ima-evm-utils does not attempt to calculate or even read the fs-verity
file hash, but can verify the fs-verity signature based on the fsverity
file hash, both contained in the measurement list record.
Example:
evmctl ima_measurement --key <DER encoded public key> \
--verify-sig /sys/kernel/security/ima/binary_runtime_measurements
Modify 'sig' argument of verify_hash() to be the full xattr in order to
differentiate signatures types.
Note:
Kernel commit b1aaab22e263 ("ima: pass full xattr with the signature")
added the 'type' to signature_v2_hdr struct, which hasn't been reflected
here. (todo)
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Sign fs-verity file digests provided in the format as produced by
"fsverity digest". The output is of the same format as the input,
but with the file signature appended. Use setfattr to write the
signature as security.ima xattr.
fsverity digest format: <algo>:<hash> <pathname>
output format: <algo>:<hash> <pathname> <signature>
Instead of directly signing the fsverity hash, to disambiguate the
original IMA signatures from the fs-verity signatures stored in the
security.ima xattr a new signature format version 3 (sigv3) was
defined as the hash of the xattr type (enum evm_ima_xattr_type),
the hash algorithm (enum hash_algo), and the hash.
Example:
fsverity digest <pathname> | evmctl sign_hash --veritysig \
--key <pem encoded private key>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Not being able to open a file is not necessarily a problem. If
and when it occurs, an informational or error message with the
actual filename is emitted as needed.
Reset 'errno' to prevent the "errno: No such file or directory (2)"
generic message.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The default hash algorithm for evmctl is today hardcoded in the libimaevm.c
file. To facilitate package maintainers across different distributions to
set their own default hash algorithm, this patch adds the
--with-default-hash=<algo> option to the configuration script.
The chosen algorithm will then be checked by its available in the kernel,
otherwise IMA won't be able to verify files hashed by the user. For that,
the kernel header hash_info.h used as the source of supported hashes. In
case the hash_info.h header is not present, the configuration script warns
about it, but uses whatever the user specified in the option.
Signed-off-by: Bruno Meneguele <bmeneg@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Add support for pkcs11 private keys for signing a v2 hash.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Keep in sync with the kernel IMA, IMA signature tool supports SM2/3
algorithm combination. Because in the current version of OpenSSL 1.1.1,
the SM2 algorithm and the public key using the EC algorithm share the
same ID 'EVP_PKEY_EC', and the specific algorithm can only be
distinguished by the curve name used. This patch supports this feature.
Secondly, the openssl 1.1.1 tool does not fully support the signature
of SM2/3 algorithm combination, so the openssl3 tool is used in the
test case, and there is no this problem with directly calling the
openssl 1.1.1 API in evmctl.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
[zohar@linux.ibm.com: "COMPILE_SSL: " -> "COMPILE_SSL=" in .travis.yml
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Allow to have certificate appended to the private key of `--key'
specified (PEM) file (for v2 signing) to facilitate reading of keyid
from the associated cert. This will allow users to have private and
public key as a single file and avoid the need of manually specifying
keyid. There is no check that public key form the cert matches
associated private key.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Allow user to specify `--keyid-from-cert cert.pem' to extract keyid from
SKID of the certificate file. PEM or DER format is auto-detected.
This commit creates ABI change for libimaevm, due to adding new function
ima_read_keyid(). Newer clients cannot work with older libimaevm.
Together with previous commit it creates backward-incompatible ABI
change, thus soname should be incremented on release.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Allow user to set signature's keyid using `--keyid' option. Keyid should
correspond to SKID in certificate, when keyid is calculated using SHA-1
in libimaevm it may mismatch keyid extracted by the kernel from SKID of
certificate (the way public key is presented to the kernel), thus making
signatures not verifiable. This may happen when certificate is using non
SHA-1 SKID (see rfc7093) or just 'unique number' (see rfc5280 4.2.1.2).
As a last resort user may specify arbitrary keyid using the new option.
This commit creates ABI change for libimaevm, because of adding
additional parameter to imaevm_params - newer libimaevm cannot work
with older clients.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reported-by: Elvira Khabirova <lineprinter0@gmail.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Remove the "Logically dead code (DEADCODE)" as reported by Coverity.
