lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <A888B25CD99C1141B7C254171A953E8E49095F9B@shsmsx102.ccr.corp.intel.com>
Date:   Tue, 26 Nov 2019 07:32:12 +0000
From:   "Zhao, Shirley" <shirley.zhao@...el.com>
To:     Mimi Zohar <zohar@...ux.ibm.com>,
        James Bottomley <jejb@...ux.ibm.com>,
        Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
        Jonathan Corbet <corbet@....net>
CC:     "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
        "keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "'Mauro Carvalho Chehab'" <mchehab+samsung@...nel.org>,
        "Zhu, Bing" <bing.zhu@...el.com>,
        "Chen, Luhai" <luhai.chen@...el.com>
Subject: RE: One question about trusted key of keyring in Linux kernel.

Thanks for your feedback, Mimi. 
But the document of dracut can't solve my problem. 

I did more test these days and try to descript my question in more detail. 

In my scenario, the trusted key will be sealed into TPM with PCR policy. 
And there are some related options in manual like 
       hash=         hash algorithm name as a string. For TPM 1.x the only
                     allowed value is sha1. For TPM 2.x the allowed values
                     are sha1, sha256, sha384, sha512 and sm3-256.
       policydigest= digest for the authorization policy. must be calculated
                     with the same hash algorithm as specified by the 'hash='
                     option.
       policyhandle= handle to an authorization policy session that defines the
                     same policy and with the same hash algorithm as was used to
                     seal the key. 

Here is my test step. 
Firstly, the pcr policy is generated as below: 
$ tpm2_createpolicy --policy-pcr --pcr-list sha256:7 --policy pcr7_bin.policy > pcr7.policy

Pcr7.policy is the ascii hex of policy:
$ cat pcr7.policy
321fbd28b60fcc23017d501b133bd5dbf2889814588e8a23510fe10105cb2cc9

Then generate the trusted key and configure policydigest and get the key ID: 
$ keyctl add trusted kmk "new 32 keyhandle=0x81000001 hash=sha256 policydigest=`cat pcr7.policy`" @u
874117045

Save the trusted key. 
$ keyctl pipe 874117045 > kmk.blob

Reboot and load the key. 
Start a auth session to generate the policy:
$ tpm2_startauthsession -S session.ctx
session-handle: 0x3000000
$ tpm2_pcrlist -L sha256:7 -o pcr7.sha256
$ tpm2_policypcr -S session.ctx -L sha256:7 -F pcr7.sha256 -f pcr7.policy
policy-digest: 0x321FBD28B60FCC23017D501B133BD5DBF2889814588E8A23510FE10105CB2CC9

Input the policy handle to load trusted key:
$ keyctl add trusted kmk "load `cat kmk.blob` keyhandle=0x81000001 policyhandle=0x3000000" @u
add_key: Operation not permitted

The error should be policy check failed, because I use TPM command to unseal directly with error of policy check failed. 
$ tpm2_unseal -c 0x81000001 -L sha256:7
ERROR on line: "81" in file: "./lib/log.h": Tss2_Sys_Unseal(0x99D) - tpm:session(1):a policy check failed
ERROR on line: "213" in file: "tools/tpm2_unseal.c": Unseal failed!
ERROR on line: "166" in file: "tools/tpm2_tool.c": Unable to run tpm2_unseal

So my question is:
1. How to use the option, policydigest, policyhandle?? Is there any example? 
2. What's wrong with my test step? 

Thanks. 

- Shirley 



-----Original Message-----
From: Mimi Zohar <zohar@...ux.ibm.com> 
Sent: Wednesday, November 13, 2019 11:46 PM
To: Zhao, Shirley <shirley.zhao@...el.com>; James Bottomley <jejb@...ux.ibm.com>; Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>; Jonathan Corbet <corbet@....net>
Cc: linux-integrity@...r.kernel.org; keyrings@...r.kernel.org; linux-doc@...r.kernel.org; linux-kernel@...r.kernel.org; 'Mauro Carvalho Chehab' <mchehab+samsung@...nel.org>
Subject: Re: One question about trusted key of keyring in Linux kernel.

On Wed, 2019-11-13 at 01:22 +0000, Zhao, Shirley wrote:
> Hi, all,
> 
> This is Shirley from Intel. I have one question about trusted key of 
> keyring in kernel. Please help.
> 
> According the to description in https://github.com/torvalds/linux/bl
> ob/master/Documentation/security/keys/trusted-encrypted.rst.
> Trusted key will be saved in TPM with PCR policy protected.

"Trusted Keys use a TPM both to generate and to seal the keys. Keys are sealed under a 2048 bit RSA key in the TPM, ..."

Trusted keys are not TPM keys.  They are not stored in the TPM.

> 
> Then, I running the following command to create a trusted key.
> keyctl add trusted test_trusted "new 32 keyhandle=0x81000001" @u
> 
> I also tried the following command, it can add one trusted key, too.
> keyctl add trusted test_trusted "new 32 keyhandle=0x81000001 
> pcrinfo=`cat pcr7.blob`" @u
> 
> But after reboot, this key will be removed.
> I need to re-added during boot.

Right, they need to be re-loaded on boot.  Refer to the dracut module /modules.d/97masterkey for loading a trusted key during boot.

> 
> Then the question is since this key is saved in TPM, how to get it 
> back from TPM?

Trusted keys are not stored in the TPM.  Refer to the ima-evm-utils README for examples of creating a trusted key (kmk) and an encrypted key (evm-key).

> 
> From the document, I need to use "keyctl pipe" to save the key into a 
> blob, then load it.
> But the blob contend key text, and this is a file on hard disk, it is 
> not safe to protect the key.
> 
> So what can TPM do here?

The hex ascii encoded trusted key is sealed under the TPM SRK.

Mimi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