[PATCH 0/3] ima: add regular file data hash support for sigv3

[PATCH 0/3] ima: add regular file data hash support for sigv3

[Mimi Zohar]

IMA signature version 3 (sigv3) support was introduced to avoid file
signature ambiguity. Instead of directly signing a raw fs-verity hash,
IMA signs the hash of ima_file_id structure, containing the type of
signature, the hash algorithm, and the hash.

Pure ML-DSA calculates and signs the hash directly rather than a
pre-hashed digest. To avoid ML-DSA having to re-calculate the file data
hash, Eric Biggers suggested signing the smaller ima_file_id structure.

This patch set adds the sigv3 support for regular file data hashes. A
subsequent patch set will add the ML-DSA support.

Mimi Zohar (3):
  ima: Define asymmetric_verify_v3() to verify IMA sigv3 signatures
  ima: add regular file data hash signature version 3 support
  ima: add support to require IMA sigv3 signatures

 Documentation/ABI/testing/ima_policy   | 10 ++--
 security/integrity/digsig.c            |  8 +--
 security/integrity/digsig_asymmetric.c | 58 +++++++++++++++++++++
 security/integrity/evm/evm_main.c      |  3 +-
 security/integrity/ima/ima.h           |  1 +
 security/integrity/ima/ima_appraise.c  | 72 ++++++++------------------
 security/integrity/ima/ima_policy.c    | 22 ++++----
 security/integrity/integrity.h         | 14 ++++-
 8 files changed, 115 insertions(+), 73 deletions(-)

--
2.53.0

[PATCH 1/3] ima: Define asymmetric_verify_v3() to verify IMA sigv3 signatures

[Mimi Zohar]

Define asymmetric_verify_v3() to calculate the hash of the struct
ima_file_id, before calling asymmetric_verify() to verify the
signature.

Move and update the existing calc_file_id_hash() function with a
simpler, self contained version.  In addition to the existing hash
data and hash data length arguments, also pass the hash algorithm.

Suggested-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 security/integrity/digsig.c            |  8 ++--
 security/integrity/digsig_asymmetric.c | 58 ++++++++++++++++++++++++
 security/integrity/evm/evm_main.c      |  3 +-
 security/integrity/ima/ima_appraise.c  | 63 ++++++--------------------
 security/integrity/integrity.h         | 14 +++++-
 5 files changed, 90 insertions(+), 56 deletions(-)

diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 75c684cce370..1ed686154d7a 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -59,7 +59,7 @@ static struct key *integrity_keyring_from_id(const unsigned int id)
 }
 
 int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
-			    const char *digest, int digestlen)
+			    const char *digest, int digestlen, u8 algo)
 {
 	struct key *keyring;
 
@@ -76,9 +76,11 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
 		return digsig_verify(keyring, sig + 1, siglen - 1, digest,
 				     digestlen);
 	case 2: /* regular file data hash based signature */
-	case 3: /* struct ima_file_id data based signature */
 		return asymmetric_verify(keyring, sig, siglen, digest,
-					 digestlen);
+					    digestlen);
+	case 3: /* struct ima_file_id data based signature */
+		return asymmetric_verify_v3(keyring, sig, siglen, digest,
+					    digestlen, algo);
 	}
 
