From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mimi Zohar Date: Thu, 17 Aug 2017 15:43:30 +0000 Subject: Re: [PATCH v4 7/7] ima: Support module-style appended signatures for appraisal Message-Id: <1502984610.3172.41.camel@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="ibm852" Content-Transfer-Encoding: base64 List-Id: References: <20170804220330.30026-1-bauerman@linux.vnet.ibm.com> <20170804220330.30026-8-bauerman@linux.vnet.ibm.com> In-Reply-To: <20170804220330.30026-8-bauerman@linux.vnet.ibm.com> To: Thiago Jung Bauermann , linux-security-module@vger.kernel.org Cc: linux-ima-devel@lists.sourceforge.net, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Dmitry Kasatkin , James Morris , "Serge E. Hallyn" , David Howells , David Woodhouse , Jessica Yu , Rusty Russell , Herbert Xu , "David S. Miller" , "AKASHI, Takahiro" Cj4gZGlmZiAtLWdpdCBhL3NlY3VyaXR5L2ludGVncml0eS9pbWEvaW1hX2FwcHJhaXNlLmMgYi9z ZWN1cml0eS9pbnRlZ3JpdHkvaW1hL2ltYV9hcHByYWlzZS5jCj4gaW5kZXggODdkMmI2MDFjZjhl Li41YTI0NGViYzYxZDkgMTAwNjQ0Cj4gLS0tIGEvc2VjdXJpdHkvaW50ZWdyaXR5L2ltYS9pbWFf YXBwcmFpc2UuYwo+ICsrKyBiL3NlY3VyaXR5L2ludGVncml0eS9pbWEvaW1hX2FwcHJhaXNlLmMK PiBAQCAtMTkwLDYgKzE5MCw2NCBAQCBpbnQgaW1hX3JlYWRfeGF0dHIoc3RydWN0IGRlbnRyeSAq ZGVudHJ5LAo+ICAJcmV0dXJuIHJldDsKPiAgfQo+IAo+ICtzdGF0aWMgdm9pZCBwcm9jZXNzX3hh dHRyX2Vycm9yKGludCByYywgc3RydWN0IGludGVncml0eV9paW50X2NhY2hlICppaW50LAo+ICsJ CQkJaW50IG9wZW5lZCwgY2hhciBjb25zdCAqKmNhdXNlLAo+ICsJCQkJZW51bSBpbnRlZ3JpdHlf c3RhdHVzICpzdGF0dXMpCj4gK3sKPiArCWlmIChyYyAmJiByYyAhPSAtRU5PREFUQSkKPiArCQly ZXR1cm47Cj4gKwo+ICsJKmNhdXNlID0gaWludC0+ZmxhZ3MgJiBJTUFfRElHU0lHX1JFUVVJUkVE ID8KPiArCQkiSU1BLXNpZ25hdHVyZS1yZXF1aXJlZCIgOiAibWlzc2luZy1oYXNoIjsKPiArCSpz dGF0dXMgPSBJTlRFR1JJVFlfTk9MQUJFTDsKPiArCj4gKwlpZiAob3BlbmVkICYgRklMRV9DUkVB VEVEKQo+ICsJCWlpbnQtPmZsYWdzIHw9IElNQV9ORVdfRklMRTsKPiArCj4gKwlpZiAoKGlpbnQt PmZsYWdzICYgSU1BX05FV19GSUxFKSAmJgo+ICsJICAgICEoaWludC0+ZmxhZ3MgJiBJTUFfRElH U0lHX1JFUVVJUkVEKSkKPiArCQkqc3RhdHVzID0gSU5URUdSSVRZX1BBU1M7Cj4gK30KPiArCj4g K3N0YXRpYyBpbnQgYXBwcmFpc2VfbW9kc2lnKHN0cnVjdCBpbnRlZ3JpdHlfaWludF9jYWNoZSAq aWludCwKPiArCQkJICAgc3RydWN0IGV2bV9pbWFfeGF0dHJfZGF0YSAqeGF0dHJfdmFsdWUsCj4g KwkJCSAgIGludCB4YXR0cl9sZW4pCj4gK3sKPiArCWVudW0gaGFzaF9hbGdvIGFsZ287Cj4gKwlj b25zdCB2b2lkICpkaWdlc3Q7Cj4gKwl2b2lkICpidWY7Cj4gKwlpbnQgcmMsIGxlbjsKPiArCXU4 IGRpZ19sZW47Cj4gKwo+ICsJcmMgPSBpbWFfbW9kc2lnX3ZlcmlmeShJTlRFR1JJVFlfS0VZUklO R19JTUEsIHhhdHRyX3ZhbHVlKTsKPiArCWlmIChyYykKPiArCQlyZXR1cm4gcmM7Cj4gKwo+ICsJ LyoKPiArCSAqIFRoZSBzaWduYXR1cmUgaXMgZ29vZC4gTm93IGxldCdzIHB1dCB0aGUgc2lnIGhh c2gKPiArCSAqIGludG8gdGhlIGlpbnQgY2FjaGUgc28gdGhhdCBpdCBnZXRzIHN0b3JlZCBpbiB0 aGUKPiArCSAqIG1lYXN1cmVtZW50IGxpc3QuCj4gKwkgKi8KPiArCj4gKwlyYyA9IGltYV9nZXRf bW9kc2lnX2hhc2goeGF0dHJfdmFsdWUsICZhbGdvLCAmZGlnZXN0LCAmZGlnX2xlbik7Cj4gKwlp ZiAocmMpCj4gKwkJcmV0dXJuIHJjOwo+ICsKPiArCWxlbiA9IHNpemVvZihpaW50LT5pbWFfaGFz aCkgKyBkaWdfbGVuOwo+ICsJYnVmID0ga3JlYWxsb2MoaWludC0+aW1hX2hhc2gsIGxlbiwgR0ZQ X05PRlMpOwo+ICsJaWYgKCFidWYpCj4gKwkJcmV0dXJuIC1FTk9NRU07Cj4gKwo+ICsJaWludC0+ aW1hX2hhc2ggPSBidWY7Cj4gKwlpaW50LT5mbGFncyB8PSBJTUFfRElHU0lHOwo+ICsJaWludC0+ aW1hX2hhc2gtPmFsZ28gPSBhbGdvOwo+ICsJaWludC0+aW1hX2hhc2gtPmxlbmd0aCA9IGRpZ19s ZW47Cj4gKwo+ICsJbWVtY3B5KGlpbnQtPmltYV9oYXNoLT5kaWdlc3QsIGRpZ2VzdCwgZGlnX2xl