[0/2] ima-evm-utils: Fix use of sign_hash via API

Message ID	20210106094335.3178261-1-patrick@puiterwijk.org (mailing list archive)
Headers	show Return-Path: <linux-integrity-owner@kernel.org> From: Patrick Uiterwijk <patrick@puiterwijk.org> To: linux-integrity@vger.kernel.org, zohar@linux.ibm.com Cc: pbrobinson@redhat.com, Patrick Uiterwijk <patrick@puiterwijk.org> Subject: [PATCH 0/2] ima-evm-utils: Fix use of sign_hash via API Date: Wed, 6 Jan 2021 10:43:33 +0100 Message-Id: <20210106094335.3178261-1-patrick@puiterwijk.org> Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Precedence: bulk
Series	ima-evm-utils: Fix use of sign_hash via API \| expand [0/2] ima-evm-utils: Fix use of sign_hash via API [1/2] Fix sign_hash not observing the hashalgo argument [2/2] Add test for using sign_hash API

Message ID

20210106094335.3178261-1-patrick@puiterwijk.org (mailing list archive)

Headers

From: Patrick Uiterwijk <patrick@puiterwijk.org>
To: linux-integrity@vger.kernel.org, zohar@linux.ibm.com
Cc: pbrobinson@redhat.com, Patrick Uiterwijk <patrick@puiterwijk.org>
Subject: [PATCH 0/2] ima-evm-utils: Fix use of sign_hash via API
Date: Wed,  6 Jan 2021 10:43:33 +0100
Message-Id: <20210106094335.3178261-1-patrick@puiterwijk.org>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from rowhammer.home.puiterwijk.org
 (2a10:3781:662:0:daf9:2c4e:f3f0:a740) by
 AM0PR02CA0202.eurprd02.prod.outlook.com (2603:10a6:20b:28f::9) with Microsoft
 SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6 via Frontend
 Transport; Wed, 6 Jan 2021 09:45:53 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0f5c33a5-813b-474f-4a80-08d8b227dc50
X-MS-TrafficTypeDiagnostic: AM9P191MB1367:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
 <AM9P191MB13678942EE437791FE635CB3C8D00@AM9P191MB1367.EURP191.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:6430;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 YBVfZuKZ+O9yLawp0C8XQ1Gg7trooxez38+YbGSsAJaBzgoyevam6U1U8Df2PXuPXhJdgi6rqYbNl2M6oVvAGPwCry79YpivyrUOUcIR3vsTUWTgZ6V7CUehS5kXNQOaBvCJQY3+GMCeMd6M/Zu3MN2DF6ecZ2YUwNGKNcl52zezrNndom8XsDogAVYvZLLJXEo6uMy4DfLJZStgf8G44FdwsQCuGw+t0pSIXlOMZzKpTE/m8kcJhR9NrTnWe1hXefsu68KRtgnxmjveR/jZvgnKb9ZHpnkiRBTeeuap8dFMR4O/pcDsLSYO5MXJWAxuZiCeKxAQO0kvAQPnjd6ZBjfibZdiIepOCEn+b1y+eR9BlsVAHahDDNwtdvg/32volnbyvLQoZGCSzcigio3A9g==
X-Forefront-Antispam-Report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM0P191MB0721.EURP191.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(396003)(366004)(136003)(39830400003)(376002)(346002)(6486002)(16526019)(186003)(83380400001)(36756003)(316002)(52116002)(8936002)(7696005)(107886003)(4326008)(4744005)(6666004)(86362001)(2906002)(1076003)(2616005)(66556008)(66476007)(66946007)(478600001)(5660300002)(8676002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 