 	return -EOPNOTSUPP;
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 87be85f477d1..dc5313746609 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -131,3 +131,61 @@ int asymmetric_verify(struct key *keyring, const char *sig,
 	pr_debug("%s() = %d\n", __func__, ret);
 	return ret;
 }
+
+/*
+ * calc_file_id_hash - calculate the hash of the ima_file_id struct data
+ * @type: xattr type [enum evm_ima_xattr_type]
+ * @algo: hash algorithm [enum hash_algo]
+ * @digest: pointer to the digest to be hashed
+ * @hash: (out) pointer to the hash
+ *
+ * IMA signature version 3 disambiguates the data that is signed by
+ * indirectly signing the hash of the ima_file_id structure data.
+ *
+ * Return 0 on success, error code otherwise.
+ */
+static int calc_file_id_hash(enum evm_ima_xattr_type type,
+			     enum hash_algo algo, const u8 *digest,
+			     struct ima_max_digest_data *hash)
+{
+	struct ima_file_id file_id = {.hash_type = type, .hash_algorithm = algo};
+	size_t digest_size = hash_digest_size[algo];
+	struct crypto_shash *tfm;
+	size_t file_id_size;
+	int rc;
+
+	if (type != IMA_VERITY_DIGSIG)
+		return -EINVAL;
+
+	tfm = crypto_alloc_shash(hash_algo_name[algo], 0, 0);
+	if (IS_ERR(tfm))
+		return PTR_ERR(tfm);
+
+	memcpy(file_id.hash, digest, digest_size);
+
+	/* Calculate the ima_file_id struct hash on the portion used. */
+	file_id_size = sizeof(file_id) - (HASH_MAX_DIGESTSIZE - digest_size);
+
+	hash->hdr.algo = algo;
+	hash->hdr.length = digest_size;
+	rc = crypto_shash_tfm_digest(tfm, (const u8 *)&file_id, file_id_size,
+				     hash->digest);
+
+	crypto_free_shash(tfm);
+	return rc;
+}
+
+int asymmetric_verify_v3(struct key *keyring, const char *sig, int siglen,
+			 const char *data, int datalen, u8 algo)
+{
+	struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
+	struct ima_max_digest_data hash;
+	int rc;
+
+	rc = calc_file_id_hash(hdr->type, algo, data, &hash);
+	if (rc)
+		return -EINVAL;
+
+	return asymmetric_verify(keyring, sig, siglen, hash.digest,
+				 hash.hdr.length);
+}
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 1b0089b4b796..b15d9d933b84 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -266,7 +266,8 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
 			break;
 		rc = integrity_digsig_verify(INTEGRITY_KEYRING_EVM,
 					(const char *)xattr_data, xattr_len,
-					digest.digest, digest.hdr.length);
+					digest.digest, digest.hdr.length,
+					digest.hdr.algo);
 		if (!rc) {
 			if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG) {
 				if (iint)
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 0d41d102626a..5b42307ac254 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -234,40 +234,6 @@ int ima_read_xattr(struct dentry *dentry,
 	return ret;
 }
 
-/*
- * calc_file_id_hash - calculate the hash of the ima_file_id struct data
- * @type: xattr type [enum evm_ima_xattr_type]
- * @algo: hash algorithm [enum hash_algo]
- * @digest: pointer to the digest to be hashed
- * @hash: (out) pointer to the hash
- *
- * IMA signature version 3 disambiguates the data that is signed by
- * indirectly signing the hash of the ima_file_id structure data.
- *
- * Signing the ima_file_id struct is currently only supported for
- * IMA_VERITY_DIGSIG type xattrs.
- *
- * Return 0 on success, error code otherwise.
- */
-static int calc_file_id_hash(enum evm_ima_xattr_type type,
-			     enum hash_algo algo, const u8 *digest,
-			     struct ima_digest_data *hash)
-{
-	struct ima_file_id file_id = {
-		.hash_type = IMA_VERITY_DIGSIG, .hash_algorithm = algo};
-	unsigned int unused = HASH_MAX_DIGESTSIZE - hash_digest_size[algo];
-
-	if (type != IMA_VERITY_DIGSIG)
-		return -EINVAL;
-
-	memcpy(file_id.hash, digest, hash_digest_size[algo]);
-
-	hash->algo = algo;
-	hash->length = hash_digest_size[algo];
-
-	return ima_calc_buffer_hash(&file_id, sizeof(file_id) - unused, hash);
-}
-
 /*
  * xattr_verify - verify xattr digest or signature
  *
@@ -279,7 +245,6 @@ static int xattr_verify(enum ima_hooks func, struct ima_iint_cache *iint,
 			struct evm_ima_xattr_data *xattr_value, int xattr_len,
 			enum integrity_status *status, const char **cause)
 {
-	struct ima_max_digest_data hash;
 	struct signature_v2_hdr *sig;
 	int rc = -EINVAL, hash_start = 0;
 	int mask;
@@ -341,7 +306,8 @@ static int xattr_verify(enum ima_hooks func, struct ima_iint_cache *iint,
 					     (const char *)xattr_value,
 					     xattr_len,
 					     iint->ima_hash->digest,
-					     iint->ima_hash->length);
+					     iint->ima_hash->length,
+					     iint->ima_hash->algo);
 		if (rc == -EOPNOTSUPP) {
 			*status = INTEGRITY_UNKNOWN;
 			break;
@@ -352,7 +318,9 @@ static int xattr_verify(enum ima_hooks func, struct ima_iint_cache *iint,
 						     (const char *)xattr_value,
 						     xattr_len,
 						     iint->ima_hash->digest,
-						     iint->ima_hash->length);
+						     iint->ima_hash->length,
+						     iint->ima_hash->algo);
+
 		if (rc) {
 			*cause = "invalid-signature";
 			*status = INTEGRITY_FAIL;
@@ -378,21 +346,16 @@ static int xattr_verify(enum ima_hooks func, struct ima_iint_cache *iint,
 			break;
 		}
 
