| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Jan 2020 09:22:05 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Roberto Sassu <roberto.sassu@...wei.com>,
"jarkko.sakkinen@...ux.intel.com" <jarkko.sakkinen@...ux.intel.com>,
"james.bottomley@...senpartnership.com"
<james.bottomley@...senpartnership.com>,
"linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>
Cc: "linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Silviu Vlasceanu <Silviu.Vlasceanu@...wei.com>
Subject: Re: [PATCH 7/8] ima: use ima_hash_algo for collision detection in
the measurement list
On Fri, 2020-01-31 at 14:02 +0000, Roberto Sassu wrote:
> > -----Original Message-----
> > From: linux-integrity-owner@...r.kernel.org [mailto:linux-integrity-
> > owner@...r.kernel.org] On Behalf Of Mimi Zohar
> > Sent: Thursday, January 30, 2020 11:26 PM
> > To: Roberto Sassu <roberto.sassu@...wei.com>;
> > jarkko.sakkinen@...ux.intel.com;
> > james.bottomley@...senpartnership.com; linux-integrity@...r.kernel.org
> > Cc: linux-security-module@...r.kernel.org; linux-kernel@...r.kernel.org;
> > Silviu Vlasceanu <Silviu.Vlasceanu@...wei.com>
> > Subject: Re: [PATCH 7/8] ima: use ima_hash_algo for collision detection in
> > the measurement list
> >
> > On Mon, 2020-01-27 at 18:04 +0100, Roberto Sassu wrote:
> > > Before calculating a digest for each PCR bank, collisions were detected
> > > with a SHA1 digest. This patch includes ima_hash_algo among the
> > algorithms
> > > used to calculate the template digest and checks collisions on that digest.
> > >
> > > Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
> >
> > Definitely needed to protect against a sha1 collision attack.
> >
> > <snip>
> >
> > >
> > > diff --git a/security/integrity/ima/ima_api.c
> > b/security/integrity/ima/ima_api.c
> > > index ebaf0056735c..a9bb45de6db9 100644
> > > --- a/security/integrity/ima/ima_api.c
> > > +++ b/security/integrity/ima/ima_api.c
> > > @@ -51,7 +51,7 @@ int ima_alloc_init_template(struct ima_event_data
> > *event_data,
> > > if (!*entry)
> > > return -ENOMEM;
> > >
> > > - (*entry)->digests = kcalloc(ima_tpm_chip->nr_allocated_banks + 1,
> > > + (*entry)->digests = kcalloc(ima_tpm_chip->nr_allocated_banks + 2,
> > > sizeof(*(*entry)->digests), GFP_NOFS);
> > > if (!(*entry)->digests) {
> > > result = -ENOMEM;
> >
> > I would prefer not having to allocate and use "nr_allocated_banks + 1"
> > everywhere, but I understand the need for it. I'm not sure this patch
> > warrants allocating +2. Perhaps, if a TPM bank doesn't exist for the
> > IMA default hash algorithm, use a different algorithm or, worst case,
> > continue using the ima_sha1_idx.
>
> We could introduce a new option called ima_hash_algo_tpm to specify
> the algorithm of an allocated bank. We can use this for boot_aggregate
> and hash collision detection.
I don't think that would work in the case where the IMA default hash
is set to sha256, but the system has a TPM 1.2 chip. We would be left
using SHA1 for the file hash collision detection.
With my suggestion of defining an "extra" variable, I kind of back
tracked here. There are two problems that I'm trying to address -
hard coding the number of additional "banks" and unnecessarily
allocating more memory than necessary. By pre-walking the list,
calculating the "extra" banks, you'll resolve both issues.
Mimi
Powered by blists - more mailing lists