ima-evm-utils: Release version 1.1

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

ChangeLog

@@ -1,3 +1,25 @@
+2018-01-28  Mimi Zohar <zohar@us.ibm.com>
+
+	version 1.1
+	* Support the new openssl 1.1 api
+	* Support for validating multiple pcrs
+	* Verify the measurement list signature based on the list digest
+	* Verify the "ima-sig" measurement list using multiple keys
+	* Fixed parsing the measurement template data field length
+	* Portable & immutable EVM signatures (new format)
+	* Multiple fixes that have been lingering in the next branch. Some
+	  are for experimental features that are not yet supported in the
+	  kernel.
+
+2014-07-30  Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
+
+	version 1.0
+	* Recursive hashing
+	* Immutable EVM signatures (experimental)
+	* Command 'ima_clear' to remove xattrs
+	* Support for passing password to the library
+	* Support for asking password safely from the user
+
 2014-09-23  Dmitry Kasatkin <d.kasatkin@samsung.com>
 
 	version 0.9

README

@@ -26,12 +26,12 @@ COMMANDS
  --version
  help <command>
  import [--rsa] pubkey keyring
- sign [-r] [--imahash | --imasig ] [--key key] [--pass password] file
+ sign [-r] [--imahash | --imasig ] [--portable] [--key key] [--pass password] file
  verify file
  ima_sign [--sigfile] [--key key] [--pass password] file
  ima_verify file
  ima_hash file
- ima_measurement file
+ ima_measurement [--key "key1, key2, ..."] [--list] file
  ima_fix [-t fdsxm] path
  sign_hash [--key key] [--pass password]
  hmac [--imahash | --imasig ] file
@@ -46,6 +46,7 @@ OPTIONS
   -f, --sigfile      store IMA signature in .sig file instead of xattr
       --rsa          use RSA key type and signing scheme v1
   -k, --key          path to signing key (default: /etc/keys/{privkey,pubkey}_evm.pem)
+  -o, --portable     generate portable EVM signatures
   -p, --pass         password for encrypted signing key
   -r, --recursive    recurse into directories (sign)
   -t, --type         file types to fix 'fdsxm' (f: file, d: directory, s: block/char/symlink)
@@ -95,7 +96,8 @@ Kernel configuration option CONFIG_EVM_ATTR_FSUUID controls whether to include
 filesystem UUID into HMAC and enabled by default. Therefore evmctl also includes
 fsuuid by default. Providing '--uuid' option without parameter allows to disable
 usage of fs uuid. Providing '--uuid=UUID' option with parameter allows to use
-custom UUID.
+custom UUID. Providing the '--portable' option will disable usage of the fs uuid
+and also the inode number and generation.
 
 Kernel configuration option CONFIG_EVM_EXTRA_SMACK_XATTRS controls whether to
 include additional SMACK extended attributes into HMAC. They are following:
@@ -142,7 +144,7 @@ EVM encrypted key is used for EVM HMAC calculation:
     keyctl pipe `keyctl search @u user kmk` > /etc/keys/kmk
 
     # create the EVM encrypted key
-    keyctl add encrypted evm-key "new user:kmk 32" @u
+    keyctl add encrypted evm-key "new user:kmk 64" @u
     keyctl pipe `keyctl search @u encrypted evm-key` >/etc/keys/evm-key
 
 
@@ -403,7 +405,7 @@ When using plain RSA public keys in PEM format, use 'evmctl import --rsa' for im
 
 Latest version of keyctl allows to import X509 public key certificates:
 
-    cat /etc/keys/x509_ima.der | keyctl padd asymmetric '' @ima_id
+    cat /etc/keys/x509_ima.der | keyctl padd asymmetric '' $ima_id
 
 
 FILES

build-static.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+gcc -static -o evmctl.static -include config.h src/evmctl.c src/libimaevm.c -lcrypto -lkeyutils -ldl
+

configure.ac

@@ -1,7 +1,7 @@
 # autoconf script
 
 AC_PREREQ([2.65])
-AC_INIT(ima-evm-utils, 0.9, d.kasatkin@samsung.com)
+AC_INIT(ima-evm-utils, 1.1, zohar@linux.vnet.ibm.com)
 AM_INIT_AUTOMAKE
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_MACRO_DIR([m4])

packaging/ima-evm-utils.spec

@@ -1,5 +1,5 @@
 Name:		ima-evm-utils
-Version:	0.9
+Version:	1.1
 Release:	1%{?dist}
 Summary:	ima-evm-utils - IMA/EVM control utility
 Group:		System/Libraries

src/imaevm.h

@@ -82,6 +82,7 @@ enum evm_ima_xattr_type {
 	EVM_XATTR_HMAC,
 	EVM_IMA_XATTR_DIGSIG,
 	IMA_XATTR_DIGEST_NG,
+	EVM_XATTR_PORTABLE_DIGSIG,
 };
 
 struct h_misc {
@@ -108,6 +109,12 @@ struct h_misc_64 {
 	unsigned short mode;
 };
 
