platform/upstream/ima-evm-utils.git
10 years agoAdd ima_set_policy_file function. 51/28551/1
Janusz Kozerski [Fri, 27 Jun 2014 12:57:40 +0000 (14:57 +0200)]
Add ima_set_policy_file function.

Function takes one parameter:
const char *policy_path - which is path to the policy file
Signature of the policy should exist in policy_path.sig file

Change-Id: I95b0166f5c53ecf7a7a0a35aa2e868ce13ab8709
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>
10 years agoAdd ima_set_policy function. 50/28550/1
Janusz Kozerski [Tue, 20 May 2014 15:28:26 +0000 (17:28 +0200)]
Add ima_set_policy function.

Function takes two parameters:
 char **policy - which is NULL terminated list of strings.
 char *signature - signature of the policy.

Change-Id: I8ecdf91ce4e8d122c69d2f86b18fc7202da5a053
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>
10 years agoAdd ima_free_policy function 49/28549/1
Janusz Kozerski [Thu, 15 May 2014 10:39:10 +0000 (12:39 +0200)]
Add ima_free_policy function

This function can be used to free the memory allocated by
ima_get_policy()

Change-Id: I8689c6c7525655bc69299a2f04b5e8a8db143057
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>
10 years agoAdd ima_get_policy() function 48/28548/1
Janusz Kozerski [Tue, 6 May 2014 13:17:38 +0000 (15:17 +0200)]
Add ima_get_policy() function

Function return (via param) IMA policy from the kernel.
The policy is stored in NULL terminated list of char*.
The memory is mallocated by this function, and should be freed
by the caller.

Change-Id: I442ec1ed41d91306627781c076d3d4bcb04eb4cb
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>
10 years agoUpdate of libimaevm with new functions 47/28547/1
Pawel Polawski [Wed, 9 Apr 2014 15:15:02 +0000 (17:15 +0200)]
Update of libimaevm with new functions

New functions allows to easy get / set IMA and EVM state
on the device instead of using raw kernel interface.
Also it is posiible to modify extended xattributes assigned
to IMA and EVM.

Added functions:
- int ima_get_state(int *state);
- int ima_set_state(int state);
- int evm_get_state(int *state);
- int evm_set_state(int state);
- int ima_set_xattr(const char *path);
- int ima_get_xattr(const char *path, char **hash);
- int evm_set_xattr(const char *path, const char *evm);
- int evm_get_xattr(const char *path, char **hash);

Change-Id: Ic9354bad61e331305eb65c29dc90a94894763fe3
Signed-off-by: Pawel Polawski <p.polawski@samsung.com>
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>
10 years agoMerge branch 'upstream' into tizen sandbox/jkozerski/tizen
Janusz Kozerski [Thu, 2 Oct 2014 12:23:32 +0000 (14:23 +0200)]
Merge branch 'upstream' into tizen

Building documentation page is disabled until docbook-xsl is unavaliable
on Tizen.org

Conflicts:
packaging/ima-evm-utils.spec

Change-Id: Icc9fc09db4d18686e836251252b0a6ba9406dda2

10 years agoRelease version 0.9 upstream
Dmitry Kasatkin [Tue, 23 Sep 2014 12:09:05 +0000 (15:09 +0300)]
Release version 0.9

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoAdd 'evmctl --version' version reporting
Dmitry Kasatkin [Tue, 23 Sep 2014 11:12:19 +0000 (14:12 +0300)]
Add 'evmctl --version' version reporting

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoUpdate README/man page documentation
Dmitry Kasatkin [Wed, 17 Sep 2014 11:41:42 +0000 (14:41 +0300)]
Update README/man page documentation

Add more info on:
* introduction
* EVM formats
* Signature and keys formats
* IMA trusted keys and keyrings
* EVM trusted keys
* Updated scripts and examples

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoProvide command parameter to include extra SMACK xattrs for EVM signature
Dmitry Kasatkin [Wed, 17 Sep 2014 10:57:04 +0000 (13:57 +0300)]
Provide command parameter to include extra SMACK xattrs for EVM signature

