diff mbox series

[v3,7/7] ima-evm-utils: Try to load digest by its alias

Message ID 20181203033525.20431-7-vt@altlinux.org (mailing list archive)
State Accepted
Headers show
Series [v3,1/7] ima-evm-utils: Fix hash buffer overflow in verify_evm and hmac_evm | expand

Commit Message

Vitaly Chikunov Dec. 3, 2018, 3:35 a.m. UTC
For compatibility with older OpenSSL try to load digest by its alias if
load by its proper name is failed.

This is configured in pkey_hash_algo by mentioning loadable alias first in the
comma separated list of algo names.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
---
Changes since v1:
- New patch.
Changes since v2:
- No changes.

 src/imaevm.h    |  1 +
 src/libimaevm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++----
 2 files changed, 52 insertions(+), 4 deletions(-)

Comments

Mimi Zohar Feb. 11, 2019, 5:38 p.m. UTC | #1
Hi Vitaly,

On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote:
> For compatibility with older OpenSSL try to load digest by its alias if
> load by its proper name is failed.
> 
> This is configured in pkey_hash_algo by mentioning loadable alias first in the
> comma separated list of algo names.

After this patch, I can not verify the signature.  It's failing to
find the hash algorithm.

evmctl ima_sign -k <private key> -p -a streebog256 ./foo.txt  --xattr-user
evmctl ima_verify -k <public key>  ./foo.txt  --xattr-user

Mimi

> 
> Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> ---
> Changes since v1:
> - New patch.
> Changes since v2:
> - No changes.
> 
>  src/imaevm.h    |  1 +
>  src/libimaevm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++----
>  2 files changed, 52 insertions(+), 4 deletions(-)
> 
> diff --git a/src/imaevm.h b/src/imaevm.h
> index c81bf21..795966a 100644
> --- a/src/imaevm.h
> +++ b/src/imaevm.h
> @@ -75,6 +75,7 @@
>  #define	DATA_SIZE	4096
>  #define SHA1_HASH_LEN   20
> 
> +#define MAX_DIGEST_NAME		32
>  #define MAX_DIGEST_SIZE		64
>  #define MAX_SIGNATURE_SIZE	1024
> 
> diff --git a/src/libimaevm.c b/src/libimaevm.c
> index cb4721b..7501303 100644
> --- a/src/libimaevm.c
> +++ b/src/libimaevm.c
> @@ -41,6 +41,7 @@
>  /* should we use logger instead for library? */
>  #define USE_FPRINTF
> 
> +#define _GNU_SOURCE
>  #include <sys/types.h>
>  #include <sys/param.h>
>  #include <sys/stat.h>
> @@ -56,6 +57,7 @@
>  #include <openssl/pem.h>
>  #include <openssl/evp.h>
>  #include <openssl/x509.h>
> +#include <openssl/engine.h>
>  #include <openssl/err.h>
> 
>  #include "imaevm.h"
> @@ -70,8 +72,8 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
>  	[PKEY_HASH_SHA384]	= "sha384",
>  	[PKEY_HASH_SHA512]	= "sha512",
>  	[PKEY_HASH_SHA224]	= "sha224",
> -	[PKEY_HASH_STREEBOG_256] = "streebog256",
> -	[PKEY_HASH_STREEBOG_512] = "streebog512",
> +	[PKEY_HASH_STREEBOG_256] = "md_gost12_256,streebog256",
> +	[PKEY_HASH_STREEBOG_512] = "md_gost12_512,streebog512",
>  };
> 
>  /*
> @@ -284,6 +286,35 @@ static int add_dev_hash(struct stat *st, EVP_MD_CTX *ctx)
>  	return !EVP_DigestUpdate(ctx, &dev, sizeof(dev));
>  }
> 
> +/* Call EVP_get_digestbyname with provided name and with alias,
> + * which is first name in the comma separated list of names
> + * in pkey_hash_algo.
> + */
> +static const EVP_MD *get_digestbyname(const char *name)
> +{
> +	const EVP_MD *md;
> +
> +	md = EVP_get_digestbyname(params.hash_algo);
> +	if (!md) {
> +		char alias[MAX_DIGEST_NAME];
> +		int len;
> +		int algo_id;
> +		const char *algo_alias;
> +
> +		/* try to get algo by its alias */
> +		algo_id = get_hash_algo(params.hash_algo);
> +		algo_alias = get_hash_algo_by_id(algo_id);
> +		len = strchrnul(algo_alias, ',') - algo_alias;
> +		if (len < sizeof(alias)) {
> +			memcpy(alias, algo_alias, len);
> +			alias[len] = '\0';
> +			if (strcmp(params.hash_algo, alias))
> +				md = EVP_get_digestbyname(alias);
> +		}
> +	}
> +	return md;
> +}
> +
>  int ima_calc_hash(const char *file, uint8_t *hash)
>  {
>  	const EVP_MD *md;
> @@ -305,7 +336,7 @@ int ima_calc_hash(const char *file, uint8_t *hash)
>  		return err;
>  	}
> 
> -	md = EVP_get_digestbyname(params.hash_algo);
> +	md = get_digestbyname(params.hash_algo);
>  	if (!md) {
>  		log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo);
>  		return 1;
> @@ -561,6 +592,22 @@ static int algocmp(const char *a, const char *b)
>  	return *a || *b;
>  }
> 
> +static int strmatch(const char *needle, const char *haystack)
> +{
> +	int len = strlen(needle);
> +	const char *p = haystack;
> +	const char *t;
> +
> +	for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) {
> +		if (t - p == len &&
> +		    !strncmp(needle, p, len))
> +			return 0;
> +		if (!*t++)
> +			break;
> +	}
> +	return 1;
> +}
> +
>  int get_hash_algo(const char *algo)
>  {
>  	int i;
> @@ -568,7 +615,7 @@ int get_hash_algo(const char *algo)
>  	/* first iterate over builtin algorithms */
>  	for (i = 0; i < PKEY_HASH__LAST; i++)
>  		if (pkey_hash_algo[i] &&
> -		    !strcmp(algo, pkey_hash_algo[i]))
> +		    !strmatch(algo, pkey_hash_algo[i]))
>  			return i;
> 
>  	/* iterate over algorithms provided by kernel-headers */
Vitaly Chikunov Feb. 11, 2019, 5:52 p.m. UTC | #2
Mimi,

On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote:
> On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote:
> > For compatibility with older OpenSSL try to load digest by its alias if
> > load by its proper name is failed.
> > 
> > This is configured in pkey_hash_algo by mentioning loadable alias first in the
> > comma separated list of algo names.
> 
> After this patch, I can not verify the signature.  It's failing to
> find the hash algorithm.

Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY
API". I didn't consider it a problem since streebog256 should not work
for sign/verify anyway (since RSA should not support it). That EVP_PKEY
patch which adds ability to sign/verify for Streebog also fixes above
problem.

