From patchwork Thu Nov 16 18:21:11 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matthew Garrett <mjg59@google.com>
X-Patchwork-Id: 10061919
Return-Path: <linux-integrity-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	B1BD76023A for <patchwork-linux-integrity@patchwork.kernel.org>;
	Thu, 16 Nov 2017 18:21:17 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AADCC20453
	for <patchwork-linux-integrity@patchwork.kernel.org>;
	Thu, 16 Nov 2017 18:21:17 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 9F91C2ABA2; Thu, 16 Nov 2017 18:21:17 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1EEC520453
	for <patchwork-linux-integrity@patchwork.kernel.org>;
	Thu, 16 Nov 2017 18:21:17 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S966062AbdKPSVQ (ORCPT
	<rfc822;patchwork-linux-integrity@patchwork.kernel.org>);
	Thu, 16 Nov 2017 13:21:16 -0500
Received: from mail-qt0-f201.google.com ([209.85.216.201]:44009 "EHLO
	mail-qt0-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S965655AbdKPSVP (ORCPT
	<rfc822;linux-integrity@vger.kernel.org>);
	Thu, 16 Nov 2017 13:21:15 -0500
Received: by mail-qt0-f201.google.com with SMTP id h9so25803424qtc.2
	for <linux-integrity@vger.kernel.org>;
	Thu, 16 Nov 2017 10:21:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20161025;
	h=mime-version:date:message-id:subject:from:to:cc;
	bh=vmO/74sf/c6LCv9b0/WicP15c0hbvidz7PEAq1/YV3s=;
	b=jRW3PgAlVaeDNpx2IkOJ1GVSNUCiFZ4gL9FC2V0MwvhRCIHZRWjptlRA0Aw1RGK0pv
	TCSUuCdhTakU58W7dYnyXqxKiHZ2dgj3PTkMt9pWzOJZPcAddJZKf+5HKKkoO+BE9T35
	Cf6oALLzHunGj3EVLqkqPGBOHeHXLApHgCJPbZZsfUeHJVVFJ/I7Z9VfPglkmIpex5ox
	Eu/sc4YiaW4u5JL4Ij3mXrLvP0JBNvbeA54i5XrUWjh7TTyr/NLxOVu1In8VyeJnR7qr
	ggYDv1+dGLYyhF4op1h5E1UVjMYl3TdHp26h4dsg6kdXS1/tdLB0IY2ZHznegb6dqX+D
	ZoXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc;
	bh=vmO/74sf/c6LCv9b0/WicP15c0hbvidz7PEAq1/YV3s=;
	b=RnDK8KwGapcHr8Ryp78D+AgdgKu9rUOnP13m7iz9ErS/vwbKwiPJlgPeF1I5mw/Jh+
	E3yKvtmheSfWkv4uDYIaAyJcA+4YlR+LUE2EccV9tbQXVdy9F0ARdRUE726lBikKjIRw
	aqlPxNlSGlUFzItYgoRh/QsQoMjmS6n5ISrpTRWg0Usl5Ddux0gTw0tJXJob2qEWqZu8
	j22GB59aEwnYHXLtHyLTnSygi+AKKKQKKCQTN2TYuN54q87tUweSOcy4KvO7CffaZdQe
	GbEHuLVIw2FmAVdPr4xkBBp31qDtLQF+/pJYGQbm1sIcJSs6/2a/0VEcMn/M0H8LPu2g
	OCJQ==
X-Gm-Message-State: AJaThX6jNDyJIhff8VgyY4hE+5y2xdryUunDjOCN76YHXyqmd28RFaMN
	jkiicZQR3xAYtxW8T2yu138yPiMGF+mXvpBp4nOUZYNQr3owJABkERwBBL8I9Stfd8J/3UJ1EDK
	jukjXbq/PIY5P3GtUncbMpmeGgYfgafC94mQ=
X-Google-Smtp-Source: 
 AGs4zMa9EsEmQH0J9sv0PzudUj/R9r/MiM/p1BOzqWEJ9mLv/gK9PoDer35IRJ/oCPhLIWEEgjOmx6Z4/gIB5tSG+Aw0og==
MIME-Version: 1.0
X-Received: by 10.55.152.65 with SMTP id a62mr2046634qke.2.1510856475100;
	Thu, 16 Nov 2017 10:21:15 -0800 (PST)
Date: Thu, 16 Nov 2017 10:21:11 -0800
Message-Id: <20171116182111.26267-1-mjg59@google.com>
X-Mailer: git-send-email 2.15.0.448.gf294e3d99a-goog
Subject: [USER] [PATCH V2] Add support for portable EVM format
From: Matthew Garrett <mjg59@google.com>
To: linux-integrity@vger.kernel.org
Cc: Matthew Garrett <mjg59@google.com>
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Add a --portable argument that generates EVM signatures without using
the inode number and generation or fs UUID.

