"evmutil ima_verify -n <some file>" disabled using xattrs without enabling
using a signature file, resulting in the use of uninitialized memory in
ima_verify_signature() and thus unpredictable results.
Such a mode of operation makes no sense, so interpret -n as
documented ("print result to stdout instead of setting xattr") and ignore it
during ima_verify. Instead, switch between the two verification modes only
via the global sigfile variable.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
When bailing out of the function due to EVP_DigestUpdate()
failing, the DIR resources allocated with opendir() were
not freed.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Supplying the password on the command line is not safe. This patch
adds support for prompting the user to enter the password. At some
point, supplying the pasword on the command line should be deprecated.
Prior to this patch, the password could be specified with a blank in
between the '-p' option and the password. With this patch, the
password now must be adjacent
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
evmctl defines the "--pass | -p" command line option for providing
the private key's password. The password is then stored in a global
variable accessible by the sign_hash_XXXX() functions.
This patch modifies the arguments to the library sign_hash()
function to include the password, allowing callers to specify the
private key password.
Changelog:
- add library init to call OpenSSL_add_all_algorithms
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Add more info on:
* introduction
* EVM formats
* Signature and keys formats
* IMA trusted keys and keyrings
* EVM trusted keys
* Updated scripts and examples
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Latest versions of smack uses additional xattrs. This patch adds them to
EVM protection. Linux kernel configuration option CONFIG_EVM_EXTRA_SMACK_XATTRS
has to be enabled.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Do not require to re-build man file at the build process.
It will require less build dependencies.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Update README with additional information to produce initial
evmctl.1 man page. Sligtly reformat it for that purpose as well.
Requires asciidoc, xslproc, docbook-xsl packages to build man page.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
This patch enables package managers, such as rpm, to include IMA signatures in
packages.
To do this, sign_hash and some helper functions were moved from evmctl to
libimaevm. These functions used global variables that belong to evmctl, sigdump
and keypass. The variable sigdump is a flag that file signatures should be
printed to stdout, so the signature dump is now handled by functions that call
sign_hash. The variable keypass is a passphrase for an encrypted key, so it was
added to 'struct libevm_params'.
v2: Uses 'struct libevm_params' to minimize sign_hash parameters
v3: Export single sign_hash function that selects _v1 or _v2 internally based
on params.x509. Moved parameter checks and explicitly return -1 for failures.
Signed-off-by: Fionnuala Gunter <fin@linux.vnet.ibm.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
'ima_hash -a sha256' and 'sign -a sha256 --imahash' commands did set
incorrect xattr header for hash algos other than sha1.
Fix it.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
'-x' option was removed a while ago, but 'x' was not removed
from getopt_long() parameter. Remove it.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
In a number of situations, the file hash has already been calculated.
Instead of reading a file to calculate the file hash, read the file hash
from stdin; and instead of writing the signature as an xattr or creating
a .sig file, output the signature as ascii-hex to stdout.
For example, piping the output of sha256sum <pathname> to evmctl would
display the original sha256 output with the file signature appended.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Currently evmctl supports importing keys onto a particular keyring
based on a numeric keyring identifier. This patch adds support
for importing keys based special values as defined by keyctl.
Thread keyring: @t (-1)
Process keyring: @p (-2)
Session keyring: @s (-3)
User specific keyring: @u (-4)
User default session keyring: @us (-5)
Group specific keyring: @g (-6)
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
