dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-27 14:22:31 +02:00
Code Releases Activity
431 Commits 5 Branches 19 Tags
Commit Graph

431 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dmitry Kasatkin
ef74ed1ab2 Do not search for algorithm as it is known 
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
588cbb7492 Some files updated 
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
bcaadb1205 Use libexec for programs and scripts 
Newer automake does not like to put programs and scripts
to lib directory. Use libexec instead.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
f60ffc2109 Remove forced tag creation 
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
9c4d793034 inline block variable renamed 
err shadows function lever err.
Renamed it to error.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
42e40570e6 Added entry type to directory hash calculation 
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
13571ace6b llistxattr returns 0 if there are no xattrs and it is valid 
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
76f3496455 evm-utils renamed to ima-evm-utils. 
Version set to 0.2.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
v0.2 		2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
dc36ed86d3 Added RPM and TAR building rules 
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
de89119dbf added command options description 
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
04e3ff3ef5 removed unused parameter 
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
5769fb1833 import functions combined 
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
52960f8b93 updated error handling 
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
e576ac9771 read list of existing extended attributes 
getxattr() might return runtime value which does not really exist
on file system. It happens for SMACK LSM. Reading the list of existing
attributes allows to prevent such to happen.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
d61b9c0be7 added HMAC API error handling 
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
1e2934d9a3 version 0.1.0 v0.1.0 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
c13fce4028 remove unused parameter 
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
aa2f6e9b63 Changed time_t timestamp type to uint32_t 
time_t is actually long and is different on 32 and 64 bit architectures.
Format of the signatures should not depend on the architecture and should
be the same. Changed timestamp to uint32_t like in GPG.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:53 +03:00
Dmitry Kasatkin
ff071501d0 Added missing CFLAGS 
Added missing CFLAGS

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:52 +03:00
Dmitry Kasatkin
f2b486e053 Added signature write to .sig file 
To enable module signature verification working on file systems
without extended attributes, or to be able to copy modules by methods,
which does not support extended attribute copying, it is necessary
to store signature in the file. This patch provides command line parameter
for storing signature in .sig file.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:52 +03:00
Dmitry Kasatkin
e3f11d343a Change set_xattr to xattr. 
set_xattr changed to xattr.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:52 +03:00
Dmitry Kasatkin
7e89de565e Changed to conform Linux kernel coding style 
Changed to conform Linux kernel coding style, except 80 characters
line length limit.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:52 +03:00
Dmitry Kasatkin
e91cb01e9a added password parameter for using encrypted keys 
Added password parameter for using encrypted keys.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:52 +03:00
Dmitry Kasatkin
b0966fd243 added openssl initialization and error reporting 
Added openssl initialization and error reporting.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:52 +03:00
Dmitry Kasatkin
0b197c4d30 minor fixes 
- error message
- command info

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2012-09-06 14:08:52 +03:00
Dmitry Kasatkin
8e68cd0135 Scripts for searching not only root owned files 
-uid 0 removed.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2011-12-02 14:15:19 +02:00
Dmitry Kasatkin
b60f927609 directory hash calculation 
Directory integrity verification requires directory hash value
to be set to security.ima.
This patch provides directory hash calculation.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2011-12-02 14:12:57 +02:00
Dmitry Kasatkin
874c0fd45c EVM hmac calculation 
For debugging purpose it is nice to have evm hmac calculation for
labeling filesystem using hmac.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2011-12-01 12:17:29 +02:00
Dmitry Kasatkin
774029f71e EVP API for evm hash calculation 
evmctl was using sha1 for evm hash calculation.
Using EVM API is easy to use other digest algorithms such as sha256.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2011-11-30 16:01:17 +02:00
Dmitry Kasatkin
273701a5b2 evmctl - IMA/EVM control tool 
evmctl provides signing support for IMA/EVM.
Functionality includes signing of file content (IMA), file metadata (EVM),
importing public keys into kernel keyring.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 2011-11-24 17:03:43 +02:00
Dmitry Kasatkin
6ec041487e initial empty repo 2010-11-25 11:27:14 +02:00