Fixes: 9c79b7de7231 ("ima-evm-utils: support verifying the measurement list using multiple keys")
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Coverity complains about the existing "if (!fread(....))" and inverse
syntax. Change it to make Coverity happy.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signature verification on symbolic links is not supported by IMA in the
kernel, so remove the calculation of digests over symbolic links.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signature verification on directories is not supported by IMA in the
kernel, so remove the calculation of digests over directories.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signature verification on device files is not supported by IMA in the
kernel, so remove calculation of digests over devices files.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Instead of using the global variable imaevm_params.hash_algo as the
hash algo to use, use the algo parameter passed into the function.
Existing code in this function already uses 'algo' for writing the
hash into the header:
hdr->hash_algo = imaevm_get_hash_algo(algo);
Fixes: 07e623b60848 ("ima-evm-utils: Convert sign_hash_v2 to EVP_PKEY API").
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
There's no errno set at this point so that using log_errno would
display something useful. Instead use log_error().
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Rename function variable from cr (carriage return, '\r') to
newline, because this is what it is.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The variable returned from readlink is a length indicator of the
number of bytes placed into a buffer, not only an error. Leave
a note in the code that a zero-length link is also treated as an
error, besides the usual -1.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The 'off' variable was unused in add_dir_hash(), so remove it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The error checking in add_dir_hash was wrong. EVP_DigestUpdate returns 1
on success and 0 on error, so we cannot just accumulate it using or'ing.
>From the man page:
EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex()
Returns 1 for success and 0 for failure.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
When the IMA measurement list contains file signatures, the file
signatures are verified either by calculating the local file data hash
or based on the file hash contained in the measurement list. In either
case a list of trusted public keys needs to be provided.
In addition to the list of known/unknown public keys needed to verify
the measurement list being output, the specific files signed by an
unknown public key are output as well.
Output the individual "unknown keyid" file messages based on log level.
Example 1: "ima_measurement" list of known/unknown public keys
Verify the provided IMA measurement list against the provided TPM 1.2
PCRs.
--validate: ignore measurement violations.
--verify: calculate and verify the template digest against the template
data.
--verify-sig: verify the file signature against the file hash stored
in the template data.
$ evmctl ima_measurement /tmp/local_binary_runtime_measurements --pcrs
/tmp/local_pcrs_new --validate --verify --verify-sig
key 1: 14c2d147 /etc/keys/x509_evm.der
key 2: 6e6c1046 (unknown keyid)
key 3: c4e2426e (unknown keyid)
Matched per TPM bank calculated digest(s).
Example 2: verbose mode (-v) includes specific unknown files.
/usr/bin/evmctl: verification failed: unknown keyid 6e6c1046
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
SM3 was published by State Encryption Management Bureau, China.
It has been well supported in the kernel and openssl.
This patch allows SM3 to be used smoothly by specifying the
parameter `-a sm3` or `--hashalgo sm3`.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Use enum type instead of hard-coded numbers to improve code readability.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Even if imaevm_get_hash_algo() returns an error value of -1, it is
forced to be converted to uint8_t type here, resulting in this error
not being checked by the if condition. This patch fixes this error.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
as some errors are using it, e.g. in previous fix
just errno would be printed:
./src/evmctl ima_boot_aggregate
Failed to read any TPM PCRs
errno: No such file or directory (2)
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Previously for EVM verify you should specify `--hashalgo' option while
for IMA ima_verify you didn't.
Allow EVM verify to determine hash algo from signature.
Also, this makes two previously static functions to become exportable
and renamed:
get_hash_algo_from_sig -> imaevm_hash_algo_from_sig
get_hash_algo_by_id -> imaevm_hash_algo_by_id
This is needed because EVM hash is calculated (in calc_evm_hash) outside
of library.
imaevm_hash_algo_by_id() will now return NULL if algo is not found.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
OPENSSL_init_crypto() was introduced in version 1.1. When using an
older version of openssl, don't call OPENSSL_init_crypto. Partially
revert commit 782224f33cd7 ("ima-evm-utils: Rework openssl init").
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Make sign_hash_v1(), sign_hash_v2(), get_hash_algo_by_id, and
pkey_hash_algo[] and pkey_hash_algo_kern[] static.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Prefix `dump', `do_dump', and `params' with `imaevm_' to avoid colliding
with other global symbols.
Also, rename `libevm_' to `libimaevm_`, only used with `params'.
