Until Linux kernel version 5.11, a TSS was required to read TPM 2.0 PCR
values. A feature which exposed the per bank TPM 2.0 PCRs directly via
sysfs was upstreamed in newer Kernel versions.
Use this recent feature in IMA-EVM-UTILS to remove TSS dependency.
Signed-off-by: Tergel Myanganbayar <tergel@linux.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Remove unnecessary path check in pcr_ibmtss.c and update the syntax
in the other.
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The field sizes of the original "ima" template data are static, but
the other template data fields are not. They're prefixed with a size.
Add some data field size sanity checks in ima_show_ng().
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The template data length is variable, based on the template format.
Define some sort of upper bounds.
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
fread() either returns the number of bytes read or the number of items
of data read. Check that it returns the requested number of items read.
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Before attempting to use the key file, make sure it is a regular file.
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Fix COMPILE_SSL to build for the proper architecture, link with the
appropriate library, and set up library path for evmctl.
Compile OpenSSL with "no-engine" and "no-dynamic-engine" support.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Each record in the IMA measurement list must contain some template data.
Ensure the template data is not zero length.
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Instead of assuming the file hash algorithm is a properly NULL terminated
string, properly limit the "algo:<hash>" field size.
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
On failure to read TPM 2.0 bank PCRs 'errmsg' is not properly set to
NULL after being freed. Fix potential use after free.
Fixes: 3472f9ba9c05 ("ima-evm-utils: read the PCRs for the requested TPM banks")
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
OpenSSL v3 "engine" support is deprecated and replaced with "providers".
Engine support will continue to work for a while, but results in
deprecated declaration and other messages. One option is simply to hide
them ("-Wno-deprecated-declarations"). The other alternative is to
conditionally build ima-evm-utils without OpenSSL engine support and
without disabling deprecated declarations.
Based on "--disable-engine" or "--enable-engine=no" configuration
option, disable OpenSSL "engine" support.
As suggested by Vitaly,
- verify ENGINE_init symbol is defined in libcrypto
- disable engine support if either OPENSSL_NO_DYNAMIC_ENGINE or
OPENSSL_NO_ENGINE variables are defined
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
When EVP_MD_CTX_new() call was added, the corresponding EVP_MD_CTX_free()
was never called. Properly free it.
Fixes: 81010f0d87ef ("ima-evm-utils: Add backward compatible support for openssl 1.1")
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Calculating the EVM HMAC and labeling the filesystem was originally
included in ima-evm-utils for debugging purposes only. For now,
instead of removing EVM HMAC support just replace the low level
HMAC_ calls with EVP_ calls.
The '-a, --hashalgo' specifies the IMA hash or signature algorithm.
The kernel EVM HMAC is limited to SHA1. Fix ima-evm-utils by hard
coding the EVM HMAC algorithm to SHA1.
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
OpenSSL v3 emits deprecated warnings for SHA1 functions. Use the
EVP_ functions when walking the TPM 1.2 binary bios measurements
to calculate the TPM 1.2 PCRs.
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The original IMA file signatures were based on a SHA1 hash. Kernel
support for other hash algorithms was subsequently upstreamed. Deprecate
"--rsa" support.
Define "--enable-sigv1" option to configure signature v1 support.
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Writing either security.ima hashes or security.evm hmacs from userspace
will fail regardless of the IMA or EVM fix mode. In fix mode, 'touch'
will force security.ima and security.evm to be updated.
Make the setxattr error messages more explicit and clear errno.
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Define a log_errno_reset macro to emit the errno string at or near the
time of error, similar to the existing log_errno macro, but also reset
errno to avoid dangling or duplicate errno messages on exit.
The initial usage is for non-critical file open failures.
Suggested-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This reverts commit acb19d1894a4a95471b8d2346cd6c3ecf3385110, based on
the mailing list discussion and will be fixed in the next commit.
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Link: https://lore.kernel.org/linux-integrity/20220915153659.dtykhzitxdrlpasq@altlinux.org/
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
ima-evm-utils does not attempt to calculate or even read the fs-verity
file hash, but can verify the fs-verity signature based on the fsverity
file hash, both contained in the measurement list record.
Example:
evmctl ima_measurement --key <DER encoded public key> \
--verify-sig /sys/kernel/security/ima/binary_runtime_measurements
Modify 'sig' argument of verify_hash() to be the full xattr in order to
differentiate signatures types.