Latest versions of smack uses additional xattrs. This patch adds them to
EVM protection. Linux kernel configuration option CONFIG_EVM_EXTRA_SMACK_XATTRS
has to be enabled.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoUse <linux/xattr.h> for security xattrs
Dmitry Kasatkin [Wed, 17 Sep 2014 13:01:12 +0000 (16:01 +0300)]
Use <linux/xattr.h> for security xattrs

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoMake error and help messages more understandable
Dmitry Kasatkin [Thu, 11 Sep 2014 13:05:55 +0000 (16:05 +0300)]
Make error and help messages more understandable

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoMake evmctl.1 as part of distribution and release
Dmitry Kasatkin [Wed, 10 Sep 2014 15:09:05 +0000 (18:09 +0300)]
Make evmctl.1 as part of distribution and release

Do not require to re-build man file at the build process.
It will require less build dependencies.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoUpdate README to produce initial evmctl.1 man page
Dmitry Kasatkin [Wed, 10 Sep 2014 10:08:50 +0000 (13:08 +0300)]
Update README to produce initial evmctl.1 man page

Update README with additional information to produce initial
evmctl.1 man page. Sligtly reformat it for that purpose as well.

Requires asciidoc, xslproc, docbook-xsl packages to build man page.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoInclude example scripts to distribution and installation
Dmitry Kasatkin [Wed, 10 Sep 2014 13:27:38 +0000 (16:27 +0300)]
Include example scripts to distribution and installation

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoFix checkpatch errors
Dmitry Kasatkin [Fri, 15 Aug 2014 07:30:06 +0000 (10:30 +0300)]
Fix checkpatch errors

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoMove sign hash functions to library
Fionnuala Gunter [Thu, 14 Aug 2014 18:29:06 +0000 (13:29 -0500)]
Move sign hash functions to library

This patch enables package managers, such as rpm, to include IMA signatures in
packages.

To do this, sign_hash and some helper functions were moved from evmctl to
libimaevm. These functions used global variables that belong to evmctl, sigdump
and keypass. The variable sigdump is a flag that file signatures should be
printed to stdout, so the signature dump is now handled by functions that call
sign_hash. The variable keypass is a passphrase for an encrypted key, so it was
added to 'struct libevm_params'.

v2: Uses 'struct libevm_params' to minimize sign_hash parameters
v3: Export single sign_hash function that selects _v1 or _v2 internally based
on params.x509. Moved parameter checks and explicitly return -1 for failures.

Signed-off-by: Fionnuala Gunter <fin@linux.vnet.ibm.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoRemove local ioctl definitions and use <linux/fs.h>
Dmitry Kasatkin [Fri, 13 Jun 2014 11:39:48 +0000 (14:39 +0300)]
Remove local ioctl definitions and use <linux/fs.h>

Use standard flags, supported by ext2/3/4

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoRemove code duplication
Dmitry Kasatkin [Wed, 25 Jun 2014 15:12:19 +0000 (18:12 +0300)]
Remove code duplication

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoSwitch to HMAC attribute mask
Dmitry Kasatkin [Fri, 13 Jun 2014 12:17:21 +0000 (15:17 +0300)]
Switch to HMAC attribute mask

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoFix setting correct hash header
Dmitry Kasatkin [Tue, 24 Jun 2014 12:52:16 +0000 (15:52 +0300)]
Fix setting correct hash header

'ima_hash -a sha256' and 'sign -a sha256 --imahash' commands did set
incorrect xattr header for hash algos other than sha1.

Fix it.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoUse defined xattr types
Dmitry Kasatkin [Tue, 24 Jun 2014 12:40:58 +0000 (15:40 +0300)]
Use defined xattr types

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoFix resource leak
Zbigniew Jasinski [Wed, 4 Jun 2014 15:49:58 +0000 (17:49 +0200)]
Fix resource leak

Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
10 years agomake it possible to provide keyring id in hexadecimal format
Dmitry Kasatkin [Fri, 13 Jun 2014 09:59:14 +0000 (12:59 +0300)]
make it possible to provide keyring id in hexadecimal format

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoadd extra auto built files to .gitignore
Dmitry Kasatkin [Fri, 13 Jun 2014 09:58:16 +0000 (12:58 +0300)]
add extra auto built files to .gitignore

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoFix memory leak
Zbigniew Jasinski [Fri, 30 May 2014 14:45:34 +0000 (17:45 +0300)]
Fix memory leak

Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoUse proper loff_t type for file size
Zbigniew Jasinski [Fri, 30 May 2014 14:44:12 +0000 (17:44 +0300)]
Use proper loff_t type for file size

Signed-off-byL Zbigniew Jasinski <z.jasinski@samsung.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoMerge branch 'upstream' into tizen
Zbigniew Jasinski [Tue, 13 May 2014 10:00:37 +0000 (12:00 +0200)]
Merge branch 'upstream' into tizen

Conflicts:
packaging/ima-evm-utils.spec

Change-Id: I33c22533d7a4d1ff00cd75ef2df4bae0ded1c3a4

10 years agoRelease version 0.8
Dmitry Kasatkin [Mon, 5 May 2014 07:01:26 +0000 (10:01 +0300)]
Release version 0.8

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoFix parameter name in help output
Dmitry Kasatkin [Fri, 2 May 2014 15:51:15 +0000 (18:51 +0300)]
Fix parameter name in help output

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoRemove unused 'x' parameter
Dmitry Kasatkin [Fri, 2 May 2014 15:43:45 +0000 (18:43 +0300)]
Remove unused 'x' parameter

'-x' option was removed a while ago, but 'x' was not removed
from getopt_long() parameter. Remove it.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoAdd Mimi to AUTHORS list
Dmitry Kasatkin [Fri, 2 May 2014 14:49:42 +0000 (17:49 +0300)]
Add Mimi to AUTHORS list

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoUpdate license text with OpenSSL exception clause
Dmitry Kasatkin [Fri, 2 May 2014 13:35:24 +0000 (16:35 +0300)]
Update license text with OpenSSL exception clause

Ubuntu/Debian requires to provide OpenSSL exception clause.
This patch fixes it.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoAdd support for signing a file hash
Mimi Zohar [Tue, 18 Feb 2014 21:41:33 +0000 (16:41 -0500)]
Add support for signing a file hash

In a number of situations, the file hash has already been calculated.
Instead of reading a file to calculate the file hash, read the file hash
from stdin; and instead of writing the signature as an xattr or creating
a .sig file, output the signature as ascii-hex to stdout.

For example, piping the output of sha256sum <pathname> to evmctl would
display the original sha256 output with the file signature appended.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
10 years agoDefine symbolic keyring name
Mimi Zohar [Wed, 5 Mar 2014 11:00:48 +0000 (13:00 +0200)]
Define symbolic keyring name

Currently evmctl supports importing keys onto a particular keyring
based on a numeric keyring identifier.  This patch adds support
for importing keys based special values as defined by keyctl.

   Thread keyring: @t (-1)
   Process keyring: @p (-2)
   Session keyring: @s (-3)
   User specific keyring: @u (-4)
   User default session keyring: @us (-5)
   Group specific keyring: @g (-6)

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
10 years agoRelease new version v0.7
Dmitry Kasatkin [Fri, 24 Jan 2014 15:08:07 +0000 (17:08 +0200)]
Release new version v0.7

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoProvide random KMK example instead of fixed testing123
Dmitry Kasatkin [Mon, 17 Feb 2014 14:06:28 +0000 (16:06 +0200)]
Provide random KMK example instead of fixed testing123

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoLimit includes in imaevm.h
Dmitry Kasatkin [Fri, 14 Feb 2014 17:16:19 +0000 (19:16 +0200)]
Limit includes in imaevm.h

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoRename library, header file and export it.
Dmitry Kasatkin [Fri, 14 Feb 2014 16:52:12 +0000 (18:52 +0200)]
Rename library, header file and export it.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoUse --m32 and --m64 parameters also in HMAC signing code
Dmitry Kasatkin [Fri, 14 Feb 2014 11:31:08 +0000 (13:31 +0200)]
Use --m32 and --m64 parameters also in HMAC signing code

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoProvide target architecture size parameter
Dmitry Kasatkin [Fri, 14 Feb 2014 11:27:09 +0000 (13:27 +0200)]
Provide target architecture size parameter

'--m32|--m64' parameter can be specified to label images for different
architecture size than host.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoProvide additional debug info for hmac_misc
Dmitry Kasatkin [Fri, 14 Feb 2014 10:38:49 +0000 (12:38 +0200)]
Provide additional debug info for hmac_misc

