summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Dmitry Kasatkin [Wed, 28 Aug 2013 12:31:35 +0000 (15:31 +0300)]
Version 0.6 release
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Wed, 28 Aug 2013 12:02:36 +0000 (15:02 +0300)]
Fix cleanup in the case of errors
Proper memory cleanup is not really necessary for command line
utility because all memory is cleaned up when it quits. But as
code does it most of the cases, fix other places.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 27 Aug 2013 12:44:18 +0000 (15:44 +0300)]
fix the crash when key file is not found
Error in error handling caused crash when key file is not found.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 13 Aug 2013 13:50:05 +0000 (16:50 +0300)]
make --imahash or --imasig optional for EVM signing
One might not want to change/set IMA xattr value when performing
EVM signing.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 13 Aug 2013 13:34:44 +0000 (16:34 +0300)]
perform uuid format checking and error handling
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Tue, 13 Aug 2013 13:08:16 +0000 (16:08 +0300)]
make argument for '-u' option as optional
-u required to provide uuid or '-', which was confusing.
Now -u does not require '-' argument to read uuid automatically.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Vivek Goyal [Fri, 12 Jul 2013 18:52:12 +0000 (14:52 -0400)]
Save full security.ima attribute to a file
Right now if -f option is passed in, we only save the actual signature to
a file and not the full security.ima attribute.
I think it makes more sense to save full security.ima attribute so that
it can act as detached signatures and one can install signature later.
That is signing can take place on build server and detached signatures
can be generated and these signatures can be installed later on target.
One can use following steps.
evmctl ima_sign -f -x -a sha256 /tmp/data.txt
hexdump -v -e '1/1 "%02x"' /tmp/data.txt.sig > /tmp/data.txt.sig.hex
printf "# file: /tmp/data.txt\nsecurity.ima=0x" | cat - /tmp/data.txt.sig.hex | setfattr --restore -
evmctl ima_verify /tmp/data.txt
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Fri, 12 Jul 2013 18:52:11 +0000 (14:52 -0400)]
Get signature version from the header
Currently we assume signature version is v1 until and unless -x is
specified on kernel command line. Given the fact that signature version
information is available in signature itself, it is much better to get
it from there and not require user to pass -x during verification phase.
If user passed -x on command line, then honor it.
Now one can do following.
evmctl ima_sign -x /tmp/data.txt
evmctl ima_verify /tmp/data.txt
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Wed, 17 Jul 2013 13:28:02 +0000 (16:28 +0300)]
Move key file selection to later phase
Following patch reads signature version from header and based
on that key file needs to be selected.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Fri, 12 Jul 2013 18:52:10 +0000 (14:52 -0400)]
Use enums for signature versions
Using enums for fixed values looks cleaner. Also I am planning to use
version field in more places in next patch. So use enums intead of
numbers like 1 and 2.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Fri, 12 Jul 2013 18:52:09 +0000 (14:52 -0400)]
Let user specified hash algo take precedence
After applying previous patch, we will always get hash algo info from
signature and if user specified one on command line, that will be overridden.
This is like breaking old behavior. So keep track whether user specified
hash algo on command line or not. If user did not specify one then get
hash algo info from signature otherwise use the one user provided.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Fri, 12 Jul 2013 18:52:08 +0000 (14:52 -0400)]
Get hash algorithm info from the signature
If one signs a file using hash algo -sha256 then one needs to specify
signature during verification also. Otherwise evmctl using default sha1
for calculating hash and signature verification fails. One needs to
specify -a sha256 on command line even during signature verification
phase to make sure file is signed right.
I think that's completely unnecessary. A user is not always supposed
to know what algorithm was used to generate signature. User is only
concered with whether this signature is valid or not.
So retrieve hash algorithm info from signature and use that.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Fri, 12 Jul 2013 18:52:07 +0000 (14:52 -0400)]
Put right hash algo info in digital signature version 1 header
hdr->hash for signature version 1 contains the info about what hash
algorithm has been used for signing the file. Currently we always set
hdr->hash to DIGEST_ALGO_SHA1. But one can sign file using SHA256 using
option "-a sha256". In that case we should put right hash algo info
in signature header. Fix it.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Fri, 12 Jul 2013 18:52:06 +0000 (14:52 -0400)]
Fix hash array size in verify_ima()
Now evmctl supports different hash algorithms and sha512 will produce
64 byte digest. verify_ima() still allocates only 20bytes to store hash.
