Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove the SHA1 requirement for IMA #803

Merged
merged 9 commits into from Dec 15, 2021
Merged

Remove the SHA1 requirement for IMA #803

merged 9 commits into from Dec 15, 2021

Conversation

THS-on
Copy link
Member

@THS-on THS-on commented Dec 2, 2021
edited

Modern kernel versions (>= 5.10) hash the IMA entries with all available PCR bank algorithms, but the entry in the IMA log is still the SHA1 entry in most distributions.
This PR removes the special handling for PCR10 and IMA and just uses the default hash algorithm of the agent.

This also fixes an issue that the hash algorithm for the data PCR might not match between agent and verifier and introduces a new IMA emulator adapter that supports multiple hash algorithms.

Fixes #30, fixes #801

@keylime-bot keylime-bot added enhancement key_feature immune from stale bot. labels Dec 2, 2021
@THS-on THS-on force-pushed the ima-hash branch 2 times, most recently from 6820854 to 2f495c9 Compare December 2, 2021 17:31
stefanberger
stefanberger reviewed Dec 2, 2021
View reviewed changes
keylime/agentstates.py Outdated Show resolved Hide resolved
@THS-on
Copy link
Member Author

THS-on commented Dec 3, 2021

Changing this would make Keylime with SHA256 as default TPM hash algorithm only work on kernel versions starting with 5.10.
When switching to SHA1 it should still work with older versions.
@mpeters, @maugustosilva do you run Keylime with kernel versions less than 5.10?

If avoidable I would skip writing a workaround to support the older kernel versions.

stefanberger
stefanberger reviewed Dec 3, 2021
View reviewed changes
keylime/agentstates.py Outdated Show resolved Hide resolved
@THS-on THS-on mentioned this pull request Dec 3, 2021
Closed
stefanberger
stefanberger reviewed Dec 3, 2021
View reviewed changes
keylime/agentstates.py Outdated Show resolved Hide resolved
@THS-on THS-on force-pushed the ima-hash branch 2 times, most recently from 02a60d3 to a312c80 Compare December 3, 2021 18:58
@THS-on THS-on changed the title WIP: Remove the SHA1 requirement for IMA Remove the SHA1 requirement for IMA Dec 3, 2021
@THS-on
Copy link
Member Author

THS-on commented Dec 3, 2021

I think this PR is now ready for testing, but there are still some questions that need to be discussed.

  • Kernel versions older that 5.10 do not extend the PCRs as expected (just rehash the data with the correct algorithm). Do we want to implement extra handling for that or not? Downgrading the general tpm_hash_alg to sha1 should do the trick on those installations.
  • Older agent versions will send us only the SHA1 hash of the IMA PCR, should add special handling for that?
  • Does the REST API version need to be increased?

@THS-on THS-on marked this pull request as ready for review December 3, 2021 19:12
stefanberger
stefanberger reviewed Dec 5, 2021
View reviewed changes
keylime/ima.py Outdated Show resolved Hide resolved
@mpeters
Copy link
Member

mpeters commented Dec 6, 2021

do you run Keylime with kernel versions less than 5.10

Yes. The latest releases of RHEL all use kernels older than 5.10 (RHEL 8 uses 4.18). It's not packaged for RHEL 8 and I believe RHEL 9 will use 5.11, but we still want it to be possible to monitor systems running RHEL 8.

@mpeters
Copy link
Member

mpeters commented Dec 6, 2021

do you run Keylime with kernel versions less than 5.10

If someone tries to use an unsupported hash algo, what happens now? As long as there's a good error message in the log (agent at least, but also verifier if possible) that would be ok.

@mpeters
Copy link
Member

mpeters commented Dec 6, 2021

I think this PR is now ready for testing, but there are still some questions that need to be discussed.

  • Kernel versions older that 5.10 do not extend the PCRs as expected (just rehash the data with the correct algorithm). Do we want to implement extra handling for that or not? Downgrading the general tpm_hash_alg to sha1 should do the trick on those installations.

I'm fine with that as long as the error messages are clear.

  • Older agent versions will send us only the SHA1 hash of the IMA PCR, should add special handling for that?

What special handling are you thinking about?

  • Does the REST API version need to be increased?

I don't think we need an API version increment for this change. It added something to the allowlist format, but I'm not sure that's enough to qualify for a new API version. I could be convinced otherwise though if people felt strongly about it.

