| Message ID | 20181203033525.20431-7-vt@altlinux.org (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [v3,1/7] ima-evm-utils: Fix hash buffer overflow in verify_evm and hmac_evm | expand |
Hi Vitaly, On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote: > For compatibility with older OpenSSL try to load digest by its alias if > load by its proper name is failed. > > This is configured in pkey_hash_algo by mentioning loadable alias first in the > comma separated list of algo names. After this patch, I can not verify the signature. It's failing to find the hash algorithm. evmctl ima_sign -k <private key> -p -a streebog256 ./foo.txt --xattr-user evmctl ima_verify -k <public key> ./foo.txt --xattr-user Mimi > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org> > --- > Changes since v1: > - New patch. > Changes since v2: > - No changes. > > src/imaevm.h | 1 + > src/libimaevm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++---- > 2 files changed, 52 insertions(+), 4 deletions(-) > > diff --git a/src/imaevm.h b/src/imaevm.h > index c81bf21..795966a 100644 > --- a/src/imaevm.h > +++ b/src/imaevm.h > @@ -75,6 +75,7 @@ > #define DATA_SIZE 4096 > #define SHA1_HASH_LEN 20 > > +#define MAX_DIGEST_NAME 32 > #define MAX_DIGEST_SIZE 64 > #define MAX_SIGNATURE_SIZE 1024 > > diff --git a/src/libimaevm.c b/src/libimaevm.c > index cb4721b..7501303 100644 > --- a/src/libimaevm.c > +++ b/src/libimaevm.c > @@ -41,6 +41,7 @@ > /* should we use logger instead for library? */ > #define USE_FPRINTF > > +#define _GNU_SOURCE > #include <sys/types.h> > #include <sys/param.h> > #include <sys/stat.h> > @@ -56,6 +57,7 @@ > #include <openssl/pem.h> > #include <openssl/evp.h> > #include <openssl/x509.h> > +#include <openssl/engine.h> > #include <openssl/err.h> > > #include "imaevm.h" > @@ -70,8 +72,8 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = { > [PKEY_HASH_SHA384] = "sha384", > [PKEY_HASH_SHA512] = "sha512", > [PKEY_HASH_SHA224] = "sha224", > - [PKEY_HASH_STREEBOG_256] = "streebog256", > - [PKEY_HASH_STREEBOG_512] = "streebog512", > + [PKEY_HASH_STREEBOG_256] = "md_gost12_256,streebog256", > + [PKEY_HASH_STREEBOG_512] = "md_gost12_512,streebog512", > }; > > /* > @@ -284,6 +286,35 @@ static int add_dev_hash(struct stat *st, EVP_MD_CTX *ctx) > return !EVP_DigestUpdate(ctx, &dev, sizeof(dev)); > } > > +/* Call EVP_get_digestbyname with provided name and with alias, > + * which is first name in the comma separated list of names > + * in pkey_hash_algo. > + */ > +static const EVP_MD *get_digestbyname(const char *name) > +{ > + const EVP_MD *md; > + > + md = EVP_get_digestbyname(params.hash_algo); > + if (!md) { > + char alias[MAX_DIGEST_NAME]; > + int len; > + int algo_id; > + const char *algo_alias; > + > + /* try to get algo by its alias */ > + algo_id = get_hash_algo(params.hash_algo); > + algo_alias = get_hash_algo_by_id(algo_id); > + len = strchrnul(algo_alias, ',') - algo_alias; > + if (len < sizeof(alias)) { > + memcpy(alias, algo_alias, len); > + alias[len] = '\0'; > + if (strcmp(params.hash_algo, alias)) > + md = EVP_get_digestbyname(alias); > + } > + } > + return md; > +} > + > int ima_calc_hash(const char *file, uint8_t *hash) > { > const EVP_MD *md; > @@ -305,7 +336,7 @@ int ima_calc_hash(const char *file, uint8_t *hash) > return err; > } > > - md = EVP_get_digestbyname(params.hash_algo); > + md = get_digestbyname(params.hash_algo); > if (!md) { > log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); > return 1; > @@ -561,6 +592,22 @@ static int algocmp(const char *a, const char *b) > return *a || *b; > } > > +static int strmatch(const char *needle, const char *haystack) > +{ > + int len = strlen(needle); > + const char *p = haystack; > + const char *t; > + > + for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) { > + if (t - p == len && > + !strncmp(needle, p, len)) > + return 0; > + if (!*t++) > + break; > + } > + return 1; > +} > + > int get_hash_algo(const char *algo) > { > int i; > @@ -568,7 +615,7 @@ int get_hash_algo(const char *algo) > /* first iterate over builtin algorithms */ > for (i = 0; i < PKEY_HASH__LAST; i++) > if (pkey_hash_algo[i] && > - !strcmp(algo, pkey_hash_algo[i])) > + !strmatch(algo, pkey_hash_algo[i])) > return i; > > /* iterate over algorithms provided by kernel-headers */
Mimi, On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote: > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote: > > For compatibility with older OpenSSL try to load digest by its alias if > > load by its proper name is failed. > > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the > > comma separated list of algo names. > > After this patch, I can not verify the signature. It's failing to > find the hash algorithm. Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY API". I didn't consider it a problem since streebog256 should not work for sign/verify anyway (since RSA should not support it). That EVP_PKEY patch which adds ability to sign/verify for Streebog also fixes above problem. > evmctl ima_sign -k <private key> -p -a streebog256 ./foo.txt --xattr-user > evmctl ima_verify -k <public key> ./foo.txt --xattr-user > > Mimi > > > > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org> > > --- > > Changes since v1: > > - New patch. > > Changes since v2: > > - No changes. > > > > src/imaevm.h | 1 + > > src/libimaevm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++---- > > 2 files changed, 52 insertions(+), 4 deletions(-) > > > > diff --git a/src/imaevm.h b/src/imaevm.h > > index c81bf21..795966a 100644 > > --- a/src/imaevm.h > > +++ b/src/imaevm.h > > @@ -75,6 +75,7 @@ > > #define DATA_SIZE 4096 > > #define SHA1_HASH_LEN 20 > > > > +#define MAX_DIGEST_NAME 32 > > #define MAX_DIGEST_SIZE 64 > > #define MAX_SIGNATURE_SIZE 1024 > > > > diff --git a/src/libimaevm.c b/src/libimaevm.c > > index cb4721b..7501303 100644 > > --- a/src/libimaevm.c > > +++ b/src/libimaevm.c > > @@ -41,6 +41,7 @@ > > /* should we use logger instead for library? */ > > #define USE_FPRINTF > > > > +#define _GNU_SOURCE > > #include <sys/types.h> > > #include <sys/param.h> > > #include <sys/stat.h> > > @@ -56,6 +57,7 @@ > > #include <openssl/pem.h> > > #include <openssl/evp.h> > > #include <openssl/x509.h> > > +#include <openssl/engine.h> > > #include <openssl/err.h> > > > > #include "imaevm.h" > > @@ -70,8 +72,8 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = { > > [PKEY_HASH_SHA384] = "sha384", > > [PKEY_HASH_SHA512] = "sha512", > > [PKEY_HASH_SHA224] = "sha224", > > - [PKEY_HASH_STREEBOG_256] = "streebog256", > > - [PKEY_HASH_STREEBOG_512] = "streebog512", > > + [PKEY_HASH_STREEBOG_256] = "md_gost12_256,streebog256", > > + [PKEY_HASH_STREEBOG_512] = "md_gost12_512,streebog512", > > }; > > > > /* > > @@ -284,6 +286,35 @@ static int add_dev_hash(struct stat *st, EVP_MD_CTX *ctx) > > return !EVP_DigestUpdate(ctx, &dev, sizeof(dev)); > > } > > > > +/* Call EVP_get_digestbyname with provided name and with alias, > > + * which is first name in the comma separated list of names > > + * in pkey_hash_algo. > > + */ > > +static const EVP_MD *get_digestbyname(const char *name) > > +{ > > + const EVP_MD *md; > > + > > + md = EVP_get_digestbyname(params.hash_algo); > > + if (!md) { > > + char alias[MAX_DIGEST_NAME]; > > + int len; > > + int algo_id; > > + const char *algo_alias; > > + > > + /* try to get algo by its alias */ > > + algo_id = get_hash_algo(params.hash_algo); > > + algo_alias = get_hash_algo_by_id(algo_id); > > + len = strchrnul(algo_alias, ',') - algo_alias; > > + if (len < sizeof(alias)) { > > + memcpy(alias, algo_alias, len); > > + alias[len] = '\0'; > > + if (strcmp(params.hash_algo, alias)) > > + md = EVP_get_digestbyname(alias); > > + } > > + } > > + return md; > > +} > > + > > int ima_calc_hash(const char *file, uint8_t *hash) > > { > > const EVP_MD *md; > > @@ -305,7 +336,7 @@ int ima_calc_hash(const char *file, uint8_t *hash) > > return err; > > } > > > > - md = EVP_get_digestbyname(params.hash_algo); > > + md = get_digestbyname(params.hash_algo); > > if (!md) { > > log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); > > return 1; > > @@ -561,6 +592,22 @@ static int algocmp(const char *a, const char *b) > > return *a || *b; > > } > > > > +static int strmatch(const char *needle, const char *haystack) > > +{ > > + int len = strlen(needle); > > + const char *p = haystack; > > + const char *t; > > + > > + for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) { > > + if (t - p == len && > > + !strncmp(needle, p, len)) > > + return 0; > > + if (!*t++) > > + break; > > + } > > + return 1; > > +} > > + > > int get_hash_algo(const char *algo) > > { > > int i; > > @@ -568,7 +615,7 @@ int get_hash_algo(const char *algo) > > /* first iterate over builtin algorithms */ > > for (i = 0; i < PKEY_HASH__LAST; i++) > > if (pkey_hash_algo[i] && > > - !strcmp(algo, pkey_hash_algo[i])) > > + !strmatch(algo, pkey_hash_algo[i])) > > return i; > > > > /* iterate over algorithms provided by kernel-headers */
On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote: > Mimi, > > On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote: > > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote: > > > For compatibility with older OpenSSL try to load digest by its alias if > > > load by its proper name is failed. > > > > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the > > > comma separated list of algo names. > > > > After this patch, I can not verify the signature. It's failing to > > find the hash algorithm. > > Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY > API". I didn't consider it a problem since streebog256 should not work > for sign/verify anyway (since RSA should not support it). That EVP_PKEY > patch which adds ability to sign/verify for Streebog also fixes above > problem. I've been having second thoughts about this patch in general, as it made the hash algorithm comparison unnecessarily more complex for the simple case. As there hasn't been a new ima-evm-utils release with patch, perhaps we should simple remove/revert it? Mimi > > > evmctl ima_sign -k <private key> -p -a streebog256 ./foo.txt --xattr-user > > evmctl ima_verify -k <public key> ./foo.txt --xattr-user > > > > Mimi > > > > > > > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org> > > > --- > > > Changes since v1: > > > - New patch. > > > Changes since v2: > > > - No changes. > > > > > > src/imaevm.h | 1 + > > > src/libimaevm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++---- > > > 2 files changed, 52 insertions(+), 4 deletions(-) > > > > > > diff --git a/src/imaevm.h b/src/imaevm.h > > > index c81bf21..795966a 100644 > > > --- a/src/imaevm.h > > > +++ b/src/imaevm.h > > > @@ -75,6 +75,7 @@ > > > #define DATA_SIZE 4096 > > > #define SHA1_HASH_LEN 20 > > > > > > +#define MAX_DIGEST_NAME 32 > > > #define MAX_DIGEST_SIZE 64 > > > #define MAX_SIGNATURE_SIZE 1024 > > > > > > diff --git a/src/libimaevm.c b/src/libimaevm.c > > > index cb4721b..7501303 100644 > > > --- a/src/libimaevm.c > > > +++ b/src/libimaevm.c > > > @@ -41,6 +41,7 @@ > > > /* should we use logger instead for library? */ > > > #define USE_FPRINTF > > > > > > +#define _GNU_SOURCE > > > #include <sys/types.h> > > > #include <sys/param.h> > > > #include <sys/stat.h> > > > @@ -56,6 +57,7 @@ > > > #include <openssl/pem.h> > > > #include <openssl/evp.h> > > > #include <openssl/x509.h> > > > +#include <openssl/engine.h> > > > #include <openssl/err.h> > > > > > > #include "imaevm.h" > > > @@ -70,8 +72,8 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = { > > > [PKEY_HASH_SHA384] = "sha384", > > > [PKEY_HASH_SHA512] = "sha512", > > > [PKEY_HASH_SHA224] = "sha224", > > > - [PKEY_HASH_STREEBOG_256] = "streebog256", > > > - [PKEY_HASH_STREEBOG_512] = "streebog512", > > > + [PKEY_HASH_STREEBOG_256] = "md_gost12_256,streebog256", > > > + [PKEY_HASH_STREEBOG_512] = "md_gost12_512,streebog512", > > > }; > > > > > > /* > > > @@ -284,6 +286,35 @@ static int add_dev_hash(struct stat *st, EVP_MD_CTX *ctx) > > > return !EVP_DigestUpdate(ctx, &dev, sizeof(dev)); > > > } > > > > > > +/* Call EVP_get_digestbyname with provided name and with alias, > > > + * which is first name in the comma separated list of names > > > + * in pkey_hash_algo. > > > + */ > > > +static const EVP_MD *get_digestbyname(const char *name) > > > +{ > > > + const EVP_MD *md; > > > + > > > + md = EVP_get_digestbyname(params.hash_algo); > > > + if (!md) { > > > + char alias[MAX_DIGEST_NAME]; > > > + int len; > > > + int algo_id; > > > + const char *algo_alias; > > > + > > > + /* try to get algo by its alias */ > > > + algo_id = get_hash_algo(params.hash_algo); > > > + algo_alias = get_hash_algo_by_id(algo_id); > > > + len = strchrnul(algo_alias, ',') - algo_alias; > > > + if (len < sizeof(alias)) { > > > + memcpy(alias, algo_alias, len); > > > + alias[len] = '\0'; > > > + if (strcmp(params.hash_algo, alias)) > > > + md = EVP_get_digestbyname(alias); > > > + } > > > + } > > > + return md; > > > +} > > > + > > > int ima_calc_hash(const char *file, uint8_t *hash) > > > { > > > const EVP_MD *md; > > > @@ -305,7 +336,7 @@ int ima_calc_hash(const char *file, uint8_t *hash) > > > return err; > > > } > > > > > > - md = EVP_get_digestbyname(params.hash_algo); > > > + md = get_digestbyname(params.hash_algo); > > > if (!md) { > > > log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); > > > return 1; > > > @@ -561,6 +592,22 @@ static int algocmp(const char *a, const char *b) > > > return *a || *b; > > > } > > > > > > +static int strmatch(const char *needle, const char *haystack) > > > +{ > > > + int len = strlen(needle); > > > + const char *p = haystack; > > > + const char *t; > > > + > > > + for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) { > > > + if (t - p == len && > > > + !strncmp(needle, p, len)) > > > + return 0; > > > + if (!