From patchwork Mon Nov 26 04:39:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vitaly Chikunov X-Patchwork-Id: 10697577 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0C17F1869 for ; Mon, 26 Nov 2018 04:40:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EB6F82981E for ; Mon, 26 Nov 2018 04:40:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DAB1229825; Mon, 26 Nov 2018 04:40:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1B8702981E for ; Mon, 26 Nov 2018 04:40:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726201AbeKZPdA (ORCPT ); Mon, 26 Nov 2018 10:33:00 -0500 Received: from vmicros1.altlinux.org ([194.107.17.57]:52132 "EHLO vmicros1.altlinux.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726144AbeKZPdA (ORCPT ); Mon, 26 Nov 2018 10:33:00 -0500 Received: from imap.altlinux.org (imap.altlinux.org [194.107.17.38]) by vmicros1.altlinux.org (Postfix) with ESMTP id 33B7D72CC61; Mon, 26 Nov 2018 07:40:06 +0300 (MSK) Received: from beacon.altlinux.org (unknown [185.6.174.98]) by imap.altlinux.org (Postfix) with ESMTPSA id 0D1194A4A29; Mon, 26 Nov 2018 07:40:06 +0300 (MSK) From: Vitaly Chikunov To: Mimi Zohar , Dmitry Kasatkin , linux-integrity@vger.kernel.org Cc: Vitaly Chikunov Subject: [PATCH 1/3] ima-avm-utils: Fix hash buffer overflow in verify_evm Date: Mon, 26 Nov 2018 07:39:51 +0300 Message-Id: <20181126043953.1126-1-vt@altlinux.org> X-Mailer: git-send-email 2.11.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Commit ae1319eeabd6 ("Remove hardcoding of SHA1 in EVM signatures") introduces overflow of 20 byte buffer on the stack while calculating evm hash. Also, invalid hash length is passed to the underlying verification function. This prevents any non-SHA1 hashes from being properly validated using evmctl. Signed-off-by: Vitaly Chikunov --- src/evmctl.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c index 1b46d58..94d7ab1 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -55,6 +55,7 @@ #include #include #include +#include #include #include @@ -760,13 +761,15 @@ static int cmd_sign_evm(struct command *cmd) static int verify_evm(const char *file) { - unsigned char hash[20]; + unsigned char hash[64]; unsigned char sig[1024]; + int mdlen; int len; - len = calc_evm_hash(file, hash); - if (len <= 1) - return len; + mdlen = calc_evm_hash(file, hash); + assert(mdlen <= sizeof(hash)); + if (mdlen <= 1) + return mdlen; len = lgetxattr(file, "security.evm", sig, sizeof(sig)); if (len < 0) { @@ -779,7 +782,7 @@ static int verify_evm(const char *file) return -1; } - return verify_hash(file, hash, sizeof(hash), sig + 1, len - 1); + return verify_hash(file, hash, mdlen, sig + 1, len - 1); } static int cmd_verify_evm(struct command *cmd) From patchwork Mon Nov 26 04:39:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vitaly Chikunov X-Patchwork-Id: 10697579 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AA7501869 for ; Mon, 26 Nov 2018 04:40:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9A9012981E for ; Mon, 26 Nov 2018 04:40:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8EE7E29825; Mon, 26 Nov 2018 04:40:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7D93B2981E for ; Mon, 26 Nov 2018 04:40:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726144AbeKZPdC (ORCPT ); Mon, 26 Nov 2018 10:33:02 -0500 Received: from vmicros1.altlinux.org ([194.107.17.57]:52166 "EHLO vmicros1.altlinux.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726164AbeKZPdC (ORCPT ); Mon, 26 Nov 2018 10:33:02 -0500 Received: from imap.altlinux.org (imap.altlinux.org [194.107.17.38]) by vmicros1.altlinux.org (Postfix) with ESMTP id 88EDC72CC6C; Mon, 26 Nov 2018 07:40:07 +0300 (MSK) Received: from beacon.altlinux.org (unknown [185.6.174.98]) by imap.altlinux.org (Postfix) with ESMTPSA id 0941E4A4A29; Mon, 26 Nov 2018 07:40:07 +0300 (MSK) From: Vitaly Chikunov To: Mimi Zohar , Dmitry Kasatkin , linux-integrity@vger.kernel.org Cc: Vitaly Chikunov Subject: [PATCH 2/3] ima-evm-utils: Add --xattr-user option for testing Date: Mon, 26 Nov 2018 07:39:52 +0300 Message-Id: <20181126043953.1126-2-vt@altlinux.