+struct h_misc_digsig {
+	uid_t uid;
+	gid_t gid;
+	unsigned short mode;
+};
+
 enum pubkey_algo {
 	PUBKEY_ALGO_RSA,
 	PUBKEY_ALGO_MAX,
@@ -166,14 +173,14 @@ struct signature_v2_hdr {
 } __packed;
 
 
-typedef int (*verify_hash_fn_t)(const unsigned char *hash, int size, unsigned char *sig, int siglen, const char *keyfile);
+typedef int (*verify_hash_fn_t)(const char *file, const unsigned char *hash, int size, unsigned char *sig, int siglen, const char *keyfile);
 
 struct libevm_params {
 	int verbose;
 	int x509;
 	const char *hash_algo;
-	char *keyfile;
-	char *keypass;
+	const char *keyfile;
+	const char *keypass;
 };
 
 struct RSA_ASN1_template {
@@ -181,6 +188,9 @@ struct RSA_ASN1_template {
 	size_t size;
 };
 
+#define	NUM_PCRS 20
+#define DEFAULT_PCR 10
+
 extern const struct RSA_ASN1_template RSA_ASN1_templates[PKEY_HASH__LAST];
 extern struct libevm_params params;
 
@@ -195,8 +205,9 @@ void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len
 void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key);
 int key2bin(RSA *key, unsigned char *pub);
 
-int sign_hash(const char *algo, const unsigned char *hash, int size, const char *keyfile, unsigned char *sig);
-int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen);
-int ima_verify_signature(const char *file, unsigned char *sig, int siglen);
+int sign_hash(const char *algo, const unsigned char *hash, int size, const char *keyfile, const char *keypass, unsigned char *sig);
+int verify_hash(const char *file, const unsigned char *hash, int size, unsigned char *sig, int siglen);
+int ima_verify_signature(const char *file, unsigned char *sig, int siglen, unsigned char *digest, int digestlen);
+void init_public_keys(const char *keyfiles);
 
 #endif

src/libimaevm.c

@@ -53,6 +53,7 @@
 #include <openssl/pem.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include <openssl/err.h>
 
 #include "imaevm.h"
 
@@ -130,6 +131,8 @@ struct libevm_params params = {
 	.hash_algo = "sha1",
 };
 
+static void __attribute__ ((constructor)) libinit(void);
+
 void do_dump(FILE *fp, const void *ptr, int len, bool cr)
 {
 	int i;
@@ -211,6 +214,7 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
 	DIR *dir;
 	unsigned long long ino, off;
 	unsigned int type;
+	int result = 0;
 
 	dir = opendir(file);
 	if (!dir) {
@@ -230,13 +234,14 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
 		err |= EVP_DigestUpdate(ctx, &type, sizeof(type));
 		if (!err) {
 			log_err("EVP_DigestUpdate() failed\n");
-			return 1;
+			result = 1;
+			break;
 		}
 	}
 
 	closedir(dir);
 
-	return 0;
+	return result;
 }
 
 static int add_link_hash(const char *path, EVP_MD_CTX *ctx)
@@ -266,9 +271,15 @@ int ima_calc_hash(const char *file, uint8_t *hash)
 {
 	const EVP_MD *md;
 	struct stat st;
-	EVP_MD_CTX ctx;
+	EVP_MD_CTX *pctx;
 	unsigned int mdlen;
 	int err;
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+	EVP_MD_CTX ctx;
+	pctx = &ctx;
+#else
+	pctx = EVP_MD_CTX_new();
+#endif
 
 	/*  Need to know the file length */
 	err = lstat(file, &st);
@@ -283,7 +294,7 @@ int ima_calc_hash(const char *file, uint8_t *hash)
 		return 1;
 	}
 