-		rc = calc_file_id_hash(IMA_VERITY_DIGSIG, iint->ima_hash->algo,
-				       iint->ima_hash->digest,
-				       container_of(&hash.hdr,
-					       struct ima_digest_data, hdr));
-		if (rc) {
-			*cause = "sigv3-hashing-error";
-			*status = INTEGRITY_FAIL;
-			break;
-		}
-
 		rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA,
 					     (const char *)xattr_value,
-					     xattr_len, hash.digest,
-					     hash.hdr.length);
-		if (rc) {
+					     xattr_len,
+					     iint->ima_hash->digest,
+					     iint->ima_hash->length,
+					     iint->ima_hash->algo);
+		if (rc == -EOPNOTSUPP) {
+			*status = INTEGRITY_UNKNOWN;
+			break;
+		} else if (rc) {
 			*cause = "invalid-verity-signature";
 			*status = INTEGRITY_FAIL;
 		} else {
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 4636629533af..0c581c03c5da 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -131,7 +131,7 @@ struct modsig;
 #ifdef CONFIG_INTEGRITY_SIGNATURE
 
 int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
-			    const char *digest, int digestlen);
+			    const char *digest, int digestlen, u8 algo);
 int integrity_modsig_verify(unsigned int id, const struct modsig *modsig);
 
 int __init integrity_init_keyring(const unsigned int id);
@@ -142,7 +142,8 @@ int __init integrity_load_cert(const unsigned int id, const char *source,
 
 static inline int integrity_digsig_verify(const unsigned int id,
 					  const char *sig, int siglen,
-					  const char *digest, int digestlen)
+					  const char *digest, int digestlen,
+					  u8 algo)
 {
 	return -EOPNOTSUPP;
 }
@@ -170,12 +171,21 @@ static inline int __init integrity_load_cert(const unsigned int id,
 #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS
 int asymmetric_verify(struct key *keyring, const char *sig,
 		      int siglen, const char *data, int datalen);
+int asymmetric_verify_v3(struct key *keyring, const char *sig,
+			 int siglen, const char *data, int datalen, u8 algo);
 #else
 static inline int asymmetric_verify(struct key *keyring, const char *sig,
 				    int siglen, const char *data, int datalen)
 {
 	return -EOPNOTSUPP;
 }
+
+static inline int asymmetric_verify_v3(struct key *keyring,
+				       const char *sig, int siglen,
+				       const char *data, int datalen, u8 algo)
+{
+	return -EOPNOTSUPP;
+}
 #endif
 
 #ifdef CONFIG_IMA_APPRAISE_MODSIG
-- 
2.53.0

[PATCH 2/3] ima: add regular file data hash signature version 3 support

[Mimi Zohar]

Instead of directly verifying the signature of a file data hash,
signature v3 verifies the signature of the ima_file_id structure
containing the file data hash.

