From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: linux-security-module@vger.kernel.org
Cc: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
James Morris <jmorris@namei.org>,
David Safford <safford@watson.ibm.com>,
Mimi Zohar <zohar@us.ibm.com>
Subject: [PATCH v4 04/11] evm: add support for different security.evm data types
Date: Mon, 28 Mar 2011 12:39:35 -0400 [thread overview]
Message-ID: <1301330382-17745-5-git-send-email-zohar@linux.vnet.ibm.com> (raw)
In-Reply-To: <1301330382-17745-1-git-send-email-zohar@linux.vnet.ibm.com>
From: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
EVM protects a file's security extended attributes(xattrs) against integrity
attacks. The current patchset maintains an HMAC-sha1 value across the security
xattrs, storing the value as the extended attribute 'security.evm'. We
anticipate other methods for protecting the security extended attributes.
This patch reserves the first byte of 'security.evm' as a place holder for
the type of method.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
---
include/linux/integrity.h | 6 ++++++
security/integrity/evm/evm_crypto.c | 10 ++++++----
security/integrity/evm/evm_main.c | 5 +++--
3 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/include/linux/integrity.h b/include/linux/integrity.h
index e715a2a..6659757 100644
--- a/include/linux/integrity.h
+++ b/include/linux/integrity.h
@@ -19,6 +19,12 @@ enum integrity_status {
INTEGRITY_UNKNOWN,
};
+enum evm_ima_xattr_type {
+ IMA_XATTR_DIGEST = 0x01,
+ EVM_XATTR_HMAC,
+ EVM_IMA_XATTR_DIGSIG,
+};
+
#ifdef CONFIG_INTEGRITY
extern int integrity_inode_alloc(struct inode *inode);
extern void integrity_inode_free(struct inode *inode);
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index c43be5a..644df7e 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -138,14 +138,16 @@ int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name,
const char *xattr_value, size_t xattr_value_len)
{
struct inode *inode = dentry->d_inode;
- u8 hmac[MAX_DIGEST_SIZE];
+ u8 hmac[MAX_DIGEST_SIZE + 1];
int rc = 0;
rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
- xattr_value_len, hmac);
- if (rc == 0)
+ xattr_value_len, hmac + 1);
+ if (rc == 0) {
+ hmac[0] = EVM_XATTR_HMAC;
rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_EVM,
- hmac, evm_hmac_size, 0);
+ hmac, evm_hmac_size + 1, 0);
+ }
else if (rc == -ENODATA)
rc = inode->i_op->removexattr(dentry, XATTR_NAME_EVM);
return rc;
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 66d7544..42c792f 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -52,7 +52,7 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
size_t xattr_value_len,
struct integrity_iint_cache *iint)
{
- char hmac_val[MAX_DIGEST_SIZE];
+ char hmac_val[MAX_DIGEST_SIZE + 1];
int rc;
if (iint->hmac_status != INTEGRITY_UNKNOWN)
@@ -60,10 +60,11 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
memset(hmac_val, 0, sizeof hmac_val);
rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
- xattr_value_len, hmac_val);
+ xattr_value_len, hmac_val + 1);
if (rc < 0)
return INTEGRITY_UNKNOWN;
+ hmac_val[0] = EVM_XATTR_HMAC;
rc = vfs_xattr_cmp(dentry, XATTR_NAME_EVM, hmac_val, sizeof hmac_val,
GFP_NOFS);
if (rc < 0)
--
1.7.3.4
next prev parent reply other threads:[~2011-03-28 16:39 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-28 16:39 [PATCH v4 00/11] EVM Mimi Zohar
2011-03-28 16:39 ` [PATCH v4 01/11] integrity: move ima inode integrity data management Mimi Zohar
2011-03-28 16:39 ` [PATCH v4 02/11] xattr: define vfs_getxattr_alloc and vfs_xattr_cmp Mimi Zohar
2011-03-28 16:39 ` [PATCH v4 03/11] evm: re-release Mimi Zohar
2011-03-28 16:39 ` Mimi Zohar [this message]
2011-03-28 16:39 ` [PATCH v4 05/11] ima: move ima_file_free before releasing the file Mimi Zohar
2011-03-28 16:39 ` [PATCH v4 06/11] security: imbed evm calls in security hooks Mimi Zohar
2011-03-28 16:39 ` [PATCH v4 07/11] evm: inode post removexattr Mimi Zohar
2011-03-28 16:39 ` [PATCH v4 08/11] evm: imbed evm_inode_post_setattr Mimi Zohar
2011-03-28 16:39 ` [PATCH v4 09/11] evm: inode_post_init Mimi Zohar
2011-03-28 16:39 ` [PATCH v4 10/11] fs: add evm_inode_post_init calls Mimi Zohar
2011-03-28 16:39 ` [PATCH v4 11/11] evm: crypto hash replaced by shash Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1301330382-17745-5-git-send-email-zohar@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=dmitry.kasatkin@nokia.com \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=safford@watson.ibm.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).