-	err = EVP_DigestInit(&ctx, md);
+	err = EVP_DigestInit(pctx, md);
 	if (!err) {
 		log_err("EVP_DigestInit() failed\n");
 		return 1;
@@ -291,17 +302,17 @@ int ima_calc_hash(const char *file, uint8_t *hash)
 
 	switch (st.st_mode & S_IFMT) {
 	case S_IFREG:
-		err = add_file_hash(file, &ctx);
+		err = add_file_hash(file, pctx);
 		break;
 	case S_IFDIR:
-		err = add_dir_hash(file, &ctx);
+		err = add_dir_hash(file, pctx);
 		break;
 	case S_IFLNK:
-		err = add_link_hash(file, &ctx);
+		err = add_link_hash(file, pctx);
 		break;
 	case S_IFIFO: case S_IFSOCK:
 	case S_IFCHR: case S_IFBLK:
-		err = add_dev_hash(&st, &ctx);
+		err = add_dev_hash(&st, pctx);
 		break;
 	default:
 		log_errno("Unsupported file type");
@@ -311,7 +322,7 @@ int ima_calc_hash(const char *file, uint8_t *hash)
 	if (err)
 		return err;
 
-	err = EVP_DigestFinal(&ctx, hash, &mdlen);
+	err = EVP_DigestFinal(pctx, hash, &mdlen);
 	if (!err) {
 		log_err("EVP_DigestFinal() failed\n");
 		return 1;
@@ -361,7 +372,8 @@ out:
 	return key;
 }
 
-int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int siglen, const char *keyfile)
+int verify_hash_v1(const char *file, const unsigned char *hash, int size,
+		   unsigned char *sig, int siglen, const char *keyfile)
 {
 	int err, len;
 	SHA_CTX ctx;
@@ -370,7 +382,7 @@ int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int
 	unsigned char sighash[20];
 	struct signature_hdr *hdr = (struct signature_hdr *)sig;
 
-	log_info("hash: ");
+	log_info("hash-v1: ");
 	log_dump(hash, size);
 
 	key = read_pub_key(keyfile, 0);
@@ -387,24 +399,77 @@ int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int
 	err = RSA_public_decrypt(siglen - sizeof(*hdr) - 2, sig + sizeof(*hdr) + 2, out, key, RSA_PKCS1_PADDING);
 	RSA_free(key);
 	if (err < 0) {
-		log_err("RSA_public_decrypt() failed: %d\n", err);
+		log_err("%s: RSA_public_decrypt() failed: %d\n", file, err);
 		return 1;
 	}
 
 	len = err;
 
 	if (len != sizeof(sighash) || memcmp(out, sighash, len) != 0) {
-		log_err("Verification failed: %d\n", err);
+		log_err("%s: verification failed: %d\n", file, err);
 		return -1;
-	} else {
-		/*log_info("Verification is OK\n");*/
-		printf("Verification is OK\n");
 	}
 
 	return 0;
 }
 
-int verify_hash_v2(const unsigned char *hash, int size, unsigned char *sig, int siglen, const char *keyfile)
+struct public_key_entry {
+	struct public_key_entry *next;
+	uint32_t keyid;
+	char name[9];
+	RSA *key;
+};
+static struct public_key_entry *public_keys = NULL;
+
+static RSA *find_keyid(uint32_t keyid)
+{
+	struct public_key_entry *entry;
+
+	for (entry = public_keys; entry != NULL; entry = entry->next) {
+		if (entry->keyid == keyid)
+			return entry->key;
+	}
+	return NULL;
+}
+
+void init_public_keys(const char *keyfiles)
+{
+	struct public_key_entry *entry;
+	char *tmp_keyfiles;
+	char *keyfile;
+	int i = 1;
+
+	tmp_keyfiles = strdup(keyfiles);
+
+	while ((keyfile = strsep(&tmp_keyfiles, ", \t")) != NULL) {
+		if (!keyfile)
+			break;
+		if ((*keyfile == '\0') || (*keyfile == ' ') ||
+		    (*keyfile == '\t'))
+			continue;
+
+		entry = malloc(sizeof(struct public_key_entry));
+		if (!entry) {
+			perror("malloc");
+			break;
+		}
+
+		entry->key = read_pub_key(keyfile, 1);
+		if (!entry->key) {
+			free(entry);
+			continue;
+		}
+
+		calc_keyid_v2(&entry->keyid, entry->name, entry->key);
+		sprintf(entry->name, "%x", __be32_to_cpup(&entry->keyid));
+		log_info("key %d: %s %s\n", i++, entry->name, keyfile);
+		entry->next = public_keys;
+		public_keys = entry;
+	}
+}
+
+int verify_hash_v2(const char *file, const unsigned char *hash, int size,
+		   unsigned char *sig, int siglen, const char *keyfile)
 {
 	int err, len;
 	unsigned char out[1024];
@@ -412,17 +477,29 @@ int verify_hash_v2(const unsigned char *hash, int size, unsigned char *sig, int
 	struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
 	const struct RSA_ASN1_template *asn1;
 
