ipmi password storage
Patrick Williams
patrick at stwcx.xyz
Wed Apr 15 01:50:19 AEST 2020
On Mon, Apr 13, 2020 at 04:00:15PM -0700, Vernon Mauery wrote:
Vernon,
Is there some background pointers on why IPMI needs to store passwords
in a reverable way? I never understood that.
> Internally, an issue was raised that basically says that the mechanism
> by which we are storing the IPMI passwords on the BMC is insufficiently
> obfuscated. I have come up with a patch set that resolves this at the
> expense of no downgrading the BMC without the side-effect of losing all
> IPMI passwords. I would like to know what the community thinks about
> usability vs. security in this scenario.
>
> Current Implementation
> ======================
> 1) If the user is part of the ipmi group (/etc/group) then when the user
> changes their password, pam-ipmisave.so intercepts the password as a one
> of the PAM layers and saves it, encrypted, to /etc/ipmi_pass.
> 2) Encryption (obfuscation, because we don't really have a secure
> mechanism of storing secret keys), is done like this:
> a) read 8 bytes (S) from /etc/key_file (currently pre-loaded with "OPENBMC=")
> b) create a random value H (read from /dev/urandom)
> c) create the AES-CBC secret key K=HMAC-SHA256(S, H)
> d) encrypt the list of username:password data using K
> e) store H along with the encrypted data in /etc/ipmi_pass
> 3) reading the password (for establishing IPMI RMCP+ sessions)
> a) read 8 bytes (S) from /etc/key_file
> b) read H from /etc/ipmi_pass
> c) compute the AES-CBC secret key K=HMAC-SHA256(S, H)
> d) decrypt and verify the contents of /etc/key_file
>
>
> There are many issues with this mechanism, but we cannot fix all of them
> without some secure mechanism for storing secret keys. That is why
> really, at best, this is obfuscation, not encryption. The data is not in
> plain text, it takes some work to get to it. More than xor or rot13, but
> not so much that a person could do it with a bash script.
> 1) the default /etc/key_file is the same for every BMC built with the
> default settings (changing this requires a bbappend for pam-ipmi). This
> means the /etc/key_file could basically not exist; all you need is the
> algorithm and /etc/ipmi_pass.
> 2) the size of the /etc/key_file is also not really great. Even if it
> was different on every machine, computing only 2^64 possibilities is not
> so hard.
>
>
> Possible Solution
> =================
> Migrate to a solution that uses a key that is longer that does not
> get written directly to the flash
> 1) S is now computed instead of hard-coded. S=HMAC(MachineId, AppID)
> 2) S is longer (32 bytes instead of 8)
> 3) S is not written to flash, because it can be computed
> 4) S is different for every machine because it is a derivative of
> /etc/machine-id
>
> The migration from the old mechanism to the new could be done simply by
> using the new key on the next write to the /etc/ipmi_pass file. After a
> firmware update to this new code, a password change would trigger a
> decrypt of the /etc/ipmi_pass file, a modification of the plain text,
> and a re-encryption of the data. If it reads the 'legacy' key in and
> writes out the data using the new key mechanism and deletes the legacy
> key, it would use the new key mechanism from that point onward. However,
> this would cause any downgrades to prior versions to fail to decrypt the
> /etc/ipmi_pass file, thereby losing all the ipmi passwords. This is not
> ideal, but could possibly be mitigating by truncating the new machine-id
> derivative password to 8 bytes and storing it in the /etc/key_file
> instead of just deleting it. This might improve security only slightly
> at for the price of a better user experience.
>
> I know that some companies using OpenBMC have products with users out in
> the field, so it is not great to make changes like this. Also, it is not
> great to have low-grade security. So here I am, writing to ask for
> opinions and options.
>
> --Vernon
--
Patrick Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20200414/be3209fb/attachment-0001.sig>
More information about the openbmc
mailing list