To disambiguate the signature usage, the ima_file_id structure also
includes the hash algorithm and the type of data (e.g. regular file
hash or fs-verity root hash).

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 security/integrity/digsig_asymmetric.c | 2 +-
 security/integrity/ima/ima_appraise.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index dc5313746609..6b21b9bf829e 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -154,7 +154,7 @@ static int calc_file_id_hash(enum evm_ima_xattr_type type,
 	size_t file_id_size;
 	int rc;
 
-	if (type != IMA_VERITY_DIGSIG)
+	if (type != IMA_VERITY_DIGSIG && type != EVM_IMA_XATTR_DIGSIG)
 		return -EINVAL;
 
 	tfm = crypto_alloc_shash(hash_algo_name[algo], 0, 0);
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 5b42307ac254..8f182d808b09 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -297,7 +297,7 @@ static int xattr_verify(enum ima_hooks func, struct ima_iint_cache *iint,
 		}
 
 		sig = (typeof(sig))xattr_value;
-		if (sig->version >= 3) {
+		if (sig->version > 3) {
 			*cause = "invalid-signature-version";
 			*status = INTEGRITY_FAIL;
 			break;
-- 
2.53.0

[PATCH 3/3] ima: add support to require IMA sigv3 signatures

[Mimi Zohar]

Defining a policy rule with the "appraise_type=imasig" option allows
either v2 or v3 signatures. Defining an IMA appraise rule with the
"appraise_type=sigv3" option requires a file sigv3 signature.

Define a new appraise type: IMA_SIGV3_REQUIRED

Example: appraise func=BPRM_CHECK appraise_type=sigv3

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 Documentation/ABI/testing/ima_policy  | 10 ++++++----
 security/integrity/ima/ima.h          |  1 +
 security/integrity/ima/ima_appraise.c |  7 +++++++
 security/integrity/ima/ima_policy.c   | 22 ++++++++++------------
 4 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
index d4b3696a9efb..19258471b7b2 100644
--- a/Documentation/ABI/testing/ima_policy
+++ b/Documentation/ABI/testing/ima_policy
@@ -53,10 +53,7 @@ Description:
 			    where 'imasig' is the original or the signature
 				format v2.
 			    where 'modsig' is an appended signature,
-			    where 'sigv3' is the signature format v3. (Currently
-				limited to fsverity digest based signatures
-				stored in security.ima xattr. Requires
-				specifying "digest_type=verity" first.)
+			    where 'sigv3' is the signature format v3.
 
 			appraise_flag:= [check_blacklist] (deprecated)
 			Setting the check_blacklist flag is no longer necessary.
@@ -186,6 +183,11 @@ Description:
 			appraise func=BPRM_CHECK digest_type=verity \
 				appraise_type=sigv3
 
+		Example of a regular IMA file hash 'appraise' rule requiring
+		signature version 3 format stored in security.ima xattr.
+
+			appraise func=BPRM_CHECK appraise_type=sigv3
+
 		All of these policy rules could, for example, be constrained
 		either based on a filesystem's UUID (fsuuid) or based on LSM
 		labels.
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 0eea02ff04df..69e9bf0b82c6 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -145,6 +145,7 @@ struct ima_kexec_hdr {
 #define IMA_DIGSIG_REQUIRED	0x01000000
 #define IMA_PERMIT_DIRECTIO	0x02000000
 #define IMA_NEW_FILE		0x04000000
+#define IMA_SIGV3_REQUIRED	0x08000000
 #define IMA_FAIL_UNVERIFIABLE_SIGS	0x10000000
 #define IMA_MODSIG_ALLOWED	0x20000000
 #define IMA_CHECK_BLACKLIST	0x40000000
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 8f182d808b09..de963b9f3634 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -302,6 +302,13 @@ static int xattr_verify(enum ima_hooks func, struct ima_iint_cache *iint,
 			*status = INTEGRITY_FAIL;
 			break;
 		}
+
+		if ((iint->flags & IMA_SIGV3_REQUIRED) && sig->version != 3) {
+			*cause = "IMA-sigv3-required";
+			*status = INTEGRITY_FAIL;
+			break;
+		}
+
 		rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA,
 					     (const char *)xattr_value,
 					     xattr_len,
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index bf2d7ba4c14a..f7f940a76922 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -1298,7 +1298,8 @@ static bool ima_validate_rule(struct ima_rule_entry *entry)
 				     IMA_GID | IMA_EGID |
 				     IMA_FGROUP | IMA_DIGSIG_REQUIRED |
 				     IMA_PERMIT_DIRECTIO | IMA_VALIDATE_ALGOS |
-				     IMA_CHECK_BLACKLIST | IMA_VERITY_REQUIRED))
+				     IMA_CHECK_BLACKLIST | IMA_VERITY_REQUIRED |
+				     IMA_SIGV3_REQUIRED))
 			return false;
 