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoInclude only libraries to the package
Dmitry Kasatkin [Mon, 10 Feb 2014 13:29:23 +0000 (15:29 +0200)]
Include only libraries to the package

Prevent including debug stuff to the main package.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoRemove experimental module signing functionality
Dmitry Kasatkin [Fri, 24 Jan 2014 14:04:47 +0000 (16:04 +0200)]
Remove experimental module signing functionality

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoRemove verify_hash parameter
Dmitry Kasatkin [Fri, 24 Jan 2014 13:59:24 +0000 (15:59 +0200)]
Remove verify_hash parameter

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoRemove x509 library parameter
Dmitry Kasatkin [Fri, 24 Jan 2014 13:37:54 +0000 (15:37 +0200)]
Remove x509 library parameter

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoRemove user_hash_algo
Dmitry Kasatkin [Fri, 24 Jan 2014 13:27:49 +0000 (15:27 +0200)]
Remove user_hash_algo

Use always hash algo from signature like kernel does.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoUse EVM v2 HMAC format by default
Dmitry Kasatkin [Fri, 24 Jan 2014 13:06:49 +0000 (15:06 +0200)]
Use EVM v2 HMAC format by default

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoDo use x509 by default
Dmitry Kasatkin [Fri, 24 Jan 2014 13:05:34 +0000 (15:05 +0200)]
Do use x509 by default

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoSelect signing function in single place
Dmitry Kasatkin [Fri, 24 Jan 2014 13:01:17 +0000 (15:01 +0200)]
Select signing function in single place

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoSelect verification function version in the library code
Dmitry Kasatkin [Fri, 24 Jan 2014 12:57:16 +0000 (14:57 +0200)]
Select verification function version in the library code

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoRemove user_sig_type flag
Dmitry Kasatkin [Fri, 24 Jan 2014 12:54:59 +0000 (14:54 +0200)]
Remove user_sig_type flag

Always use signature type from signature header - like kernel does.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoUse verify_hash() for EVM verification as well
Dmitry Kasatkin [Fri, 24 Jan 2014 12:50:09 +0000 (14:50 +0200)]
Use verify_hash() for EVM verification as well

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoMove signature version checking to verify_hash()
Dmitry Kasatkin [Fri, 24 Jan 2014 12:48:02 +0000 (14:48 +0200)]
Move signature version checking to verify_hash()

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoMove hash verification to separate function
Dmitry Kasatkin [Fri, 24 Jan 2014 12:42:22 +0000 (14:42 +0200)]
Move hash verification to separate function

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoMove signature verification implementation to the library
Dmitry Kasatkin [Thu, 23 Jan 2014 14:35:30 +0000 (16:35 +0200)]
Move signature verification implementation to the library

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoInitial library skeleton
Dmitry Kasatkin [Fri, 17 Jan 2014 16:20:22 +0000 (18:20 +0200)]
Initial library skeleton

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoImplement recursive IMA signing
Dmitry Kasatkin [Fri, 17 Jan 2014 13:18:48 +0000 (15:18 +0200)]
Implement recursive IMA signing

Recursive signing is needed when doing filesystem image signing.
Using script is very slow due to multiple forking and executing.
C-based implementation provides about 7 times performance improvements.
It is very significant when doing large image signing.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoRename de_type to search_type
Dmitry Kasatkin [Fri, 17 Jan 2014 13:09:10 +0000 (15:09 +0200)]
Rename de_type to search_type

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoMove file type checking to separate function
Dmitry Kasatkin [Fri, 17 Jan 2014 13:07:38 +0000 (15:07 +0200)]
Move file type checking to separate function

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoImplement recursive EVM signing
Dmitry Kasatkin [Thu, 16 Jan 2014 14:51:29 +0000 (16:51 +0200)]
Implement recursive EVM signing

Recursive signing is needed when doing filesystem image signing.
Using script is very slow due to multiple forking and executing.
C-based implementation provides about 7 times performance improvements.
It is very significant when doing large image signing.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoExport find() declaration for the following patches
Dmitry Kasatkin [Thu, 16 Jan 2014 13:11:41 +0000 (15:11 +0200)]
Export find() declaration for the following patches

