On Fri, 2020-01-03 at 13:27 -0500, Ken Goldman wrote:
> On 1/2/2020 6:22 PM, Mimi Zohar wrote:
> >> However, d-modsig is a hash. How should a parser interpret a missing
> >> [file data] hash? Under what conditions would that be legal / illegal /
> >> something to flag to an admin UI?
> > The "d-modsig" is the hash of the file without the appended signature.
> > That hash is needed to verify the appended signature. If there isn't
> > an appended signature, then there would be no reason for "d-modsig".
>
> I'd like to make the leap from "no reason to" to what is permissible,
> what a verifier would treat as legal or an error case.
>
> E.g., should the IMA log specification say:
>
> If the sig length is zero, the d-modsig length MUST be zero.
>
> Or might it be a MAY, and then state
>
> If the signature length is zero and the d-modsig length is non-zero,
> then the contents MUST be the same as the d-ng value.
>
> What if the template has no 'd-ng', but it has a d-modsig?
>
> What happens if the template has no 'sig'. I.e. the sig
> is absent, then ... perhaps absent is the same as length zero?
>
> Would we enforce that the d-ng hash algorithm MUST be the same as
> that of the d-modsig, or could they be different?
>
> What if there are two 'sig' fields, one is zero and the other is not.
>
> ~~
>
> While the above are clearly not the normal case:
>
> 1 - An attacker can use a custom IMA template to find a vulnerability in
> the IMA implementation, or
>
> 2 - An attacker could send a malformed log to a verifier. To the
> verifier, the received IMA log is unvalidated input, so the parser has
> to be fastidious.
The "ima-modsig" template may include the "sig" and/or the "modsig"
fields. As the "d-modsig" and "modsig" are tied together, either both
are defined or neither are defined. The file hash ("d-ng") must
always exist. The "sig" and "modsig" hash algorithms are independent
of each other. They might or might not be the same.
Mimi