 		break;
@@ -1833,9 +1834,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
 			break;
 		case Opt_digest_type:
 			ima_log_string(ab, "digest_type", args[0].from);
-			if (entry->flags & IMA_DIGSIG_REQUIRED)
-				result = -EINVAL;
-			else if ((strcmp(args[0].from, "verity")) == 0)
+			if ((strcmp(args[0].from, "verity")) == 0)
 				entry->flags |= IMA_VERITY_REQUIRED;
 			else
 				result = -EINVAL;
@@ -1849,14 +1848,13 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
 				else
 					entry->flags |= IMA_DIGSIG_REQUIRED | IMA_CHECK_BLACKLIST;
 			} else if (strcmp(args[0].from, "sigv3") == 0) {
-				/* Only fsverity supports sigv3 for now */
-				if (entry->flags & IMA_VERITY_REQUIRED)
-					entry->flags |= IMA_DIGSIG_REQUIRED | IMA_CHECK_BLACKLIST;
-				else
-					result = -EINVAL;
+				entry->flags |= IMA_SIGV3_REQUIRED |
+					IMA_DIGSIG_REQUIRED |
+					IMA_CHECK_BLACKLIST;
 			} else if (IS_ENABLED(CONFIG_IMA_APPRAISE_MODSIG) &&
 				 strcmp(args[0].from, "imasig|modsig") == 0) {
-				if (entry->flags & IMA_VERITY_REQUIRED)
+				if ((entry->flags & IMA_VERITY_REQUIRED) ||
+				    (entry->flags & IMA_SIGV3_REQUIRED))
 					result = -EINVAL;
 				else
 					entry->flags |= IMA_DIGSIG_REQUIRED |
@@ -1941,7 +1939,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
 
 	/* d-ngv2 template field recommended for unsigned fs-verity digests */
 	if (!result && entry->action == MEASURE &&
-	    entry->flags & IMA_VERITY_REQUIRED) {
+	    (entry->flags & IMA_VERITY_REQUIRED)) {
 		template_desc = entry->template ? entry->template :
 						  ima_template_desc_current();
 		check_template_field(template_desc, "d-ngv2",
@@ -2309,7 +2307,7 @@ int ima_policy_show(struct seq_file *m, void *v)
 	if (entry->template)
 		seq_printf(m, "template=%s ", entry->template->name);
 	if (entry->flags & IMA_DIGSIG_REQUIRED) {
-		if (entry->flags & IMA_VERITY_REQUIRED)
+		if (entry->flags & IMA_SIGV3_REQUIRED)
 			seq_puts(m, "appraise_type=sigv3 ");
 		else if (entry->flags & IMA_MODSIG_ALLOWED)
 			seq_puts(m, "appraise_type=imasig|modsig ");
-- 
2.53.0

Re: [PATCH 0/3] ima: add regular file data hash support for sigv3

[Stefan Berger]

