Janusz Kozerski [Fri, 27 Jun 2014 12:57:40 +0000 (14:57 +0200)]
Add ima_set_policy_file function.
Function takes one parameter:
const char *policy_path - which is path to the policy file
Signature of the policy should exist in policy_path.sig file
Change-Id: I95b0166f5c53ecf7a7a0a35aa2e868ce13ab8709
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>
Janusz Kozerski [Tue, 20 May 2014 15:28:26 +0000 (17:28 +0200)]
Add ima_set_policy function.
Function takes two parameters:
char **policy - which is NULL terminated list of strings.
char *signature - signature of the policy.
Change-Id: I8ecdf91ce4e8d122c69d2f86b18fc7202da5a053
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>
Janusz Kozerski [Thu, 15 May 2014 10:39:10 +0000 (12:39 +0200)]
Add ima_free_policy function
This function can be used to free the memory allocated by
ima_get_policy()
Change-Id: I8689c6c7525655bc69299a2f04b5e8a8db143057
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>
Janusz Kozerski [Tue, 6 May 2014 13:17:38 +0000 (15:17 +0200)]
Add ima_get_policy() function
Function return (via param) IMA policy from the kernel.
The policy is stored in NULL terminated list of char*.
The memory is mallocated by this function, and should be freed
by the caller.
Change-Id: I442ec1ed41d91306627781c076d3d4bcb04eb4cb
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>
Pawel Polawski [Wed, 9 Apr 2014 15:15:02 +0000 (17:15 +0200)]
Update of libimaevm with new functions
New functions allows to easy get / set IMA and EVM state
on the device instead of using raw kernel interface.
Also it is posiible to modify extended xattributes assigned
to IMA and EVM.
Added functions:
- int ima_get_state(int *state);
- int ima_set_state(int state);
- int evm_get_state(int *state);
- int evm_set_state(int state);
- int ima_set_xattr(const char *path);
- int ima_get_xattr(const char *path, char **hash);
- int evm_set_xattr(const char *path, const char *evm);
- int evm_get_xattr(const char *path, char **hash);
Change-Id: Ic9354bad61e331305eb65c29dc90a94894763fe3
Signed-off-by: Pawel Polawski <p.polawski@samsung.com>
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>
Janusz Kozerski [Thu, 2 Oct 2014 12:23:32 +0000 (14:23 +0200)]
Merge branch 'upstream' into tizen
Building documentation page is disabled until docbook-xsl is unavaliable
on Tizen.org
Conflicts:
packaging/ima-evm-utils.spec
Change-Id: Icc9fc09db4d18686e836251252b0a6ba9406dda2
Dmitry Kasatkin [Tue, 23 Sep 2014 12:09:05 +0000 (15:09 +0300)]
Release version 0.9
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 23 Sep 2014 11:12:19 +0000 (14:12 +0300)]
Add 'evmctl --version' version reporting
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Wed, 17 Sep 2014 11:41:42 +0000 (14:41 +0300)]
Update README/man page documentation
Add more info on:
* introduction
* EVM formats
* Signature and keys formats
* IMA trusted keys and keyrings
* EVM trusted keys
* Updated scripts and examples
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Wed, 17 Sep 2014 10:57:04 +0000 (13:57 +0300)]
Provide command parameter to include extra SMACK xattrs for EVM signature
Latest versions of smack uses additional xattrs. This patch adds them to
EVM protection. Linux kernel configuration option CONFIG_EVM_EXTRA_SMACK_XATTRS
has to be enabled.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Wed, 17 Sep 2014 13:01:12 +0000 (16:01 +0300)]
Use <linux/xattr.h> for security xattrs
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Thu, 11 Sep 2014 13:05:55 +0000 (16:05 +0300)]
Make error and help messages more understandable
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Wed, 10 Sep 2014 15:09:05 +0000 (18:09 +0300)]
Make evmctl.1 as part of distribution and release
Do not require to re-build man file at the build process.
It will require less build dependencies.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Wed, 10 Sep 2014 10:08:50 +0000 (13:08 +0300)]
Update README to produce initial evmctl.1 man page
Update README with additional information to produce initial
evmctl.1 man page. Sligtly reformat it for that purpose as well.
Requires asciidoc, xslproc, docbook-xsl packages to build man page.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Wed, 10 Sep 2014 13:27:38 +0000 (16:27 +0300)]
Include example scripts to distribution and installation
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 15 Aug 2014 07:30:06 +0000 (10:30 +0300)]
Fix checkpatch errors
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Fionnuala Gunter [Thu, 14 Aug 2014 18:29:06 +0000 (13:29 -0500)]
Move sign hash functions to library
This patch enables package managers, such as rpm, to include IMA signatures in
packages.