bik7Cj4gKwo+ICsJcmV0dXJuIDA7Cj4gK30KCkRlcGVuZGluZyBvbiB0aGUgSU1BIHBvbGljeSwg dGhlIGZpbGUgY291bGQgYWxyZWFkeSBoYXZlIGJlZW4KbWVhc3VyZWQuIMKgVGhhdCBtZWFzdXJl bWVudCBsaXN0IGVudHJ5IG1pZ2h0IGluY2x1ZGUgdGhlIGZpbGUKc2lnbmF0dXJlLCBhcyBzdG9y ZWQgaW4gdGhlIHhhdHRyLCBpbiB0aGUgaW1hLXNpZyB0ZW1wbGF0ZSBkYXRhLgoKSSB0aGluayBl dmVuIGlmIGEgbWVhc3VyZW1lbnQgbGlzdCBlbnRyeSBleGlzdHMsIHdlIHdvdWxkIHdhbnQgYW4K YWRkaXRpb25hbCBtZWFzdXJlbWVudCBsaXN0IGVudHJ5LCB3aGljaCBpbmNsdWRlcyB0aGUgYXBw ZW5kZWQKc2lnbmF0dXJlIGluIHRoZSBpbWEtc2lnIHRlbXBsYXRlIGRhdGEuCgpNaW1pCgotLQpU byB1bnN1YnNjcmliZSBmcm9tIHRoaXMgbGlzdDogc2VuZCB0aGUgbGluZSAidW5zdWJzY3JpYmUg a2V5cmluZ3MiIGluCnRoZSBib2R5IG9mIGEgbWVzc2FnZSB0byBtYWpvcmRvbW9Admdlci5rZXJu ZWwub3JnCk1vcmUgbWFqb3Jkb21vIGluZm8gYXQgIGh0dHA6Ly92Z2VyLmtlcm5lbC5vcmcvbWFq b3Jkb21vLWluZm8uaHRtbA== From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mimi Zohar Subject: Re: [PATCH v4 7/7] ima: Support module-style appended signatures for appraisal Date: Thu, 17 Aug 2017 11:43:30 -0400 Message-ID: <1502984610.3172.41.camel@linux.vnet.ibm.com> References: <20170804220330.30026-1-bauerman@linux.vnet.ibm.com> <20170804220330.30026-8-bauerman@linux.vnet.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Cc: linux-ima-devel@lists.sourceforge.net, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Dmitry Kasatkin , James Morris , "Serge E. Hallyn" , David Howells , David Woodhouse , Jessica Yu , Rusty Russell , Herbert Xu , "David S. Miller" , "AKASHI, Takahiro" To: Thiago Jung Bauermann , linux-security-module@vger.kernel.org Return-path: In-Reply-To: <20170804220330.30026-8-bauerman@linux.vnet.ibm.com> Sender: owner-linux-security-module@vger.kernel.org List-Id: linux-crypto.vger.kernel.org > diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c > index 87d2b601cf8e..5a244ebc61d9 100644 > --- a/security/integrity/ima/ima_appraise.c > +++ b/security/integrity/ima/ima_appraise.c > @@ -190,6 +190,64 @@ int ima_read_xattr(struct dentry *dentry, > return ret; > } > > +static void process_xattr_error(int rc, struct integrity_iint_cache *iint, > + int opened, char const **cause, > + enum integrity_status *status) > +{ > + if (rc && rc != -ENODATA) > + return; > + > + *cause = iint->flags & IMA_DIGSIG_REQUIRED ? > + "IMA-signature-required" : "missing-hash"; > + *status = INTEGRITY_NOLABEL; > + > + if (opened & FILE_CREATED) > + iint->flags |= IMA_NEW_FILE; > + > + if ((iint->flags & IMA_NEW_FILE) && > + !(iint->flags & IMA_DIGSIG_REQUIRED)) > + *status = INTEGRITY_PASS; > +} > + > +static int appraise_modsig(struct integrity_iint_cache *iint, > + struct evm_ima_xattr_data *xattr_value, > + int xattr_len) > +{ > + enum hash_algo algo; > + const void *digest; > + void *buf; > + int rc, len; > + u8 dig_len; > + > + rc = ima_modsig_verify(INTEGRITY_KEYRING_IMA, xattr_value); > + if (rc) > + return rc; > + > + /* > + * The signature is good. Now let's put the sig hash > + * into the iint cache so that it gets stored in the > + * measurement list. > + */ > + > + rc = ima_get_modsig_hash(xattr_value, &algo, &digest, &dig_len); > + if (rc) > + return rc; > + > + len = sizeof(iint->ima_hash) + dig_len; > + buf = krealloc(iint->ima_hash, len, GFP_NOFS); > + if (!buf) > + return -ENOMEM; > + > + iint->ima_hash = buf; > + iint->flags |= IMA_DIGSIG; > + iint->ima_hash->algo = algo; > + iint->ima_hash->length = dig_len; > + > + memcpy(iint->ima_hash->digest, digest, dig_len); > + > + return 0; > +} Depending on the IMA policy, the file could already have been measured.  