@stefanberger
Copy link
Contributor

stefanberger commented Dec 6, 2021
edited

I wanted to test this and had to setup a new environment with Fedora 34 on the agent side and Fedora 35 on the server side. But now I cannot even get beyond the error message:

keylime.tenant.UserError: TPM Quote from cloud agent is invalid for nonce: bpom...

@THS-on
Copy link
Member Author

THS-on commented Dec 6, 2021

@mpeters

If someone tries to use an unsupported hash algo, what happens now? As long as there's a good error message in the log (agent at least, but also verifier if possible) that would be ok.

IMA verification will fail. I'll add a better error message if another hash algorithm then SHA1 is used on kernel versions <5.10.

Older agent versions will send us only the SHA1 hash of the IMA PCR, should add special handling for that?
What special handling are you thinking about?

Downgrading to SHA1 if it is allowed and we get only a SHA1 hash for PCR 10.

I don't think we need an API version increment for this change. It added something to the allowlist format, but I'm not sure that's > enough to qualify for a new API version. I could be convinced otherwise though if people felt strongly about it.

I agree.

@THS-on
algorithms: extend Hash class to simplify computing hash values
8c5b2a8 
Signed-off-by: Thore Sommer <mail@thson.de>
@maugustosilva
Copy link
Contributor

I just ran a quick test with this PR, and it is breaking from me. Using an allowlist on the old format, I see the following error IMA measurement list does not match TPM PCR c048eccecfc4ca23422d9944ad8fee0ba56c0914520e0022b3497d724053e4c2.

Will investigate further, but please hold the merge for now.

Here is an example of my allowlist, (all sha1):

b57eed1320e37009eba35efb495823d281249ec6  boot_aggregate

5e0d723f4af771ff1ab0d3cb89af8a15f8bc9071  /usr/sbin/fstab-decode
46f0eda094e2d58c364c5833be5e6714a6ff03ea  /usr/sbin/update-rc.d
19ff1a2a7d5bdca0eb002cd97d3937e7965ce76f  /usr/sbin/groupadd
6c87f56ca56c54531766afa757631fce02aed5cc  /usr/sbin/chcpu
dff321cf5f8797cbdde935e862d41ca3d5cdaf07  /usr/sbin/pam_extrausers_chkpwd
00c01c4fdb74f4863be6305cd31020d5bc06971d  /usr/sbin/slattach
b45b054cbb450ad4ba3c5d85ca58a64282d625c9  /usr/sbin/pwck
a4f4492fc7918caf163ea73b23655d76390dd3a0  /usr/sbin/blkdeactivate
442ba2dad8d3acbd48ed226215791fb8a0707141  /usr/sbin/tarcat
cf8a92ba84f0f180a7d442ad544927e004b04d49  /usr/sbin/crm_error
c55277ef48cde28b44f0de17ba561ccf6300ad5c  /usr/sbin/cryptdisks_stop
bce28209f9e164f4f1339423e86fc4de93a2d66a  /usr/sbin/virtlockd
f46ada5edd0ba3a95d948ea46925bddbcf1458cc  /usr/sbin/dpkg-reconfigure
feecd84949dc89090ce2e4226145dd8d776c8819  /usr/sbin/xtables-legacy-multi
50901f91a8ae7f7c1e83d16943eb015b757c2b73  /usr/sbin/start-stop-daemon
57679ba23812ea8ebdb5f257df5bdb7f599e87f8  /usr/sbin/pam-auth-update
6a8339be3cb913463ec33c48d388c5898f594c5d  /usr/sbin/cryptsetup

@THS-on
Copy link
Member Author

THS-on commented Dec 14, 2021

@maugustosilva If you only provide SHA1 hashes did you change your tpm_hash_alg on the agent side to sha1?

@maugustosilva
Copy link
Contributor

I was looking through the code. You're right, of course. Will let you know as soon as I finish the test.