Signed-off-by: Matthew Garrett <mjg59@google.com>
---
 README       |  6 ++++--
 src/evmctl.c | 34 +++++++++++++++++++++++++---------
 src/imaevm.h |  1 +
 3 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/README b/README
index b1dfafa..da828cf 100644
--- a/README
+++ b/README
@@ -26,7 +26,7 @@ COMMANDS
  --version
  help <command>
  import [--rsa] pubkey keyring
- sign [-r] [--imahash | --imasig ] [--key key] [--pass password] file
+ sign [-r] [--imahash | --imasig ] [--portable] [--key key] [--pass password] file
  verify file
  ima_sign [--sigfile] [--key key] [--pass password] file
  ima_verify file
@@ -46,6 +46,7 @@ OPTIONS
   -f, --sigfile      store IMA signature in .sig file instead of xattr
       --rsa          use RSA key type and signing scheme v1
   -k, --key          path to signing key (default: /etc/keys/{privkey,pubkey}_evm.pem)
+  -o, --portable     generate portable EVM signatures
   -p, --pass         password for encrypted signing key
   -r, --recursive    recurse into directories (sign)
   -t, --type         file types to fix 'fdsxm' (f: file, d: directory, s: block/char/symlink)
@@ -95,7 +96,8 @@ Kernel configuration option CONFIG_EVM_ATTR_FSUUID controls whether to include
 filesystem UUID into HMAC and enabled by default. Therefore evmctl also includes
 fsuuid by default. Providing '--uuid' option without parameter allows to disable
 usage of fs uuid. Providing '--uuid=UUID' option with parameter allows to use
-custom UUID.
+custom UUID. Providing the '--portable' option will disable usage of the fs uuid
+and also the inode number and generation.
 
 Kernel configuration option CONFIG_EVM_EXTRA_SMACK_XATTRS controls whether to
 include additional SMACK extended attributes into HMAC. They are following:
diff --git a/src/evmctl.c b/src/evmctl.c
index c54efbb..60689d4 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -117,6 +117,7 @@ static int recursive;
 static int msize;
 static dev_t fs_dev;
 static bool evm_immutable;
+static bool evm_portable;
 
 #define HMAC_FLAG_NO_UUID	0x0001
 #define HMAC_FLAG_CAPS_SET	0x0002
@@ -418,8 +419,10 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
 		struct h_misc *hmac = (struct h_misc *)&hmac_misc;
 
 		hmac_size = sizeof(*hmac);
-		hmac->ino = st.st_ino;
-		hmac->generation = generation;
+		if (!evm_portable) {
+			hmac->ino = st.st_ino;
+			hmac->generation = generation;
+		}
 		hmac->uid = st.st_uid;
 		hmac->gid = st.st_gid;
 		hmac->mode = st.st_mode;
@@ -427,8 +430,10 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
 		struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc;
 
 		hmac_size = sizeof(*hmac);
-		hmac->ino = st.st_ino;
-		hmac->generation = generation;
+		if (!evm_portable) {
+			hmac->ino = st.st_ino;
+			hmac->generation = generation;
+		}
 		hmac->uid = st.st_uid;
 		hmac->gid = st.st_gid;
 		hmac->mode = st.st_mode;
@@ -436,8 +441,10 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
 		struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc;
 
 		hmac_size = sizeof(*hmac);
-		hmac->ino = st.st_ino;
-		hmac->generation = generation;
+		if (!evm_portable) {
+			hmac->ino = st.st_ino;
+			hmac->generation = generation;
+		}
 		hmac->uid = st.st_uid;
 		hmac->gid = st.st_gid;
 		hmac->mode = st.st_mode;
@@ -452,7 +459,8 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
 		return 1;
 	}
 
-	if (!evm_immutable && !(hmac_flags & HMAC_FLAG_NO_UUID)) {
+	if (!evm_immutable && !evm_portable &&
+	    !(hmac_flags & HMAC_FLAG_NO_UUID)) {
 		err = get_uuid(&st, uuid);
 		if (err)
 			return -1;
@@ -489,7 +497,10 @@ static int sign_evm(const char *file, const char *key)
 
 	/* add header */
 	len++;
-	sig[0] = EVM_IMA_XATTR_DIGSIG;
+	if (evm_portable)
+		sig[0] = EVM_XATTR_PORTABLE_DIGSIG;
+	else
+		sig[0] = EVM_IMA_XATTR_DIGSIG;
 
 	if (evm_immutable)
 		sig[1] = 3; /* immutable signature version */
@@ -1517,6 +1528,7 @@ static void usage(void)
 		"  -f, --sigfile      store IMA signature in .sig file instead of xattr\n"
 		"      --rsa          use RSA key type and signing scheme v1\n"
 		"  -k, --key          path to signing key (default: /etc/keys/{privkey,pubkey}_evm.pem)\n"
+		"  -o, --portable     generate portable EVM signatures\n"
 		"  -p, --pass         password for encrypted signing key\n"
 		"  -r, --recursive    recurse into directories (sign)\n"
 		"  -t, --type         file types to fix 'fdsxm' (f: file, d: directory, s: block/char/symlink)\n"
@@ -1574,6 +1586,7 @@ static struct option opts[] = {
 	{"recursive", 0, 0, 'r'},
 	{"m32", 0, 0, '3'},
 	{"m64", 0, 0, '6'},
+	{"portable", 0, 0, 'o'},
 	{"smack", 0, 0, 128},
 	{"version", 0, 0, 129},
 	{"inode", 1, 0, 130},
@@ -1630,7 +1643,7 @@ int main(int argc, char *argv[])
 	g_argc = argc;
 
 	while (1) {
-		c = getopt_long(argc, argv, "hvnsda:p::fu::k:t:ri", opts, &lind);
+		c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind);
 		if (c == -1)
 			break;
 
@@ -1679,6 +1692,9 @@ int main(int argc, char *argv[])
 		case 'i':
 			evm_immutable = true;
 			break;
+		case 'o':
+			evm_portable = true;
+			break;
 		case 't':
 			search_type = optarg;
 			break;
diff --git a/src/imaevm.h b/src/imaevm.h
index 711596c..e397743 100644
--- a/src/imaevm.h
+++ b/src/imaevm.h
@@ -82,6 +82,7 @@ enum evm_ima_xattr_type {
 	EVM_XATTR_HMAC,
 	EVM_IMA_XATTR_DIGSIG,
 	IMA_XATTR_DIGEST_NG,
+	EVM_XATTR_PORTABLE_DIGSIG,
 };
 
 struct h_misc {