> evmctl ima_sign -k <private key> -p -a streebog256 ./foo.txt  --xattr-user
> evmctl ima_verify -k <public key>  ./foo.txt  --xattr-user
> 
> Mimi
> 
> > 
> > Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> > ---
> > Changes since v1:
> > - New patch.
> > Changes since v2:
> > - No changes.
> > 
> >  src/imaevm.h    |  1 +
> >  src/libimaevm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++----
> >  2 files changed, 52 insertions(+), 4 deletions(-)
> > 
> > diff --git a/src/imaevm.h b/src/imaevm.h
> > index c81bf21..795966a 100644
> > --- a/src/imaevm.h
> > +++ b/src/imaevm.h
> > @@ -75,6 +75,7 @@
> >  #define	DATA_SIZE	4096
> >  #define SHA1_HASH_LEN   20
> > 
> > +#define MAX_DIGEST_NAME		32
> >  #define MAX_DIGEST_SIZE		64
> >  #define MAX_SIGNATURE_SIZE	1024
> > 
> > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > index cb4721b..7501303 100644
> > --- a/src/libimaevm.c
> > +++ b/src/libimaevm.c
> > @@ -41,6 +41,7 @@
> >  /* should we use logger instead for library? */
> >  #define USE_FPRINTF
> > 
> > +#define _GNU_SOURCE
> >  #include <sys/types.h>
> >  #include <sys/param.h>
> >  #include <sys/stat.h>
> > @@ -56,6 +57,7 @@
> >  #include <openssl/pem.h>
> >  #include <openssl/evp.h>
> >  #include <openssl/x509.h>
> > +#include <openssl/engine.h>
> >  #include <openssl/err.h>
> > 
> >  #include "imaevm.h"
> > @@ -70,8 +72,8 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
> >  	[PKEY_HASH_SHA384]	= "sha384",
> >  	[PKEY_HASH_SHA512]	= "sha512",
> >  	[PKEY_HASH_SHA224]	= "sha224",
> > -	[PKEY_HASH_STREEBOG_256] = "streebog256",
> > -	[PKEY_HASH_STREEBOG_512] = "streebog512",
> > +	[PKEY_HASH_STREEBOG_256] = "md_gost12_256,streebog256",
> > +	[PKEY_HASH_STREEBOG_512] = "md_gost12_512,streebog512",
> >  };
> > 
> >  /*
> > @@ -284,6 +286,35 @@ static int add_dev_hash(struct stat *st, EVP_MD_CTX *ctx)
> >  	return !EVP_DigestUpdate(ctx, &dev, sizeof(dev));
> >  }
> > 
> > +/* Call EVP_get_digestbyname with provided name and with alias,
> > + * which is first name in the comma separated list of names
> > + * in pkey_hash_algo.
> > + */
> > +static const EVP_MD *get_digestbyname(const char *name)
> > +{
> > +	const EVP_MD *md;
> > +
> > +	md = EVP_get_digestbyname(params.hash_algo);
> > +	if (!md) {
> > +		char alias[MAX_DIGEST_NAME];
> > +		int len;
> > +		int algo_id;
> > +		const char *algo_alias;
> > +
> > +		/* try to get algo by its alias */
> > +		algo_id = get_hash_algo(params.hash_algo);
> > +		algo_alias = get_hash_algo_by_id(algo_id);
> > +		len = strchrnul(algo_alias, ',') - algo_alias;
> > +		if (len < sizeof(alias)) {
> > +			memcpy(alias, algo_alias, len);
> > +			alias[len] = '\0';
> > +			if (strcmp(params.hash_algo, alias))
> > +				md = EVP_get_digestbyname(alias);
> > +		}
> > +	}
> > +	return md;
> > +}
> > +
> >  int ima_calc_hash(const char *file, uint8_t *hash)
> >  {
> >  	const EVP_MD *md;
> > @@ -305,7 +336,7 @@ int ima_calc_hash(const char *file, uint8_t *hash)
> >  		return err;
> >  	}
> > 
> > -	md = EVP_get_digestbyname(params.hash_algo);
> > +	md = get_digestbyname(params.hash_algo);
> >  	if (!md) {
> >  		log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo);
> >  		return 1;
> > @@ -561,6 +592,22 @@ static int algocmp(const char *a, const char *b)
> >  	return *a || *b;
> >  }
> > 
> > +static int strmatch(const char *needle, const char *haystack)
> > +{
> > +	int len = strlen(needle);
> > +	const char *p = haystack;
> > +	const char *t;
> > +
> > +	for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) {
> > +		if (t - p == len &&
> > +		    !strncmp(needle, p, len))
> > +			return 0;
> > +		if (!*t++)
> > +			break;
> > +	}
> > +	return 1;
> > +}
> > +
> >  int get_hash_algo(const char *algo)
> >  {
> >  	int i;
> > @@ -568,7 +615,7 @@ int get_hash_algo(const char *algo)
> >  	/* first iterate over builtin algorithms */
> >  	for (i = 0; i < PKEY_HASH__LAST; i++)
> >  		if (pkey_hash_algo[i] &&
> > -		    !strcmp(algo, pkey_hash_algo[i]))
> > +		    !strmatch(algo, pkey_hash_algo[i]))
> >  			return i;
> > 
> >  	/* iterate over algorithms provided by kernel-headers */
Mimi Zohar Feb. 11, 2019, 5:59 p.m. UTC | #3
On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote:
> Mimi,
> 
> On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote:
> > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote:
> > > For compatibility with older OpenSSL try to load digest by its alias if
> > > load by its proper name is failed.
> > > 
> > > This is configured in pkey_hash_algo by mentioning loadable alias first in the
> > > comma separated list of algo names.
> > 
> > After this patch, I can not verify the signature.  It's failing to
> > find the hash algorithm.
> 
> Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY
> API". I didn't consider it a problem since streebog256 should not work
> for sign/verify anyway (since RSA should not support it). That EVP_PKEY
> patch which adds ability to sign/verify for Streebog also fixes above
> problem.

I've been having second thoughts about this patch in general, as it
made the hash algorithm comparison unnecessarily more complex for the
simple case.  As there hasn't been a new ima-evm-utils release with
patch, perhaps we should simple remove/revert it?

