Introduce read_pub_pkey() to read keys using EVP_PKEY, and change
read_pub_key() to be wrapper for it.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Include hash-info.gen into tarball and call it from the sourcedir to fix
out-of-tree build (and thus 'make distcheck').
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Replace INCLUDES variable with AM_CPPFLAGS to stop Automake from warning
about deprecated variable usage.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
There is no need to link to full libssl. evmctl uses functions from
libcrypto, so let's link only against that library.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Remove deprecated call to OpenSSL_add_all_algorithms().
Allow to disable openssl config loading by evmctl via configure
`--disable-openssl-conf' option. Show status of that in configure.
Move config loading from libimaevm to evmctl.
Finish engine initialization properly by calling ENGINE_set_default(),
as suggested by James Bottomley.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Primary names of the algorithms are different for OpenSSL and Kernel.
"Streebog" is a name of the hash algorithm in the Kernel Crypto API.
"md_gost12_X" is the name used by most versions of OpenSSL, it's
placed in pkey_hash_algo[] so that algo IDs are resolved to them.
Allow to use both names.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
[zohar@linux.ibm.com: updated patch description based input from Vitaly]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
If configured with "--with-kernel-headers=PATH" try to extract hash
algorithms from "hash_info.h" from the kernel source tree or
kernel-headers package located in the specified path. (Otherwise, it
will be tried to get from the installed kernel.)
This also introduces two algorithm lists, one is built-in and another is
from the kernel source. (They should never contain conflicting algorithm
IDs by their append-only nature.) If the digest is not found in the
built-in list it will be searched in the list from kernel's
"hash_info.h".
This patch will allow evmctl to be just recompiled to work with digest
algorithms introduced in the newer kernels.
Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Another method of using GOST algorithms (and cryptographic accelerators)
is via direct preloading of appropriate engine using '--engine' option.
For the gost-engine it should be '--engine gost'.
Usage example:
1. Install gost-engine appropriately. (No need to edit openssl.cnf).
2. Then GOST algorithms should work:
# cp /dev/null a
# evmctl -v ima_hash --engine gost -a streebog256 a
hash: 04123f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This patch will allow using GOST algorithms from OpenSSL's
gost-engine[1] via config extension (which is the usual way).
[1] https://github.com/gost-engine/engine
Full usage example:
1. Install the gost-engine package for your distro, this could be
libengine-gost-openssl1.1, openssl-gost-engine, or openssl-engines.
2. Edit openssl.cnf appropriately. Reference INSTALL.md of gost-engine
for the detailed instructions.
3. Then GOST algorithms should work:
$ cp /dev/null a
$ openssl dgst -streebog256 a
md_gost12_256(a)= 3f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
$ evmctl -v ima_hash -a streebog256 --xattr-user a
hash: 04123f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
$ getfattr -d -m. -ehex a
# file: a
user.ima=0x04123f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The IMA/EVM attributes are currently stored in the "security" namespace,
which requires root privileges. Storing the ima/evm attributes in the
"user" namespace, instead of the "security" namespace, would be useful
for debugging and testing purposes, and because "--sigfile" does not
work for evm signatures.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
To prevent hash and sig buffers size mismatch, define their maximum
sizes and add sanity checking asserts.
Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Commit ae1319eeabd6 ("Remove hardcoding of SHA1 in EVM signatures")
introduces overflow of 20 byte buffer on the stack while calculating
hash. Also, invalid hash length is passed to the underlying verification
function in verify_evm. This prevents any non-SHA1 hashes from being
properly validated using evmctl.
Fixes: ae1319eeabd6 ("Remove hardcoding of SHA1 in EVM signatures")
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Key description in keyring is being filled with memory garbage during
import process if the LOG_LEVEL is not satisfied (using '-vv').
Testing in kernels without trusted keyring support, and importing a v1
(RSA) key pair, the kernel fails to find the key since it looks for the
key description, which is not found due to this issue:
"digsig: key not found, id: DD0558FEB7DDBD26"
Looking at:
# keyctl show
Session Keyring
635748007 --alswrv 0 0 keyring: _ses
673181018 --alswrv 0 65534 \_ keyring: _uid.0
360651479 --alswrv 0 0 \_ keyring: _ima
499360916 --alswrv 0 0 | \_ user: .N=
266933436 --alswrv 0 0 | \_ user: B641632DA94DEE26
Key id 499360916 and 266933436 are both the same key, but the first was added
without '-vv' in the command line, while the second one was using it.
Signed-off-by: Bruno E. O. Meneguele <bmeneg@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Don't log garbage when neither /sys/class/tpm/tpm0/device/pcrs nor
/sys/class/misc/tpm0/device/pcrs can be read and exit nicely with a
value of 1.
Signed-off-by: George Wilson <gcwilson@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
The kernel is taking security.apparmor into account when validating EVM,
so evmctl should be doing the same.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Mimi Zohar <zoahr@linux.vnet.ibm.com>
Changelog:
- Prevent compilation from failing due to XATTR_NAME_APPARMOR not being
included in the kernel-headers package.
