lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 03 Feb 2016 15:46:52 +0000
From:	David Howells <dhowells@...hat.com>
To:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc:	dhowells@...hat.com, linux-security-module@...r.kernel.org,
	keyrings@...r.kernel.org, petkan@...-labs.com,
	linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 03/20] X.509: Allow X.509 certs to be blacklisted [ver #2]

Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote:

> > Allow X.509 certs to be blacklisted based on their TBS hash. 
> 
> What is the TBS hash?  This doesn't seem to be the key identifier.

It's the TBSCertificate hash (I'll change to calling it that in the patch
description).  "TBS" stands for "To Be Signed".  This is what is hashed for
the signature to be generated upon - so it's something we have to expend
resources calculating anyway.

The reason I'm using this is this is what UEFI puts into its blacklist.  See:

	http://uefi.blogspot.co.uk/2013/09/uefi-24-review-part-13-hash-of.html

To quote:

	Now, in the UEFI 2.4 specification, three new types of signatures for
	the black list were added. Specifically, the various recommended forms
	of the To-Be-Signed hash value (160, 256 and 512-bits) which are
	created during the creation of a certificate could be added to the
	black list instead of the certificate itself.

> The cert associated with this key identifier is loaded onto the .ima
> keyring.

We could also check that.  There's no requirement that we only check the TBS -
but the TBS hash is something we must check.

I wonder if I should mark the blacklist key as to what the value it holds
should be checked against.  There's a number of different things we could put
in there:

 (1) TBSCertificate hash.

 (2) Subject Key Identifier content.

 (3) Authenticode Binary hash (for PE files).

 (4) PKCS#7 component digest.

> eg:  openssl x509 -in <pathname> -inform DER -notext -out
> 
> <snip>
> 
>         X509v3 extensions:
>             X509v3 Subject Key Identifier: 
> 
> 71:12:39:B3:AB:E6:8D:BF:70:E7:26:DE:C8:4A:3F:5F:17:EF:00:6C

Note that this isn't a mandatory field and if it's not present, we have no way
to calculate it as there's no one standard-defined method.

David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