 mDecTe13KFjH4+4Ird8ASFW7I99fn3MVgGVoSmXvTu5wUyTKWc8kY7Lu+vPiFY2P4QsaDRaksf77/ZpQLEV8NLc2qS1uXrR+wRwkbG2mQIy0Uo7zvtUf3HwX3RXk+1u95yUCztPsGv+xoOb23veOMf86q+TIjo7UxDCiT9kdS8gURNeq1hjZz2NMnuOvMSnp8VZs3k7Q8Kb9jIRM99A5AISNWKfya7tGWXeUQoHCEJyT2T5qMvsdPuv+w/9s2WjVXZHfe+2NsdPaT/pz13CtL4mu/WO4ewnW/KuwOZC6aXlc8kPI9rAySFqUihrC65/ozAOMjYqAM/oRzA3eMnjgfI6rM8MD5w9Bgh3jaq0fw7+usPSt3MunCVeKW71cswHyMC5aEgh8f1Zd1bpjiCJg2VhO95u6eRdgV9/AWTRpb9VIiCH9RYK1X72YXfEXK6/vnYPFRs5pygvmu6NqMq6ZGrolZGtpPtQODv8cLTubWfGro37ZJ936ALHu7d5EnLgaqlrqp4vvzkPTiunysakCeT1NFn5W8S4BAk5jZvtUmmbjEKq6N4yedunS/0JJE0ahUJbhhaEuBulcsa/NpLgBxxZ3PDzJYYaW2qdOjIso7E+TCqxt/wK7Gtge3VekRAcATBN7RMl0vcRGDxF57kk1q0wgFFadWvvfMpitB7RI2mxf8ShCwuUxcNyJmmjxH6diJOL5T5mpKHE/ge/ZjnIa33VhoKwTviMSiuyDPQtH3CRrvIBPCwdxB6BZOI3djmZJF+zMsKmRNeMEAengQRMoi1XMe78mWipIcg4+Rx0QA+T2bYODSFvvRJZI4TYaEeSsywSPI9ABF0oXnAfsXi06TC6C8tzUzODhnWNFZtMKcPKjfYse6HVEldXFqd7LS2ficgK4kubmIVTvhG1SZ+KLicLir3M3x9e7RipmR7c/+X8Ro5ShxTh7o+Ap4NokyfPXiwvnae4HgHaxj0tIWva5iWng43IhDV8BZCOgM3iTNdUddrjKLfT3g25P/SGTun0q1hFWQGhIMKQGWs6jPtYMCyo3C6V9CFV0TCqfLAY68p4=
X-OriginatorOrg: puiterwijk.org
X-MS-Exchange-CrossTenant-AuthSource: AM0P191MB0721.EURP191.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2021 09:45:54.1130
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 963619a5-d7a7-4543-a254-29462dc51fb3
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 0f5c33a5-813b-474f-4a80-08d8b227dc50
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 NpCesPfOkiST/UAFgi2S9J1ztzuJoOAHhhtyWJy7rawD+UcQ3B2eElfxlyMolJjPEP5Q24G7gQSQQNkQ/PPvKw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9P191MB1367
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org

Series

ima-evm-utils: Fix use of sign_hash via API | expand

Message

Patrick Uiterwijk Jan. 6, 2021, 9:43 a.m. UTC

When using sign_hash, the resulting signature is incorrect if any hash
algorithm other than sha1 is used.
This is because while the sign_hash function has a hashalgo argument,
the sign_hash_v2 function does not actually use this argument for
anything except setting the hash_algo value in the header.
This patch makes sure it uses the algo variable consistently.

Patrick Uiterwijk (2):
  Fix sign_hash not observing the hashalgo argument
  Add test for using sign_hash API

 src/evmctl.c                | 23 ----------------
 src/libimaevm.c             |  4 +--
 src/utils.c                 | 20 ++++++++++++++
 src/utils.h                 |  1 +
 tests/.gitignore            |  2 ++
 tests/Makefile.am           |  5 ++++
 tests/sign_verify.apitest.c | 55 +++++++++++++++++++++++++++++++++++++
 tests/sign_verify.test      | 30 ++++++++++++++++----
 8 files changed, 109 insertions(+), 31 deletions(-)
 create mode 100644 tests/sign_verify.apitest.c