This does not work with larger hashes.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Vivek Goyal [Tue, 25 Jun 2013 03:09:36 +0000 (23:09 -0400)]
evmctl: Fix signature verification code for V2 digital signature
For V2 of digital signature we store signature at hdr->sig and not at
hdr->sig + 2. That's the property of V1 of signature.
Fix the verification code otherwise it fails with following message.
RSA_public_decrypt() failed: -1
error:
0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
error:
04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Dmitry Kasatkin [Wed, 10 Jul 2013 15:00:53 +0000 (16:00 +0100)]
Fix verification using signature file
Signature file does not contain xattr prefix.
Add signature xattr prefix manually.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin [Mon, 11 Feb 2013 11:59:01 +0000 (13:59 +0200)]
support for asymmetric crypto keys and new signature format
Asymmetric keys were introduced in linux-3.7 to verify the signature on
signed kernel modules. The asymmetric keys infrastructure abstracts the
signature verification from the crypto details. Asymmetric crypto keys
support allows to import X509 public key certificate in a DER format
into the kernel keyring. Asymmetric keys require a new signature format.
'evmctl -x' or 'evmctl --x509' option can be used to utilize new
signature format.
Using of key filename after the file name for signing and verification commands
is a bit odd. This patch add '--key' parameter to specify non-default key file.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Mon, 11 Feb 2013 11:55:32 +0000 (13:55 +0200)]
added uuid support for EVM
Latest version of EVM uses file system UUID as part of an HMAC
calculation to prevent pasting of inode metadata from other file
systems. This patch adds support for adding file system UUID
to HMAC calculation. It is necessary to specify '-u -' or '--uuid -'
on evmctl command line.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Mon, 10 Sep 2012 10:29:39 +0000 (13:29 +0300)]
Update README
README updated.
Module signing info has been removed. Module signing is done now in kernel
source tree and uses appended signatures. No need to create sig files or
set extended attributes. Information about test scripts has been removed.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Mon, 10 Sep 2012 11:51:31 +0000 (14:51 +0300)]
Remove test scripts
Test scripts are not used at all.
All needed information is in README.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Thu, 6 Sep 2012 10:36:41 +0000 (13:36 +0300)]
remove directory entry list sorting
Directory entries list sorting is not needed.
Entries are read always in the same order.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Mon, 13 Aug 2012 06:28:53 +0000 (09:28 +0300)]
added ima signature verification support
For debugging puporse it is usefull to have signature verification
functionality. It supports use of xattrs and .sig files.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Mon, 13 Aug 2012 10:43:40 +0000 (13:43 +0300)]
do not output type prefix for sig files
sig files do not need type prefix as they are contain only signatures.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Thu, 9 Aug 2012 18:30:17 +0000 (21:30 +0300)]
added support for kernel module signature
Kernel module signature is appended to the kernel module.
Kernel signature also contains signature length and magic.
Added --modsig parameter to generate kernel module signature.
Signature can be added to the module like: cat module.sig >> module.ko
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Thu, 9 Aug 2012 18:35:10 +0000 (21:35 +0300)]
disable printing signature when using sigfiles
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Fri, 18 May 2012 15:54:33 +0000 (18:54 +0300)]
Remove tag creation
Better to create tag manually when release is done.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Fri, 18 May 2012 15:29:55 +0000 (18:29 +0300)]
Version 0.3
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Fri, 18 May 2012 13:52:10 +0000 (16:52 +0300)]
Added hash calculation for special files
New IMA kernel patches support appraisal of special files,
such as links, device nodes, fifos.
This patch adds support to calculate hash for special files
to be set to security.ima extended attribute.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Fri, 18 May 2012 13:49:28 +0000 (16:49 +0300)]
Refactored to remove redundant hash initialization code
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Fri, 18 May 2012 13:54:55 +0000 (16:54 +0300)]
Do not search for algorithm as it is known
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Fri, 18 May 2012 10:46:06 +0000 (13:46 +0300)]
Some files updated
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Fri, 18 May 2012 10:40:28 +0000 (13:40 +0300)]
Use libexec for programs and scripts
Newer automake does not like to put programs and scripts
to lib directory. Use libexec instead.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Fri, 18 May 2012 10:39:01 +0000 (13:39 +0300)]
Remove forced tag creation
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Fri, 18 May 2012 09:43:59 +0000 (12:43 +0300)]
inline block variable renamed
err shadows function lever err.
