Commit 313d21e "tpm: device class for tpm" moved the TPM sysfs location
from /sys/class/misc/tpmX/device/ to /sys/class/tpm/tpmX/device/.
Mimi Zohar <zohar@linux.vnet.ibm.com>
Openssl 1.1 is really annoying in that it made certain objects opaque
and added accessors for the necessary componenets, but these accessors
often don't exist in 1.0 and before, so there's no way to create clean
code that will compile with both 1.0 and 1.1; instead you have to
compiled with both code bases to make sure everything is working).
The other problem is that since the structures are opaque, their size
isn't known, so having a structure declared as a variable is no longer
possible.
This change switches all uses of EVP_MD_CTX to be pointers initialised
with the correct EVP_MD_CTX_new() (not available in 1.0), does the
same for HMAC_CTX, and uses the 1.1 only primitve RSA_get0_key() to
extract the public modulus and exponent from an RSA key.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Tested-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
The IMA measurement list may contain records for different PCRs. This
patch walks the measurement list, calculating a PCR aggregate value for
each PCR.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Instead of verifying file signatures included in the measurement list,
by calculating the local file hash, verify the file signature based on the
digest contained in the measurement list.
This patch defines a new option named "--list".
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
On a running system, different software packages might be signed by
different parties. Support verifying signatures in the measurement
list using multiple public keys(eg. -k "key1, key2, ...").
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Add a --portable argument that generates EVM signatures without using
the inode number and generation or fs UUID.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Changelog:
- immutable and portable flags are exclusive, prevent enabling both.
To write the .sig file as security.ima xattr using setfattr first
requires converting the .sig file from binary to ascii-hex. Although
this conversion can be done using hexdump, it is unnecessary when
calling setxattr. This patch defines a new command called
"ima_setxattr", which calls lsetxattr() to write the .sig file as
the security.ima xattr.
Changelog:
- remove unnecessary copy
- fixed --sigfile option
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
"evmutil ima_verify -n <some file>" disabled using xattrs without enabling
using a signature file, resulting in the use of uninitialized memory in
ima_verify_signature() and thus unpredictable results.
Such a mode of operation makes no sense, so interpret -n as
documented ("print result to stdout instead of setting xattr") and ignore it
during ima_verify. Instead, switch between the two verification modes only
via the global sigfile variable.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
When bailing out of the function due to EVP_DigestUpdate()
failing, the DIR resources allocated with opendir() were
not freed.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Supplying the password on the command line is not safe. This patch
adds support for prompting the user to enter the password. At some
point, supplying the pasword on the command line should be deprecated.
Prior to this patch, the password could be specified with a blank in
between the '-p' option and the password. With this patch, the
password now must be adjacent
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
evmctl defines the "--pass | -p" command line option for providing
the private key's password. The password is then stored in a global
variable accessible by the sign_hash_XXXX() functions.
This patch modifies the arguments to the library sign_hash()
function to include the password, allowing callers to specify the
private key password.
Changelog:
- add library init to call OpenSSL_add_all_algorithms
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Add more info on:
* introduction
* EVM formats
* Signature and keys formats
* IMA trusted keys and keyrings
* EVM trusted keys
* Updated scripts and examples
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Latest versions of smack uses additional xattrs. This patch adds them to
EVM protection. Linux kernel configuration option CONFIG_EVM_EXTRA_SMACK_XATTRS
has to be enabled.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Do not require to re-build man file at the build process.
It will require less build dependencies.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Update README with additional information to produce initial
evmctl.1 man page. Sligtly reformat it for that purpose as well.
Requires asciidoc, xslproc, docbook-xsl packages to build man page.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
This patch enables package managers, such as rpm, to include IMA signatures in
packages.
To do this, sign_hash and some helper functions were moved from evmctl to
libimaevm. These functions used global variables that belong to evmctl, sigdump
and keypass. The variable sigdump is a flag that file signatures should be
printed to stdout, so the signature dump is now handled by functions that call
sign_hash. The variable keypass is a passphrase for an encrypted key, so it was
added to 'struct libevm_params'.
v2: Uses 'struct libevm_params' to minimize sign_hash parameters
v3: Export single sign_hash function that selects _v1 or _v2 internally based
on params.x509. Moved parameter checks and explicitly return -1 for failures.
Signed-off-by: Fionnuala Gunter <fin@linux.vnet.ibm.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
'ima_hash -a sha256' and 'sign -a sha256 --imahash' commands did set
incorrect xattr header for hash algos other than sha1.
Fix it.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
