After applying previous patch, we will always get hash algo info from
signature and if user specified one on command line, that will be overridden.
This is like breaking old behavior. So keep track whether user specified
hash algo on command line or not. If user did not specify one then get
hash algo info from signature otherwise use the one user provided.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
If one signs a file using hash algo -sha256 then one needs to specify
signature during verification also. Otherwise evmctl using default sha1
for calculating hash and signature verification fails. One needs to
specify -a sha256 on command line even during signature verification
phase to make sure file is signed right.
I think that's completely unnecessary. A user is not always supposed
to know what algorithm was used to generate signature. User is only
concered with whether this signature is valid or not.
So retrieve hash algorithm info from signature and use that.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
hdr->hash for signature version 1 contains the info about what hash
algorithm has been used for signing the file. Currently we always set
hdr->hash to DIGEST_ALGO_SHA1. But one can sign file using SHA256 using
option "-a sha256". In that case we should put right hash algo info
in signature header. Fix it.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Now evmctl supports different hash algorithms and sha512 will produce
64 byte digest. verify_ima() still allocates only 20bytes to store hash.
This does not work with larger hashes.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
For V2 of digital signature we store signature at hdr->sig and not at
hdr->sig + 2. That's the property of V1 of signature.
Fix the verification code otherwise it fails with following message.
RSA_public_decrypt() failed: -1
error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Asymmetric keys were introduced in linux-3.7 to verify the signature on
signed kernel modules. The asymmetric keys infrastructure abstracts the
signature verification from the crypto details. Asymmetric crypto keys
support allows to import X509 public key certificate in a DER format
into the kernel keyring. Asymmetric keys require a new signature format.
'evmctl -x' or 'evmctl --x509' option can be used to utilize new
signature format.
Using of key filename after the file name for signing and verification commands
is a bit odd. This patch add '--key' parameter to specify non-default key file.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Latest version of EVM uses file system UUID as part of an HMAC
calculation to prevent pasting of inode metadata from other file
systems. This patch adds support for adding file system UUID
to HMAC calculation. It is necessary to specify '-u -' or '--uuid -'
on evmctl command line.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
README updated.
Module signing info has been removed. Module signing is done now in kernel
source tree and uses appended signatures. No need to create sig files or
set extended attributes. Information about test scripts has been removed.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
For debugging puporse it is usefull to have signature verification
functionality. It supports use of xattrs and .sig files.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Kernel module signature is appended to the kernel module.
Kernel signature also contains signature length and magic.
Added --modsig parameter to generate kernel module signature.
Signature can be added to the module like: cat module.sig >> module.ko
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
New IMA kernel patches support appraisal of special files,
such as links, device nodes, fifos.
This patch adds support to calculate hash for special files
to be set to security.ima extended attribute.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Newer automake does not like to put programs and scripts
to lib directory. Use libexec instead.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
getxattr() might return runtime value which does not really exist
on file system. It happens for SMACK LSM. Reading the list of existing
attributes allows to prevent such to happen.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
time_t is actually long and is different on 32 and 64 bit architectures.
Format of the signatures should not depend on the architecture and should
be the same. Changed timestamp to uint32_t like in GPG.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
To enable module signature verification working on file systems
without extended attributes, or to be able to copy modules by methods,
which does not support extended attribute copying, it is necessary
to store signature in the file. This patch provides command line parameter
for storing signature in .sig file.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Directory integrity verification requires directory hash value
to be set to security.ima.
This patch provides directory hash calculation.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
For debugging purpose it is nice to have evm hmac calculation for
labeling filesystem using hmac.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
evmctl was using sha1 for evm hash calculation.
Using EVM API is easy to use other digest algorithms such as sha256.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
evmctl provides signing support for IMA/EVM.
Functionality includes signing of file content (IMA), file metadata (EVM),
importing public keys into kernel keyring.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