Mimi

> 
> > evmctl ima_sign -k <private key> -p -a streebog256 ./foo.txt  --xattr-user
> > evmctl ima_verify -k <public key>  ./foo.txt  --xattr-user
> > 
> > Mimi
> > 
> > > 
> > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> > > ---
> > > Changes since v1:
> > > - New patch.
> > > Changes since v2:
> > > - No changes.
> > > 
> > >  src/imaevm.h    |  1 +
> > >  src/libimaevm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++----
> > >  2 files changed, 52 insertions(+), 4 deletions(-)
> > > 
> > > diff --git a/src/imaevm.h b/src/imaevm.h
> > > index c81bf21..795966a 100644
> > > --- a/src/imaevm.h
> > > +++ b/src/imaevm.h
> > > @@ -75,6 +75,7 @@
> > >  #define	DATA_SIZE	4096
> > >  #define SHA1_HASH_LEN   20
> > > 
> > > +#define MAX_DIGEST_NAME		32
> > >  #define MAX_DIGEST_SIZE		64
> > >  #define MAX_SIGNATURE_SIZE	1024
> > > 
> > > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > > index cb4721b..7501303 100644
> > > --- a/src/libimaevm.c
> > > +++ b/src/libimaevm.c
> > > @@ -41,6 +41,7 @@
> > >  /* should we use logger instead for library? */
> > >  #define USE_FPRINTF
> > > 
> > > +#define _GNU_SOURCE
> > >  #include <sys/types.h>
> > >  #include <sys/param.h>
> > >  #include <sys/stat.h>
> > > @@ -56,6 +57,7 @@
> > >  #include <openssl/pem.h>
> > >  #include <openssl/evp.h>
> > >  #include <openssl/x509.h>
> > > +#include <openssl/engine.h>
> > >  #include <openssl/err.h>
> > > 
> > >  #include "imaevm.h"
> > > @@ -70,8 +72,8 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
> > >  	[PKEY_HASH_SHA384]	= "sha384",
> > >  	[PKEY_HASH_SHA512]	= "sha512",
> > >  	[PKEY_HASH_SHA224]	= "sha224",
> > > -	[PKEY_HASH_STREEBOG_256] = "streebog256",
> > > -	[PKEY_HASH_STREEBOG_512] = "streebog512",
> > > +	[PKEY_HASH_STREEBOG_256] = "md_gost12_256,streebog256",
> > > +	[PKEY_HASH_STREEBOG_512] = "md_gost12_512,streebog512",
> > >  };
> > > 
> > >  /*
> > > @@ -284,6 +286,35 @@ static int add_dev_hash(struct stat *st, EVP_MD_CTX *ctx)
> > >  	return !EVP_DigestUpdate(ctx, &dev, sizeof(dev));
> > >  }
> > > 
> > > +/* Call EVP_get_digestbyname with provided name and with alias,
> > > + * which is first name in the comma separated list of names
> > > + * in pkey_hash_algo.
> > > + */
> > > +static const EVP_MD *get_digestbyname(const char *name)
> > > +{
> > > +	const EVP_MD *md;
> > > +
> > > +	md = EVP_get_digestbyname(params.hash_algo);
> > > +	if (!md) {
> > > +		char alias[MAX_DIGEST_NAME];
> > > +		int len;
> > > +		int algo_id;
> > > +		const char *algo_alias;
> > > +
> > > +		/* try to get algo by its alias */
> > > +		algo_id = get_hash_algo(params.hash_algo);
> > > +		algo_alias = get_hash_algo_by_id(algo_id);
> > > +		len = strchrnul(algo_alias, ',') - algo_alias;
> > > +		if (len < sizeof(alias)) {
> > > +			memcpy(alias, algo_alias, len);
> > > +			alias[len] = '\0';
> > > +			if (strcmp(params.hash_algo, alias))
> > > +				md = EVP_get_digestbyname(alias);
> > > +		}
> > > +	}
> > > +	return md;
> > > +}
> > > +
> > >  int ima_calc_hash(const char *file, uint8_t *hash)
> > >  {
> > >  	const EVP_MD *md;
> > > @@ -305,7 +336,7 @@ int ima_calc_hash(const char *file, uint8_t *hash)
> > >  		return err;
> > >  	}
> > > 
> > > -	md = EVP_get_digestbyname(params.hash_algo);
> > > +	md = get_digestbyname(params.hash_algo);
> > >  	if (!md) {
> > >  		log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo);
> > >  		return 1;
> > > @@ -561,6 +592,22 @@ static int algocmp(const char *a, const char *b)
> > >  	return *a || *b;
> > >  }
> > > 
> > > +static int strmatch(const char *needle, const char *haystack)
> > > +{
> > > +	int len = strlen(needle);
> > > +	const char *p = haystack;
> > > +	const char *t;
> > > +
> > > +	for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) {
> > > +		if (t - p == len &&
> > > +		    !strncmp(needle, p, len))
> > > +			return 0;
> > > +		if (!*t++)
> > > +			break;
> > > +	}
> > > +	return 1;
> > > +}
> > > +
> > >  int get_hash_algo(const char *algo)
> > >  {
> > >  	int i;
> > > @@ -568,7 +615,7 @@ int get_hash_algo(const char *algo)
> > >  	/* first iterate over builtin algorithms */
> > >  	for (i = 0; i < PKEY_HASH__LAST; i++)
> > >  		if (pkey_hash_algo[i] &&
> > > -		    !strcmp(algo, pkey_hash_algo[i]))
> > > +		    !strmatch(algo, pkey_hash_algo[i]))
> > >  			return i;
> > > 
> > >  	/* iterate over algorithms provided by kernel-headers */
>
Vitaly Chikunov Feb. 11, 2019, 6:13 p.m. UTC | #4
Mimi,

On Mon, Feb 11, 2019 at 12:59:12PM -0500, Mimi Zohar wrote:
> On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote:
> > On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote:
> > > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote:
> > > > For compatibility with older OpenSSL try to load digest by its alias if
> > > > load by its proper name is failed.
> > > > 
> > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the
> > > > comma separated list of algo names.
> > > 
> > > After this patch, I can not verify the signature.  It's failing to
> > > find the hash algorithm.
> > 
> > Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY
> > API". I didn't consider it a problem since streebog256 should not work
> > for sign/verify anyway (since RSA should not support it). That EVP_PKEY
> > patch which adds ability to sign/verify for Streebog also fixes above
> > problem.
> 
> I've been having second thoughts about this patch in general, as it
> made the hash algorithm comparison unnecessarily more complex for the
> simple case.  As there hasn't been a new ima-evm-utils release with
> patch, perhaps we should simple remove/revert it?

It was only for compatibility with older openssl/gost-engine, where
"streebog256" name is not defined yet. If you don't want to allow that
users to use Streebog feel free to revert it.

I was not found this mistake at the time, since Streebog should only be
used in ima_hash and not in ima_sign/verify (which requires RSA support
which I intentionally didn't add, planning to add EC-RDSA support later),
so that code path was not tested.