That measurement list entry might include the file signature, as stored in the xattr, in the ima-sig template data. I think even if a measurement list entry exists, we would want an additional measurement list entry, which includes the appended signature in the ima-sig template data. Mimi From mboxrd@z Thu Jan 1 00:00:00 1970 From: zohar@linux.vnet.ibm.com (Mimi Zohar) Date: Thu, 17 Aug 2017 11:43:30 -0400 Subject: [PATCH v4 7/7] ima: Support module-style appended signatures for appraisal In-Reply-To: <20170804220330.30026-8-bauerman@linux.vnet.ibm.com> References: <20170804220330.30026-1-bauerman@linux.vnet.ibm.com> <20170804220330.30026-8-bauerman@linux.vnet.ibm.com> Message-ID: <1502984610.3172.41.camel@linux.vnet.ibm.com> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org > diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c > index 87d2b601cf8e..5a244ebc61d9 100644 > --- a/security/integrity/ima/ima_appraise.c > +++ b/security/integrity/ima/ima_appraise.c > @@ -190,6 +190,64 @@ int ima_read_xattr(struct dentry *dentry, > return ret; > } > > +static void process_xattr_error(int rc, struct integrity_iint_cache *iint, > + int opened, char const **cause, > + enum integrity_status *status) > +{ > + if (rc && rc != -ENODATA) > + return; > + > + *cause = iint->flags & IMA_DIGSIG_REQUIRED ? > + "IMA-signature-required" : "missing-hash"; > + *status = INTEGRITY_NOLABEL; > + > + if (opened & FILE_CREATED) > + iint->flags |= IMA_NEW_FILE; > + > + if ((iint->flags & IMA_NEW_FILE) && > + !(iint->flags & IMA_DIGSIG_REQUIRED)) > + *status = INTEGRITY_PASS; > +} > + > +static int appraise_modsig(struct integrity_iint_cache *iint, > + struct evm_ima_xattr_data *xattr_value, > + int xattr_len) > +{ > + enum hash_algo algo; > + const void *digest; > + void *buf; > + int rc, len; > + u8 dig_len; > + > + rc = ima_modsig_verify(INTEGRITY_KEYRING_IMA, xattr_value); > + if (rc) > + return rc; > + > + /* > + * The signature is good. Now let's put the sig hash > + * into the iint cache so that it gets stored in the > + * measurement list. > + */ > + > + rc = ima_get_modsig_hash(xattr_value, &algo, &digest, &dig_len); > + if (rc) > + return rc; > + > + len = sizeof(iint->ima_hash) + dig_len; > + buf = krealloc(iint->ima_hash, len, GFP_NOFS); > + if (!buf) > + return -ENOMEM; > + > + iint->ima_hash = buf; > + iint->flags |= IMA_DIGSIG; > + iint->ima_hash->algo = algo; > + iint->ima_hash->length = dig_len; > + > + memcpy(iint->ima_hash->digest, digest, dig_len); > + > + return 0; > +} Depending on the IMA policy, the file could already have been measured. ?That measurement list entry might include the file signature, as stored in the xattr, in the ima-sig template data. I think even if a measurement list entry exists, we would want an additional measurement list entry, which includes the appended signature in the ima-sig template data. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html