*t++) > > > + break; > > > + } > > > + return 1; > > > +} > > > + > > > int get_hash_algo(const char *algo) > > > { > > > int i; > > > @@ -568,7 +615,7 @@ int get_hash_algo(const char *algo) > > > /* first iterate over builtin algorithms */ > > > for (i = 0; i < PKEY_HASH__LAST; i++) > > > if (pkey_hash_algo[i] && > > > - !strcmp(algo, pkey_hash_algo[i])) > > > + !strmatch(algo, pkey_hash_algo[i])) > > > return i; > > > > > > /* iterate over algorithms provided by kernel-headers */ >
Mimi, On Mon, Feb 11, 2019 at 12:59:12PM -0500, Mimi Zohar wrote: > On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote: > > On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote: > > > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote: > > > > For compatibility with older OpenSSL try to load digest by its alias if > > > > load by its proper name is failed. > > > > > > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the > > > > comma separated list of algo names. > > > > > > After this patch, I can not verify the signature. It's failing to > > > find the hash algorithm. > > > > Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY > > API". I didn't consider it a problem since streebog256 should not work > > for sign/verify anyway (since RSA should not support it). That EVP_PKEY > > patch which adds ability to sign/verify for Streebog also fixes above > > problem. > > I've been having second thoughts about this patch in general, as it > made the hash algorithm comparison unnecessarily more complex for the > simple case. As there hasn't been a new ima-evm-utils release with > patch, perhaps we should simple remove/revert it? It was only for compatibility with older openssl/gost-engine, where "streebog256" name is not defined yet. If you don't want to allow that users to use Streebog feel free to revert it. I was not found this mistake at the time, since Streebog should only be used in ima_hash and not in ima_sign/verify (which requires RSA support which I intentionally didn't add, planning to add EC-RDSA support later), so that code path was not tested. > > Mimi > > > > > > evmctl ima_sign -k <private key> -p -a streebog256 ./foo.txt --xattr-user > > > evmctl ima_verify -k <public key> ./foo.txt --xattr-user > > > > > > Mimi > > > > > > > > > > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org> > > > > --- > > > > Changes since v1: > > > > - New patch. > > > > Changes since v2: > > > > - No changes. > > > > > > > > src/imaevm.h | 1 + > > > > src/libimaevm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++---- > > > > 2 files changed, 52 insertions(+), 4 deletions(-) > > > > > > > > diff --git a/src/imaevm.h b/src/imaevm.h > > > > index c81bf21..795966a 100644 > > > > --- a/src/imaevm.h > > > > +++ b/src/imaevm.h > > > > @@ -75,6 +75,7 @@ > > > > #define DATA_SIZE 4096 > > > > #define SHA1_HASH_LEN 20 > > > > > > > > +#define MAX_DIGEST_NAME 32 > > > > #define MAX_DIGEST_SIZE 64 > > > > #define MAX_SIGNATURE_SIZE 1024 > > > > > > > > diff --git a/src/libimaevm.c b/src/libimaevm.c > > > > index cb4721b..7501303 100644 > > > > --- a/src/libimaevm.c > > > > +++ b/src/libimaevm.c > > > > @@ -41,6 +41,7 @@ > > > > /* should we use logger instead for library? */ > > > > #define USE_FPRINTF > > > > > > > > +#define _GNU_SOURCE > > > > #include <sys/types.h> > > > > #include <sys/param.h> > > > > #include <sys/stat.h> > > > > @@ -56,6 +57,7 @@ > > > > #include <openssl/pem.h> > > > > #include <openssl/evp.h> > > > > #include <openssl/x509.h> > > > > +#include <openssl/engine.h> > > > > #include <openssl/err.h> > > > > > > > > #include "imaevm.h" > > > > @@ -70,8 +72,8 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = { > > > > [PKEY_HASH_SHA384] = "sha384", > > > > [PKEY_HASH_SHA512] = "sha512", > > > > [PKEY_HASH_SHA224] = "sha224", > > > > - [PKEY_HASH_STREEBOG_256] = "streebog256", > > > > - [PKEY_HASH_STREEBOG_512] = "streebog512", > > > > + [PKEY_HASH_STREEBOG_256] = "md_gost12_256,streebog256", > > > > + [PKEY_HASH_STREEBOG_512] = "md_gost12_512,streebog512", > > > > }; > > > > > > > > /* > > > > @@ -284,6 +286,35 @@ static int add_dev_hash(struct stat *st, EVP_MD_CTX *ctx) > > > > return !EVP_DigestUpdate(ctx, &dev, sizeof(dev)); > > > > } > > > > > > > > +/* Call EVP_get_digestbyname with provided name and with alias, > > > > + * which is first name in the comma separated list of names > > > > + * in pkey_hash_algo. > > > > + */ > > > > +static const EVP_MD *get_digestbyname(const char *name) > > > > +{ > > > > + const EVP_MD *md; > > > > + > > > > + md = EVP_get_digestbyname(params.hash_algo); > > > > + if (!md) { > > > > + char alias[MAX_DIGEST_NAME]; > > > > + int len; > > > > + int algo_id; > > > > + const char *algo_alias; > > > > + > > > > + /* try to get algo by its alias */ > > > > + algo_id = get_hash_algo(params.hash_algo); > > > > + algo_alias = get_hash_algo_by_id(algo_id); > > > > + len = strchrnul(algo_alias, ',') - algo_alias; > > > > + if (len < sizeof(alias)) { > > > > + memcpy(alias, algo_alias, len); > > > > + alias[len] = '\0'; > > > > + if (strcmp(params.hash_algo, alias)) > > > > + md = EVP_get_digestbyname(alias); > > > > + } > > > > + } > > > > + return md; > > > > +} > > > > + > > > > int ima_calc_hash(const char *file, uint8_t *hash) > > > > { > > > > const EVP_MD *md; > > > > @@ -305,7 +336,7 @@ int ima_calc_hash(const char *file, uint8_t *hash) > > > > return err; > > > > } > > > > > > > > - md = EVP_get_digestbyname(params.hash_algo); > > > > + md = get_digestbyname(params.hash_algo); > > > > if (!md) { > > > > log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); > > > > return 1; > > > > @@ -561,6 +592,22 @@ static int algocmp(const char *a, const char *b) > > > > return *a || *b; > > > > } > > > > > > > > +static int strmatch(const char *needle, const char *haystack) > > > > +{ > > > > + int len = strlen(needle); > > > > + const char *p = haystack; > > > > + const char *t; > > > > + > > > > + for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) { > > > > + if (t - p == len && > > > > + !strncmp(needle, p, len)) > > > > + return 0; > > > > + if (!*t++) > > > > + break; > > > > + } > > > > + return 1; > > > > +} > > > > + > > > > int get_hash_algo(const char *algo) > > > > { > > > > int i; > > > > @@ -568,7 +615,7 @@ int get_hash_algo(const char *algo) > > > > /* first iterate over builtin algorithms */ > > > > for (i = 0; i < PKEY_HASH__LAST; i++) > > > > if (pkey_hash_algo[i] && > > > > - !strcmp(algo, pkey_hash_algo[i])) > > > > + !strmatch(algo, pkey_hash_algo[i])) > > > > return i; > > > > > > > > /* iterate over algorithms provided by kernel-headers */ > >