Renamed it to error.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Fri, 18 May 2012 09:41:31 +0000 (12:41 +0300)]
Added entry type to directory hash calculation
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Fri, 18 May 2012 09:40:13 +0000 (12:40 +0300)]
llistxattr returns 0 if there are no xattrs and it is valid
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Thu, 5 Apr 2012 11:54:28 +0000 (14:54 +0300)]
evm-utils renamed to ima-evm-utils.
Version set to 0.2.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Thu, 5 Apr 2012 12:24:01 +0000 (15:24 +0300)]
Added RPM and TAR building rules
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Thu, 5 Apr 2012 11:32:28 +0000 (14:32 +0300)]
added command options description
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Thu, 5 Apr 2012 10:48:39 +0000 (13:48 +0300)]
removed unused parameter
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Thu, 5 Apr 2012 10:48:08 +0000 (13:48 +0300)]
import functions combined
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Thu, 5 Apr 2012 09:07:54 +0000 (12:07 +0300)]
updated error handling
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Wed, 4 Apr 2012 13:48:38 +0000 (16:48 +0300)]
read list of existing extended attributes
getxattr() might return runtime value which does not really exist
on file system. It happens for SMACK LSM. Reading the list of existing
attributes allows to prevent such to happen.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Wed, 4 Apr 2012 13:48:16 +0000 (16:48 +0300)]
added HMAC API error handling
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Mon, 2 Apr 2012 12:52:30 +0000 (15:52 +0300)]
version 0.1.0
Dmitry Kasatkin [Thu, 15 Mar 2012 09:52:36 +0000 (11:52 +0200)]
remove unused parameter
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Thu, 2 Feb 2012 08:12:34 +0000 (10:12 +0200)]
Changed time_t timestamp type to uint32_t
time_t is actually long and is different on 32 and 64 bit architectures.
Format of the signatures should not depend on the architecture and should
be the same. Changed timestamp to uint32_t like in GPG.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Wed, 1 Feb 2012 12:38:54 +0000 (14:38 +0200)]
Added missing CFLAGS
Added missing CFLAGS
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Wed, 1 Feb 2012 12:30:30 +0000 (14:30 +0200)]
Added signature write to .sig file
To enable module signature verification working on file systems
without extended attributes, or to be able to copy modules by methods,
which does not support extended attribute copying, it is necessary
to store signature in the file. This patch provides command line parameter
for storing signature in .sig file.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Wed, 1 Feb 2012 09:10:15 +0000 (11:10 +0200)]
Change set_xattr to xattr.
set_xattr changed to xattr.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Wed, 1 Feb 2012 08:46:21 +0000 (10:46 +0200)]
Changed to conform Linux kernel coding style
Changed to conform Linux kernel coding style, except 80 characters
line length limit.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Wed, 1 Feb 2012 08:33:07 +0000 (10:33 +0200)]
added password parameter for using encrypted keys
Added password parameter for using encrypted keys.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Wed, 1 Feb 2012 08:29:33 +0000 (10:29 +0200)]
added openssl initialization and error reporting
Added openssl initialization and error reporting.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Mon, 30 Jan 2012 11:23:28 +0000 (13:23 +0200)]
minor fixes
- error message
- command info
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Fri, 2 Dec 2011 12:15:19 +0000 (14:15 +0200)]
Scripts for searching not only root owned files
-uid 0 removed.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Thu, 1 Dec 2011 16:40:27 +0000 (18:40 +0200)]
directory hash calculation
Directory integrity verification requires directory hash value
to be set to security.ima.
This patch provides directory hash calculation.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Wed, 30 Nov 2011 13:03:39 +0000 (15:03 +0200)]
EVM hmac calculation
For debugging purpose it is nice to have evm hmac calculation for
labeling filesystem using hmac.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Wed, 30 Nov 2011 13:09:34 +0000 (15:09 +0200)]
EVP API for evm hash calculation
evmctl was using sha1 for evm hash calculation.
Using EVM API is easy to use other digest algorithms such as sha256.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Fri, 14 Oct 2011 13:53:34 +0000 (16:53 +0300)]
evmctl - IMA/EVM control tool
evmctl provides signing support for IMA/EVM.
Functionality includes signing of file content (IMA), file metadata (EVM),
importing public keys into kernel keyring.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Dmitry Kasatkin [Thu, 25 Nov 2010 09:27:14 +0000 (11:27 +0200)]
initial empty repo