Release version 0.8

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>

AUTHORS

@@ -2,4 +2,5 @@ Dmitry Kasatkin <d.kasatkin@samsung.com>
 
 CONTRIBUTORS:
 Vivek Goyal <vgoyal@redhat.com>
+Mimi Zohar <zohar@linux.vnet.ibm.com>
 

COPYING

@@ -1,8 +1,8 @@
                     GNU GENERAL PUBLIC LICENSE
                        Version 2, June 1991
 
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
-     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -15,7 +15,7 @@ software--to make sure the software is free for all its users.  This
 General Public License applies to most of the Free Software
 Foundation's software and to any other program whose authors commit to
 using it.  (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.)  You can apply it to
+the GNU Lesser General Public License instead.)  You can apply it to
 your programs, too.
 
   When we speak of free software, we are referring to freedom, not
@@ -55,7 +55,7 @@ patent must be licensed for everyone's free use or not licensed at all.
 
   The precise terms and conditions for copying, distribution and
 modification follow.
-
+
                     GNU GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
@@ -110,7 +110,7 @@ above, provided that you also meet all of these conditions:
     License.  (Exception: if the Program itself is interactive but
     does not normally print such an announcement, your work based on
     the Program is not required to print an announcement.)
-
+
 These requirements apply to the modified work as a whole.  If
 identifiable sections of that work are not derived from the Program,
 and can be reasonably considered independent and separate works in
@@ -168,7 +168,7 @@ access to copy from a designated place, then offering equivalent
 access to copy the source code from the same place counts as
 distribution of the source code, even though third parties are not
 compelled to copy the source along with the object code.
-
+
   4. You may not copy, modify, sublicense, or distribute the Program
 except as expressly provided under this License.  Any attempt
 otherwise to copy, modify, sublicense or distribute the Program is
@@ -225,7 +225,7 @@ impose that choice.
 
 This section is intended to make thoroughly clear what is believed to
 be a consequence of the rest of this License.
-
+
   8. If the distribution and/or use of the Program is restricted in
 certain countries either by patents or by copyrighted interfaces, the
 original copyright holder who places the Program under this License
@@ -278,7 +278,7 @@ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
 
                      END OF TERMS AND CONDITIONS
-
+
             How to Apply These Terms to Your New Programs
 
   If you develop a new program, and you want it to be of the greatest
@@ -303,10 +303,9 @@ the "copyright" line and a pointer to where the full notice is found.
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
 
-    You should have received a copy of the GNU General Public License
+    You should have received a copy of the GNU General Public License along
-    along with this program; if not, write to the Free Software
+    with this program; if not, write to the Free Software Foundation, Inc.,
-    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
 
 Also add information on how to contact you by electronic and paper mail.
 
@@ -336,5 +335,5 @@ necessary.  Here is a sample; alter the names:
 This General Public License does not permit incorporating your program into
 proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Library General
+library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.

ChangeLog

@@ -1,3 +1,11 @@
+2014-05-05  Dmitry Kasatkin <d.kasatkin@samsung.com>
+
+	version 0.8
+	* Symbilic names for keyrings
+	* Hash list signing
+	* License text fix for using OpenSSL
+	* Help output fix
+
 2014-02-17  Dmitry Kasatkin <d.kasatkin@samsung.com>
 
 	version 0.7

configure.ac

@@ -1,7 +1,7 @@
 # autoconf script
 
 AC_PREREQ([2.65])
-AC_INIT(ima-evm-utils, 0.7, d.kasatkin@samsung.com)
+AC_INIT(ima-evm-utils, 0.8, d.kasatkin@samsung.com)
 AM_INIT_AUTOMAKE
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_MACRO_DIR([m4])

packaging/ima-evm-utils.spec

@@ -1,5 +1,5 @@
 Name:		ima-evm-utils
-Version:	0.7
+Version:	0.8
 Release:	1%{?dist}
 Summary:	ima-evm-utils - IMA/EVM control utility
 Group:		System/Libraries

src/evmctl.c

@@ -22,6 +22,18 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  *
+ * As a special exception, the copyright holders give permission to link the
+ * code of portions of this program with the OpenSSL library under certain
+ * conditions as described in each individual source file and distribute
+ * linked combinations including the program with the OpenSSL library. You
+ * must comply with the GNU General Public License in all respects
+ * for all of the code used other than as permitted herein. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you do not
+ * wish to do so, delete this exception statement from your version. If you
+ * delete this exception statement from all source files in the program,
+ * then also delete it in the license file.
+ *
  * File: evmctl.c
  *	 IMA/EVM control program
  */
@@ -402,6 +414,23 @@ static int hex2bin(uint8_t *dst, const char *src, size_t count)
 	return 0;
 }
 
+#define hex_asc_lo(x)   hex_asc[((x) & 0x0f)]
+#define hex_asc_hi(x)   hex_asc[((x) & 0xf0) >> 4]
+
+const char hex_asc[] = "0123456789abcdef";
+
+/* this is faster than fprintf - makes sense? */
+static void bin2hex(uint8_t *buf, size_t buflen, FILE *stream)
+{
+	char asciihex[2];
+
+	for (; buflen--; buf++) {
+		asciihex[0] = hex_asc_hi(*buf);
+		asciihex[1] = hex_asc_lo(*buf);
+		fwrite(asciihex, 2, 1, stream);
+	}
+}
+
 static int pack_uuid(const char *uuid_str, char *uuid)
 {
 	int i;
@@ -751,6 +780,49 @@ static int cmd_sign_ima(struct command *cmd)
 	return err;
 }
 