On Mon, Feb 11, 2019 at 09:13:00PM +0300, Vitaly Chikunov wrote: > Mimi, > > On Mon, Feb 11, 2019 at 12:59:12PM -0500, Mimi Zohar wrote: > > On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote: > > > On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote: > > > > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote: > > > > > For compatibility with older OpenSSL try to load digest by its alias if > > > > > load by its proper name is failed. > > > > > > > > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the > > > > > comma separated list of algo names. > > > > > > > > After this patch, I can not verify the signature. It's failing to > > > > find the hash algorithm. > > > > > > Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY > > > API". I didn't consider it a problem since streebog256 should not work > > > for sign/verify anyway (since RSA should not support it). That EVP_PKEY > > > patch which adds ability to sign/verify for Streebog also fixes above > > > problem. > > > > I've been having second thoughts about this patch in general, as it > > made the hash algorithm comparison unnecessarily more complex for the > > simple case. As there hasn't been a new ima-evm-utils release with > > patch, perhaps we should simple remove/revert it? > > It was only for compatibility with older openssl/gost-engine, where > "streebog256" name is not defined yet. If you don't want to allow that > users to use Streebog feel free to revert it. > > I was not found this mistake at the time, since Streebog should only be > used in ima_hash and not in ima_sign/verify (which requires RSA support > which I intentionally didn't add, planning to add EC-RDSA support later), > so that code path was not tested. This copy-paste of the fix form "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY API": @@ -159,8 +102,12 @@ void dump(const void *ptr, int len) const char *get_hash_algo_by_id(int algo) { - if (algo < PKEY_HASH__LAST) - return pkey_hash_algo[algo]; + if (algo < PKEY_HASH__LAST) { + const char *name = pkey_hash_algo[algo]; + const char *last = strrchr(name, ','); + + return last ? last + 1 : name; + } if (algo < HASH_ALGO__LAST) return hash_algo_name[algo]; > > > > > Mimi > > > > > > > > > evmctl ima_sign -k <private key> -p -a streebog256 ./foo.txt --xattr-user > > > > evmctl ima_verify -k <public key> ./foo.txt --xattr-user > > > > > > > > Mimi > > > > > > > > > > > > > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org> > > > > > --- > > > > > Changes since v1: > > > > > - New patch. > > > > > Changes since v2: > > > > > - No changes. > > > > > > > > > > src/imaevm.h | 1 + > > > > > src/libimaevm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++---- > > > > > 2 files changed, 52 insertions(+), 4 deletions(-) > > > > > > > > > > diff --git a/src/imaevm.h b/src/imaevm.h > > > > > index c81bf21..795966a 100644 > > > > > --- a/src/imaevm.h > > > > > +++ b/src/imaevm.h > > > > > @@ -75,6 +75,7 @@ > > > > > #define DATA_SIZE 4096 > > > > > #define SHA1_HASH_LEN 20 > > > > > > > > > > +#define MAX_DIGEST_NAME 32 > > > > > #define MAX_DIGEST_SIZE 64 > > > > > #define MAX_SIGNATURE_SIZE 1024 > > > > > > > > > > diff --git a/src/libimaevm.c b/src/libimaevm.c > > > > > index cb4721b..7501303 100644 > > > > > --- a/src/libimaevm.c > > > > > +++ b/src/libimaevm.c > > > > > @@ -41,6 +41,7 @@ > > > > > /* should we use logger instead for library? */ > > > > > #define USE_FPRINTF > > > > > > > > > > +#define _GNU_SOURCE > > > > > #include <sys/types.h> > > > > > #include <sys/param.h> > > > > > #include <sys/stat.h> > > > > > @@ -56,6 +57,7 @@ > > > > > #include <openssl/pem.h> > > > > > #include <openssl/evp.h> > > > > > #include <openssl/x509.h> > > > > > +#include <openssl/engine.h> > > > > > #include <openssl/err.h> > > > > > > > > > > #include "imaevm.h" > > > > > @@ -70,8 +72,8 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = { > > > > > [PKEY_HASH_SHA384] = "sha384", > > > > > [PKEY_HASH_SHA512] = "sha512", > > > > > [PKEY_HASH_SHA224] = "sha224", > > > > > - [PKEY_HASH_STREEBOG_256] = "streebog256", > > > > > - [PKEY_HASH_STREEBOG_512] = "streebog512", > > > > > + [PKEY_HASH_STREEBOG_256] = "md_gost12_256,streebog256", > > > > > + [PKEY_HASH_STREEBOG_512] = "md_gost12_512,streebog512", > > > > > }; > > > > > > > > > > /* > > > > > @@ -284,6 +286,35 @@ static int add_dev_hash(struct stat *st, EVP_MD_CTX *ctx) > > > > > return !EVP_DigestUpdate(ctx, &dev, sizeof(dev)); > > > > > } > > > > > > > > > > +/* Call EVP_get_digestbyname with provided name and with alias, > > > > > + * which is first name in the comma separated list of names > > > > > + * in pkey_hash_algo. > > > > > + */ > > > > > +static const EVP_MD *get_digestbyname(const char *name) > > > > > +{ > > > > > + const EVP_MD *md; > > > > > + > > > > > + md = EVP_get_digestbyname(params.hash_algo); > > > > > + if (!md) { > > > > > + char alias[MAX_DIGEST_NAME]; > > > > > + int len; > > > > > + int algo_id; > > > > > + const char *algo_alias; > > > > > + > > > > > + /* try to get algo by its alias */ > > > > > + algo_id = get_hash_algo(params.hash_algo); > > > > > + algo_alias = get_hash_algo_by_id(algo_id); > > > > > + len = strchrnul(algo_alias, ',') - algo_alias; > > > > > + if (len < sizeof(alias)) { > > > > > + memcpy(alias, algo_alias, len); > > > > > + alias[len] = '\0'; > > > > > + if (strcmp(params.hash_algo, alias)) > > > > > + md = EVP_get_digestbyname(alias); > > > > > + } > > > > > + } > > > > > + return md; > > > > > +} > > > > > + > > > > > int ima_calc_hash(const char *file, uint8_t *hash) > > > > > { > > > > > const EVP_MD *md; > > > > > @@ -305,7 +336,7 @@ int ima_calc_hash(const char *file, uint8_t *hash) > > > > > return err; > > > > > } > > > > > > > > > > - md = EVP_get_digestbyname(params.hash_algo); > > > > > + md = get_digestbyname(params.hash_algo); > > > > > if (!md) { > > > > > log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); > > > > > return 1; > > > > > @@ -561,6 +592,22 @@ static int algocmp(const char *a, const char *b) > > > > > return *a || *b; > > > > > } > > > > > > > > > > +static int strmatch(const char *needle, const char *haystack) > > > > > +{ > > > > > + int len = strlen(needle); > > > > > + const char *p = haystack; > > > > > + const char *t; > > > > > + > > > > > + for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) { > > > > > + if (t - p == len && > > > > > + !strncmp(needle, p, len)) > > > > > + return 0; > > > > > + if (!*t++) > > > > > + break; > > > > > + } > > > > > + return 1; > > > > > +} > > > > > + > > > > > int get_hash_algo(const char *algo) > > > > > { > > > > > int i; > > > > > @@ -568,7 +615,7 @@ int get_hash_algo(const char *algo) > > > > > /* first iterate over builtin algorithms */ > > > > > for (i = 0; i < PKEY_HASH__LAST; i++) > > > > > if (pkey_hash_algo[i] && > > > > > - !strcmp(algo, pkey_hash_algo[i])) > > > > > + !strmatch(algo, pkey_hash_algo[i])) > > > > > return i; > > > > > > > > > > /* iterate over algorithms provided by kernel-headers */ > > >
