From patchwork Wed Sep 27 22:16:51 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Garrett X-Patchwork-Id: 9974985 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 649C660375 for ; Wed, 27 Sep 2017 22:17:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 55A12200E5 for ; Wed, 27 Sep 2017 22:17:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 47FEC2239C; Wed, 27 Sep 2017 22:17:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DAAB222B26 for ; Wed, 27 Sep 2017 22:17:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752284AbdI0WRP (ORCPT ); Wed, 27 Sep 2017 18:17:15 -0400 Received: from mail-io0-f201.google.com ([209.85.223.201]:41595 "EHLO mail-io0-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752248AbdI0WRP (ORCPT ); Wed, 27 Sep 2017 18:17:15 -0400 Received: by mail-io0-f201.google.com with SMTP id f72so18912ioj.0 for ; Wed, 27 Sep 2017 15:17:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:date:in-reply-to:message-id:references:subject:from:to :cc; bh=XsRknmPE0oZ4pYwtv1hcFtdZHG/dCuqycLjsPFhfJkM=; b=Jd4QtF8x5JHHjmOicc8/jHdGporq+fmrYjgwR4Aya9S612kdqZiKbft4Y8REp6FYhK ejdic+CzzgyGgMcTbNTN3JUbzeRhpwq0+spW7rEqBKrm+dK04imfKubhYAOMkPnSjWWc jGkF1rInQt0HN/eaykaunINobQARoNxSWP19MeuGnfkCxSPQFVGAh5q4S9I0ukL3mRB2 G66PTTyHXZqLq+RH267r0kElmTxk8DmDRV67EIopmvxifOlCEn4RnMWyBhPtAbfjvdUA hGZfRDMAls/AjEsMeknqdnmVY6gKcDcPq3vsxfFirZbkVmVSLDnzZEWAQJGjw/Q2+QkB 4bdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:in-reply-to:message-id :references:subject:from:to:cc; bh=XsRknmPE0oZ4pYwtv1hcFtdZHG/dCuqycLjsPFhfJkM=; b=RMii9AhcS07py3E0ay/M75ivu5ikoJEmEGGLPolMJlpqFoe+PM9nejwLt5XDDVyyPU p+zSd1ncEWv6Y+v7u1ldFreFEjuYK3Uo+Ut9dy636JhKw29G7D8EKU+ileWNSczahBM9 LyvdZLznHF2o9JdUM7YAV3KJb+zAuQsGcAGryV61TKDJfg5oFXuO866FBctFCnxMFI/b UG9JJPFOxZXqtlzvoCdy2ltA5gJTg9nxGegjg/hpXbQWWwk0i9svwbHMMccRO0QZbK9u i2+0B/D7rdD7kgzFb6QAWfmGwJGvKqRO6Ra27xEo+zASM+QS0YuV6SQy/v1FQnjfkLDE qXlg== X-Gm-Message-State: AMCzsaUXk0Tod8qjd+H4uiw8SWi28IlZkhu+0nAOoZZ1BMEr2T2Ert2j 3FPZ30c8Zc+oLgimTUQmTNByNjryu97y6hE5evzVVVh7CJwMgrIkcTDMEgeVQsTU8eKI53oOTFI paXxFwoQcrmZEi4s4tUqGFW5ETTIjiwV3Jow= X-Google-Smtp-Source: AOwi7QBRUyOzulBopa8MwOc5T3ewK+AA3bx+CLtGpYmh/tI9BX4gHcx8hr5U+5aEhTRQxRMCWmuWPns/lv55y6Qyod96ag== MIME-Version: 1.0 X-Received: by 10.107.138.222 with SMTP id c91mr1467413ioj.138.1506550634401; Wed, 27 Sep 2017 15:17:14 -0700 (PDT) Date: Wed, 27 Sep 2017 15:16:51 -0700 In-Reply-To: <20170927221653.11219-1-mjg59@google.com> Message-Id: <20170927221653.11219-5-mjg59@google.com> References: <20170927221653.11219-1-mjg59@google.com> X-Mailer: git-send-email 2.14.2.822.g60be5d43e6-goog Subject: [PATCH 4/6] EVM: Add an hmac_ng xattr format From: Matthew Garrett To: linux-integrity@vger.kernel.org Cc: zohar@linux.vnet.ibm.com, Matthew Garrett Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Create an additional HMAC on-disk xattr format, identical to the current one but with an additional 64 bits of data to indicate which metadata was used to create the HMAC. Make use of this information when calculating the value to compare against it. Signed-off-by: Matthew Garrett --- security/integrity/evm/evm_main.c | 18 ++++++++++++++++++ security/integrity/integrity.h | 11 +++++++++++ 2 files changed, 29 insertions(+) diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 52b6fff91f8d..383f003b428e 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -127,6 +127,7 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, struct integrity_iint_cache *iint) { struct evm_ima_xattr_data *xattr_data = NULL; + struct evm_hmac_ng_data *hmac_ng_data; struct evm_ima_xattr_data calc; enum integrity_status evm_status = INTEGRITY_PASS; int rc, xattr_len; @@ -190,6 +191,23 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, xattr_value_len); } break; + case EVM_XATTR_HMAC_NG: + hmac_ng_data = (struct evm_hmac_ng_data *)xattr_data; + flags = be64_to_cpu(digsig_ng_data->hdr.flags); + + if (xattr_len != sizeof(struct evm_hmac_ng_data)) { + evm_status = INTEGRITY_FAIL; + goto out; + } + rc = evm_calc_hmac(dentry, xattr_name, xattr_value, + xattr_value_len, flags, calc.digest); + if (rc) + break; + rc = crypto_memneq(hmac_ng_data->digest, calc.digest, + sizeof(calc.digest)); + if (rc) + rc = -EINVAL; + break; default: rc = -EINVAL; break; diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 2fa0d7bc55fb..9abd99224916 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -63,6 +63,7 @@ enum evm_ima_xattr_type { EVM_XATTR_HMAC, EVM_IMA_XATTR_DIGSIG, IMA_XATTR_DIGEST_NG, + EVM_XATTR_HMAC_NG, IMA_XATTR_LAST }; @@ -71,6 +72,11 @@ struct evm_ima_xattr_data { u8 digest[SHA1_DIGEST_SIZE]; } __packed; +struct evm_ima_xattr_ng_hdr { + u8 type; + __be64 flags; +} __packed; + #define IMA_MAX_DIGEST_SIZE 64 struct ima_digest_data { @@ -102,6 +108,11 @@ struct signature_v2_hdr { uint8_t sig[0]; /* signature payload */ } __packed; +struct evm_hmac_ng_data { + struct evm_ima_xattr_ng_hdr hdr; + u8 digest[SHA1_DIGEST_SIZE]; +} __packed; + /* integrity data associated with an inode */ struct integrity_iint_cache { struct rb_node rb_node; /* rooted in integrity_iint_tree */