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoPrevent reading of inode generation for special files in HMAC signing
Dmitry Kasatkin [Fri, 17 Jan 2014 10:35:21 +0000 (12:35 +0200)]
Prevent reading of inode generation for special files in HMAC signing

Kernel API does not support at the momement reading of inode generation
number of special files, so do not do it also when do HMAC signing.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoPrevent reading of inode generation for special files
Dmitry Kasatkin [Fri, 17 Jan 2014 09:27:16 +0000 (11:27 +0200)]
Prevent reading of inode generation for special files

Kernel API does not support at the momement reading of
generation number of special files, so do not do it.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoUse lgetxattr() instead of getxattr()
Dmitry Kasatkin [Thu, 16 Jan 2014 14:39:57 +0000 (16:39 +0200)]
Use lgetxattr() instead of getxattr()

IMA/EVM extended attributes should be get for symbolic links themselves,
not to the entries pointed by them. setxattr() dereference symbolic links.
It is necessary to use lgetxattr().

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoUse lsetxattr() instead of setxattr()
Dmitry Kasatkin [Thu, 16 Jan 2014 14:39:57 +0000 (16:39 +0200)]
Use lsetxattr() instead of setxattr()

IMA/EVM extended attributes should be set for symbolic links themselves,
not to the entries pointed by them. setxattr() dereference symbolic links.
It is necessary to use lsetxattr().

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoImplement recursive efficient IMA fixing
Dmitry Kasatkin [Wed, 15 Jan 2014 18:24:54 +0000 (20:24 +0200)]
Implement recursive efficient IMA fixing

Using scripts which do many forking and execution is very slow on
embedded/mobile devices. C based implementation is about 7 times faster.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoScript for generating self-signed certificate
Dmitry Kasatkin [Wed, 15 Jan 2014 16:15:22 +0000 (18:15 +0200)]
Script for generating self-signed certificate

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoProvide spec file for gbs build system
Dmitry Kasatkin [Tue, 26 Nov 2013 12:51:14 +0000 (14:51 +0200)]
Provide spec file for gbs build system

GBS build system requires specfile before configuring the package.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoMove spec file to packaging directory
Dmitry Kasatkin [Tue, 26 Nov 2013 12:47:54 +0000 (14:47 +0200)]
Move spec file to packaging directory

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoIMA measurement list verification (experimental)
Dmitry Kasatkin [Tue, 12 Nov 2013 10:30:32 +0000 (12:30 +0200)]
IMA measurement list verification (experimental)

PCR aggregate value is reconstructed using IMA measurement list and is compared
against TPM PCR-10. It also performs signature verification if it is available in
the measurement list. ima_measurement_new.c (Mimi Zohar) was used as an example.

Example:
  evmctl ima_measurement /sys/kernel/security/ima/binary_runtime_measurements

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoDefine __packed
Dmitry Kasatkin [Tue, 12 Nov 2013 17:27:05 +0000 (19:27 +0200)]
Define __packed

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agoProvide hexdump functions without new line
Dmitry Kasatkin [Tue, 12 Nov 2013 17:06:44 +0000 (19:06 +0200)]
Provide hexdump functions without new line

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
10 years agosplit signature verification function for passing signature as an argument
Dmitry Kasatkin [Tue, 12 Nov 2013 16:26:54 +0000 (18:26 +0200)]
split signature verification function for passing signature as an argument

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
11 years agoscripts to generate ca and keys
Dmitry Kasatkin [Thu, 31 Oct 2013 23:30:40 +0000 (01:30 +0200)]
scripts to generate ca and keys

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
11 years agoSpec file changes: Include name, License, Summary 63/10363/2
Michael Demeter [Mon, 30 Sep 2013 18:24:30 +0000 (11:24 -0700)]
Spec file changes: Include name, License, Summary

- Fix keyutils package include name to match our repository
- Fix License definition
- Fix summary capitalization

Change-Id: I37e3d465ab66e450224912662a446a1ffd8989ce
Signed-off-by: Michael Demeter <michael.demeter@intel.com>
11 years agoGet rid of the dist macro in spec
Graydon, Tracy [Sat, 28 Sep 2013 01:32:06 +0000 (18:32 -0700)]
Get rid of the dist macro in spec

11 years agoInitial project setup
Graydon, Tracy [Sat, 28 Sep 2013 01:29:25 +0000 (18:29 -0700)]
Initial project setup