> 
> Mimi
> 
> > 
> > > evmctl ima_sign -k <private key> -p -a streebog256 ./foo.txt  --xattr-user
> > > evmctl ima_verify -k <public key>  ./foo.txt  --xattr-user
> > > 
> > > Mimi
> > > 
> > > > 
> > > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> > > > ---
> > > > Changes since v1:
> > > > - New patch.
> > > > Changes since v2:
> > > > - No changes.
> > > > 
> > > >  src/imaevm.h    |  1 +
> > > >  src/libimaevm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++----
> > > >  2 files changed, 52 insertions(+), 4 deletions(-)
> > > > 
> > > > diff --git a/src/imaevm.h b/src/imaevm.h
> > > > index c81bf21..795966a 100644
> > > > --- a/src/imaevm.h
> > > > +++ b/src/imaevm.h
> > > > @@ -75,6 +75,7 @@
> > > >  #define	DATA_SIZE	4096
> > > >  #define SHA1_HASH_LEN   20
> > > > 
> > > > +#define MAX_DIGEST_NAME		32
> > > >  #define MAX_DIGEST_SIZE		64
> > > >  #define MAX_SIGNATURE_SIZE	1024
> > > > 
> > > > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > > > index cb4721b..7501303 100644
> > > > --- a/src/libimaevm.c
> > > > +++ b/src/libimaevm.c
> > > > @@ -41,6 +41,7 @@
> > > >  /* should we use logger instead for library? */
> > > >  #define USE_FPRINTF
> > > > 
> > > > +#define _GNU_SOURCE
> > > >  #include <sys/types.h>
> > > >  #include <sys/param.h>
> > > >  #include <sys/stat.h>
> > > > @@ -56,6 +57,7 @@
> > > >  #include <openssl/pem.h>
> > > >  #include <openssl/evp.h>
> > > >  #include <openssl/x509.h>
> > > > +#include <openssl/engine.h>
> > > >  #include <openssl/err.h>
> > > > 
> > > >  #include "imaevm.h"
> > > > @@ -70,8 +72,8 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
> > > >  	[PKEY_HASH_SHA384]	= "sha384",
> > > >  	[PKEY_HASH_SHA512]	= "sha512",
> > > >  	[PKEY_HASH_SHA224]	= "sha224",
> > > > -	[PKEY_HASH_STREEBOG_256] = "streebog256",
> > > > -	[PKEY_HASH_STREEBOG_512] = "streebog512",
> > > > +	[PKEY_HASH_STREEBOG_256] = "md_gost12_256,streebog256",
> > > > +	[PKEY_HASH_STREEBOG_512] = "md_gost12_512,streebog512",
> > > >  };
> > > > 
> > > >  /*
> > > > @@ -284,6 +286,35 @@ static int add_dev_hash(struct stat *st, EVP_MD_CTX *ctx)
> > > >  	return !EVP_DigestUpdate(ctx, &dev, sizeof(dev));
> > > >  }
> > > > 
> > > > +/* Call EVP_get_digestbyname with provided name and with alias,
> > > > + * which is first name in the comma separated list of names
> > > > + * in pkey_hash_algo.
> > > > + */
> > > > +static const EVP_MD *get_digestbyname(const char *name)
> > > > +{
> > > > +	const EVP_MD *md;
> > > > +
> > > > +	md = EVP_get_digestbyname(params.hash_algo);
> > > > +	if (!md) {
> > > > +		char alias[MAX_DIGEST_NAME];
> > > > +		int len;
> > > > +		int algo_id;
> > > > +		const char *algo_alias;
> > > > +
> > > > +		/* try to get algo by its alias */
> > > > +		algo_id = get_hash_algo(params.hash_algo);
> > > > +		algo_alias = get_hash_algo_by_id(algo_id);
> > > > +		len = strchrnul(algo_alias, ',') - algo_alias;
> > > > +		if (len < sizeof(alias)) {
> > > > +			memcpy(alias, algo_alias, len);
> > > > +			alias[len] = '\0';
> > > > +			if (strcmp(params.hash_algo, alias))
> > > > +				md = EVP_get_digestbyname(alias);
> > > > +		}
> > > > +	}
> > > > +	return md;
> > > > +}
> > > > +
> > > >  int ima_calc_hash(const char *file, uint8_t *hash)
> > > >  {
> > > >  	const EVP_MD *md;
> > > > @@ -305,7 +336,7 @@ int ima_calc_hash(const char *file, uint8_t *hash)
> > > >  		return err;
> > > >  	}
> > > > 
> > > > -	md = EVP_get_digestbyname(params.hash_algo);
> > > > +	md = get_digestbyname(params.hash_algo);
> > > >  	if (!md) {
> > > >  		log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo);
> > > >  		return 1;
> > > > @@ -561,6 +592,22 @@ static int algocmp(const char *a, const char *b)
> > > >  	return *a || *b;
> > > >  }
> > > > 
> > > > +static int strmatch(const char *needle, const char *haystack)
> > > > +{
> > > > +	int len = strlen(needle);
> > > > +	const char *p = haystack;
> > > > +	const char *t;
> > > > +
> > > > +	for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) {
> > > > +		if (t - p == len &&
> > > > +		    !strncmp(needle, p, len))
> > > > +			return 0;
> > > > +		if (!*t++)
> > > > +			break;
> > > > +	}
> > > > +	return 1;
> > > > +}
> > > > +
> > > >  int get_hash_algo(const char *algo)
> > > >  {
> > > >  	int i;
> > > > @@ -568,7 +615,7 @@ int get_hash_algo(const char *algo)
> > > >  	/* first iterate over builtin algorithms */
> > > >  	for (i = 0; i < PKEY_HASH__LAST; i++)
> > > >  		if (pkey_hash_algo[i] &&
> > > > -		    !strcmp(algo, pkey_hash_algo[i]))
> > > > +		    !strmatch(algo, pkey_hash_algo[i]))
> > > >  			return i;
> > > > 
> > > >  	/* iterate over algorithms provided by kernel-headers */
> >
Vitaly Chikunov Feb. 11, 2019, 6:21 p.m. UTC | #5
On Mon, Feb 11, 2019 at 09:13:00PM +0300, Vitaly Chikunov wrote:
> Mimi,
> 
> On Mon, Feb 11, 2019 at 12:59:12PM -0500, Mimi Zohar wrote:
> > On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote:
> > > On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote:
> > > > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote:
> > > > > For compatibility with older OpenSSL try to load digest by its alias if
> > > > > load by its proper name is failed.
> > > > > 
> > > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the
> > > > > comma separated list of algo names.
> > > > 
> > > > After this patch, I can not verify the signature.  It's failing to
> > > > find the hash algorithm.
> > > 
> > > Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY
> > > API". I didn't consider it a problem since streebog256 should not work
> > > for sign/verify anyway (since RSA should not support it). That EVP_PKEY
> > > patch which adds ability to sign/verify for Streebog also fixes above
> > > problem.
> > 
> > I've been having second thoughts about this patch in general, as it
> > made the hash algorithm comparison unnecessarily more complex for the
> > simple case.  As there hasn't been a new ima-evm-utils release with
> > patch, perhaps we should simple remove/revert it?
> 
> It was only for compatibility with older openssl/gost-engine, where
> "streebog256" name is not defined yet. If you don't want to allow that
> users to use Streebog feel free to revert it.
> 
> I was not found this mistake at the time, since Streebog should only be
> used in ima_hash and not in ima_sign/verify (which requires RSA support
> which I intentionally didn't add, planning to add EC-RDSA support later),
> so that code path was not tested.

This copy-paste of the fix form "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY API":

@@ -159,8 +102,12 @@ void dump(const void *ptr, int len)

 const char *get_hash_algo_by_id(int algo)
 {
-       if (algo < PKEY_HASH__LAST)
-           return pkey_hash_algo[algo];
+       if (algo < PKEY_HASH__LAST) {
+               const char *name = pkey_hash_algo[algo];
+               const char *last = strrchr(name, ',');
+
+           return last ? last + 1 : name;
+       }
        if (algo < HASH_ALGO__LAST)
            return hash_algo_name[algo];

> 
> > 
> > Mimi
> > 
> > > 
> > > > evmctl ima_sign -k <private key> -p -a streebog256 ./foo.txt  --xattr-user
> > > > evmctl ima_verify -k <public key>  ./foo.txt  --xattr-user
> > > > 
> > > > Mimi
> > > > 
> > > > > 
> > > > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> > > > > ---
> > > > > Changes since v1:
> > > > > - New patch.
> > > > > Changes since v2:
> > > > > - No changes.
> > > > > 
> > > > >  src/imaevm.h    |  1 +
> > > > >  src/libimaevm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++----
> > > > >  2 files changed, 52 insertions(+), 4 deletions(-)
> > > > > 
> > > > > diff --git a/src/imaevm.h b/src/imaevm.h
> > > > > index c81bf21..795966a 100644
> > > > > --- a/src/imaevm.h
> > > > > +++ b/src/imaevm.h
> > > > > @@ -75,6 +75,7 @@
> > > > >  #define	DATA_SIZE	4096
> > > > >  #define SHA1_HASH_LEN   20
> > > > > 
> > > > > +#define MAX_DIGEST_NAME		32
> > > > >  #define MAX_DIGEST_SIZE		64
> > > > >  #define MAX_SIGNATURE_SIZE	1024
> > > > > 
> > > > > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > > > > index cb4721b..7501303 100644
> > > > > --- a/src/libimaevm.c
> > > > > +++ b/src/libimaevm.c
> > > > > @@ -41,6 +41,7 @@
> > > > >  /* should we use logger instead for library? */
> > > > >  #define USE_FPRINTF
> > > > > 
> > > > > +#define _GNU_SOURCE
> > > > >  #include <sys/types.h>
> > > > >  #include <sys/param.h>
> > > > >  #include <sys/stat.h>
> > > > > @@ -56,6 +57,7 @@
> > > > >  #include <openssl/pem.h>
> > > > >  #include <openssl/evp.h>
> > > > >  #include <openssl/x509.h>
> > > > > +#include <openssl/engine.h>
> > > > >  #include <openssl/err.h>
> > > > > 
> > > > >  #include "imaevm.h"
> > > > > @@ -70,8 +72,8 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
> > > > >  	[PKEY_HASH_SHA384]	= "sha384",
> > > > >  	[PKEY_HASH_SHA512]	= "sha512",
> > > > >  	[PKEY_HASH_SHA224]	= "sha224",
> > > > > -	[PKEY_HASH_STREEBOG_256] = "streebog256",
> > > > > -	[PKEY_HASH_STREEBOG_512] = "streebog512",
> > > > > +	[PKEY_HASH_STREEBOG_256] = "md_gost12_256,streebog256",
> > > > > +	[PKEY_HASH_STREEBOG_512] = "md_gost12_512,streebog512",
> > > > >  };
> > > > > 
> > > > >  /*
> > > > > @@ -284,6 +286,35 @@ static int add_dev_hash(struct stat *st, EVP_MD_CTX *ctx)
> > > > >  	return !EVP_DigestUpdate(ctx, &dev, sizeof(dev));
> > > > >  }
> > > > > 
> > > > > +/* Call EVP_get_digestbyname with provided name and with alias,
> > > > > + * which is first name in the comma separated list of names
> > > > > + * in pkey_hash_algo.
> > > > > + */
> > > > > +static const EVP_MD *get_digestbyname(const char *name)
> > > > > +{
> > > > > +	const EVP_MD *md;
> > > > > +
> > > > > +	md = EVP_get_digestbyname(params.hash_algo);
> > > > > +	if (!md) {
> > > > > +		char alias[MAX_DIGEST_NAME];
> > > > > +		int len;
> > > > > +		int algo_id;
> > > > > +		const char *algo_alias;
> > > > > +
> > > > > +		/* try to get algo by its alias */
> > > > > +		algo_id = get_hash_algo(params.hash_algo);
> > > > > +		algo_alias = get_hash_algo_by_id(algo_id);
> > > > > +		len = strchrnul(algo_alias, ',') - algo_alias;
> > > > > +		if (len < sizeof(alias)) {
> > > > > +			memcpy(alias, algo_alias, len);
> > > > > +			alias[len] = '\0';
> > > > > +			if (strcmp(params.hash_algo, alias))
> > > > > +				md = EVP_get_digestbyname(alias);
> > > > > +		}
> > > > > +	}
> > > > > +	return md;
> > > > > +}
> > > > > +
> > > > >  int ima_calc_hash(const char *file, uint8_t *hash)
> > > > >  {
> > > > >  	const EVP_MD *md;
> > > > > @@ -305,7 +336,7 @@ int ima_calc_hash(const char *file, uint8_t *hash)
> > > > >  		return err;
> > > > >  	}
> > > > > 
> > > > > -	md = EVP_get_digestbyname(params.hash_algo);
> > > > > +	md = get_digestbyname(params.hash_algo);
> > > > >  	if (!md) {
> > > > >  		log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo);
> > > > >  		return 1;
> > > > > @@ -561,6 +592,22 @@ static int algocmp(const char *a, const char *b)
> > > > >  	return *a || *b;
> > > > >  }
> > > > > 
> > > > > +static int strmatch(const char *needle, const char *haystack)
> > > > > +{
> > > > > +	int len = strlen(needle);
> > > > > +	const char *p = haystack;
> > > > > +	const char *t;
> > > > > +
> > > > > +	for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) {
> > > > > +		if (t - p == len &&
> > > > > +		    !strncmp(needle, p, len))
> > > > > +			return 0;
> > > > > +		if (!*t++)
> > > > > +			break;
> > > > > +	}
> > > > > +	return 1;
> > > > > +}
> > > > > +
> > > > >  int get_hash_algo(const char *algo)
> > > > >  {
> > > > >  	int i;
> > > > > @@ -568,7 +615,7 @@ int get_hash_algo(const char *algo)
> > > > >  	/* first iterate over builtin algorithms */
> > > > >  	for (i = 0; i < PKEY_HASH__LAST; i++)
> > > > >  		if (pkey_hash_algo[i] &&
> > > > > -		    !strcmp(algo, pkey_hash_algo[i]))
> > > > > +		    !strmatch(algo, pkey_hash_algo[i]))
> > > > >  			return i;
> > > > > 
> > > > >  	/* iterate over algorithms provided by kernel-headers */
> > >
Vitaly Chikunov Feb. 11, 2019, 7:26 p.m. UTC | #6
Mimi,