+static int cmd_sign_hash(struct command *cmd)
+{
+	char *key, *token, *line = NULL;
+	int hashlen = 0;
+	size_t line_len;
+	ssize_t len;
+	unsigned char hash[64];
+	unsigned char sig[1024] = "\x03";
+	int siglen;
+
+	key = params.keyfile ? : "/etc/keys/privkey_evm.pem";
+
+	/* support reading hash (eg. output of shasum) */
+	while ((len = getline(&line, &line_len, stdin)) > 0) {
+		/* remove end of line */
+		if (line[len - 1] == '\n')
+			line[--len] = '\0';
+
+		/* find the end of the hash */
+		token = strpbrk(line, ", \t");
+		hashlen = token ? token - line : strlen(line);
+
+		hex2bin(hash, line, hashlen);
+		siglen = sign_hash(params.hash_algo, hash, hashlen/2,
+				 key, sig + 1);
+		if (siglen <= 1)
+			return siglen;
+
+		fwrite(line, len, 1, stdout);
+		fprintf(stdout, " ");
+		bin2hex(sig, siglen + 1, stdout);
+		fprintf(stdout, "\n");
+	}
+
+	if (!hashlen) {
+		log_err("Parameters missing\n");
+		print_usage(cmd);
+		return -1;
+	}
+
+	return 0;
+}
+
 static int sign_evm_path(const char *file)
 {
 	char *key;
@@ -887,10 +959,26 @@ static int cmd_import(struct command *cmd)
 	} else
 		ring = g_argv[optind++];
 
-	if (!ring)
+	id = KEY_SPEC_USER_KEYRING; /* default keyring */
-		id = KEY_SPEC_USER_KEYRING;
+
-	else
+	if (ring) {
+		if (ring[0] != '@') {
 			id = atoi(ring);
+		} else {
+			if (strcmp(ring, "@t") == 0)
+				id = -1;
+			else if (strcmp(ring, "@p") == 0)
+				id = -2;
+			else if (strcmp(ring, "@s") == 0)
+				id = -3;
+			else if (strcmp(ring, "@u") == 0)
+				id = -4;
+			else if (strcmp(ring, "@us") == 0)
+				id = -5;
+			else if (strcmp(ring, "@g") == 0)
+				id = -6;
+		}
+	}
 
 	key = read_pub_key(inkey, x509);
 	if (!key)
@@ -1566,8 +1654,8 @@ static void usage(void)
 		"                     m - stay on the same filesystem (like 'find -xdev')\n"
 		"  -n                 print result to stdout instead of setting xattr\n"
 		"  -r, --recursive    recurse into directories (sign)\n"
-		"  --x32              force signature for 32 bit target system\n"
+		"  --m32              force signature for 32 bit target system\n"
-		"  --x64              force signature for 32 bit target system\n"
+		"  --m64              force signature for 32 bit target system\n"
 		"  -v                 increase verbosity level\n"
 		"  -h, --help         display this help and exit\n"
 		"\n");
@@ -1583,6 +1671,7 @@ struct command cmds[] = {
 	{"ima_hash", cmd_hash_ima, 0, "file", "Make file content hash.\n"},
 	{"ima_measurement", cmd_ima_measurement, 0, "file", "Verify measurement list (experimental).\n"},
 	{"ima_fix", cmd_ima_fix, 0, "[-t fdsxm] path", "Recursively fix IMA/EVM xattrs in fix mode.\n"},
+	{"sign_hash", cmd_sign_hash, 0, "[--key key] [--pass password]", "Sign hashes from shaXsum output.\n"},
 #ifdef DEBUG
 	{"hmac", cmd_hmac_evm, 0, "[--imahash | --imasig ] file", "Sign file metadata with HMAC using symmetric key (for testing purpose).\n"},
 #endif
@@ -1615,7 +1704,7 @@ int main(int argc, char *argv[])
 	g_argc = argc;
 
 	while (1) {
-		c = getopt_long(argc, argv, "hvnsda:p:fu::xk:t:r", opts, &lind);
+		c = getopt_long(argc, argv, "hvnsda:p:fu::k:t:r", opts, &lind);
 		if (c == -1)
 			break;
 

src/imaevm.h

@@ -1,3 +1,43 @@
+/*
+ * ima-evm-utils - IMA/EVM support utilities
+ *
+ * Copyright (C) 2011 Nokia Corporation
+ * Copyright (C) 2011,2012,2013 Intel Corporation
+ * Copyright (C) 2013,2014 Samsung Electronics
+ *
+ * Authors:
+ * Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
+ *                 <dmitry.kasatkin@intel.com>
+ *                 <d.kasatkin@samsung.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * version 2 as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * As a special exception, the copyright holders give permission to link the
+ * code of portions of this program with the OpenSSL library under certain
+ * conditions as described in each individual source file and distribute
+ * linked combinations including the program with the OpenSSL library. You
+ * must comply with the GNU General Public License in all respects
+ * for all of the code used other than as permitted herein. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you do not
+ * wish to do so, delete this exception statement from your version. If you
+ * delete this exception statement from all source files in the program,
+ * then also delete it in the license file.
+ *
+ * File: imaevm.h
+ *	 IMA/EVM header file
+ */
+
 #ifndef _LIBIMAEVM_H
 #define _LIBIMAEVM_H
 

src/libimaevm.c

@@ -19,7 +19,22 @@
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
- * File: libevm.c
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * As a special exception, the copyright holders give permission to link the
+ * code of portions of this program with the OpenSSL library under certain
+ * conditions as described in each individual source file and distribute
+ * linked combinations including the program with the OpenSSL library. You
+ * must comply with the GNU General Public License in all respects
+ * for all of the code used other than as permitted herein. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you do not
+ * wish to do so, delete this exception statement from your version. If you
+ * delete this exception statement from all source files in the program,
+ * then also delete it in the license file.
+ *
+ * File: libimaevm.c
  *	 IMA/EVM library
  */