From patchwork Mon Jul 8 13:15:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mimi Zohar X-Patchwork-Id: 11035099 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D408E138D for ; Mon, 8 Jul 2019 13:16:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BC4A81FE8B for ; Mon, 8 Jul 2019 13:16:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AFD8420602; Mon, 8 Jul 2019 13:16:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 41CDD1FE8B for ; Mon, 8 Jul 2019 13:16:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728922AbfGHNQl (ORCPT ); Mon, 8 Jul 2019 09:16:41 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:8696 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726284AbfGHNQl (ORCPT ); Mon, 8 Jul 2019 09:16:41 -0400 Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x68DEHqK016043 for ; Mon, 8 Jul 2019 09:16:40 -0400 Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98]) by mx0a-001b2d01.pphosted.com with ESMTP id 2tm60yshjr-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 08 Jul 2019 09:16:39 -0400 Received: from localhost by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 8 Jul 2019 14:16:37 +0100 Received: from b06avi18878370.portsmouth.uk.ibm.com (9.149.26.194) by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 8 Jul 2019 14:16:36 +0100 Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160]) by b06avi18878370.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x68DGZpo32178546 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 8 Jul 2019 13:16:35 GMT Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5D159A4060; Mon, 8 Jul 2019 13:16:35 +0000 (GMT) Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B8696A405B; Mon, 8 Jul 2019 13:16:34 +0000 (GMT) Received: from localhost.ibm.com (unknown [9.80.110.58]) by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 8 Jul 2019 13:16:34 +0000 (GMT) From: Mimi Zohar To: linux-integrity@vger.kernel.org Cc: Vitaly Chikunov , Roberto Sassu , Mimi Zohar Subject: [PATCH 1/2] ima-evm-utils: limit "remain unprocessed data" messages Date: Mon, 8 Jul 2019 09:15:49 -0400 X-Mailer: git-send-email 2.7.5 X-TM-AS-GCONF: 00 x-cbid: 19070813-0008-0000-0000-000002FAF0EA X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19070813-0009-0000-0000-000022684D75 Message-Id: <1562591750-14234-1-git-send-email-zohar@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-07-08_04:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=799 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907080166 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP New, unknown template formats containing unknown fields are not processed, resulting in "remain unprocessed data" messages. Processing these unknown fields is unnecessary for walking the measurement list to re-calculate the PCRs. The "remain unproccessed data" may also be emitted for malformed, known template records. This patch limits the number of messages emitted to once per template format and includes the template name in the message. Signed-off-by: Mimi Zohar --- src/evmctl.c | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c index 7ce20225c89d..f6046637d8f6 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -1411,6 +1411,34 @@ void ima_show(struct template_entry *entry) log_debug_dump(entry->header.digest, sizeof(entry->header.digest)); } +/* + * Keep track of unknown or malformed template names. + * + * Return 1 for found, return 0 for not found. + */ +static int lookup_template_name_entry(char *template_name) +{ + struct template_name_entry { + struct template_name_entry *next; + char name[]; + } *entry; + static struct template_name_entry *template_names = NULL; + + for (entry = template_names; entry != NULL; entry = entry->next) { + if (strcmp(entry->name, template_name) == 0) + return 1; + } + + entry = malloc(sizeof(struct template_name_entry) + + strlen(template_name) + 1); + if (entry) { + strcpy(entry->name, template_name); + entry->next = template_names; + template_names = entry; + } + return 0; +} + void ima_ng_show(struct template_entry *entry) { uint8_t *fieldp = entry->template; @@ -1418,6 +1446,7 @@ void ima_ng_show(struct template_entry *entry) int total_len = entry->template_len, digest_len, len, sig_len; uint8_t *digest, *sig = NULL; char *algo, *path; + int found; int err; /* get binary digest */ @@ -1487,8 +1516,12 @@ void ima_ng_show(struct template_entry *entry) log_info("\n"); } - if (total_len) - log_err("Remain unprocessed data: %d\n", total_len); + if (total_len) { + found = lookup_template_name_entry(entry->name); + if (!found) + log_err("Template \"%s\" contains unprocessed data: " + "%d bytes\n", entry->name, total_len); + } } static int ima_measurement(const char *file) From patchwork Mon Jul 8 13:15:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mimi Zohar X-Patchwork-Id: 11035101 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id ADFAC138D for ; Mon, 8 Jul 2019 13:16:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9EC891FE8B for ; Mon, 8 Jul 2019 13:16:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 92B9320602; Mon, 8 Jul 2019 13:16:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 42D0A1FE8B for ; Mon, 8 Jul 2019 13:16:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726284AbfGHNQn (ORCPT ); Mon, 8 Jul 2019 09:16:43 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:10542 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727352AbfGHNQm (ORCPT ); Mon, 8 Jul 2019 09:16:42 -0400 Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x68DDj4e010090 for ; Mon, 8 Jul 2019 09:16:41 -0400 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0b-001b2d01.pphosted.com with ESMTP id 2tm4jsw2j1-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 08 Jul 2019 09:16:41 -0400 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 8 Jul 2019 14:16:39 +0100 Received: from b06avi18626390.portsmouth.uk.ibm.com (9.149.26.192) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 8 Jul 2019 14:16:37 +0100 Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160]) by b06avi18626390.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x68DGOQB23789940 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 8 Jul 2019 13:16:24 GMT Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 508DAA405B; Mon, 8 Jul 2019 13:16:36 +0000 (GMT) Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9EDC0A4062; Mon, 8 Jul 2019 13:16:35 +0000 (GMT) Received: from localhost.ibm.com (unknown [9.80.110.58]) by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 8 Jul 2019 13:16:35 +0000 (GMT) From: Mimi Zohar To: linux-integrity@vger.kernel.org Cc: Vitaly Chikunov , Roberto Sassu , Mimi Zohar Subject: [PATCH 2/2] ima-evm-utils: support template "buf" field Date: Mon, 8 Jul 2019 09:15:50 -0400 X-Mailer: git-send-email 2.7.5 In-Reply-To: <1562591750-14234-1-git-send-email-zohar@linux.ibm.com> References: <1562591750-14234-1-git-send-email-zohar@linux.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 19070813-0020-0000-0000-000003514F4E X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19070813-0021-0000-0000-000021A4F9C2 Message-Id: <1562591750-14234-2-git-send-email-zohar@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-07-08_04:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907080166 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Other than the "boot-aggregate" measurement entry in the IMA measuremeent list, all other measurements are of file data. Kernel support was recently added to support measuring the kexec boot command line buffer, which is stored in a new template field named 'buf'. This patch adds support for a new template named "ima-buf", defined as "d-ng|n-ng|buf". Signed-off-by: Mimi Zohar --- src/evmctl.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c index f6046637d8f6..a6d07c981453 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -1443,8 +1443,8 @@ void ima_ng_show(struct template_entry *entry) { uint8_t *fieldp = entry->template; uint32_t field_len; - int total_len = entry->template_len, digest_len, len, sig_len; - uint8_t *digest, *sig = NULL; + int total_len = entry->template_len, digest_len, len, sig_len, fbuf_len; + uint8_t *digest, *sig = NULL, *fbuf = NULL; char *algo, *path; int found; int err; @@ -1488,6 +1488,18 @@ void ima_ng_show(struct template_entry *entry) fieldp += field_len; total_len -= field_len; } + } else if (!strcmp(entry->name, "ima-buf")) { + field_len = *(uint32_t *)fieldp; + fieldp += sizeof(field_len); + total_len -= sizeof(field_len); + if (field_len) { + fbuf = fieldp; + fbuf_len = field_len; + + /* move to next field */ + fieldp += field_len; + total_len -= field_len; + } } /* ascii_runtime_measurements */ @@ -1497,6 +1509,10 @@ void ima_ng_show(struct template_entry *entry) log_info(" %s %s", entry->name, algo); log_dump_n(digest, digest_len); log_info(" %s", path); + if (fbuf) { + log_info(" "); + log_dump_n(fbuf, fbuf_len); + } } if (sig) {