EVM signatures are always being generated with SHA1 even if the -a
argument has been provided to evmctl. Fix this so the provided hash
algorithm is used instead.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Changelog:
- Like for cmd_sign_hash() and sign_ima(), the hash size for sign_evm()
should now be 64.
The xattr API/ABI is provided by both the c-library, as well as by the
libattr package. The c-library's header file is sys/xattr.h, whereas
libattr's header file can be found in attr/xattr.h.
Given none of the code here *links* against the libattr.so shared library, it
is wrong to *compile* against libattr's API (header file).
Doing so avoids confusion as to which xattr.h is used as the least problem,
and potential ABI differences as the worst problem due the mismatching header
file used.
So make sure we compile and link against the same thing, the c-library in
both cases.
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Instead of always displaying the entire measurement list, the default
behavior is just to return an error. Verbose (-v) displays the key ids
used in validating the measurement list, the PCR aggregate and TPM PCR
values. Verbose+ (-v -v) also displays the measurement list.
Signed-of-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Commit 313d21e "tpm: device class for tpm" moved the TPM sysfs location
from /sys/class/misc/tpmX/device/ to /sys/class/tpm/tpmX/device/.
Mimi Zohar <zohar@linux.vnet.ibm.com>
Openssl 1.1 is really annoying in that it made certain objects opaque
and added accessors for the necessary componenets, but these accessors
often don't exist in 1.0 and before, so there's no way to create clean
code that will compile with both 1.0 and 1.1; instead you have to
compiled with both code bases to make sure everything is working).
The other problem is that since the structures are opaque, their size
isn't known, so having a structure declared as a variable is no longer
possible.
This change switches all uses of EVP_MD_CTX to be pointers initialised
with the correct EVP_MD_CTX_new() (not available in 1.0), does the
same for HMAC_CTX, and uses the 1.1 only primitve RSA_get0_key() to
extract the public modulus and exponent from an RSA key.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Tested-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
The IMA measurement list may contain records for different PCRs. This
patch walks the measurement list, calculating a PCR aggregate value for
each PCR.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Instead of verifying file signatures included in the measurement list,
by calculating the local file hash, verify the file signature based on the
digest contained in the measurement list.
This patch defines a new option named "--list".
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
On a running system, different software packages might be signed by
different parties. Support verifying signatures in the measurement
list using multiple public keys(eg. -k "key1, key2, ...").
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Add a --portable argument that generates EVM signatures without using
the inode number and generation or fs UUID.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Changelog:
- immutable and portable flags are exclusive, prevent enabling both.
To write the .sig file as security.ima xattr using setfattr first
requires converting the .sig file from binary to ascii-hex. Although
this conversion can be done using hexdump, it is unnecessary when
calling setxattr. This patch defines a new command called
"ima_setxattr", which calls lsetxattr() to write the .sig file as
the security.ima xattr.
Changelog:
- remove unnecessary copy
- fixed --sigfile option
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
"evmutil ima_verify -n <some file>" disabled using xattrs without enabling
using a signature file, resulting in the use of uninitialized memory in
ima_verify_signature() and thus unpredictable results.
Such a mode of operation makes no sense, so interpret -n as
documented ("print result to stdout instead of setting xattr") and ignore it
during ima_verify. Instead, switch between the two verification modes only
via the global sigfile variable.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
When bailing out of the function due to EVP_DigestUpdate()
failing, the DIR resources allocated with opendir() were
not freed.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Supplying the password on the command line is not safe. This patch
adds support for prompting the user to enter the password. At some
point, supplying the pasword on the command line should be deprecated.
Prior to this patch, the password could be specified with a blank in
between the '-p' option and the password. With this patch, the
password now must be adjacent
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
evmctl defines the "--pass | -p" command line option for providing
the private key's password. The password is then stored in a global
variable accessible by the sign_hash_XXXX() functions.
This patch modifies the arguments to the library sign_hash()
function to include the password, allowing callers to specify the
private key password.
Changelog:
- add library init to call OpenSSL_add_all_algorithms
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Latest versions of smack uses additional xattrs. This patch adds them to
EVM protection. Linux kernel configuration option CONFIG_EVM_EXTRA_SMACK_XATTRS
has to be enabled.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
This patch enables package managers, such as rpm, to include IMA signatures in
packages.
To do this, sign_hash and some helper functions were moved from evmctl to
libimaevm. These functions used global variables that belong to evmctl, sigdump
and keypass. The variable sigdump is a flag that file signatures should be
printed to stdout, so the signature dump is now handled by functions that call
sign_hash. The variable keypass is a passphrase for an encrypted key, so it was
added to 'struct libevm_params'.
v2: Uses 'struct libevm_params' to minimize sign_hash parameters
v3: Export single sign_hash function that selects _v1 or _v2 internally based
on params.x509. Moved parameter checks and explicitly return -1 for failures.
Signed-off-by: Fionnuala Gunter <fin@linux.vnet.ibm.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