On Mon, Feb 11, 2019 at 09:21:15PM +0300, Vitaly Chikunov wrote:
> On Mon, Feb 11, 2019 at 09:13:00PM +0300, Vitaly Chikunov wrote:
> > On Mon, Feb 11, 2019 at 12:59:12PM -0500, Mimi Zohar wrote:
> > > On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote:
> > > > On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote:
> > > > > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote:
> > > > > > For compatibility with older OpenSSL try to load digest by its alias if
> > > > > > load by its proper name is failed.
> > > > > > 
> > > > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the
> > > > > > comma separated list of algo names.
> > > > > 
> > > > > After this patch, I can not verify the signature.  It's failing to
> > > > > find the hash algorithm.
> > > > 
> > > > Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY
> > > > API". I didn't consider it a problem since streebog256 should not work
> > > > for sign/verify anyway (since RSA should not support it). That EVP_PKEY
> > > > patch which adds ability to sign/verify for Streebog also fixes above
> > > > problem.
> > > 
> > > I've been having second thoughts about this patch in general, as it
> > > made the hash algorithm comparison unnecessarily more complex for the
> > > simple case.  As there hasn't been a new ima-evm-utils release with
> > > patch, perhaps we should simple remove/revert it?
> > 
> > It was only for compatibility with older openssl/gost-engine, where
> > "streebog256" name is not defined yet. If you don't want to allow that
> > users to use Streebog feel free to revert it.

Or you may suggest simpler approach.

Basically, we need to resole both text strings into the same PKEY_HASH_
id, allow any of the string pass into EVP_get_digestbyname, and resolve
PKEY_HASH_ id back into the correct hash name. Optionally, allow user to
specify new hash name on older openssl/gost-engine. This is all
implemented by that patch, it was not just overly complicated "hash
algorithm comparison".

My wish is we retain support of older openssl/gost-engine.