Additionally, rename `dump' into `hexdump'.
Finally, rename `get_hash_algo' to `imaevm_get_hash_algo' as suggested by
Mimi Zohar.
Lines that became too long are split, indent corrected. No code changes.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Bruno E. O. Meneguele <bmeneg@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Falling back and permissiveness could have security implications.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
ERR_load_crypto_strings() is already called in other place.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Each tima a new unknown key is encountered, emit a message of the format
"key #: <keyid> (unknown keyid)". The individual files using unknown
keys are then only logged in verbose mode. Also update the message
emitted to be consistent with other "verification failed" messages.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Changlog:
- Incorporated Vitaly's fix to prevent a null dereference in `tail->next`
Previously OpenSSL errors was delayed until evmctl exit (sometimes not).
Since we try to make libimaevm more robust, there could be many errors
accumulated, so it's useful to output OpenSSL errors as they happen.
This will also make output more understandable as you can see which
openssl error correspond to which libimaevm error.
Additionally, change spelling of read_pub_pkey and read_priv_pkey to
include key file name.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Since we now always call verify_hash_v2() with NULL keyfile (assuming
all keys are already loaded into public_keys list), remove keyfile
argument and its handling from verify_hash_v2().
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
[zohar@linux.ibm.com: make verify_hash_v1() and verify_hash_v2() static.]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This is more human understandable and also will improve handling of
the sources by cscope.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
When public keys are specified on the boot command line (--key "<public
key file>,[<public key file>,...]"), the appropriate public key is used
to verify EVM or file signatures. If no keys are specified, the default
x509_evm.der or pubkey_evm.pem file is used to verify the DIGSIG_VERSION_2
or DIGSIG_VERSION_1 signatures respectively, without first checking the
keyids. Instead of emitting a "verification failed: 0 (invalid
padding)" message, an "unknown keyid" message would be clearer.
To address this problem, when no public keys are specified, this patch
loads the x509_evm.der default public key onto the "public_keys" list,
while the pubkey_evm.pem continues to be passed to verify_hash_v1()
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Check return value of fstat(2) in add_file_hash() and remove
now unused get_fdsize().
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Struct signature_v2_hdr is packed so clang complains that taking address
of packed member may result in an unaligned pointer value:
libimaevm.c:481:21: warning: taking address of packed member 'keyid' of class or structure 'signature_v2_hdr' may result in an unaligned pointer value
[-Waddress-of-packed-member]
__be32_to_cpup(&hdr->keyid));
^~~~~~~~~~
libimaevm.c:905:17: warning: taking address of packed member 'keyid' of class or structure 'signature_v2_hdr' may result in an unaligned pointer value
[-Waddress-of-packed-member]
calc_keyid_v2(&hdr->keyid, name, pkey);
^~~~~~~~~~
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
When pctx is allocated using EVP_MD_CTX_new() it should be freed.
Found with ASan.
Fixes: 81010f0 ("ima-evm-utils: Add backward compatible support for openssl 1.1")
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
It's useful to know not just a hash value but also which algorithm is
used.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Move sign_hash()/ima_calc_hash()/calc_evm_hmac()/calc_evm_hash() status
checking before assert()'ing of their return values, so it can be passed
to the upper level callers. Especially useful for showing errors.
Fixes: 1d9c279279 ("Define hash and sig buffer sizes and add asserts")
Fixes: 9643544701 ("Fix hash buffer overflow in verify_evm and hmac_evm")
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
ima-evm-utils: Fix assert after ima_calc_hash
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
RSA_ASN1_templates[] are not needed anymore, because we switched to the
generic EVP_PKEY OpenSSL API to generate v2 signatures instead of
constructing PKCS1 ourselves.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Finish conversion of calc keyid v2 to EVP_PKEY API. After sign_hash_v2()
is switched to EVP_PKEY API (in previous commit), older RSA-specific
calc_keyid_v2() does not needed anymore and can be replaced with
calc_pkeyid_v2().
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Convert sign_hash_v2() to use more generic EVP_PKEY API instead of RSA
API. This enables generation of more signatures out of the box, such as
EC-RDSA (GOST) and any other that OpenSSL supports. This conversion also
fixes generation of MD4 signatures, because it didn't have proper
RSA_ASN1_template.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