To do this, sign_hash and some helper functions were moved from evmctl to
libimaevm. These functions used global variables that belong to evmctl, sigdump
and keypass. The variable sigdump is a flag that file signatures should be
printed to stdout, so the signature dump is now handled by functions that call
sign_hash. The variable keypass is a passphrase for an encrypted key, so it was
added to 'struct libevm_params'.
v2: Uses 'struct libevm_params' to minimize sign_hash parameters
v3: Export single sign_hash function that selects _v1 or _v2 internally based
on params.x509. Moved parameter checks and explicitly return -1 for failures.
Signed-off-by: Fionnuala Gunter <fin@linux.vnet.ibm.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 13 Jun 2014 11:39:48 +0000 (14:39 +0300)]
Remove local ioctl definitions and use <linux/fs.h>
Use standard flags, supported by ext2/3/4
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Wed, 25 Jun 2014 15:12:19 +0000 (18:12 +0300)]
Remove code duplication
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 13 Jun 2014 12:17:21 +0000 (15:17 +0300)]
Switch to HMAC attribute mask
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 24 Jun 2014 12:52:16 +0000 (15:52 +0300)]
Fix setting correct hash header
'ima_hash -a sha256' and 'sign -a sha256 --imahash' commands did set
incorrect xattr header for hash algos other than sha1.
Fix it.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 24 Jun 2014 12:40:58 +0000 (15:40 +0300)]
Use defined xattr types
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Zbigniew Jasinski [Wed, 4 Jun 2014 15:49:58 +0000 (17:49 +0200)]
Fix resource leak
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Dmitry Kasatkin [Fri, 13 Jun 2014 09:59:14 +0000 (12:59 +0300)]
make it possible to provide keyring id in hexadecimal format
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 13 Jun 2014 09:58:16 +0000 (12:58 +0300)]
add extra auto built files to .gitignore
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Zbigniew Jasinski [Fri, 30 May 2014 14:45:34 +0000 (17:45 +0300)]
Fix memory leak
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Zbigniew Jasinski [Fri, 30 May 2014 14:44:12 +0000 (17:44 +0300)]
Use proper loff_t type for file size
Signed-off-byL Zbigniew Jasinski <z.jasinski@samsung.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Zbigniew Jasinski [Tue, 13 May 2014 10:00:37 +0000 (12:00 +0200)]
Merge branch 'upstream' into tizen
Conflicts:
packaging/ima-evm-utils.spec
Change-Id: I33c22533d7a4d1ff00cd75ef2df4bae0ded1c3a4
Dmitry Kasatkin [Mon, 5 May 2014 07:01:26 +0000 (10:01 +0300)]
Release version 0.8
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 2 May 2014 15:51:15 +0000 (18:51 +0300)]
Fix parameter name in help output
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 2 May 2014 15:43:45 +0000 (18:43 +0300)]
Remove unused 'x' parameter
'-x' option was removed a while ago, but 'x' was not removed
from getopt_long() parameter. Remove it.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 2 May 2014 14:49:42 +0000 (17:49 +0300)]
Add Mimi to AUTHORS list
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 2 May 2014 13:35:24 +0000 (16:35 +0300)]
Update license text with OpenSSL exception clause
Ubuntu/Debian requires to provide OpenSSL exception clause.
This patch fixes it.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Mimi Zohar [Tue, 18 Feb 2014 21:41:33 +0000 (16:41 -0500)]
Add support for signing a file hash
In a number of situations, the file hash has already been calculated.
Instead of reading a file to calculate the file hash, read the file hash
from stdin; and instead of writing the signature as an xattr or creating
a .sig file, output the signature as ascii-hex to stdout.
For example, piping the output of sha256sum <pathname> to evmctl would
display the original sha256 output with the file signature appended.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Mimi Zohar [Wed, 5 Mar 2014 11:00:48 +0000 (13:00 +0200)]
Define symbolic keyring name
Currently evmctl supports importing keys onto a particular keyring
based on a numeric keyring identifier. This patch adds support
for importing keys based special values as defined by keyctl.