Thanks,

> > 
> > I was not found this mistake at the time, since Streebog should only be
> > used in ima_hash and not in ima_sign/verify (which requires RSA support
> > which I intentionally didn't add, planning to add EC-RDSA support later),
> > so that code path was not tested.
> 
> This copy-paste of the fix form "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY API":
> 
> @@ -159,8 +102,12 @@ void dump(const void *ptr, int len)
> 
>  const char *get_hash_algo_by_id(int algo)
>  {
> -       if (algo < PKEY_HASH__LAST)
> -           return pkey_hash_algo[algo];
> +       if (algo < PKEY_HASH__LAST) {
> +               const char *name = pkey_hash_algo[algo];
> +               const char *last = strrchr(name, ',');
> +
> +           return last ? last + 1 : name;
> +       }
>         if (algo < HASH_ALGO__LAST)
>             return hash_algo_name[algo];
> 
> > 
> > > 
> > > Mimi
> > > 
> > > > 
> > > > > evmctl ima_sign -k <private key> -p -a streebog256 ./foo.txt  --xattr-user
> > > > > evmctl ima_verify -k <public key>  ./foo.txt  --xattr-user
> > > > > 
> > > > > Mimi
> > > > > 
> > > > > > 
> > > > > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> > > > > > ---
> > > > > > Changes since v1:
> > > > > > - New patch.
> > > > > > Changes since v2:
> > > > > > - No changes.
> > > > > > 
> > > > > >  src/imaevm.h    |  1 +
> > > > > >  src/libimaevm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++----
> > > > > >  2 files changed, 52 insertions(+), 4 deletions(-)
> > > > > > 
> > > > > > diff --git a/src/imaevm.h b/src/imaevm.h
> > > > > > index c81bf21..795966a 100644
> > > > > > --- a/src/imaevm.h
> > > > > > +++ b/src/imaevm.h
> > > > > > @@ -75,6 +75,7 @@
> > > > > >  #define	DATA_SIZE	4096
> > > > > >  #define SHA1_HASH_LEN   20
> > > > > > 
> > > > > > +#define MAX_DIGEST_NAME		32
> > > > > >  #define MAX_DIGEST_SIZE		64
> > > > > >  #define MAX_SIGNATURE_SIZE	1024
> > > > > > 
> > > > > > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > > > > > index cb4721b..7501303 100644
> > > > > > --- a/src/libimaevm.c
> > > > > > +++ b/src/libimaevm.c
> > > > > > @@ -41,6 +41,7 @@
> > > > > >  /* should we use logger instead for library? */
> > > > > >  #define USE_FPRINTF
> > > > > > 
> > > > > > +#define _GNU_SOURCE
> > > > > >  #include <sys/types.h>
> > > > > >  #include <sys/param.h>
> > > > > >  #include <sys/stat.h>
> > > > > > @@ -56,6 +57,7 @@
> > > > > >  #include <openssl/pem.h>
> > > > > >  #include <openssl/evp.h>
> > > > > >  #include <openssl/x509.h>
> > > > > > +#include <openssl/engine.h>
> > > > > >  #include <openssl/err.h>
> > > > > > 
> > > > > >  #include "imaevm.h"
> > > > > > @@ -70,8 +72,8 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
> > > > > >  	[PKEY_HASH_SHA384]	= "sha384",
> > > > > >  	[PKEY_HASH_SHA512]	= "sha512",
> > > > > >  	[PKEY_HASH_SHA224]	= "sha224",
> > > > > > -	[PKEY_HASH_STREEBOG_256] = "streebog256",
> > > > > > -	[PKEY_HASH_STREEBOG_512] = "streebog512",
> > > > > > +	[PKEY_HASH_STREEBOG_256] = "md_gost12_256,streebog256",
> > > > > > +	[PKEY_HASH_STREEBOG_512] = "md_gost12_512,streebog512",
> > > > > >  };
> > > > > > 
> > > > > >  /*
> > > > > > @@ -284,6 +286,35 @@ static int add_dev_hash(struct stat *st, EVP_MD_CTX *ctx)
> > > > > >  	return !EVP_DigestUpdate(ctx, &dev, sizeof(dev));
> > > > > >  }
> > > > > > 
> > > > > > +/* Call EVP_get_digestbyname with provided name and with alias,
> > > > > > + * which is first name in the comma separated list of names
> > > > > > + * in pkey_hash_algo.
> > > > > > + */
> > > > > > +static const EVP_MD *get_digestbyname(const char *name)
> > > > > > +{
> > > > > > +	const EVP_MD *md;
> > > > > > +
> > > > > > +	md = EVP_get_digestbyname(params.hash_algo);
> > > > > > +	if (!md) {
> > > > > > +		char alias[MAX_DIGEST_NAME];
> > > > > > +		int len;
> > > > > > +		int algo_id;
> > > > > > +		const char *algo_alias;
> > > > > > +
> > > > > > +		/* try to get algo by its alias */
> > > > > > +		algo_id = get_hash_algo(params.hash_algo);
> > > > > > +		algo_alias = get_hash_algo_by_id(algo_id);
> > > > > > +		len = strchrnul(algo_alias, ',') - algo_alias;
> > > > > > +		if (len < sizeof(alias)) {
> > > > > > +			memcpy(alias, algo_alias, len);
> > > > > > +			alias[len] = '\0';
> > > > > > +			if (strcmp(params.hash_algo, alias))
> > > > > > +				md = EVP_get_digestbyname(alias);
> > > > > > +		}
> > > > > > +	}
> > > > > > +	return md;
> > > > > > +}
> > > > > > +
> > > > > >  int ima_calc_hash(const char *file, uint8_t *hash)
> > > > > >  {
> > > > > >  	const EVP_MD *md;
> > > > > > @@ -305,7 +336,7 @@ int ima_calc_hash(const char *file, uint8_t *hash)
> > > > > >  		return err;
> > > > > >  	}
> > > > > > 
> > > > > > -	md = EVP_get_digestbyname(params.hash_algo);
> > > > > > +	md = get_digestbyname(params.hash_algo);
> > > > > >  	if (!md) {
> > > > > >  		log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo);
> > > > > >  		return 1;
> > > > > > @@ -561,6 +592,22 @@ static int algocmp(const char *a, const char *b)
> > > > > >  	return *a || *b;
> > > > > >  }
> > > > > > 
> > > > > > +static int strmatch(const char *needle, const char *haystack)
> > > > > > +{
> > > > > > +	int len = strlen(needle);
> > > > > > +	const char *p = haystack;
> > > > > > +	const char *t;
> > > > > > +
> > > > > > +	for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) {
> > > > > > +		if (t - p == len &&
> > > > > > +		    !strncmp(needle, p, len))
> > > > > > +			return 0;
> > > > > > +		if (!*t++)
> > > > > > +			break;
> > > > > > +	}
> > > > > > +	return 1;
> > > > > > +}
> > > > > > +
> > > > > >  int get_hash_algo(const char *algo)
> > > > > >  {
> > > > > >  	int i;
> > > > > > @@ -568,7 +615,7 @@ int get_hash_algo(const char *algo)
> > > > > >  	/* first iterate over builtin algorithms */
> > > > > >  	for (i = 0; i < PKEY_HASH__LAST; i++)
> > > > > >  		if (pkey_hash_algo[i] &&
> > > > > > -		    !strcmp(algo, pkey_hash_algo[i]))
> > > > > > +		    !strmatch(algo, pkey_hash_algo[i]))
> > > > > >  			return i;
> > > > > > 
> > > > > >  	/* iterate over algorithms provided by kernel-headers */
> > > >
Mimi Zohar Feb. 11, 2019, 8:21 p.m. UTC | #7
On Mon, 2019-02-11 at 22:26 +0300, Vitaly Chikunov wrote:
> Mimi,
> 
> On Mon, Feb 11, 2019 at 09:21:15PM +0300, Vitaly Chikunov wrote:
> > On Mon, Feb 11, 2019 at 09:13:00PM +0300, Vitaly Chikunov wrote:
> > > On Mon, Feb 11, 2019 at 12:59:12PM -0500, Mimi Zohar wrote:
> > > > On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote:
> > > > > On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote:
> > > > > > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote:
> > > > > > > For compatibility with older OpenSSL try to load digest by its alias if
> > > > > > > load by its proper name is failed.
> > > > > > > 
> > > > > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the
> > > > > > > comma separated list of algo names.
> > > > > > 
> > > > > > After this patch, I can not verify the signature.  It's failing to
> > > > > > find the hash algorithm.
> > > > > 
> > > > > Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY
> > > > > API". I didn't consider it a problem since streebog256 should not work
> > > > > for sign/verify anyway (since RSA should not support it). That EVP_PKEY
> > > > > patch which adds ability to sign/verify for Streebog also fixes above
> > > > > problem.
> > > > 
> > > > I've been having second thoughts about this patch in general, as it
> > > > made the hash algorithm comparison unnecessarily more complex for the
> > > > simple case.  As there hasn't been a new ima-evm-utils release with
> > > > patch, perhaps we should simple remove/revert it?
> > > 
> > > It was only for compatibility with older openssl/gost-engine, where
> > > "streebog256" name is not defined yet. If you don't want to allow that
> > > users to use Streebog feel free to revert it.
> 
> Or you may suggest simpler approach.
> 
> Basically, we need to resole both text strings into the same PKEY_HASH_
> id, allow any of the string pass into EVP_get_digestbyname, and resolve
> PKEY_HASH_ id back into the correct hash name. Optionally, allow user to
> specify new hash name on older openssl/gost-engine. This is all
> implemented by that patch, it was not just overly complicated "hash
> algorithm comparison".
> 
> My wish is we retain support of older openssl/gost-engine.

