Validating a TPM quote of PCR-10, the default IMA PCR, requires not only
sending the quote to the verifier, but the IMA measurement list as well.
The attestation server can verify the IMA measurement list simply by
walking the measurement list and re-calculating the PCRs based on the
template data digest. In addition, the attestation server could verify
the template data digest based on the template data.
The LTP and standalone "ima_measure" test optionally verify the template
data digest. Similarly add "--verify" support to conditionally verify
the template data digest against the template data.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
File time of measure, time of use (ToMToU) violations are annotated in
the measurement list by including a template data digest of zeroes, but
extending the TPM with 0xFF's. This causes validating the measurement
against the TPM PCRs to fail. To validate the measurement list against
the PCRs requires replacing the zero template data digest with OxFF's.
The default behavior, unless specifically requested, should be to fail
the measurement list verification. Support validating the measurement
list based on a "--validate" option.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The template data digest for file measurement time of measure, time of
use (ToMToU) violations is zero. Don't calculate the template data
digest for the different banks.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Instead of emitting the per TPM PCR bank "boot_aggregate" values one
at a time, store them in a buffer and emit them all at once.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The IMA measurement list boot_aggregate is the link between the preboot
event log and the IMA measurement list. Read and calculate all the
possible per TPM bank boot_aggregate digests based on PCRs 0 - 7.
Reading the TPM PCRs requires root permission, unless access to the
device (/dev/tpm0 or /dev/tpmrm0) has been granted.
Prior to calculating the boot_aggregate, the TPM PCRs themselves should
be validated by walking the TPM event log and re-calculating the PCRs.
(Such a test should be included as part of the TSS regression testsuites.)
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This patch makes it possible to use the Intel TSS2 for getting
PCR values from the SHA1/SHA256 banks on a TPM2.
It is somewhat naive as it doesn't use the multi-PCR selection
that TSS2 is capable of, that is for a future patch.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
[zohar@linux.ibm.com: added missing "stdint.h" in pcr_tsspcrread.c]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Now that read_tpm_banks() reads the TPM 1.2 PCRs, remove the TPM 1.2
specific code for reading and verifying the SHA1 PCRs.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Extend read_tpm_banks() to support TPM 1.2, by reading TPM 1.2 SHA1 PCRs
into the first bank and mark the other banks as disabled.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
After walking the measurement list, re-calculating and extending the TPM
PCRs with the appropriate template digest for each bank, compare the
re-calculated PCR values for each TPM bank with the actual TPM values.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
tpm2_read_pcrs() reads the sha1 PCRs in order to verify the measurmeent
list. This patch adds support for reading other TPM banks.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
IMA currently extends the different TPM banks by padding/truncating the
SHA1 template digest. Although the IMA measurement list only includes
the SHA1 template digest, the template digest could be re-calculated
properly for each bank.
This patch adds support for properly calculating the template hash for
multiple TPM banks - "sha1" and "sha256".
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Opening a file for write when it is already opened for read, results in
a time of measure, time of use (ToMToU) error. Similarly, when opening
a file for read, when it is already opened for write, results in a file
measurement error. These violations are flagged by including 0x00's as
the template digest in the measurement list, but extending the TPM with
0xFF's.
In preparation of extending the TPM banks with bank specific digest
values, increase the "zero" and "fox" variable sizes.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The TPM spec differentiates between an unknown bank and an unallocated
bank. In terms of re-calculating the PCR, treat them as equivalent.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Change main() return code from -1 to 125 as -1 is not really valid exit
code. 125 is choosen because exit codes for signals start from 126.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Previously for EVM verify you should specify `--hashalgo' option while
for IMA ima_verify you didn't.
Allow EVM verify to determine hash algo from signature.
Also, this makes two previously static functions to become exportable
and renamed:
get_hash_algo_from_sig -> imaevm_hash_algo_from_sig
get_hash_algo_by_id -> imaevm_hash_algo_by_id
This is needed because EVM hash is calculated (in calc_evm_hash) outside
of library.
imaevm_hash_algo_by_id() will now return NULL if algo is not found.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
If user wants to verify v1 signature and specify RSA public key in `-k'
option, this key will be attempted to be loaded as x509 certificate and
this process will output errors.