Mimi, On Mon, Feb 11, 2019 at 09:21:15PM +0300, Vitaly Chikunov wrote: > On Mon, Feb 11, 2019 at 09:13:00PM +0300, Vitaly Chikunov wrote: > > On Mon, Feb 11, 2019 at 12:59:12PM -0500, Mimi Zohar wrote: > > > On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote: > > > > On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote: > > > > > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote: > > > > > > For compatibility with older OpenSSL try to load digest by its alias if > > > > > > load by its proper name is failed. > > > > > > > > > > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the > > > > > > comma separated list of algo names. > > > > > > > > > > After this patch, I can not verify the signature. It's failing to > > > > > find the hash algorithm. > > > > > > > > Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY > > > > API". I didn't consider it a problem since streebog256 should not work > > > > for sign/verify anyway (since RSA should not support it). That EVP_PKEY > > > > patch which adds ability to sign/verify for Streebog also fixes above > > > > problem. > > > > > > I've been having second thoughts about this patch in general, as it > > > made the hash algorithm comparison unnecessarily more complex for the > > > simple case. As there hasn't been a new ima-evm-utils release with > > > patch, perhaps we should simple remove/revert it? > > > > It was only for compatibility with older openssl/gost-engine, where > > "streebog256" name is not defined yet. If you don't want to allow that > > users to use Streebog feel free to revert it. Or you may suggest simpler approach. Basically, we need to resole both text strings into the same PKEY_HASH_ id, allow any of the string pass into EVP_get_digestbyname, and resolve PKEY_HASH_ id back into the correct hash name. Optionally, allow user to specify new hash name on older openssl/gost-engine. This is all implemented by that patch, it was not just overly complicated "hash algorithm comparison". My wish is we retain support of older openssl/gost-engine. Thanks, > > > > I was not found this mistake at the time, since Streebog should only be > > used in ima_hash and not in ima_sign/verify (which requires RSA support > > which I intentionally didn't add, planning to add EC-RDSA support later), > > so that code path was not tested. > > This copy-paste of the fix form "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY API": > > @@ -159,8 +102,12 @@ void dump(const void *ptr, int len) > > const char *get_hash_algo_by_id(int algo) > { > - if (algo < PKEY_HASH__LAST) > - return pkey_hash_algo[algo]; > + if (algo < PKEY_HASH__LAST) { > + const char *name = pkey_hash_algo[algo]; > + const char *last = strrchr(name, ','); > + > + return last ? last + 1 : name; > + } > if (algo < HASH_ALGO__LAST) > return hash_algo_name[algo]; > > > > > > > > > Mimi > > > > > > > > > > > > evmctl ima_sign -k <private key> -p -a streebog256 ./foo.txt --xattr-user > > > > > evmctl ima_verify -k <public key> ./foo.txt --xattr-user > > > > > > > > > > Mimi > > > > > > > > > > > > > > > > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org> > > > > > > --- > > > > > > Changes since v1: > > > > > > - New patch. > > > > > > Changes since v2: > > > > > > - No changes. > > > > > > > > > > > > src/imaevm.h | 1 + > > > > > > src/libimaevm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++---- > > > > > > 2 files changed, 52 insertions(+), 4 deletions(-) > > > > > > > > > > > > diff --git a/src/imaevm.h b/src/imaevm.h > > > > > > index c81bf21..795966a 100644 > > > > > > --- a/src/imaevm.h > > > > > > +++ b/src/imaevm.h > > > > > > @@ -75,6 +75,7 @@ > > > > > > #define DATA_SIZE 4096 > > > > > > #define SHA1_HASH_LEN 20 > > > > > > > > > > > > +#define MAX_DIGEST_NAME 32 > > > > > > #define MAX_DIGEST_SIZE 64 > > > > > > #define MAX_SIGNATURE_SIZE 1024 > > > > > > > > > > > > diff --git a/src/libimaevm.c b/src/libimaevm.c > > > > > > index cb4721b..7501303 100644 > > > > > > --- a/src/libimaevm.c > > > > > > +++ b/src/libimaevm.c > > > > > > @@ -41,6 +41,7 @@ > > > > > > /* should we use logger instead for library? */ > > > > > > #define USE_FPRINTF > > > > > > > > > > > > +#define _GNU_SOURCE > > > > > > #include <sys/types.h> > > > > > > #include <sys/param.h> > > > > > > #include <sys/stat.h> > > > > > > @@ -56,6 +57,7 @@ > > > > > > #include <openssl/pem.h> > > > > > > #include <openssl/evp.h> > > > > > > #include <openssl/x509.h> > > > > > > +#include <openssl/engine.h> > > > > > > #include <openssl/err.h> > > > > > > > > > > > > #include "imaevm.h" > > > > > > @@ -70,8 +72,8 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = { > > > > > > [PKEY_HASH_SHA384] = "sha384", > > > > > > [PKEY_HASH_SHA512] = "sha512", > > > > > > [PKEY_HASH_SHA224] = "sha224", > > > > > > - [PKEY_HASH_STREEBOG_256] = "streebog256", > > > > > > - [PKEY_HASH_STREEBOG_512] = "streebog512", > > > > > > + [PKEY_HASH_STREEBOG_256] = "md_gost12_256,streebog256", > > > > > > + [PKEY_HASH_STREEBOG_512] = "md_gost12_512,streebog512", > > > > > > }; > > > > > > > > > > > > /* > > > > > > @@ -284,6 +286,35 @@ static int add_dev_hash(struct stat *st, EVP_MD_CTX *ctx) > > > > > > return !EVP_DigestUpdate(ctx, &dev, sizeof(dev)); > > > > > > } > > > > > > > > > > > > +/* Call EVP_get_digestbyname with provided name and with alias, > > > > > > + * which is first name in the comma separated list of names > > > > > > + * in pkey_hash_algo. > > > > > > + */ > > > > > > +static const EVP_MD *get_digestbyname(const char *name) > > > > > > +{ > > > > > > + const EVP_MD *md; > > > > > > + > > > > > > + md = EVP_get_digestbyname(params.hash_algo); > > > > > > + if (!md) { > > > > > > + char alias[MAX_DIGEST_NAME]; > > > > > > + int