Thread keyring: @t (-1)
Process keyring: @p (-2)
Session keyring: @s (-3)
User specific keyring: @u (-4)
User default session keyring: @us (-5)
Group specific keyring: @g (-6)
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Fri, 24 Jan 2014 15:08:07 +0000 (17:08 +0200)]
Release new version v0.7
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Mon, 17 Feb 2014 14:06:28 +0000 (16:06 +0200)]
Provide random KMK example instead of fixed testing123
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 14 Feb 2014 17:16:19 +0000 (19:16 +0200)]
Limit includes in imaevm.h
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 14 Feb 2014 16:52:12 +0000 (18:52 +0200)]
Rename library, header file and export it.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 14 Feb 2014 11:31:08 +0000 (13:31 +0200)]
Use --m32 and --m64 parameters also in HMAC signing code
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 14 Feb 2014 11:27:09 +0000 (13:27 +0200)]
Provide target architecture size parameter
'--m32|--m64' parameter can be specified to label images for different
architecture size than host.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 14 Feb 2014 10:38:49 +0000 (12:38 +0200)]
Provide additional debug info for hmac_misc
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Mon, 10 Feb 2014 13:29:23 +0000 (15:29 +0200)]
Include only libraries to the package
Prevent including debug stuff to the main package.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 24 Jan 2014 14:04:47 +0000 (16:04 +0200)]
Remove experimental module signing functionality
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 24 Jan 2014 13:59:24 +0000 (15:59 +0200)]
Remove verify_hash parameter
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 24 Jan 2014 13:37:54 +0000 (15:37 +0200)]
Remove x509 library parameter
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 24 Jan 2014 13:27:49 +0000 (15:27 +0200)]
Remove user_hash_algo
Use always hash algo from signature like kernel does.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 24 Jan 2014 13:06:49 +0000 (15:06 +0200)]
Use EVM v2 HMAC format by default
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 24 Jan 2014 13:05:34 +0000 (15:05 +0200)]
Do use x509 by default
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 24 Jan 2014 13:01:17 +0000 (15:01 +0200)]
Select signing function in single place
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 24 Jan 2014 12:57:16 +0000 (14:57 +0200)]
Select verification function version in the library code
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 24 Jan 2014 12:54:59 +0000 (14:54 +0200)]
Remove user_sig_type flag
Always use signature type from signature header - like kernel does.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 24 Jan 2014 12:50:09 +0000 (14:50 +0200)]
Use verify_hash() for EVM verification as well
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 24 Jan 2014 12:48:02 +0000 (14:48 +0200)]
Move signature version checking to verify_hash()
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 24 Jan 2014 12:42:22 +0000 (14:42 +0200)]
Move hash verification to separate function
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Thu, 23 Jan 2014 14:35:30 +0000 (16:35 +0200)]
Move signature verification implementation to the library
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 17 Jan 2014 16:20:22 +0000 (18:20 +0200)]
Initial library skeleton
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 17 Jan 2014 13:18:48 +0000 (15:18 +0200)]
Implement recursive IMA signing
Recursive signing is needed when doing filesystem image signing.
Using script is very slow due to multiple forking and executing.
C-based implementation provides about 7 times performance improvements.
It is very significant when doing large image signing.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 17 Jan 2014 13:09:10 +0000 (15:09 +0200)]
Rename de_type to search_type
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 17 Jan 2014 13:07:38 +0000 (15:07 +0200)]
Move file type checking to separate function
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Thu, 16 Jan 2014 14:51:29 +0000 (16:51 +0200)]
Implement recursive EVM signing
Recursive signing is needed when doing filesystem image signing.
Using script is very slow due to multiple forking and executing.
C-based implementation provides about 7 times performance improvements.
It is very significant when doing large image signing.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Thu, 16 Jan 2014 13:11:41 +0000 (15:11 +0200)]
Export find() declaration for the following patches
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 17 Jan 2014 10:35:21 +0000 (12:35 +0200)]
Prevent reading of inode generation for special files in HMAC signing
Kernel API does not support at the momement reading of inode generation
number of special files, so do not do it also when do HMAC signing.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Fri, 17 Jan 2014 09:27:16 +0000 (11:27 +0200)]
Prevent reading of inode generation for special files
Kernel API does not support at the momement reading of
generation number of special files, so do not do it.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Thu, 16 Jan 2014 14:39:57 +0000 (16:39 +0200)]
Use lgetxattr() instead of getxattr()
IMA/EVM extended attributes should be get for symbolic links themselves,
not to the entries pointed by them. setxattr() dereference symbolic links.
It is necessary to use lgetxattr().
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Thu, 16 Jan 2014 14:39:57 +0000 (16:39 +0200)]
Use lsetxattr() instead of setxattr()
IMA/EVM extended attributes should be set for symbolic links themselves,
not to the entries pointed by them. setxattr() dereference symbolic links.