Note:
Kernel commit b1aaab22e263 ("ima: pass full xattr with the signature")
added the 'type' to signature_v2_hdr struct, which hasn't been reflected
here. (todo)
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Sign fs-verity file digests provided in the format as produced by
"fsverity digest". The output is of the same format as the input,
but with the file signature appended. Use setfattr to write the
signature as security.ima xattr.
fsverity digest format: <algo>:<hash> <pathname>
output format: <algo>:<hash> <pathname> <signature>
Instead of directly signing the fsverity hash, to disambiguate the
original IMA signatures from the fs-verity signatures stored in the
security.ima xattr a new signature format version 3 (sigv3) was
defined as the hash of the xattr type (enum evm_ima_xattr_type),
the hash algorithm (enum hash_algo), and the hash.
Example:
fsverity digest <pathname> | evmctl sign_hash --veritysig \
--key <pem encoded private key>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Not being able to open a file is not necessarily a problem. If
and when it occurs, an informational or error message with the
actual filename is emitted as needed.
Reset 'errno' to prevent the "errno: No such file or directory (2)"
generic message.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Updated both the release and library (ABI change) versions. See the
NEWS file for a short summary and the git history for details.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The SHA-1 algorithm is considered a weak hash algorithm and there has been
some movement within certain distros to drop its support completely or at
least drop it from the default behavior. ima-evm-utils uses it as the
default algorithm in case the user doesn't explicitly ask for another
through the --with-default-hash configuration time option or --hashalgo/-a
runtime option. With that, make SHA-256 the default hash algorithm instead.
Signed-off-by: Bruno Meneguele <bmeneg@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The default hash algorithm for evmctl is today hardcoded in the libimaevm.c
file. To facilitate package maintainers across different distributions to
set their own default hash algorithm, this patch adds the
--with-default-hash=<algo> option to the configuration script.
The chosen algorithm will then be checked by its available in the kernel,
otherwise IMA won't be able to verify files hashed by the user. For that,
the kernel header hash_info.h used as the source of supported hashes. In
case the hash_info.h header is not present, the configuration script warns
about it, but uses whatever the user specified in the option.
Signed-off-by: Bruno Meneguele <bmeneg@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Add support for pkcs11 private keys for signing a v2 hash.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
If the key has the pkcs11: URI prefix then setup the pkcs11 engine
if the user hasn't chosen a specific engine already.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Extend the global libimaevm_params structure with an ENGINE field 'eng'
and use it in place of the local ENGINE variable in main().
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Move the code that sets up an OpenSSL engine into its own function.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Handle failure to initialize the openssl engine. For example,
$ ./src/evmctl --engine foo
engine foo isn't available
140322992015168:error:25066067:DSO support routines:dlfcn_load:could not load the shared library:crypto/dso/dso_dlfcn.c:118:filename(/usr/lib64/engines-1.1/foo.so): /usr/lib64/engines-1.1/foo.so: cannot open shared object file: No such file or directory
140322992015168:error:25070067:DSO support routines:DSO_load:could not load the shared library:crypto/dso/dso_lib.c:162:
140322992015168:error:260B6084:engine routines:dynamic_load:dso not found:crypto/engine/eng_dyn.c:414:
140322992015168:error:2606A074:engine routines:ENGINE_by_id:no such engine:crypto/engine/eng_list.c:334:id=foo
Segmentation fault (core dumped)
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
If the user did not use the --pass option to provide a key password,
get the key password from the EVMCTL_KEY_PASSWORD environment variable.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
The variable "password" is not freed nor returned in case get_password()
succeeds. Return it instead of the intermediary variable "pwd". Issue found
by Coverity scan tool.
src/evmctl.c:2565: leaked_storage: Variable "password" going out of scope
leaks the storage it points to.
Signed-off-by: Bruno Meneguele <bmeneg@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Use the IBM TSS to implement the functions as an alternative to the
command line tools.
The algorithm_string_to_algid() function supports only the digest
algorithms in use. The table has place holders for other algorithms
as they are needed and the C strings are defined.
The table can also be used for an algorithm ID to string function if
it's ever needed.
When using the IBM TSS, link in its library.