On 3/24/26 4:39 PM, Mimi Zohar wrote:
> IMA signature version 3 (sigv3) support was introduced to avoid file
> signature ambiguity. Instead of directly signing a raw fs-verity hash,
> IMA signs the hash of ima_file_id structure, containing the type of
> signature, the hash algorithm, and the hash.
> 
> Pure ML-DSA calculates and signs the hash directly rather than a
> pre-hashed digest. To avoid ML-DSA having to re-calculate the file data
> hash, Eric Biggers suggested signing the smaller ima_file_id structure.
> 
> This patch set adds the sigv3 support for regular file data hashes. A
> subsequent patch set will add the ML-DSA support.
> 
> Mimi Zohar (3):
>    ima: Define asymmetric_verify_v3() to verify IMA sigv3 signatures
>    ima: add regular file data hash signature version 3 support
>    ima: add support to require IMA sigv3 signatures
> 
>   Documentation/ABI/testing/ima_policy   | 10 ++--
>   security/integrity/digsig.c            |  8 +--
>   security/integrity/digsig_asymmetric.c | 58 +++++++++++++++++++++
>   security/integrity/evm/evm_main.c      |  3 +-
>   security/integrity/ima/ima.h           |  1 +
>   security/integrity/ima/ima_appraise.c  | 72 ++++++++------------------
>   security/integrity/ima/ima_policy.c    | 22 ++++----
>   security/integrity/integrity.h         | 14 ++++-
>   8 files changed, 115 insertions(+), 73 deletions(-)
> 
> --
> 2.53.0
> 

Series:
Tested-by: Stefan Berger <stefanb@linux.ibm.com>

Re: [PATCH 1/3] ima: Define asymmetric_verify_v3() to verify IMA sigv3 signatures

[Eric Biggers]

On Tue, Mar 24, 2026 at 04:39:27PM -0400, Mimi Zohar wrote:
> + * IMA signature version 3 disambiguates the data that is signed by
> + * indirectly signing the hash of the ima_file_id structure data.

The right way to think about it is that it's the ima_file_id itself that
is being signed and verified, and taking the hash of it is only a
workaround for legacy algorithms that can only sign and verify hashes.
With modern algorithms like Ed25519 and ML-DSA that accept
arbitrary-length messages, that workaround won't be needed.

- Eric

Re: [PATCH 0/3] ima: add regular file data hash support for sigv3

[Eric Biggers]

On Tue, Mar 24, 2026 at 04:39:26PM -0400, Mimi Zohar wrote:
> IMA signature version 3 (sigv3) support was introduced to avoid file
> signature ambiguity. Instead of directly signing a raw fs-verity hash,
> IMA signs the hash of ima_file_id structure, containing the type of
> signature, the hash algorithm, and the hash.
> 
> Pure ML-DSA calculates and signs the hash directly rather than a
> pre-hashed digest. To avoid ML-DSA having to re-calculate the file data
> hash, Eric Biggers suggested signing the smaller ima_file_id structure.
> 
> This patch set adds the sigv3 support for regular file data hashes. A
> subsequent patch set will add the ML-DSA support.

This explanation is a bit confusing, since this is actually needed
regardless of ML-DSA support.

Anyway, it's still the right thing to do.

Acked-by: Eric Biggers <ebiggers@kernel.org>

- Eric

Re: [PATCH 1/3] ima: Define asymmetric_verify_v3() to verify IMA sigv3 signatures

[Mimi Zohar]

On Mon, 2026-03-30 at 13:13 -0700, Eric Biggers wrote:
> On Tue, Mar 24, 2026 at 04:39:27PM -0400, Mimi Zohar wrote:
> > + * IMA signature version 3 disambiguates the data that is signed by
> > + * indirectly signing the hash of the ima_file_id structure data.
> 
> The right way to think about it is that it's the ima_file_id itself that
> is being signed and verified, and taking the hash of it is only a
> workaround for legacy algorithms that can only sign and verify hashes.
> With modern algorithms like Ed25519 and ML-DSA that accept
> arbitrary-length messages, that workaround won't be needed.

I'll keep that in mind.  As previously discussed, the hashes are being
calculated for other purposes, like inclusion in the IMA measurement list and
the audit log.  Providing the potentially large, variable sized data so that the
crypto signing/verifying algorithm can recalculate the hash is superfluous. 
Your recommendation of signing the ima_file_id works nicely.

thanks!

Mimi