It is necessary to use lsetxattr().
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Wed, 15 Jan 2014 18:24:54 +0000 (20:24 +0200)]
Implement recursive efficient IMA fixing
Using scripts which do many forking and execution is very slow on
embedded/mobile devices. C based implementation is about 7 times faster.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Wed, 15 Jan 2014 16:15:22 +0000 (18:15 +0200)]
Script for generating self-signed certificate
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 26 Nov 2013 12:51:14 +0000 (14:51 +0200)]
Provide spec file for gbs build system
GBS build system requires specfile before configuring the package.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 26 Nov 2013 12:47:54 +0000 (14:47 +0200)]
Move spec file to packaging directory
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 12 Nov 2013 10:30:32 +0000 (12:30 +0200)]
IMA measurement list verification (experimental)
PCR aggregate value is reconstructed using IMA measurement list and is compared
against TPM PCR-10. It also performs signature verification if it is available in
the measurement list. ima_measurement_new.c (Mimi Zohar) was used as an example.
Example:
evmctl ima_measurement /sys/kernel/security/ima/binary_runtime_measurements
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 12 Nov 2013 17:27:05 +0000 (19:27 +0200)]
Define __packed
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 12 Nov 2013 17:06:44 +0000 (19:06 +0200)]
Provide hexdump functions without new line
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 12 Nov 2013 16:26:54 +0000 (18:26 +0200)]
split signature verification function for passing signature as an argument
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Thu, 31 Oct 2013 23:30:40 +0000 (01:30 +0200)]
scripts to generate ca and keys
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Michael Demeter [Mon, 30 Sep 2013 18:24:30 +0000 (11:24 -0700)]
Spec file changes: Include name, License, Summary
- Fix keyutils package include name to match our repository
- Fix License definition
- Fix summary capitalization
Change-Id: I37e3d465ab66e450224912662a446a1ffd8989ce
Signed-off-by: Michael Demeter <michael.demeter@intel.com>
Graydon, Tracy [Sat, 28 Sep 2013 01:32:06 +0000 (18:32 -0700)]
Get rid of the dist macro in spec
Graydon, Tracy [Sat, 28 Sep 2013 01:29:25 +0000 (18:29 -0700)]
Initial project setup
Dmitry Kasatkin [Wed, 4 Sep 2013 06:28:12 +0000 (09:28 +0300)]
License changed from LGPL to GPL as in COPYING
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Wed, 28 Aug 2013 12:31:35 +0000 (15:31 +0300)]
Version 0.6 release
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Wed, 28 Aug 2013 12:02:36 +0000 (15:02 +0300)]
Fix cleanup in the case of errors
Proper memory cleanup is not really necessary for command line
utility because all memory is cleaned up when it quits. But as
code does it most of the cases, fix other places.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 27 Aug 2013 12:44:18 +0000 (15:44 +0300)]
fix the crash when key file is not found
Error in error handling caused crash when key file is not found.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 13 Aug 2013 13:50:05 +0000 (16:50 +0300)]
make --imahash or --imasig optional for EVM signing
One might not want to change/set IMA xattr value when performing
EVM signing.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 13 Aug 2013 13:34:44 +0000 (16:34 +0300)]
perform uuid format checking and error handling
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 13 Aug 2013 13:08:16 +0000 (16:08 +0300)]
make argument for '-u' option as optional
-u required to provide uuid or '-', which was confusing.
Now -u does not require '-' argument to read uuid automatically.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Vivek Goyal [Fri, 12 Jul 2013 18:52:12 +0000 (14:52 -0400)]
Save full security.ima attribute to a file
Right now if -f option is passed in, we only save the actual signature to
a file and not the full security.ima attribute.
I think it makes more sense to save full security.ima attribute so that
it can act as detached signatures and one can install signature later.
That is signing can take place on build server and detached signatures
can be generated and these signatures can be installed later on target.
One can use following steps.
evmctl ima_sign -f -x -a sha256 /tmp/data.txt
hexdump -v -e '1/1 "%02x"' /tmp/data.txt.sig > /tmp/data.txt.sig.hex
printf "# file: /tmp/data.txt\nsecurity.ima=0x" | cat - /tmp/data.txt.sig.hex | setfattr --restore -
evmctl ima_verify /tmp/data.txt
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Fri, 12 Jul 2013 18:52:11 +0000 (14:52 -0400)]
Get signature version from the header
Currently we assume signature version is v1 until and unless -x is
specified on kernel command line. Given the fact that signature version
information is available in signature itself, it is much better to get
it from there and not require user to pass -x during verification phase.