Signed-off-by: Ken Goldman <kgoldman@us.ibm.com>
[zohar@linux.ibm.com: updated configure.ac, replaced license with SPDX,
added comment before TSS_Delete and modified rc1 testing.]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
PCR numbers are naturally unsigned values. Further, they are
32 bits, even on 64-bit machines. This change eliminates the
need for negative value and overflow tests.
The parameter name is changed from j and idx to pcr_handle, which is
more descriptive and is similar to the parameter name used in the TPM
2.0 specification.
Signed-off-by: Ken Goldman <kgoldman@us.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
There is no such an algorithm name as sm3-256. This is an ambiguity
caused by the definition of the macro HASH_ALGO_SM3_256. The sed
command is only a special case of sm3, so sm3 is used to replace
the sm3-256 algorithm name.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Keep in sync with the kernel IMA, IMA signature tool supports SM2/3
algorithm combination. Because in the current version of OpenSSL 1.1.1,
the SM2 algorithm and the public key using the EC algorithm share the
same ID 'EVP_PKEY_EC', and the specific algorithm can only be
distinguished by the curve name used. This patch supports this feature.
Secondly, the openssl 1.1.1 tool does not fully support the signature
of SM2/3 algorithm combination, so the openssl3 tool is used in the
test case, and there is no this problem with directly calling the
openssl 1.1.1 API in evmctl.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
[zohar@linux.ibm.com: "COMPILE_SSL: " -> "COMPILE_SSL=" in .travis.yml
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Allow to have certificate appended to the private key of `--key'
specified (PEM) file (for v2 signing) to facilitate reading of keyid
from the associated cert. This will allow users to have private and
public key as a single file and avoid the need of manually specifying
keyid. There is no check that public key form the cert matches
associated private key.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Allow user to specify `--keyid-from-cert cert.pem' to extract keyid from
SKID of the certificate file. PEM or DER format is auto-detected.
This commit creates ABI change for libimaevm, due to adding new function
ima_read_keyid(). Newer clients cannot work with older libimaevm.
Together with previous commit it creates backward-incompatible ABI
change, thus soname should be incremented on release.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Allow user to set signature's keyid using `--keyid' option. Keyid should
correspond to SKID in certificate, when keyid is calculated using SHA-1
in libimaevm it may mismatch keyid extracted by the kernel from SKID of
certificate (the way public key is presented to the kernel), thus making
signatures not verifiable. This may happen when certificate is using non
SHA-1 SKID (see rfc7093) or just 'unique number' (see rfc5280 4.2.1.2).
As a last resort user may specify arbitrary keyid using the new option.
This commit creates ABI change for libimaevm, because of adding
additional parameter to imaevm_params - newer libimaevm cannot work
with older clients.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reported-by: Elvira Khabirova <lineprinter0@gmail.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Since we are not signing directory entries, remove the left-over check
with S_ISDIR().
Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Remove the "Logically dead code (DEADCODE)" as reported by Coverity.
Fixes: 9c79b7de7231 ("ima-evm-utils: support verifying the measurement list using multiple keys")
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Coverity complains about the existing "if (!fread(....))" and inverse
syntax. Change it to make Coverity happy.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Static analysis reported an "invalid operation involving NULL pointer"
warning. Although the code properly exits the loop without ever
using the variable, test the pointer isn't NULL before incrementing
it.
Fixes: 80d3fda6083f ("ima-evm-utils: Check for tsspcrread in runtime")
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signature verification on symbolic links is not supported by IMA in the
kernel, so remove the calculation of digests over symbolic links.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signature verification on directories is not supported by IMA in the
kernel, so remove the calculation of digests over directories.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signature verification on device files is not supported by IMA in the
kernel, so remove calculation of digests over devices files.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Remove support for filtering on file types unsupported by IMA from evmctl.
This now prevents func(de->d_name) to be invoked on symlinks, block device
files, etc. since signature verification on those file types is not
supported by IMA in the kernel.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Instead of using the global variable imaevm_params.hash_algo as the
hash algo to use, use the algo parameter passed into the function.
Existing code in this function already uses 'algo' for writing the
hash into the header:
hdr->hash_algo = imaevm_get_hash_algo(algo);
Fixes: 07e623b60848 ("ima-evm-utils: Convert sign_hash_v2 to EVP_PKEY API").
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
