1. 14 Feb, 2013 1 commit
  2. 07 Feb, 2013 1 commit
    • Dmitry Kasatkin's avatar
      ima: digital signature verification using asymmetric keys · e0751257
      Dmitry Kasatkin authored
      Asymmetric keys were introduced in linux-3.7 to verify the signature on
      signed kernel modules. The asymmetric keys infrastructure abstracts the
      signature verification from the crypto details. This patch adds IMA/EVM
      signature verification using asymmetric keys. Support for additional
      signature verification methods can now be delegated to the asymmetric
      key infrastructure.
      
      Although the module signature header and the IMA/EVM signature header
      could use the same format, to minimize the signature length and save
      space in the extended attribute, this patch defines a new IMA/EVM
      header format.  The main difference is that the key identifier is a
      sha1[12 - 19] hash of the key modulus and exponent, similar to the
      current implementation.  The only purpose of the key identifier is to
      identify the corresponding key in the kernel keyring.  ima-evm-utils
      was updated to support the new signature format.
      
      While asymmetric signature verification functionality supports many
      different hash algorithms, the hash used in this patch is calculated
      during the IMA collection phase, based on the configured algorithm.
      The default algorithm is sha1, but for backwards compatibility md5
      is supported.  Due to this current limitation, signatures should be
      generated using a sha1 hash algorithm.
      
      Changes in this patch:
      - Functionality has been moved to separate source file in order to get rid of
        in source #ifdefs.
      - keyid is derived according to the RFC 3280. It does not require to assign
        IMA/EVM specific "description" when loading X509 certificate. Kernel
        asymmetric key subsystem automatically generate the description. Also
        loading a certificate does not require using of ima-evm-utils and can be
        done using keyctl only.
      - keyid size is reduced to 32 bits to save xattr space.  Key search is done
        using partial match functionality of asymmetric_key_match().
      - Kconfig option title was changed
      Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
      Acked-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      e0751257
  3. 06 Feb, 2013 4 commits
    • Dmitry Kasatkin's avatar
      ima: rename hash calculation functions · 50af5544
      Dmitry Kasatkin authored
      Rename hash calculation functions to reflect meaning
      and change argument order in conventional way.
      Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
      Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      50af5544
    • Dmitry Kasatkin's avatar
      ima: use new crypto_shash API instead of old crypto_hash · 76bb28f6
      Dmitry Kasatkin authored
      Old crypto hash API internally uses shash API.
      Using shash API directly is more efficient.
      Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
      Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      76bb28f6
    • Dmitry Kasatkin's avatar
      ima: add policy support for file system uuid · 85865c1f
      Dmitry Kasatkin authored
      The IMA policy permits specifying rules to enable or disable
      measurement/appraisal/audit based on the file system magic number.
      If, for example, the policy contains an ext4 measurement rule,
      the rule is enabled for all ext4 partitions.
      
      Sometimes it might be necessary to enable measurement/appraisal/audit
      only for one partition and disable it for another partition of the
      same type.  With the existing IMA policy syntax, this can not be done.
      
      This patch provides support for IMA policy rules to specify the file
      system by its UUID (eg. fsuuid=397449cd-687d-4145-8698-7fed4a3e0363).
      
      For partitions not being appraised, it might be a good idea to mount
      file systems with the 'noexec' option to prevent executing non-verified
      binaries.
      Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
      Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      85865c1f
    • Dmitry Kasatkin's avatar
      evm: add file system uuid to EVM hmac · 74de6684
      Dmitry Kasatkin authored
      EVM uses the same key for all file systems to calculate the HMAC,
      making it possible to paste inodes from one file system on to another
      one, without EVM being able to detect it.  To prevent such an attack,
      it is necessary to make the EVM HMAC file system specific.
      
      This patch uses the file system UUID, a file system unique identifier,
      to bind the EVM HMAC to the file system. The value inode->i_sb->s_uuid
      is used for the HMAC hash calculation, instead of using it for deriving
      the file system specific key.  Initializing the key for every inode HMAC
      calculation is a bit more expensive operation than adding the uuid to
      the HMAC hash.
      
      Changing the HMAC calculation method or adding additional info to the
      calculation, requires existing EVM labeled file systems to be relabeled.
      This patch adds a Kconfig HMAC version option for backwards compatability.
      
      Changelog v1:
      - squash "hmac version setting"
      Changelog v0:
      - add missing Kconfig depends (Mimi)
      Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
      Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      74de6684
  4. 05 Feb, 2013 24 commits
  5. 01 Feb, 2013 2 commits
  6. 22 Jan, 2013 4 commits
  7. 16 Jan, 2013 4 commits