len; > > > > > > + int algo_id; > > > > > > + const char *algo_alias; > > > > > > + > > > > > > + /* try to get algo by its alias */ > > > > > > + algo_id = get_hash_algo(params.hash_algo); > > > > > > + algo_alias = get_hash_algo_by_id(algo_id); > > > > > > + len = strchrnul(algo_alias, ',') - algo_alias; > > > > > > + if (len < sizeof(alias)) { > > > > > > + memcpy(alias, algo_alias, len); > > > > > > + alias[len] = '\0'; > > > > > > + if (strcmp(params.hash_algo, alias)) > > > > > > + md = EVP_get_digestbyname(alias); > > > > > > + } > > > > > > + } > > > > > > + return md; > > > > > > +} > > > > > > + > > > > > > int ima_calc_hash(const char *file, uint8_t *hash) > > > > > > { > > > > > > const EVP_MD *md; > > > > > > @@ -305,7 +336,7 @@ int ima_calc_hash(const char *file, uint8_t *hash) > > > > > > return err; > > > > > > } > > > > > > > > > > > > - md = EVP_get_digestbyname(params.hash_algo); > > > > > > + md = get_digestbyname(params.hash_algo); > > > > > > if (!md) { > > > > > > log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); > > > > > > return 1; > > > > > > @@ -561,6 +592,22 @@ static int algocmp(const char *a, const char *b) > > > > > > return *a || *b; > > > > > > } > > > > > > > > > > > > +static int strmatch(const char *needle, const char *haystack) > > > > > > +{ > > > > > > + int len = strlen(needle); > > > > > > + const char *p = haystack; > > > > > > + const char *t; > > > > > > + > > > > > > + for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) { > > > > > > + if (t - p == len && > > > > > > + !strncmp(needle, p, len)) > > > > > > + return 0; > > > > > > + if (!*t++) > > > > > > + break; > > > > > > + } > > > > > > + return 1; > > > > > > +} > > > > > > + > > > > > > int get_hash_algo(const char *algo) > > > > > > { > > > > > > int i; > > > > > > @@ -568,7 +615,7 @@ int get_hash_algo(const char *algo) > > > > > > /* first iterate over builtin algorithms */ > > > > > > for (i = 0; i < PKEY_HASH__LAST; i++) > > > > > > if (pkey_hash_algo[i] && > > > > > > - !strcmp(algo, pkey_hash_algo[i])) > > > > > > + !strmatch(algo, pkey_hash_algo[i])) > > > > > > return i; > > > > > > > > > > > > /* iterate over algorithms provided by kernel-headers */ > > > >
On Mon, 2019-02-11 at 22:26 +0300, Vitaly Chikunov wrote: > Mimi, > > On Mon, Feb 11, 2019 at 09:21:15PM +0300, Vitaly Chikunov wrote: > > On Mon, Feb 11, 2019 at 09:13:00PM +0300, Vitaly Chikunov wrote: > > > On Mon, Feb 11, 2019 at 12:59:12PM -0500, Mimi Zohar wrote: > > > > On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote: > > > > > On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote: > > > > > > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote: > > > > > > > For compatibility with older OpenSSL try to load digest by its alias if > > > > > > > load by its proper name is failed. > > > > > > > > > > > > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the > > > > > > > comma separated list of algo names. > > > > > > > > > > > > After this patch, I can not verify the signature. It's failing to > > > > > > find the hash algorithm. > > > > > > > > > > Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY > > > > > API". I didn't consider it a problem since streebog256 should not work > > > > > for sign/verify anyway (since RSA should not support it). That EVP_PKEY > > > > > patch which adds ability to sign/verify for Streebog also fixes above > > > > > problem. > > > > > > > > I've been having second thoughts about this patch in general, as it > > > > made the hash algorithm comparison unnecessarily more complex for the > > > > simple case. As there hasn't been a new ima-evm-utils release with > > > > patch, perhaps we should simple remove/revert it? > > > > > > It was only for compatibility with older openssl/gost-engine, where > > > "streebog256" name is not defined yet. If you don't want to allow that > > > users to use Streebog feel free to revert it. > > Or you may suggest simpler approach. > > Basically, we need to resole both text strings into the same PKEY_HASH_ > id, allow any of the string pass into EVP_get_digestbyname, and resolve > PKEY_HASH_ id back into the correct hash name. Optionally, allow user to > specify new hash name on older openssl/gost-engine. This is all > implemented by that patch, it was not just overly complicated "hash > algorithm comparison". > > My wish is we retain support of older openssl/gost-engine. The following seems to fix the problem, but instead of adding it in strmatch(), as below, I would add it before the strmatch() call. Then strmatch is only called as needed. diff --git a/src/libimaevm.c b/src/libimaevm.c index d9ffa13befb0..7901215da655 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -598,6 +598,9 @@ static int strmatch(const char *needle, const char *haystack) const char *p = haystack; const char *t; + if (strcmp(needle, haystack) == 0) + return 0; + for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) { if (t - p == len && !strncmp(needle, p, len)) Mimi
Mimi, On Mon, Feb 11, 2019 at 03:21:03PM -0500, Mimi Zohar wrote: > On Mon, 2019-02-11 at 22:26 +0300, Vitaly Chikunov wrote: > > On Mon, Feb 11, 2019 at 09:21:15PM +0300, Vitaly Chikunov wrote: > > > On Mon, Feb 11, 2019 at 09:13:00PM +0300, Vitaly Chikunov wrote: > > > > On Mon, Feb 11, 2019 at 12:59:12PM -0500, Mimi Zohar wrote: > > > > > On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote: > > > > > > On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote: > > > > > > > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote: > > > > > > > > For compatibility with older OpenSSL try to load digest by its alias if > > > > > > > > load by its proper name is failed. > > > > > > > > > > > > > > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the > > > > > > > > comma separated list of algo names. > > > > > > > > > > > > > > After this patch, I can not verify the signature. It's failing to > > > > > > > find the hash algorithm. > > > > > > > > > > > > Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY > > > > > > API". I didn't consider it a problem since streebog256 should not work > > > > > > for sign/verify anyway (since RSA should not support it). That EVP_PKEY > > > > > > patch which adds ability to sign/verify for Streebog also fixes above > > > > > > problem. > > > > > > > > > > I've been having second thoughts about this patch in general, as it > > > > > made the hash algorithm comparison unnecessarily more complex for the > > > > > simple case. As there hasn't been a new ima-evm-utils release with > > > > > patch, perhaps we should simple remove/revert it? > > > > > > > > It