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181126043953.1126-1-vt@altlinux.org> References: <20181126043953.1126-1-vt@altlinux.org> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Keep ima/evm attributes in user namespace instead of security namespace. Would be useful for testing purposes without having root privileges, easier to understand, and because --sigfile does not work for evm signatures. Signed-off-by: Vitaly Chikunov --- src/evmctl.c | 32 ++++++++++++++++++++------------ src/libimaevm.c | 2 +- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c index 94d7ab1..032ea9d 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -145,6 +145,9 @@ static int find(const char *path, int dts, find_cb_t func); struct command cmds[]; static void print_usage(struct command *cmd); +static const char *xattr_ima = "security.ima"; +static const char *xattr_evm = "security.evm"; + static int bin2file(const char *file, const char *ext, const unsigned char *data, int len) { FILE *fp; @@ -531,7 +534,7 @@ static int sign_evm(const char *file, const char *key) dump(sig, len); if (xattr) { - err = lsetxattr(file, "security.evm", sig, len, 0); + err = lsetxattr(file, xattr_evm, sig, len, 0); if (err < 0) { log_err("setxattr failed: %s\n", file); return err; @@ -569,7 +572,7 @@ static int hash_ima(const char *file) dump(hash, len); if (xattr) { - err = lsetxattr(file, "security.ima", hash, len, 0); + err = lsetxattr(file, xattr_ima, hash, len, 0); if (err < 0) { log_err("setxattr failed: %s\n", file); return err; @@ -604,7 +607,7 @@ static int sign_ima(const char *file, const char *key) bin2file(file, "sig", sig, len); if (xattr) { - err = lsetxattr(file, "security.ima", sig, len, 0); + err = lsetxattr(file, xattr_ima, sig, len, 0); if (err < 0) { log_err("setxattr failed: %s\n", file); return err; @@ -771,14 +774,14 @@ static int verify_evm(const char *file) if (mdlen <= 1) return mdlen; - len = lgetxattr(file, "security.evm", sig, sizeof(sig)); + len = lgetxattr(file, xattr_evm, sig, sizeof(sig)); if (len < 0) { log_err("getxattr failed: %s\n", file); return len; } if (sig[0] != 0x03) { - log_err("security.evm has no signature\n"); + log_err("%s has no signature\n", xattr_evm); return -1; } @@ -813,7 +816,7 @@ static int verify_ima(const char *file) memcpy(sig, tmp, len); free(tmp); } else { - len = lgetxattr(file, "security.ima", sig, sizeof(sig)); + len = lgetxattr(file, xattr_ima, sig, sizeof(sig)); if (len < 0) { log_err("getxattr failed: %s\n", file); return len; @@ -956,7 +959,7 @@ static int setxattr_ima(const char *file, char *sig_file) if (!sig) return 0; - err = lsetxattr(file, "security.ima", sig, len, 0); + err = lsetxattr(file, xattr_ima, sig, len, 0); if (err < 0) log_err("setxattr failed: %s\n", file); free(sig); @@ -1152,7 +1155,7 @@ static int hmac_evm(const char *file, const char *key) if (xattr) { sig[0] = EVM_XATTR_HMAC; - err = lsetxattr(file, "security.evm", sig, len + 1, 0); + err = lsetxattr(file, xattr_evm, sig, len + 1, 0); if (err < 0) { log_err("setxattr failed: %s\n", file); return err; @@ -1208,9 +1211,9 @@ static int ima_fix(const char *path) } for (; size > 0; len++, size -= len, list += len) { len = strlen(list); - if (!strcmp(list, "security.ima")) + if (!strcmp(list, xattr_ima)) ima = 1; - else if (!strcmp(list, "security.evm")) + else if (!strcmp(list, xattr_evm)) evm = 1; } if (ima && evm) @@ -1287,8 +1290,8 @@ static int cmd_ima_fix(struct command *cmd) static int ima_clear(const char *path) { log_info("%s\n", path); - lremovexattr(path, "security.ima"); - lremovexattr(path, "security.evm"); + lremovexattr(path, xattr_ima); + lremovexattr(path, xattr_evm); return 0; } @@ -1718,6 +1721,7 @@ static struct option opts[] = { {"selinux", 1, 0, 136}, {"caps", 2, 0, 137}, {"list", 0, 0, 138}, + {"xattr-user", 0, 0, 140}, {} }; @@ -1869,6 +1873,10 @@ int main(int argc, char *argv[]) case 138: measurement_list = 1; break; + case 140: /* --xattr-user */ + xattr_ima = "user.ima"; + xattr_evm = "user.evm"; + break; case '?': exit(1); break; diff --git a/src/libimaevm.c b/src/libimaevm.c index 6fa0ed4..714f1ac 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -594,7 +594,7 @@ int ima_verify_signature(const char *file, unsigned char *sig, int siglen, int hashlen, sig_hash_algo; if (sig[0] != 0x03) { - log_err("security.ima has no signature\n"); + log_err("xattr ima has no signature\n"); return -1; } From patchwork Mon Nov 26 04:39:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vitaly Chikunov X-Patchwork-Id: 10697581 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A75341869 for ; Mon, 26 Nov 2018 04:40:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 979E82981E for ; Mon, 26 Nov 2018 04:40:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8C69D29825; Mon, 26 Nov 2018 04:40:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0D3972981E for ; Mon, 26 Nov 2018 04:40:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726252AbeKZPdG (ORCPT ); Mon, 26 Nov 2018 10:33:06 -0500 Received: from vmicros1.altlinux.org ([194.107.17.57]:52244 "EHLO vmicros1.altlinux.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726164AbeKZPdG (ORCPT ); Mon, 26 Nov 2018 10:33:06 -0500 Received: from imap.altlinux.org (imap.altlinux.org [194.107.17.38]) by vmicros1.altlinux.org (Postfix) with ESMTP id 2941872CC61; Mon, 26 Nov 2018 07:40:12 +0300 (MSK) Received: from beacon.altlinux.org (unknown [185.6.174.98]) by imap.altlinux.org (Postfix) with ESMTPSA id F00534A4AE9; Mon, 26 Nov 2018 07:40:11 +0300 (MSK) From: Vitaly Chikunov To: Mimi Zohar , Dmitry Kasatkin , linux-integrity@vger.kernel.org Cc: Vitaly Chikunov Subject: [PATCH 3/3] ima-evm-utils: Allow to use Streebog hash function Date: Mon, 26 Nov 2018 07:39:53 +0300 Message-Id: <20181126043953.1126-3-vt@altlinux.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181126043953.1126-1-vt@altlinux.org> References: <20181126043953.1126-1-vt@altlinux.org> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP There are two methods of using GOST algorithms in OpenSSL: via config extension and via --engine option. Both require gost-engine to be installed. Signed-off-by: Vitaly Chikunov --- src/evmctl.c | 27 ++++++++++++++++++++++++--- src/imaevm.h | 13 +++++++++++++ src/libimaevm.c | 15 +++++++++++---- 3 files changed, 48 insertions(+), 7 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c index 032ea9d..5b4d8d9 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -62,6 +62,7 @@ #include #include #include +#include #ifndef XATTR_APPAARMOR_SUFFIX #define XATTR_APPARMOR_SUFFIX "apparmor" @@ -388,7 +389,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) md = EVP_get_digestbyname(params.hash_algo); if (!md) { - log_err("EVP_get_digestbyname() failed\n"); + log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); return 1; } @@ -1056,7 +1057,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h md = EVP_get_digestbyname(params.hash_algo); if (!md) { - log_err("EVP_get_digestbyname() failed\n"); + log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); goto out; } @@ -1643,7 +1644,7 @@ static void usage(void) printf( "\n" - " -a, --hashalgo sha1 (default), sha224, sha256, sha384, sha512\n" + " -a, --hashalgo sha1 (default), sha224, sha256, sha384, sha512, streebog256, streebog512\n" " -s, --imasig make IMA signature\n" " -d, --imahash make