The following seems to fix the problem, but instead of adding it in
strmatch(), as below, I would add it before the strmatch() call.  Then
strmatch is only called as needed.

diff --git a/src/libimaevm.c b/src/libimaevm.c
index d9ffa13befb0..7901215da655 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -598,6 +598,9 @@ static int strmatch(const char *needle, const char *haystack)
        const char *p = haystack;
        const char *t;
 
+       if (strcmp(needle, haystack) == 0)
+               return 0;
+
        for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) {
                if (t - p == len &&
                    !strncmp(needle, p, len))

Mimi
Vitaly Chikunov Feb. 11, 2019, 8:37 p.m. UTC | #8
Mimi,

On Mon, Feb 11, 2019 at 03:21:03PM -0500, Mimi Zohar wrote:
> On Mon, 2019-02-11 at 22:26 +0300, Vitaly Chikunov wrote:
> > On Mon, Feb 11, 2019 at 09:21:15PM +0300, Vitaly Chikunov wrote:
> > > On Mon, Feb 11, 2019 at 09:13:00PM +0300, Vitaly Chikunov wrote:
> > > > On Mon, Feb 11, 2019 at 12:59:12PM -0500, Mimi Zohar wrote:
> > > > > On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote:
> > > > > > On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote:
> > > > > > > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote:
> > > > > > > > For compatibility with older OpenSSL try to load digest by its alias if
> > > > > > > > load by its proper name is failed.
> > > > > > > > 
> > > > > > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the
> > > > > > > > comma separated list of algo names.
> > > > > > > 
> > > > > > > After this patch, I can not verify the signature.  It's failing to
> > > > > > > find the hash algorithm.
> > > > > > 
> > > > > > Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY
> > > > > > API". I didn't consider it a problem since streebog256 should not work
> > > > > > for sign/verify anyway (since RSA should not support it). That EVP_PKEY
> > > > > > patch which adds ability to sign/verify for Streebog also fixes above
> > > > > > problem.
> > > > > 
> > > > > I've been having second thoughts about this patch in general, as it
> > > > > made the hash algorithm comparison unnecessarily more complex for the
> > > > > simple case.  As there hasn't been a new ima-evm-utils release with
> > > > > patch, perhaps we should simple remove/revert it?
> > > > 
> > > > It was only for compatibility with older openssl/gost-engine, where
> > > > "streebog256" name is not defined yet. If you don't want to allow that
> > > > users to use Streebog feel free to revert it.
> > 
> > Or you may suggest simpler approach.
> > 
> > Basically, we need to resole both text strings into the same PKEY_HASH_
> > id, allow any of the string pass into EVP_get_digestbyname, and resolve
> > PKEY_HASH_ id back into the correct hash name. Optionally, allow user to
> > specify new hash name on older openssl/gost-engine. This is all
> > implemented by that patch, it was not just overly complicated "hash
> > algorithm comparison".
> > 
> > My wish is we retain support of older openssl/gost-engine.
> 
> The following seems to fix the problem, but instead of adding it in
> strmatch(), as below, I would add it before the strmatch() call.  Then
> strmatch is only called as needed.

IC. I will try to conceptually simplify the code and prepare another
patch. Probably, I will split pkey_hash_algop[] into two arrays, simple
one where strcmp() in the loop is used, and complex one for hash names
with aliases. I will try to replace strmatch() with just simple string 
array loop.

> 
> diff --git a/src/libimaevm.c b/src/libimaevm.c
> index d9ffa13befb0..7901215da655 100644
> --- a/src/libimaevm.c
> +++ b/src/libimaevm.c
> @@ -598,6 +598,9 @@ static int strmatch(const char *needle, const char *haystack)
>         const char *p = haystack;
>         const char *t;
>  
> +       if (strcmp(needle, haystack) == 0)
> +               return 0;
> +
>         for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) {
>                 if (t - p == len &&
>                     !strncmp(needle, p, len))
> 
> Mimi
Mimi Zohar Feb. 12, 2019, 3:41 p.m. UTC | #9
On Mon, 2019-02-11 at 23:37 +0300, Vitaly Chikunov wrote:
> Mimi,
> 
> On Mon, Feb 11, 2019 at 03:21:03PM -0500, Mimi Zohar wrote:
> > On Mon, 2019-02-11 at 22:26 +0300, Vitaly Chikunov wrote:
> > > On Mon, Feb 11, 2019 at 09:21:15PM +0300, Vitaly Chikunov wrote:
> > > > On Mon, Feb 11, 2019 at 09:13:00PM +0300, Vitaly Chikunov wrote:
> > > > > On Mon, Feb 11, 2019 at 12:59:12PM -0500, Mimi Zohar wrote:
> > > > > > On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote:
> > > > > > > On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote:
> > > > > > > > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote:
> > > > > > > > > For compatibility with older OpenSSL try to load digest by its alias if
> > > > > > > > > load by its proper name is failed.
> > > > > > > > > 
> > > > > > > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the
> > > > > > > > > comma separated list of algo names.
> > > > > > > > 
> > > > > > > > After this patch, I can not verify the signature.  It's failing to
> > > > > > > > find the hash algorithm.
> > > > > > > 
> > > > > > > Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY
> > > > > > > API". I didn't consider it a problem since streebog256 should not work
> > > > > > > for sign/verify anyway (since RSA should not support it). That EVP_PKEY
> > > > > > > patch which adds ability to sign/verify for Streebog also fixes above
> > > > > > > problem.
> > > > > > 
> > > > > > I've been having second thoughts about this patch in general, as it
> > > > > > made the hash algorithm comparison unnecessarily more complex for the
> > > > > > simple case.  As there hasn't been a new ima-evm-utils release with
> > > > > > patch, perhaps we should simple remove/revert it?
> > > > > 
> > > > > It was only for compatibility with older openssl/gost-engine, where
> > > > > "streebog256" name is not defined yet. If you don't want to allow that
> > > > > users to use Streebog feel free to revert it.
> > > 
> > > Or you may suggest simpler approach.
> > > 
> > > Basically, we need to resole both text strings into the same PKEY_HASH_
> > > id, allow any of the string pass into EVP_get_digestbyname, and resolve
> > > PKEY_HASH_ id back into the correct hash name. Optionally, allow user to
> > > specify new hash name on older openssl/gost-engine. This is all
> > > implemented by that patch, it was not just overly complicated "hash
> > > algorithm comparison".
> > > 
> > > My wish is we retain support of older openssl/gost-engine.
> > 
> > The following seems to fix the problem, but instead of adding it in
> > strmatch(), as below, I would add it before the strmatch() call.  Then
> > strmatch is only called as needed.
> 
> IC.

The patch below isn't addressing old vs. new naming, but fixes
"ima_verify".  Adding the following line, results in "strmatch: algo
md_gost12_256,streebog256".  It's trying to match the entire string,
but fails without the strcmp().

+       log_info("strmatch: algo %s \n", needle);