@maugustosilva
Copy link
Contributor

maugustosilva commented Dec 14, 2021
edited

Now I see the error in the measured boot log

[root@node4 /]# cat /etc/keylime.conf | grep hash
tpm_hash_alg = sha1
accept_tpm_hash_algs = sha512,sha384,sha256,sha1
tpm_hash_alg = sha1

and on the verifier

2021-12-14 21:01:13.746 - keylime.tpm - ERROR - For PCR 0 and hash SHA256 the boot event log has value '2f197c3b472dddd6fb7f9606ae9123f4a186c3a283c9b12a28a605bb5f81df0e' but the agent returned '284d1138c16af8f0be30a48a59835acb69eb09ac'
2021-12-14 21:01:13.746 - keylime.tpm - ERROR - For PCR 1 and hash SHA256 the boot event log has value '2f882dd70543f88e4c377fe03b7a870f460774940fb0ac02145f0f4f3592fa39' but the agent returned '25434a48e97d7cc3f8c0b22e87a039af8cef8625'
2021-12-14 21:01:13.747 - keylime.tpm - ERROR - For PCR 2 and hash SHA256 the boot event log has value '4fa069d286b2edfb365213f20faaaf513545bdb2524054ea39ceef22e1c29ae5' but the agent returned '807c32de5b85d7d104b039f986d510dbde633f0d'
2021-12-14 21:01:13.747 - keylime.tpm - ERROR - For PCR 3 and hash SHA256 the boot event log has value '3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969' but the agent returned 'b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236'
2021-12-14 21:01:13.747 - keylime.tpm - ERROR - For PCR 4 and hash SHA256 the boot event log has value '7cb5826fcb0438241b22850c34e9f1691298ce02f8cc94815445fea6595bd1a' but the agent returned 'c0150dad582a6f5669d725b2af46b53df6b9d49f'
2021-12-14 21:01:13.747 - keylime.tpm - ERROR - For PCR 5 and hash SHA256 the boot event log has value 'b191309f12890cd219c5e043cfa796d1a5075eb837800cb22f42259438a8aed6' but the agent returned '583d0fe407d13ec85c4c9a760c8265531cd69a11'
2021-12-14 21:01:13.747 - keylime.tpm - ERROR - For PCR 6 and hash SHA256 the boot event log has value '3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969' but the agent returned 'b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236'
2021-12-14 21:01:13.748 - keylime.tpm - ERROR - For PCR 7 and hash SHA256 the boot event log has value 'b926225ac488e9c50ef2fa815aa7104b385a06907093bfb1dc62eeb7abecddf1' but the agent returned '7679047866e616450760ce711ea91126eb45bef6'
2021-12-14 21:01:13.748 - keylime.tpm - ERROR - For PCR 8 and hash SHA256 the boot event log has value '5c51521e50258ad78cda19004c6e38546659d3d15b328bd06992873a34070d5d' but the agent returned '7913fa4c9231aedaa427e1affb099f057e0ad1ed'
2021-12-14 21:01:13.748 - keylime.tpm - ERROR - For PCR 9 and hash SHA256 the boot event log has value '9547ed04feb1387152361bae5fde503b8f92b840f0835e062d63a6db145e115e' but the agent returned 'a9d4e41ec51fc55398954e42a2dec2241f889484'
2021-12-14 21:01:13.748 - keylime.tpm - ERROR - For PCR 14 and hash SHA256 the boot event log has value 'e3991b7ddd47be7e92726a832d6874c5349b52b789fa0db8b558c69fea29574e' but the agent returned '77db66d60aa0c2cd1cea6c34fed4f2aa014bf285'

for reference, the command line used to add the agent to the verifier is:

/usr/local/bin/keylime_tenant -c update -t 100.64.14.16 -v 100.64.14.13 -u 64c8b829-20fb-5786-9b17-8e849577cb63 --no-verifier-check --cert /var/lib/keylime/ca/64c8b829-20fb-5786-9b17-8e849577cb63 --mb_refstate /tmp/mb_refstate_64c8b829-20fb-5786-9b17-8e849577cb63.txt --tpm_policy '{"23":"0000000000000000000000000000000000000000"}'

Evidently, removing --mb_refstate CLI option allows the attestation to proceed without any problem.

@THS-on
Copy link
Member Author

THS-on commented Dec 14, 2021

@maugustosilva thanks for the report.

The parse_mb_bootlog(..) always used SHA256. The latest commit should make this depended on the algorithm the agent uses.

@THS-on
Copy link
Member Author

THS-on commented Dec 15, 2021

@maugustosilva on which kernel version are you? If you try to use sha256 with a kernel version lower than 5.10 you should get an warning that IMA might not work correctly.

@mpeters should we change the default tpm_hash_alg to sha1, so that it works on all systems by default. Once RHEL uses a kernel version greater than 5.10 we can switch to sha256 by default then.

@maugustosilva
Copy link
Contributor

@maugustosilva on which kernel version are you? If you try to use sha256 with a kernel version lower than 5.10 you should get an warning that IMA might not work correctly.

