review.tizen.org Git - platform/upstream/ima-evm-utils.git/log

Dmitry Kasatkin [Mon, 13 Aug 2012 06:28:53 +0000 (09:28 +0300)]

added ima signature verification support

For debugging puporse it is usefull to have signature verification
functionality. It supports use of xattrs and .sig files.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Mon, 13 Aug 2012 10:43:40 +0000 (13:43 +0300)]

do not output type prefix for sig files

sig files do not need type prefix as they are contain only signatures.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Thu, 9 Aug 2012 18:30:17 +0000 (21:30 +0300)]

added support for kernel module signature

Kernel module signature is appended to the kernel module.
Kernel signature also contains signature length and magic.
Added --modsig parameter to generate kernel module signature.

Signature can be added to the module like: cat module.sig >> module.ko

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Thu, 9 Aug 2012 18:35:10 +0000 (21:35 +0300)]

disable printing signature when using sigfiles

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Fri, 18 May 2012 15:54:33 +0000 (18:54 +0300)]

Remove tag creation

Better to create tag manually when release is done.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Fri, 18 May 2012 15:29:55 +0000 (18:29 +0300)]

Version 0.3

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Fri, 18 May 2012 13:52:10 +0000 (16:52 +0300)]

Added hash calculation for special files

New IMA kernel patches support appraisal of special files,
such as links, device nodes, fifos.

This patch adds support to calculate hash for special files
to be set to security.ima extended attribute.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Fri, 18 May 2012 13:49:28 +0000 (16:49 +0300)]

Refactored to remove redundant hash initialization code

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Fri, 18 May 2012 13:54:55 +0000 (16:54 +0300)]

Do not search for algorithm as it is known

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Fri, 18 May 2012 10:46:06 +0000 (13:46 +0300)]

Some files updated

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Fri, 18 May 2012 10:40:28 +0000 (13:40 +0300)]

Use libexec for programs and scripts

Newer automake does not like to put programs and scripts
to lib directory. Use libexec instead.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Fri, 18 May 2012 10:39:01 +0000 (13:39 +0300)]

Remove forced tag creation

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Fri, 18 May 2012 09:43:59 +0000 (12:43 +0300)]

inline block variable renamed

err shadows function lever err.
Renamed it to error.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Fri, 18 May 2012 09:41:31 +0000 (12:41 +0300)]

Added entry type to directory hash calculation

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Fri, 18 May 2012 09:40:13 +0000 (12:40 +0300)]

llistxattr returns 0 if there are no xattrs and it is valid

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Thu, 5 Apr 2012 11:54:28 +0000 (14:54 +0300)]

evm-utils renamed to ima-evm-utils.

Version set to 0.2.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Thu, 5 Apr 2012 12:24:01 +0000 (15:24 +0300)]

Added RPM and TAR building rules

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Thu, 5 Apr 2012 11:32:28 +0000 (14:32 +0300)]

added command options description

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Thu, 5 Apr 2012 10:48:39 +0000 (13:48 +0300)]

removed unused parameter

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Thu, 5 Apr 2012 10:48:08 +0000 (13:48 +0300)]

import functions combined

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Thu, 5 Apr 2012 09:07:54 +0000 (12:07 +0300)]

updated error handling

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Wed, 4 Apr 2012 13:48:38 +0000 (16:48 +0300)]

read list of existing extended attributes

getxattr() might return runtime value which does not really exist
on file system. It happens for SMACK LSM. Reading the list of existing
attributes allows to prevent such to happen.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Wed, 4 Apr 2012 13:48:16 +0000 (16:48 +0300)]

added HMAC API error handling

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Mon, 2 Apr 2012 12:52:30 +0000 (15:52 +0300)]

commit | commitdiff | tree

Dmitry Kasatkin [Thu, 15 Mar 2012 09:52:36 +0000 (11:52 +0200)]

remove unused parameter

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Thu, 2 Feb 2012 08:12:34 +0000 (10:12 +0200)]

Changed time_t timestamp type to uint32_t

time_t is actually long and is different on 32 and 64 bit architectures.
Format of the signatures should not depend on the architecture and should
be the same. Changed timestamp to uint32_t like in GPG.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Wed, 1 Feb 2012 12:38:54 +0000 (14:38 +0200)]

Added missing CFLAGS

Added missing CFLAGS

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Wed, 1 Feb 2012 12:30:30 +0000 (14:30 +0200)]

Added signature write to .sig file

To enable module signature verification working on file systems
without extended attributes, or to be able to copy modules by methods,
which does not support extended attribute copying, it is necessary
to store signature in the file. This patch provides command line parameter
for storing signature in .sig file.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Wed, 1 Feb 2012 09:10:15 +0000 (11:10 +0200)]

Change set_xattr to xattr.

set_xattr changed to xattr.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Wed, 1 Feb 2012 08:46:21 +0000 (10:46 +0200)]

Changed to conform Linux kernel coding style

Changed to conform Linux kernel coding style, except 80 characters
line length limit.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Wed, 1 Feb 2012 08:33:07 +0000 (10:33 +0200)]

added password parameter for using encrypted keys

Added password parameter for using encrypted keys.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Wed, 1 Feb 2012 08:29:33 +0000 (10:29 +0200)]

added openssl initialization and error reporting

Added openssl initialization and error reporting.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Mon, 30 Jan 2012 11:23:28 +0000 (13:23 +0200)]

minor fixes

- error message
- command info

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Fri, 2 Dec 2011 12:15:19 +0000 (14:15 +0200)]

Scripts for searching not only root owned files

-uid 0 removed.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Thu, 1 Dec 2011 16:40:27 +0000 (18:40 +0200)]

directory hash calculation

Directory integrity verification requires directory hash value
to be set to security.ima.
This patch provides directory hash calculation.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Wed, 30 Nov 2011 13:03:39 +0000 (15:03 +0200)]

EVM hmac calculation

For debugging purpose it is nice to have evm hmac calculation for
labeling filesystem using hmac.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Wed, 30 Nov 2011 13:09:34 +0000 (15:09 +0200)]

EVP API for evm hash calculation

evmctl was using sha1 for evm hash calculation.
Using EVM API is easy to use other digest algorithms such as sha256.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Fri, 14 Oct 2011 13:53:34 +0000 (16:53 +0300)]

evmctl - IMA/EVM control tool

evmctl provides signing support for IMA/EVM.
Functionality includes signing of file content (IMA), file metadata (EVM),
importing public keys into kernel keyring.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

commit | commitdiff | tree

Dmitry Kasatkin [Thu, 25 Nov 2010 09:27:14 +0000 (11:27 +0200)]