Mimi


> I will try to conceptually simplify the code and prepare another
> patch. Probably, I will split pkey_hash_algop[] into two arrays, simple
> one where strcmp() in the loop is used, and complex one for hash names
> with aliases. I will try to replace strmatch() with just simple string 
> array loop.
> 
> > 
> > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > index d9ffa13befb0..7901215da655 100644
> > --- a/src/libimaevm.c
> > +++ b/src/libimaevm.c
> > @@ -598,6 +598,9 @@ static int strmatch(const char *needle, const char *haystack)
> >         const char *p = haystack;
> >         const char *t;
> >  
> > +       if (strcmp(needle, haystack) == 0)
> > +               return 0;
> > +
> >         for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) {
> >                 if (t - p == len &&
> >                     !strncmp(needle, p, len))
> > 
> > Mimi
>
Vitaly Chikunov Feb. 12, 2019, 5:07 p.m. UTC | #10
On Tue, Feb 12, 2019 at 10:41:46AM -0500, Mimi Zohar wrote:
> On Mon, 2019-02-11 at 23:37 +0300, Vitaly Chikunov wrote:
> > Mimi,
> > 
> > On Mon, Feb 11, 2019 at 03:21:03PM -0500, Mimi Zohar wrote:
> > > On Mon, 2019-02-11 at 22:26 +0300, Vitaly Chikunov wrote:
> > > > On Mon, Feb 11, 2019 at 09:21:15PM +0300, Vitaly Chikunov wrote:
> > > > > On Mon, Feb 11, 2019 at 09:13:00PM +0300, Vitaly Chikunov wrote:
> > > > > > On Mon, Feb 11, 2019 at 12:59:12PM -0500, Mimi Zohar wrote:
> > > > > > > On Mon, 2019-02-11 at 20:52 +0300, Vitaly Chikunov wrote:
> > > > > > > > On Mon, Feb 11, 2019 at 12:38:58PM -0500, Mimi Zohar wrote:
> > > > > > > > > On Mon, 2018-12-03 at 06:35 +0300, Vitaly Chikunov wrote:
> > > > > > > > > > For compatibility with older OpenSSL try to load digest by its alias if
> > > > > > > > > > load by its proper name is failed.
> > > > > > > > > > 
> > > > > > > > > > This is configured in pkey_hash_algo by mentioning loadable alias first in the
> > > > > > > > > > comma separated list of algo names.
> > > > > > > > > 
> > > > > > > > > After this patch, I can not verify the signature.  It's failing to
> > > > > > > > > find the hash algorithm.
> > > > > > > > 
> > > > > > > > Yes, it's fixed in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY
> > > > > > > > API". I didn't consider it a problem since streebog256 should not work
> > > > > > > > for sign/verify anyway (since RSA should not support it). That EVP_PKEY
> > > > > > > > patch which adds ability to sign/verify for Streebog also fixes above
> > > > > > > > problem.
> > > > > > > 
> > > > > > > I've been having second thoughts about this patch in general, as it
> > > > > > > made the hash algorithm comparison unnecessarily more complex for the
> > > > > > > simple case.  As there hasn't been a new ima-evm-utils release with
> > > > > > > patch, perhaps we should simple remove/revert it?
> > > > > > 
> > > > > > It was only for compatibility with older openssl/gost-engine, where
> > > > > > "streebog256" name is not defined yet. If you don't want to allow that
> > > > > > users to use Streebog feel free to revert it.
> > > > 
> > > > Or you may suggest simpler approach.
> > > > 
> > > > Basically, we need to resole both text strings into the same PKEY_HASH_
> > > > id, allow any of the string pass into EVP_get_digestbyname, and resolve
> > > > PKEY_HASH_ id back into the correct hash name. Optionally, allow user to
> > > > specify new hash name on older openssl/gost-engine. This is all
> > > > implemented by that patch, it was not just overly complicated "hash
> > > > algorithm comparison".
> > > > 
> > > > My wish is we retain support of older openssl/gost-engine.
> > > 
> > > The following seems to fix the problem, but instead of adding it in
> > > strmatch(), as below, I would add it before the strmatch() call.  Then
> > > strmatch is only called as needed.
> > 
> > IC.
> 
> The patch below isn't addressing old vs. new naming, but fixes

What patch?

> "ima_verify".  Adding the following line, results in "strmatch: algo
> md_gost12_256,streebog256".  It's trying to match the entire string,

This problem was fixed in "ima-evm-utils: convert sign v2 from RSA to
EVP_PKEY API". This wasn't problem because Streebog should not be
used in sign/verify (which was using RSA). When sign/verify ability for
Streebog is added in "ima-evm-utils: convert sign v2 from RSA to EVP_PKEY
API" sign/verify problem is fixed in the same patch.

But, since I sent new patch which removes strmatch this becomes
somewhat irrelevant.

> but fails without the strcmp().
> 
> +       log_info("strmatch: algo %s \n", needle);
> 
> Mimi
> 
> 
> > I will try to conceptually simplify the code and prepare another
> > patch. Probably, I will split pkey_hash_algop[] into two arrays, simple
> > one where strcmp() in the loop is used, and complex one for hash names
> > with aliases. I will try to replace strmatch() with just simple string 
> > array loop.
> > 
> > > 
> > > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > > index d9ffa13befb0..7901215da655 100644
> > > --- a/src/libimaevm.c
> > > +++ b/src/libimaevm.c
> > > @@ -598,6 +598,9 @@ static int strmatch(const char *needle, const char *haystack)
> > >         const char *p = haystack;
> > >         const char *t;
> > >  
> > > +       if (strcmp(needle, haystack) == 0)
> > > +               return 0;
> > > +
> > >         for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) {
> > >                 if (t - p == len &&
> > >                     !strncmp(needle, p, len))
> > > 
> > > Mimi
> >
diff mbox series

Patch

diff --git a/src/imaevm.h b/src/imaevm.h
index c81bf21..795966a 100644
--- a/src/imaevm.h
+++ b/src/imaevm.h
@@ -75,6 +75,7 @@ 
 #define	DATA_SIZE	4096
 #define SHA1_HASH_LEN   20
 
+#define MAX_DIGEST_NAME		32
 #define MAX_DIGEST_SIZE		64
 #define MAX_SIGNATURE_SIZE	1024
 
diff --git a/src/libimaevm.c b/src/libimaevm.c
index cb4721b..7501303 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -41,6 +41,7 @@ 
 /* should we use logger instead for library? */
 #define USE_FPRINTF
 
+#define _GNU_SOURCE
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/stat.h>
@@ -56,6 +57,7 @@ 
 #include <openssl/pem.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include <openssl/engine.h>
 #include <openssl/err.h>
 
 #include "imaevm.h"
@@ -70,8 +72,8 @@  const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
 	[PKEY_HASH_SHA384]	= "sha384",
 	[PKEY_HASH_SHA512]	= "sha512",
 	[PKEY_HASH_SHA224]	= "sha224",
-	[PKEY_HASH_STREEBOG_256] = "streebog256",
-	[PKEY_HASH_STREEBOG_512] = "streebog512",
+	[PKEY_HASH_STREEBOG_256] = "md_gost12_256,streebog256",
+	[PKEY_HASH_STREEBOG_512] = "md_gost12_512,streebog512",
 };
 
 /*
@@ -284,6 +286,35 @@  static int add_dev_hash(struct stat *st, EVP_MD_CTX *ctx)
 	return !EVP_DigestUpdate(ctx, &dev, sizeof(dev));
 }
 
+/* Call EVP_get_digestbyname with provided name and with alias,
+ * which is first name in the comma separated list of names
+ * in pkey_hash_algo.
+ */
+static const EVP_MD *get_digestbyname(const char *name)
+{
+	const EVP_MD *md;
+
+	md = EVP_get_digestbyname(params.hash_algo);
+	if (!md) {
+		char alias[MAX_DIGEST_NAME];
+		int len;
+		int algo_id;
+		const char *algo_alias;
+
+		/* try to get algo by its alias */
+		algo_id = get_hash_algo(params.hash_algo);
+		algo_alias = get_hash_algo_by_id(algo_id);
+		len = strchrnul(algo_alias, ',') - algo_alias;
+		if (len < sizeof(alias)) {
+			memcpy(alias, algo_alias, len);
+			alias[len] = '\0';
+			if (strcmp(params.hash_algo, alias))
+				md = EVP_get_digestbyname(alias);
+		}
+	}
+	return md;
+}
+
 int ima_calc_hash(const char *file, uint8_t *hash)
 {
 	const EVP_MD *md;
@@ -305,7 +336,7 @@  int ima_calc_hash(const char *file, uint8_t *hash)
 		return err;
 	}
 
-	md = EVP_get_digestbyname(params.hash_algo);
+	md = get_digestbyname(params.hash_algo);
 	if (!md) {
 		log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo);
 		return 1;
@@ -561,6 +592,22 @@  static int algocmp(const char *a, const char *b)
 	return *a || *b;
 }
 
+static int strmatch(const char *needle, const char *haystack)
+{
+	int len = strlen(needle);
+	const char *p = haystack;
+	const char *t;
+
+	for (t = strchrnul(p, ','); *p; p = t, t = strchrnul(p, ',')) {
+		if (t - p == len &&
+		    !strncmp(needle, p, len))
+			return 0;
+		if (!*t++)
+			break;
+	}
+	return 1;
+}
+
 int get_hash_algo(const char *algo)
 {
 	int i;
@@ -568,7 +615,7 @@  int get_hash_algo(const char *algo)
 	/* first iterate over builtin algorithms */
 	for (i = 0; i < PKEY_HASH__LAST; i++)
 		if (pkey_hash_algo[i] &&
-		    !strcmp(algo, pkey_hash_algo[i]))
+		    !strmatch(algo, pkey_hash_algo[i]))
 			return i;
 
 	/* iterate over algorithms provided by kernel-headers */