If user passed -x on command line, then honor it.
Now one can do following.
evmctl ima_sign -x /tmp/data.txt
evmctl ima_verify /tmp/data.txt
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Wed, 17 Jul 2013 13:28:02 +0000 (16:28 +0300)]
Move key file selection to later phase
Following patch reads signature version from header and based
on that key file needs to be selected.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Fri, 12 Jul 2013 18:52:10 +0000 (14:52 -0400)]
Use enums for signature versions
Using enums for fixed values looks cleaner. Also I am planning to use
version field in more places in next patch. So use enums intead of
numbers like 1 and 2.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Fri, 12 Jul 2013 18:52:09 +0000 (14:52 -0400)]
Let user specified hash algo take precedence
After applying previous patch, we will always get hash algo info from
signature and if user specified one on command line, that will be overridden.
This is like breaking old behavior. So keep track whether user specified
hash algo on command line or not. If user did not specify one then get
hash algo info from signature otherwise use the one user provided.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Fri, 12 Jul 2013 18:52:08 +0000 (14:52 -0400)]
Get hash algorithm info from the signature
If one signs a file using hash algo -sha256 then one needs to specify
signature during verification also. Otherwise evmctl using default sha1
for calculating hash and signature verification fails. One needs to
specify -a sha256 on command line even during signature verification
phase to make sure file is signed right.
I think that's completely unnecessary. A user is not always supposed
to know what algorithm was used to generate signature. User is only
concered with whether this signature is valid or not.
So retrieve hash algorithm info from signature and use that.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Fri, 12 Jul 2013 18:52:07 +0000 (14:52 -0400)]
Put right hash algo info in digital signature version 1 header
hdr->hash for signature version 1 contains the info about what hash
algorithm has been used for signing the file. Currently we always set
hdr->hash to DIGEST_ALGO_SHA1. But one can sign file using SHA256 using
option "-a sha256". In that case we should put right hash algo info
in signature header. Fix it.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Fri, 12 Jul 2013 18:52:06 +0000 (14:52 -0400)]
Fix hash array size in verify_ima()
Now evmctl supports different hash algorithms and sha512 will produce
64 byte digest. verify_ima() still allocates only 20bytes to store hash.
This does not work with larger hashes.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Tue, 25 Jun 2013 03:09:36 +0000 (23:09 -0400)]
evmctl: Fix signature verification code for V2 digital signature
For V2 of digital signature we store signature at hdr->sig and not at
hdr->sig + 2. That's the property of V1 of signature.
Fix the verification code otherwise it fails with following message.
RSA_public_decrypt() failed: -1
error:
0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
error:
04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Dmitry Kasatkin [Wed, 10 Jul 2013 15:00:53 +0000 (16:00 +0100)]
Fix verification using signature file
Signature file does not contain xattr prefix.
Add signature xattr prefix manually.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Mon, 11 Feb 2013 11:59:01 +0000 (13:59 +0200)]
support for asymmetric crypto keys and new signature format
Asymmetric keys were introduced in linux-3.7 to verify the signature on
signed kernel modules. The asymmetric keys infrastructure abstracts the
signature verification from the crypto details. Asymmetric crypto keys
support allows to import X509 public key certificate in a DER format
into the kernel keyring. Asymmetric keys require a new signature format.
'evmctl -x' or 'evmctl --x509' option can be used to utilize new
signature format.
Using of key filename after the file name for signing and verification commands
is a bit odd. This patch add '--key' parameter to specify non-default key file.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Mon, 11 Feb 2013 11:55:32 +0000 (13:55 +0200)]
added uuid support for EVM
Latest version of EVM uses file system UUID as part of an HMAC
calculation to prevent pasting of inode metadata from other file
systems. This patch adds support for adding file system UUID
to HMAC calculation. It is necessary to specify '-u -' or '--uuid -'
on evmctl command line.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Mon, 10 Sep 2012 10:29:39 +0000 (13:29 +0300)]
Update README
README updated.
Module signing info has been removed. Module signing is done now in kernel
source tree and uses appended signatures. No need to create sig files or
set extended attributes. Information about test scripts has been removed.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Mon, 10 Sep 2012 11:51:31 +0000 (14:51 +0300)]
Remove test scripts
Test scripts are not used at all.
All needed information is in README.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Thu, 6 Sep 2012 10:36:41 +0000 (13:36 +0300)]
remove directory entry list sorting
Directory entries list sorting is not needed.
Entries are read always in the same order.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>