was only for compatibility with older openssl/gost-engine, where > > > > "streebog256" name is not defined yet. If you don't want to allow that > > > > users to use Streebog feel free to revert it. > > > > Or you may suggest simpler approach. > > > > Basically, we need to resole both text strings into the same PKEY_HASH_ > > id, allow any of the string pass into EVP_get_digestbyname, and resolve > > PKEY_HASH_ id back into the correct hash name. Optionally, allow user to > > specify new hash name on older openssl/gost-engine. This is all > > implemented by that patch, it was not just overly complicated "hash > > algorithm comparison". > > > > My wish is we retain support of older openssl/gost-engine. > > The following seems to fix the problem, but instead of adding it in > strmatch(), as below, I would add it before the strmatch() call. Then > strmatch is only called as needed. IC. I will try to conceptually simplify the code and prepare another patch. Probably, I will split pkey_hash_algop[] into two arrays, simple one where strcmp() in the loop is used, and complex one for hash names with aliases. I will try to replace strmatch() with just simple string array loop. > > diff --git a/src/libimaevm.c b/src/libimaevm.c > index d9ffa13befb0..7901215da655 100644 > --- a/src/libimaevm.c > +++ b/src/libimaevm.c > @@ -598,6 +598,9 @@ static int strmatch(const char *needle, const char *haystack) > const char *p = haystack; > const char *t; > > + if (strcmp(needle, haystack) == 0) > + return 0; > + > for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) { > if (t - p == len && > !strncmp(needle, p, len)) > > Mimi
On Mon, 2019-02-11 at 23:37 +0300, Vitaly Chikunov wrote: > Mimi, > > On Mon, Feb 11, 2019 at 03:21:03PM -0500, Mimi Zohar wrote: > > On Mon, 2019-02-11 at 22:26 +0300, Vitaly Chikunov wrote: > > > On Mon, Feb 11, 2019 at 09:21:15PM +0300, Vitaly Chikunov wrote: > > > > On Mon, Feb 11, 2019 at 09:13:00PM +0300, Vitaly Chikunov wrote: > > > > > On Mon, Feb 11, 2019 at 12:59:12PM -0500, Mimi Zohar wrote: > > > > > > On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote: > > > > > > > On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote: > > > > > > > > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote: > > > > > > > > > For compatibility with older OpenSSL try to load digest by its alias if > > > > > > > > > load by its proper name is failed. > > > > > > > > > > > > > > > > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the > > > > > > > > > comma separated list of algo names. > > > > > > > > > > > > > > > > After this patch, I can not verify the signature. It's failing to > > > > > > > > find the hash algorithm. > > > > > > > > > > > > > > Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY > > > > > > > API". I didn't consider it a problem since streebog256 should not work > > > > > > > for sign/verify anyway (since RSA should not support it). That EVP_PKEY > > > > > > > patch which adds ability to sign/verify for Streebog also fixes above > > > > > > > problem. > > > > > > > > > > > > I've been having second thoughts about this patch in general, as it > > > > > > made the hash algorithm comparison unnecessarily more complex for the > > > > > > simple case. As there hasn't been a new ima-evm-utils release with > > > > > > patch, perhaps we should simple remove/revert it? > > > > > > > > > > It was only for compatibility with older openssl/gost-engine, where > > > > > "streebog256" name is not defined yet. If you don't want to allow that > > > > > users to use Streebog feel free to revert it. > > > > > > Or you may suggest simpler approach. > > > > > > Basically, we need to resole both text strings into the same PKEY_HASH_ > > > id, allow any of the string pass into EVP_get_digestbyname, and resolve > > > PKEY_HASH_ id back into the correct hash name. Optionally, allow user to > > > specify new hash name on older openssl/gost-engine. This is all > > > implemented by that patch, it was not just overly complicated "hash > > > algorithm comparison". > > > > > > My wish is we retain support of older openssl/gost-engine. > > > > The following seems to fix the problem, but instead of adding it in > > strmatch(), as below, I would add it before the strmatch() call. Then > > strmatch is only called as needed. > > IC. The patch below isn't addressing old vs. new naming, but fixes "ima_verify". Adding the following line, results in "strmatch: algo md_gost12_256,streebog256". It's trying to match the entire string, but fails without the strcmp(). + log_info("strmatch: algo %s \n", needle); Mimi > I will try to conceptually simplify the code and prepare another > patch. Probably, I will split pkey_hash_algop[] into two arrays, simple > one where strcmp() in the loop is used, and complex one for hash names > with aliases. I will try to replace strmatch() with just simple string > array loop. > > > > > diff --git a/src/libimaevm.c b/src/libimaevm.c > > index d9ffa13befb0..7901215da655 100644 > > --- a/src/libimaevm.c > > +++ b/src/libimaevm.c > > @@ -598,6 +598,9 @@ static int strmatch(const char *needle, const char *haystack) > > const char *p = haystack; > > const char *t; > > > > + if (strcmp(needle, haystack) == 0) > > + return 0; > > + > > for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) { > > if (t - p == len && > > !strncmp(needle, p, len)) > > > > Mimi >
On Tue, Feb 12, 2019 at 10:41:46AM -0500, Mimi Zohar wrote: > On Mon, 2019-02-11 at 23:37 +0300, Vitaly Chikunov wrote: > > Mimi, > > > > On Mon, Feb 11, 2019 at 03:21:03PM -0500, Mimi Zohar wrote: > > > On Mon, 2019-02-11 at 22:26 +0300, Vitaly Chikunov wrote: > > > > On Mon, Feb 11, 2019 at 09:21:15PM +0300, Vitaly Chikunov wrote: > > > > > On Mon, Feb 11, 2019 at 09:13:00PM +0300, Vitaly Chikunov wrote: > > > > > > On Mon, Feb 11, 2019 at 12:59:12PM -0500, Mimi Zohar wrote: > > > > > > > On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote: > > > > > > > > On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote: > > > > > > > > > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote: > > > > > > > > > > For compatibility with older OpenSSL try to load digest by its alias if > > > > > > > > > > load by its proper name is failed. > > > > > > > > > > > > > > > > > > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the > > > > > > > > > > comma separated list of algo names. > > > > > > > > > > > > > > > > > > After this patch, I can not verify the signature. It's failing to > > > > > > > > > find the hash algorithm. > > > > > > > > > > > > > > > > Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY > > > > > > > > API". I