're careful, eviction might avoid the higher levels of > the tree to prevent the need to read the whole file again. > > So, maybe we want to store the first level or two of the tree as > well? Obviously there is a limit to how much can be stored in an > extended attribute. That's going to be very inefficient, and difficult to handle the caching, preferential eviction, and constant tree rebuilding. IMO, the only model that really makes sense is one where the full tree is stored persistently. Have you considered options for how that could be done in NFS? What NFS protocol modifications (if any) are in scope? > >> Following up with the recent thread on linux-integrity, starting > >> here: > >> > >> https://lore.kernel.org/linux-integrity/1597079586.3966.34.camel@HansenPartnership.com/t/#u > >> > >> I think the following will be needed. > >> > >> 1. The parameters for (re)constructing the Merkle tree: > >> - The name of the digest algorithm > >> - The unit size represented by each leaf in the tree > >> - The depth of the finished tree > >> - The size of the file > >> - Perhaps a salt value > >> - Perhaps the file's mtime at the time the hash was computed > >> - The root hash > > > > Well, the xattr would need to contain the same information as > > struct fsverity_enable_arg, the argument to FS_IOC_ENABLE_VERITY. > > > >> 2. A fingerprint of the signer: > >> - The name of the digest algorithm > >> - The digest of the signer's certificate > >> > >> 3. The signature > >> - The name of the signature algorithm > >> - The signature, computed over 1. > > > > I thought there was a desire to just use the existing "integrity.ima" > > signature format. > > I am very interested in using EVM_IMA_DIGSIG. However, there appears > to be a consensus that for cases like NFS, every readpage result needs > to be verified, just as fs-verity does it. > > I suppose measurement for an NFS file could involve verifying a > saved linear hash while at the same time constructing a Merkle tree > on the client? fs-verity is mostly just a way of hashing a file. Can't IMA just continue to do its signatures in the same way, and just swap out the traditional full file hash with the fs-verity file hash (when it's enabled)? fs-verity does support its own signature mechanism, because people wanted a simple knob to set that makes the kernel verify and enforce signatures for all fs-verity files. But it's not mandatory to use that. - Eric