11 years agoLicense changed from LGPL to GPL as in COPYING
Dmitry Kasatkin [Wed, 4 Sep 2013 06:28:12 +0000 (09:28 +0300)]
License changed from LGPL to GPL as in COPYING

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
11 years agoVersion 0.6 release v0.6
Dmitry Kasatkin [Wed, 28 Aug 2013 12:31:35 +0000 (15:31 +0300)]
Version 0.6 release

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
11 years agoFix cleanup in the case of errors
Dmitry Kasatkin [Wed, 28 Aug 2013 12:02:36 +0000 (15:02 +0300)]
Fix cleanup in the case of errors

Proper memory cleanup is not really necessary for command line
utility because all memory is cleaned up when it quits. But as
code does it most of the cases, fix other places.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
11 years agofix the crash when key file is not found
Dmitry Kasatkin [Tue, 27 Aug 2013 12:44:18 +0000 (15:44 +0300)]
fix the crash when key file is not found

Error in error handling caused crash when key file is not found.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
11 years agomake --imahash or --imasig optional for EVM signing
Dmitry Kasatkin [Tue, 13 Aug 2013 13:50:05 +0000 (16:50 +0300)]
make --imahash or --imasig optional for EVM signing

One might not want to change/set IMA xattr value when performing
EVM signing.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
11 years agoperform uuid format checking and error handling
Dmitry Kasatkin [Tue, 13 Aug 2013 13:34:44 +0000 (16:34 +0300)]
perform uuid format checking and error handling

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
11 years agomake argument for '-u' option as optional
Dmitry Kasatkin [Tue, 13 Aug 2013 13:08:16 +0000 (16:08 +0300)]
make argument for '-u' option as optional

-u required to provide uuid or '-', which was confusing.
Now -u does not require '-' argument to read uuid automatically.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
11 years agoSave full security.ima attribute to a file
Vivek Goyal [Fri, 12 Jul 2013 18:52:12 +0000 (14:52 -0400)]
Save full security.ima attribute to a file

Right now if -f option is passed in, we only save the actual signature to
a file and not the full security.ima attribute.

I think it makes more sense to save full security.ima attribute so that
it can act as detached signatures and one can install signature later.
That is signing can take place on build server and detached signatures
can be generated and these signatures can be installed later on target.

One can use following steps.

evmctl ima_sign -f -x -a sha256 /tmp/data.txt

hexdump -v -e '1/1 "%02x"' /tmp/data.txt.sig > /tmp/data.txt.sig.hex
printf "# file: /tmp/data.txt\nsecurity.ima=0x" | cat - /tmp/data.txt.sig.hex | setfattr --restore -

evmctl ima_verify /tmp/data.txt

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
11 years agoGet signature version from the header
Vivek Goyal [Fri, 12 Jul 2013 18:52:11 +0000 (14:52 -0400)]
Get signature version from the header

Currently we assume signature version is v1 until and unless -x is
specified on kernel command line. Given the fact that signature version
information is available in signature itself, it is much better to get
it from there and not require user to pass -x during verification phase.

If user passed -x on command line, then honor it.

Now one can do following.

evmctl ima_sign -x /tmp/data.txt
evmctl ima_verify /tmp/data.txt

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
11 years agoMove key file selection to later phase
Vivek Goyal [Wed, 17 Jul 2013 13:28:02 +0000 (16:28 +0300)]
Move key file selection to later phase

Following patch reads signature version from header and based
on that key file needs to be selected.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
11 years agoUse enums for signature versions
Vivek Goyal [Fri, 12 Jul 2013 18:52:10 +0000 (14:52 -0400)]
Use enums for signature versions

Using enums for fixed values looks cleaner. Also I am planning to use
version field in more places in next patch. So use enums intead of
numbers like 1 and 2.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
11 years agoLet user specified hash algo take precedence
Vivek Goyal [Fri, 12 Jul 2013 18:52:09 +0000 (14:52 -0400)]
Let user specified hash algo take precedence

After applying previous patch, we will always get hash algo info from
signature and if user specified one on command line, that will be overridden.