-	log_info("hash: ");
-	log_dump(hash, size);
+	if (params.verbose > LOG_INFO) {
+		log_info("hash: ");
+		log_dump(hash, size);
+	}
 
-	key = read_pub_key(keyfile, 1);
-	if (!key)
-		return 1;
+	if (public_keys) {
+		key = find_keyid(hdr->keyid);
+		if (!key) {
+			log_err("%s: unknown keyid: %x\n", file,
+				__be32_to_cpup(&hdr->keyid));
+			return -1;
+		}
+	} else {
+		key = read_pub_key(keyfile, 1);
+		if (!key)
+			return 1;
+	}
 
-	err = RSA_public_decrypt(siglen - sizeof(*hdr), sig + sizeof(*hdr), out, key, RSA_PKCS1_PADDING);
-	RSA_free(key);
+
+	err = RSA_public_decrypt(siglen - sizeof(*hdr), sig + sizeof(*hdr),
+				 out, key, RSA_PKCS1_PADDING);
 	if (err < 0) {
-		log_err("RSA_public_decrypt() failed: %d\n", err);
+		log_err("%s: RSA_public_decrypt() failed: %d\n", file, err);
 		return 1;
 	}
 
@@ -431,20 +508,17 @@ int verify_hash_v2(const unsigned char *hash, int size, unsigned char *sig, int
 	asn1 = &RSA_ASN1_templates[hdr->hash_algo];
 
 	if (len < asn1->size || memcmp(out, asn1->data, asn1->size)) {
-		log_err("Verification failed: %d\n", err);
+		log_err("%s: verification failed: %d\n", file, err);
 		return -1;
 	}
 
 	len -= asn1->size;
 
 	if (len != size || memcmp(out + asn1->size, hash, len)) {
-		log_err("Verification failed: %d\n", err);
+		log_err("%s: verification failed: %d\n", file, err);
 		return -1;
 	}
 
-	/*log_info("Verification is OK\n");*/
-	printf("Verification is OK\n");
-
 	return 0;
 }
 
@@ -486,9 +560,10 @@ static int get_hash_algo_from_sig(unsigned char *sig)
 		return -1;
 }
 
-int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen)
+int verify_hash(const char *file, const unsigned char *hash, int size, unsigned char *sig,
+		int siglen)
 {
-	char *key;
+	const char *key;
 	int x509;
 	verify_hash_fn_t verify_hash;
 
@@ -509,10 +584,11 @@ int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int sig
 			"/etc/keys/x509_evm.der" :
 			"/etc/keys/pubkey_evm.pem";
 
-	return verify_hash(hash, size, sig, siglen, key);
+	return verify_hash(file, hash, size, sig, siglen, key);
 }
 
-int ima_verify_signature(const char *file, unsigned char *sig, int siglen)
+int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
+			 unsigned char *digest, int digestlen)
 {
 	unsigned char hash[64];
 	int hashlen, sig_hash_algo;
@@ -530,11 +606,18 @@ int ima_verify_signature(const char *file, unsigned char *sig, int siglen)
 	/* Use hash algorithm as retrieved from signature */
 	params.hash_algo = pkey_hash_algo[sig_hash_algo];
 
+	/*
+	 * Validate the signature based on the digest included in the
+	 * measurement list, not by calculating the local file digest.
+	 */
+	if (digestlen > 0)
+	    return verify_hash(file, digest, digestlen, sig + 1, siglen - 1);
+
 	hashlen = ima_calc_hash(file, hash);
 	if (hashlen <= 1)
 		return hashlen;
 
-	return verify_hash(hash, hashlen, sig + 1, siglen - 1);
+	return verify_hash(file, hash, hashlen, sig + 1, siglen - 1);
 }
 