IMA hash\n" " -f, --sigfile store IMA signature in .sig file instead of xattr\n" @@ -1669,6 +1670,7 @@ static void usage(void) " --selinux use custom Selinux label for EVM\n" " --caps use custom Capabilities for EVM(unspecified: from FS, empty: do not use)\n" " --list measurement list verification\n" + " --engine e preload OpenSSL engine e\n" " -v increase verbosity level\n" " -h, --help display this help and exit\n" "\n"); @@ -1721,6 +1723,7 @@ static struct option opts[] = { {"selinux", 1, 0, 136}, {"caps", 2, 0, 137}, {"list", 0, 0, 138}, + {"engine", 1, 0, 139}, {"xattr-user", 0, 0, 140}, {} @@ -1763,6 +1766,7 @@ static char *get_password(void) int main(int argc, char *argv[]) { int err = 0, c, lind; + ENGINE *eng = NULL; g_argv = argv; g_argc = argc; @@ -1873,6 +1877,16 @@ int main(int argc, char *argv[]) case 138: measurement_list = 1; break; + case 139: /* --engine e */ + eng = ENGINE_by_id(optarg); + if (!eng) + log_err("engine %s isn't available\n", optarg); + else if (!ENGINE_init(eng)) { + log_err("engine %s init failed\n", optarg); + ENGINE_free(eng); + eng = NULL; + } + break; case 140: /* --xattr-user */ xattr_ima = "user.ima"; xattr_evm = "user.evm"; @@ -1903,6 +1917,13 @@ int main(int argc, char *argv[]) } } + if (eng) { + ENGINE_finish(eng); + ENGINE_free(eng); +#if OPENSSL_API_COMPAT < 0x10100000L + ENGINE_cleanup(); +#endif + } ERR_free_strings(); EVP_cleanup(); BIO_free(NULL); diff --git a/src/imaevm.h b/src/imaevm.h index 1bafaad..1a5ebbe 100644 --- a/src/imaevm.h +++ b/src/imaevm.h @@ -149,6 +149,7 @@ struct signature_hdr { char mpi[0]; } __packed; +/* reflect enum hash_algo from include/uapi/linux/hash_info.h */ enum pkey_hash_algo { PKEY_HASH_MD4, PKEY_HASH_MD5, @@ -158,6 +159,18 @@ enum pkey_hash_algo { PKEY_HASH_SHA384, PKEY_HASH_SHA512, PKEY_HASH_SHA224, + PKEY_HASH_RIPE_MD_128, + PKEY_HASH_RIPE_MD_256, + PKEY_HASH_RIPE_MD_320, + PKEY_HASH_WP_256, + PKEY_HASH_WP_384, + PKEY_HASH_WP_512, + PKEY_HASH_TGR_128, + PKEY_HASH_TGR_160, + PKEY_HASH_TGR_192, + PKEY_HASH_SM3_256, + PKEY_HASH_STREEBOG_256, + PKEY_HASH_STREEBOG_512, PKEY_HASH__LAST }; diff --git a/src/libimaevm.c b/src/libimaevm.c index 714f1ac..8f74660 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -50,6 +50,7 @@ #include #include +#include #include #include #include @@ -66,6 +67,8 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = { [PKEY_HASH_SHA384] = "sha384", [PKEY_HASH_SHA512] = "sha512", [PKEY_HASH_SHA224] = "sha224", + [PKEY_HASH_STREEBOG_256] = "streebog256", + [PKEY_HASH_STREEBOG_512] = "streebog512", }; /* @@ -290,7 +293,7 @@ int ima_calc_hash(const char *file, uint8_t *hash) md = EVP_get_digestbyname(params.hash_algo); if (!md) { - log_err("EVP_get_digestbyname() failed\n"); + log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); return 1; } @@ -508,14 +511,16 @@ int verify_hash_v2(const char *file, const unsigned char *hash, int size, asn1 = &RSA_ASN1_templates[hdr->hash_algo]; if (len < asn1->size || memcmp(out, asn1->data, asn1->size)) { - log_err("%s: verification failed: %d\n", file, err); + log_err("%s: verification failed: %d (asn1 mismatch)\n", + file, err); return -1; } len -= asn1->size; if (len != size || memcmp(out + asn1->size, hash, len)) { - log_err("%s: verification failed: %d\n", file, err); + log_err("%s: verification failed: %d (digest mismatch)\n", + file, err); return -1; } @@ -527,7 +532,8 @@ int get_hash_algo(const char *algo) int i; for (i = 0; i < PKEY_HASH__LAST; i++) - if (!strcmp(algo, pkey_hash_algo[i])) + if (pkey_hash_algo[i] && + !strcmp(algo, pkey_hash_algo[i])) return i; return PKEY_HASH_SHA1; @@ -899,5 +905,6 @@ int sign_hash(const char *hashalgo, const unsigned char *hash, int size, const c static void libinit() { OpenSSL_add_all_algorithms(); + OPENSSL_add_all_algorithms_conf(); ERR_load_crypto_strings(); }