Kernel 5.4 (Ubuntu Focal)

@mpeters should we change the default tpm_hash_alg to sha1, so that it works on all systems by default. Once RHEL uses a kernel version greater than 5.10 we can switch to sha256 by default then.

Right, we need to ensure it is not gonna be broken for users out of the box. Focal, for instance, is LTS.

@maugustosilva
Copy link
Contributor

@THS-on It now works properly with your latest commits, thanks.

@THS-on
ima: remove hard requirement for SHA1 PCR 10
a0dd827 
The hash algorithm used for PCR 10 and the one used for validating the IMA
log can now be specified separately.

Since version 5.10 the kernel extends PCR 10 also all other available hash
algorithms by rehashing that data. Before 5.10 the SHA1 was just padded.
Keylime supports only SHA1 for those older versions.

Signed-off-by: Thore Sommer <mail@thson.de>
@THS-on
ima: add option 'log_hash_alg' to IMA allowlist
2079593 
This option control which hash algorithm is used for comparing the hash
given in an IMA log entry.

Signed-off-by: Thore Sommer <mail@thson.de>
@THS-on
tests: update IMA allowlist version number
19c622d 
Signed-off-by: Thore Sommer <mail@thson.de>
@THS-on
ima emulator: use IMA AST and support multiple hash algorithms
586d0ce 
Signed-off-by: Thore Sommer <mail@thson.de>
@THS-on
tpm: explicitly pass hash alg to sim_extend(..)
42950ee 
Signed-off-by: Thore Sommer <mail@thson.de>
@THS-on
agent: add warning that on kernels <5.10 IMA only works with SHA1
7e94409 
This is the case because kernels <5.10 did not extend PCRs by rehashing
the data with the fitting algorithm, instead the SHA1 value was padded
with 0s to fit. We do not support validation for that.

Signed-off-by: Thore Sommer <mail@thson.de>
@THS-on
parse_mb_bootlog: specify the used hash algorithm used for PCRs
3bb431a 
The original code assumed that the agent always uses SHA256 as tpm_hash_alg
when used in combination with the measured boot feature. The hash algorithm
is now configurable.

Signed-off-by: Thore Sommer <mail@thson.de>
@THS-on
config: change tpm_hash_alg to SHA1 by default
554e496 
This ensures that Keylime works out of the box on older kernel versions.

Signed-off-by: Thore Sommer <mail@thson.de>
@THS-on
Copy link
Member Author

THS-on commented Dec 15, 2021

I've now changed the default tpm_hash_alg to sha1 to prevent Keylime being broken by default on older kernel versions.

@mpeters
Copy link
Member

mpeters commented Dec 15, 2021

@mpeters should we change the default tpm_hash_alg to sha1, so that it works on all systems by default. Once RHEL uses a kernel version greater than 5.10 we can switch to sha256 by default then.

Yeah, I think we can go with sha1 as the default for now as the most popular enterprise linux distro doesn't support 256 yet.

@mpeters mpeters merged commit 33d15b2 into keylime:master Dec 15, 2021
@kkaarreell kkaarreell mentioned this pull request Dec 16, 2021
Merged
THS-on added a commit to THS-on/rust-keylime that referenced this pull request Dec 28, 2021
@THS-on
tpm: remove special handling for PCR10
7a5eec1 
IMA now works with all hash algorithms:
keylime/keylime#803

Signed-off-by: Thore Sommer <mail@thson.de>
@THS-on THS-on mentioned this pull request Dec 28, 2021
Merged
lkatalin pushed a commit to keylime/rust-keylime that referenced this pull request Jan 7, 2022
@THS-on @lkatalin
tpm: remove special handling for PCR10
925d7ef 
IMA now works with all hash algorithms:
keylime/keylime#803

Signed-off-by: Thore Sommer <mail@thson.de>
@THS-on THS-on deleted the ima-hash branch February 6, 2022 18:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stefanberger stefanberger stefanberger left review comments

@mpeters mpeters mpeters approved these changes

@maugustosilva maugustosilva maugustosilva approved these changes

@lukehinds lukehinds Awaiting requested review from lukehinds

Assignees

@mpeters mpeters

@maugustosilva maugustosilva

@lukehinds lukehinds

Labels
enhancement key_feature immune from stale bot.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

IMA emulator should use SHA256 instead of SHA1 Support more IMA hashing algorithms (TPM 2.0)
6 participants
@THS-on @mpeters @stefanberger @maugustosilva @lukehinds @keylime-bot