This is like breaking old behavior. So keep track whether user specified
hash algo on command line or not. If user did not specify one then get
hash algo info from signature otherwise use the one user provided.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
11 years agoGet hash algorithm info from the signature
Vivek Goyal [Fri, 12 Jul 2013 18:52:08 +0000 (14:52 -0400)]
Get hash algorithm info from the signature

If one signs a file using hash algo -sha256 then one needs to specify
signature during verification also. Otherwise evmctl using default sha1
for calculating hash and signature verification fails. One needs to
specify -a sha256 on command line even during signature verification
phase to make sure file is signed right.

I think that's completely unnecessary. A user is not always supposed
to know what algorithm was used to generate signature. User is only
concered with whether this signature is valid or not.

So retrieve hash algorithm info from signature and use that.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
11 years agoPut right hash algo info in digital signature version 1 header
Vivek Goyal [Fri, 12 Jul 2013 18:52:07 +0000 (14:52 -0400)]
Put right hash algo info in digital signature version 1 header

hdr->hash for signature version 1 contains the info about what hash
algorithm has been used for signing the file. Currently we always set
hdr->hash to DIGEST_ALGO_SHA1. But one can sign file using SHA256 using
option "-a sha256". In that case we should put right hash algo info
in signature header. Fix it.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
11 years agoFix hash array size in verify_ima()
Vivek Goyal [Fri, 12 Jul 2013 18:52:06 +0000 (14:52 -0400)]
Fix hash array size in verify_ima()

Now evmctl supports different hash algorithms and sha512 will produce
64 byte digest. verify_ima() still allocates only 20bytes to store hash.
This does not work with larger hashes.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
11 years agoevmctl: Fix signature verification code for V2 digital signature
Vivek Goyal [Tue, 25 Jun 2013 03:09:36 +0000 (23:09 -0400)]
evmctl: Fix signature verification code for V2 digital signature

For V2 of digital signature we store signature at hdr->sig and not at
hdr->sig + 2. That's the property of V1 of signature.

Fix the verification code otherwise it fails with following message.

RSA_public_decrypt() failed: -1
error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
11 years agoFix verification using signature file
Dmitry Kasatkin [Wed, 10 Jul 2013 15:00:53 +0000 (16:00 +0100)]
Fix verification using signature file

Signature file does not contain xattr prefix.
Add signature xattr prefix manually.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
11 years agosupport for asymmetric crypto keys and new signature format v0.5
Dmitry Kasatkin [Mon, 11 Feb 2013 11:59:01 +0000 (13:59 +0200)]
support for asymmetric crypto keys and new signature format

Asymmetric keys were introduced in linux-3.7 to verify the signature on
signed kernel modules. The asymmetric keys infrastructure abstracts the
signature verification from the crypto details. Asymmetric crypto keys
support allows to import X509 public key certificate in a DER format
into the kernel keyring. Asymmetric keys require a new signature format.
'evmctl -x' or 'evmctl --x509' option can be used to utilize new
signature format.

Using of key filename after the file name for signing and verification commands
is a bit odd. This patch add '--key' parameter to specify non-default key file.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
11 years agoadded uuid support for EVM
Dmitry Kasatkin [Mon, 11 Feb 2013 11:55:32 +0000 (13:55 +0200)]
added uuid support for EVM

Latest version of EVM uses file system UUID as part of an HMAC
calculation to prevent pasting of inode metadata from other file
systems. This patch adds support for adding file system UUID
to HMAC calculation. It is necessary to specify '-u -' or '--uuid -'
on evmctl command line.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
12 years agoUpdate README v0.4
Dmitry Kasatkin [Mon, 10 Sep 2012 10:29:39 +0000 (13:29 +0300)]
Update README

README updated.
Module signing info has been removed. Module signing is done now in kernel
source tree and uses appended signatures. No need to create sig files or
set extended attributes. Information about test scripts has been removed.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
12 years agoRemove test scripts
Dmitry Kasatkin [Mon, 10 Sep 2012 11:51:31 +0000 (14:51 +0300)]
Remove test scripts

Test scripts are not used at all.
All needed information is in README.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
12 years agoremove directory entry list sorting
Dmitry Kasatkin [Thu, 6 Sep 2012 10:36:41 +0000 (13:36 +0300)]
remove directory entry list sorting

Directory entries list sorting is not needed.
Entries are read always in the same order.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>