 /*
@@ -544,6 +627,14 @@ int key2bin(RSA *key, unsigned char *pub)
 {
 	int len, b, offset = 0;
 	struct pubkey_hdr *pkh = (struct pubkey_hdr *)pub;
+	const BIGNUM *n, *e;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+	n = key->n;
+	e = key->e;
+#else
+	RSA_get0_key(key, &n, &e, NULL);
+#endif
 
 	/* add key header */
 	pkh->version = 1;
@@ -553,18 +644,18 @@ int key2bin(RSA *key, unsigned char *pub)
 
 	offset += sizeof(*pkh);
 
-	len = BN_num_bytes(key->n);
-	b = BN_num_bits(key->n);
+	len = BN_num_bytes(n);
+	b = BN_num_bits(n);
 	pub[offset++] = b >> 8;
 	pub[offset++] = b & 0xff;
-	BN_bn2bin(key->n, &pub[offset]);
+	BN_bn2bin(n, &pub[offset]);
 	offset += len;
 
-	len = BN_num_bytes(key->e);
-	b = BN_num_bits(key->e);
+	len = BN_num_bytes(e);
+	b = BN_num_bits(e);
 	pub[offset++] = b >> 8;
 	pub[offset++] = b & 0xff;
-	BN_bn2bin(key->e, &pub[offset]);
+	BN_bn2bin(e, &pub[offset]);
 	offset += len;
 
 	return offset;
@@ -582,9 +673,11 @@ void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len
 	log_debug("keyid: ");
 	log_debug_dump(keyid, 8);
 
-	id = __be64_to_cpup((__be64 *) keyid);
-	sprintf(str, "%llX", (unsigned long long)id);
-	log_info("keyid: %s\n", str);
+	if (params.verbose > LOG_INFO) {
+		id = __be64_to_cpup((__be64 *) keyid);
+		sprintf(str, "%llX", (unsigned long long)id);
+		log_info("keyid-v1: %s\n", str);
+	}
 }
 
 void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key)
@@ -602,13 +695,15 @@ void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key)
 	log_debug("keyid: ");
 	log_debug_dump(keyid, 4);
 
-	sprintf(str, "%x", __be32_to_cpup(keyid));
-	log_info("keyid: %s\n", str);
+	if (params.verbose > LOG_INFO) {
+		sprintf(str, "%x", __be32_to_cpup(keyid));
+		log_info("keyid: %s\n", str);
+	}
 
 	free(pkey);
 }
 
-static RSA *read_priv_key(const char *keyfile, char *keypass)
+static RSA *read_priv_key(const char *keyfile, const char *keypass)
 {
 	FILE *fp;
 	RSA *key;
@@ -618,9 +713,14 @@ static RSA *read_priv_key(const char *keyfile, char *keypass)
 		log_err("Failed to open keyfile: %s\n", keyfile);
 		return NULL;
 	}
-	key = PEM_read_RSAPrivateKey(fp, NULL, NULL, keypass);
-	if (!key)
-		log_err("PEM_read_RSAPrivateKey() failed\n");
+	ERR_load_crypto_strings();
+	key = PEM_read_RSAPrivateKey(fp, NULL, NULL, (void *)keypass);
+	if (!key) {
+		char str[256];
+
+		ERR_error_string(ERR_get_error(), str);
+		log_err("PEM_read_RSAPrivateKey() failed: %s\n", str);
+	}
 
 	fclose(fp);
 	return key;
@@ -711,7 +811,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons
 	blen = (uint16_t *) (sig + sizeof(*hdr));
 	*blen = __cpu_to_be16(len << 3);
 	len += sizeof(*hdr) + 2;
-	log_info("evm/ima signature: %d bytes\n", len);
+	log_info("evm/ima signature-v1: %d bytes\n", len);
 out:
 	RSA_free(key);
 	return len;
@@ -786,8 +886,18 @@ out:
 	return len;
 }
 
-int sign_hash(const char *hashalgo, const unsigned char *hash, int size, const char *keyfile, unsigned char *sig)
+
+int sign_hash(const char *hashalgo, const unsigned char *hash, int size, const char *keyfile, const char *keypass, unsigned char *sig)
 {
+	if (keypass)
+		params.keypass = keypass;
+
 	return params.x509 ? sign_hash_v2(hashalgo, hash, size, keyfile, sig) :
 			     sign_hash_v1(hashalgo, hash, size, keyfile, sig);
 }
+
+static void libinit()
+{
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+}