didn't consider it a problem since streebog256 should not work > > > > > > > > for sign/verify anyway (since RSA should not support it). That EVP_PKEY > > > > > > > > patch which adds ability to sign/verify for Streebog also fixes above > > > > > > > > problem. > > > > > > > > > > > > > > I've been having second thoughts about this patch in general, as it > > > > > > > made the hash algorithm comparison unnecessarily more complex for the > > > > > > > simple case. As there hasn't been a new ima-evm-utils release with > > > > > > > patch, perhaps we should simple remove/revert it? > > > > > > > > > > > > It was only for compatibility with older openssl/gost-engine, where > > > > > > "streebog256" name is not defined yet. If you don't want to allow that > > > > > > users to use Streebog feel free to revert it. > > > > > > > > Or you may suggest simpler approach. > > > > > > > > Basically, we need to resole both text strings into the same PKEY_HASH_ > > > > id, allow any of the string pass into EVP_get_digestbyname, and resolve > > > > PKEY_HASH_ id back into the correct hash name. Optionally, allow user to > > > > specify new hash name on older openssl/gost-engine. This is all > > > > implemented by that patch, it was not just overly complicated "hash > > > > algorithm comparison". > > > > > > > > My wish is we retain support of older openssl/gost-engine. > > > > > > The following seems to fix the problem, but instead of adding it in > > > strmatch(), as below, I would add it before the strmatch() call. Then > > > strmatch is only called as needed. > > > > IC. > > The patch below isn't addressing old vs. new naming, but fixes What patch? > "ima_verify". Adding the following line, results in "strmatch: algo > md_gost12_256,streebog256". It's trying to match the entire string, This problem was fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY API". This wasn't problem because Streebog should not be used in sign/verify (which was using RSA). When sign/verify ability for Streebog is added in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY API" sign/verify problem is fixed in the same patch. But, since I sent new patch which removes strmatch this becomes somewhat irrelevant. > but fails without the strcmp(). > > + log_info("strmatch: algo %s \n", needle); > > Mimi > > > > I will try to conceptually simplify the code and prepare another > > patch. Probably, I will split pkey_hash_algop[] into two arrays, simple > > one where strcmp() in the loop is used, and complex one for hash names > > with aliases. I will try to replace strmatch() with just simple string > > array loop. > > > > > > > > diff --git a/src/libimaevm.c b/src/libimaevm.c > > > index d9ffa13befb0..7901215da655 100644 > > > --- a/src/libimaevm.c > > > +++ b/src/libimaevm.c > > > @@ -598,6 +598,9 @@ static int strmatch(const char *needle, const char *haystack) > > > const char *p = haystack; > > > const char *t; > > > > > > + if (strcmp(needle, haystack) == 0) > > > + return 0; > > > + > > > for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) { > > > if (t - p == len && > > > !strncmp(needle, p, len)) > > > > > > Mimi > >
diff --git a/src/imaevm.h b/src/imaevm.h index c81bf21..795966a 100644 --- a/src/imaevm.h +++ b/src/imaevm.h @@ -75,6 +75,7 @@ #define DATA_SIZE 4096 #define SHA1_HASH_LEN 20 +#define MAX_DIGEST_NAME 32 #define MAX_DIGEST_SIZE 64 #define MAX_SIGNATURE_SIZE 1024 diff --git a/src/libimaevm.c b/src/libimaevm.c index cb4721b..7501303 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -41,6 +41,7 @@ /* should we use logger instead for library? */ #define USE_FPRINTF +#define _GNU_SOURCE #include <sys/types.h> #include <sys/param.h> #include <sys/stat.h> @@ -56,6 +57,7 @@ #include <openssl/pem.h> #include <openssl/evp.h> #include <openssl/x509.h> +#include <openssl/engine.h> #include <openssl/err.h> #include "imaevm.h" @@ -70,8 +72,8 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = { [PKEY_HASH_SHA384] = "sha384", [PKEY_HASH_SHA512] = "sha512", [PKEY_HASH_SHA224] = "sha224", - [PKEY_HASH_STREEBOG_256] = "streebog256", - [PKEY_HASH_STREEBOG_512] = "streebog512", + [PKEY_HASH_STREEBOG_256] = "md_gost12_256,streebog256", + [PKEY_HASH_STREEBOG_512] = "md_gost12_512,streebog512", }; /* @@ -284,6 +286,35 @@ static int add_dev_hash(struct stat *st, EVP_MD_CTX *ctx) return !EVP_DigestUpdate(ctx, &dev, sizeof(dev)); } +/* Call EVP_get_digestbyname with provided name and with alias, + * which is first name in the comma separated list of names + * in pkey_hash_algo. + */ +static const EVP_MD *get_digestbyname(const char *name) +{ + const EVP_MD *md; + + md = EVP_get_digestbyname(params.hash_algo); + if (!md) { + char alias[MAX_DIGEST_NAME]; + int len; + int algo_id; + const char *algo_alias; + + /* try to get algo by its alias */ + algo_id = get_hash_algo(params.hash_algo); + algo_alias = get_hash_algo_by_id(algo_id); + len = strchrnul(algo_alias, ',') - algo_alias; + if (len < sizeof(alias)) { + memcpy(alias, algo_alias, len); + alias[len] = '\0'; + if (strcmp(params.hash_algo, alias)) + md = EVP_get_digestbyname(alias); + } + } + return md; +} + int ima_calc_hash(const char *file, uint8_t *hash) { const EVP_MD *md; @@ -305,7 +336,7 @@ int ima_calc_hash(const char *file, uint8_t *hash) return err; } - md = EVP_get_digestbyname(params.hash_algo); + md = get_digestbyname(params.hash_algo); if (!md) { log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); return 1; @@ -561,6 +592,22 @@ static int algocmp(const char *a, const char *b) return *a || *b; } +static int strmatch(const char *needle, const char *haystack) +{ + int len = strlen(needle); + const char *p = haystack; + const char *t; + + for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) { + if (t - p == len && + !strncmp(needle, p, len)) + return 0; + if (!*t++) + break; + } + return 1; +} + int get_hash_algo(const char *algo) { int i; @@ -568,7 +615,7 @@ int get_hash_algo(const char *algo) /* first iterate over builtin algorithms */ for (i = 0; i < PKEY_HASH__LAST; i++) if (pkey_hash_algo[i] && - !strcmp(algo, pkey_hash_algo[i])) + !strmatch(algo, pkey_hash_algo[i])) return i; /* iterate over algorithms provided by kernel-headers */
For compatibility with older OpenSSL try to load digest by its alias if load by its proper name is failed. This is configured in pkey_hash_algo by mentioning loadable alias first in the comma separated list of algo names. Signed-off-by: Vitaly Chikunov <vt@altlinux.org> --- Changes since v1: - New patch. Changes since v2: - No changes. src/imaevm.h | 1 + src/libimaevm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 52 insertions(+), 4 deletions(-)