Do not load a key as a x509 cert if user pass `--rsa'.
This is not perfect solution. As now it's possible to specify `-k' and
`--rsa' and v2 signatures will not verify, because of no keys.
This improvement is not added into ima_measurement().
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
If any tested file results in failure produce failure exit code.
Previously exit code affected only by the last file tested.
Fixes: "Allow multiple files in ima_verify"
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
OPENSSL_init_crypto() was introduced in version 1.1. When using an
older version of openssl, don't call OPENSSL_init_crypto. Partially
revert commit 782224f33cd7 ("ima-evm-utils: Rework openssl init").
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Prefix `dump', `do_dump', and `params' with `imaevm_' to avoid colliding
with other global symbols.
Also, rename `libevm_' to `libimaevm_`, only used with `params'.
Additionally, rename `dump' into `hexdump'.
Finally, rename `get_hash_algo' to `imaevm_get_hash_algo' as suggested by
Mimi Zohar.
Lines that became too long are split, indent corrected. No code changes.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Bruno E. O. Meneguele <bmeneg@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Falling back and permissiveness could have security implications.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The kernel does not expose the crypto agile TPM 2.0 PCR banks to
userspace like it exposes PCRs for TPM 1.2. As a result, a userspace
application is required to read PCRs.
This patch adds tsspcrread support for reading the TPM 2.0 PCRs.
tsspcrread is one application included in the ibmtss package.
Sample error messages:
Failed to read PCRs: (tsspcrread failed: No such file or directory)
Failed to read PCRs: (TSS_Dev_Open: Error opening /dev/tpmrm0)
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Bruno E. O. Meneguele <bmeneg@redhat.com>
When public keys are specified on the boot command line (--key "<public
key file>,[<public key file>,...]"), the appropriate public key is used
to verify EVM or file signatures. If no keys are specified, the default
x509_evm.der or pubkey_evm.pem file is used to verify the DIGSIG_VERSION_2
or DIGSIG_VERSION_1 signatures respectively, without first checking the
keyids. Instead of emitting a "verification failed: 0 (invalid
padding)" message, an "unknown keyid" message would be clearer.
To address this problem, when no public keys are specified, this patch
loads the x509_evm.der default public key onto the "public_keys" list,
while the pubkey_evm.pem continues to be passed to verify_hash_v1()
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
`selinux_str',`caps_str', and `ima_str' are passed from the command line
but copied into the fixed-size buffer.
Yes, length of `selinux_str' is calculated differently than of `caps_str'.
Fixes: CID 229895.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
file2bin() may return NULL, which is set to tmp, which is passed to
memcpy. Add explicit check for it.
Fixes: CID 229904.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Other than the "boot-aggregate" measurement entry in the IMA
measuremeent list, all other measurements are of file data. Kernel
support was recently added to support measuring the kexec boot command
line buffer, which is stored in a new template field named 'buf'.
This patch adds support for a new template named "ima-buf", defined as
"d-ng|n-ng|buf".
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
New, unknown template formats containing unknown fields are not
processed, resulting in "remain unprocessed data" messages. Processing
these unknown fields is unnecessary for walking the measurement list to
re-calculate the PCRs.
The "remain unproccessed data" may also be emitted for malformed, known
template records.
This patch limits the number of messages emitted to once per template
format and includes the template name in the message.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This allows testing multiple verify in a row, similar to ima_measurement.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Move sign_hash()/ima_calc_hash()/calc_evm_hmac()/calc_evm_hash() status
checking before assert()'ing of their return values, so it can be passed
to the upper level callers. Especially useful for showing errors.
Fixes: 1d9c279279 ("Define hash and sig buffer sizes and add asserts")
Fixes: 9643544701 ("Fix hash buffer overflow in verify_evm and hmac_evm")
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
ima-evm-utils: Fix assert after ima_calc_hash
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Finish conversion of calc keyid v2 to EVP_PKEY API. After sign_hash_v2()
is switched to EVP_PKEY API (in previous commit), older RSA-specific
calc_keyid_v2() does not needed anymore and can be replaced with
calc_pkeyid_v2().
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Introduce calc_pkeyid_v2() (which accepts EVP_PKEY) to replace
calc_keyid_v2() (which accepts RSA) in the future and use it in
cmd_import().
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Remove deprecated call to OpenSSL_add_all_algorithms().
Allow to disable openssl config loading by evmctl via configure
`--disable-openssl-conf' option. Show status of that in configure.
Move config loading from libimaevm to evmctl.
Finish engine initialization properly by calling ENGINE_set_default(),
as suggested by James Bottomley.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Another method of using GOST algorithms (and cryptographic accelerators)
is via direct preloading of appropriate engine using '--engine' option.
For the gost-engine it should be '--engine gost'.
Usage example:
1. Install gost-engine appropriately. (No need to edit openssl.cnf).
2. Then GOST algorithms should work:
# cp /dev/null a
# evmctl -v ima_hash --engine gost -a streebog256 a
hash: 04123f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This patch will allow using GOST algorithms from OpenSSL's
gost-engine[1] via config extension (which is the usual way).
[1] https://github.com/gost-engine/engine
Full usage example:
1. Install the gost-engine package for your distro, this could be
libengine-gost-openssl1.1, openssl-gost-engine, or openssl-engines.
2. Edit openssl.cnf appropriately. Reference INSTALL.md of gost-engine
for the detailed instructions.
3. Then GOST algorithms should work:
$ cp /dev/null a
$ openssl dgst -streebog256 a
md_gost12_256(a)= 3f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
$ evmctl -v ima_hash -a streebog256 --xattr-user a
hash: 04123f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
$ getfattr -d -m. -ehex a
# file: a
user.ima=0x04123f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The IMA/EVM attributes are currently stored in the "security" namespace,
which requires root privileges. Storing the ima/evm attributes in the
"user" namespace, instead of the "security" namespace, would be useful
for debugging and testing purposes, and because "--sigfile" does not
work for evm signatures.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
To prevent hash and sig buffers size mismatch, define their maximum
sizes and add sanity checking asserts.
Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Commit ae1319eeabd6 ("Remove hardcoding of SHA1 in EVM signatures")
introduces overflow of 20 byte buffer on the stack while calculating
hash. Also, invalid hash length is passed to the underlying verification
function in verify_evm. This prevents any non-SHA1 hashes from being
properly validated using evmctl.
Fixes: ae1319eeabd6 ("Remove hardcoding of SHA1 in EVM signatures")
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Don't log garbage when neither /sys/class/tpm/tpm0/device/pcrs nor
/sys/class/misc/tpm0/device/pcrs can be read and exit nicely with a
value of 1.
Signed-off-by: George Wilson <gcwilson@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
The kernel is taking security.apparmor into account when validating EVM,
so evmctl should be doing the same.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Mimi Zohar <zoahr@linux.vnet.ibm.com>
Changelog:
- Prevent compilation from failing due to XATTR_NAME_APPARMOR not being
included in the kernel-headers package.
EVM signatures are always being generated with SHA1 even if the -a
argument has been provided to evmctl. Fix this so the provided hash
algorithm is used instead.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Changelog:
- Like for cmd_sign_hash() and sign_ima(), the hash size for sign_evm()
should now be 64.
The xattr API/ABI is provided by both the c-library, as well as by the
libattr package. The c-library's header file is sys/xattr.h, whereas
libattr's header file can be found in attr/xattr.h.
Given none of the code here *links* against the libattr.so shared library, it
is wrong to *compile* against libattr's API (header file).
Doing so avoids confusion as to which xattr.h is used as the least problem,
and potential ABI differences as the worst problem due the mismatching header
file used.
So make sure we compile and link against the same thing, the c-library in
both cases.
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Instead of always displaying the entire measurement list, the default
behavior is just to return an error. Verbose (-v) displays the key ids
used in validating the measurement list, the PCR aggregate and TPM PCR
values. Verbose+ (-v -v) also displays the measurement list.
Signed-of-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Commit 313d21e "tpm: device class for tpm" moved the TPM sysfs location
from /sys/class/misc/tpmX/device/ to /sys/class/tpm/tpmX/device/.
Mimi Zohar <zohar@linux.vnet.ibm.com>
