From patchwork Wed Sep 27 22:16:53 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matthew Garrett <mjg59@google.com>
X-Patchwork-Id: 9974989
Return-Path: <linux-integrity-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	12E2C603F2 for <patchwork-linux-integrity@patchwork.kernel.org>;
	Wed, 27 Sep 2017 22:19:18 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 78032260CD
	for <patchwork-linux-integrity@patchwork.kernel.org>;
	Wed, 27 Sep 2017 22:19:17 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 6CEE128397; Wed, 27 Sep 2017 22:19:17 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5D4FA2838F
	for <patchwork-linux-integrity@patchwork.kernel.org>;
	Wed, 27 Sep 2017 22:19:16 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752341AbdI0WRU (ORCPT
	<rfc822;patchwork-linux-integrity@patchwork.kernel.org>);
	Wed, 27 Sep 2017 18:17:20 -0400
Received: from mail-oi0-f74.google.com ([209.85.218.74]:51434 "EHLO
	mail-oi0-f74.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752317AbdI0WRT (ORCPT
	<rfc822;linux-integrity@vger.kernel.org>);
	Wed, 27 Sep 2017 18:17:19 -0400
Received: by mail-oi0-f74.google.com with SMTP id a74so8701118oib.10
	for <linux-integrity@vger.kernel.org>;
	Wed, 27 Sep 2017 15:17:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20161025;
	h=mime-version:date:in-reply-to:message-id:references:subject:from:to
	:cc; bh=ZeZFqdTTTEh/Kh2GTyJsx7J0u0bMLEhQPJMNN5fID04=;
	b=XwN4oavSGRPNJU5ByYkOgO7UX+GafpO7iPLbyi9ju4XL6boF4I52QnrbrgKxrq8jzq
	W3V0VNC1Cx1Mvyju35q6NABdnEYzi9HIZwZR7+886rJctdPqp70v/V57vxpQSIc6G6HU
	tSQlFe5H1Ax7Hu0bTzE6b1suA03bYu9IydxhtEb87gxOZmcFaVOD9ua3lGda+It4KCTx
	QmyKIAPXUg4dTiH+2F0rhPDy2pTrD7dBoA9GdCk6h3pNIwcNBt2JOcq2W4lZxJFjTiMg
	bcLIYxeHnY4ziUXKAwPGjgKAyfPsTprrAoIywv7SbUtpx0B6hIh9+HilED+gwuSffqs1
	x8rg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:date:in-reply-to:message-id
	:references:subject:from:to:cc;
	bh=ZeZFqdTTTEh/Kh2GTyJsx7J0u0bMLEhQPJMNN5fID04=;
	b=KT5nySb3takLFknbBJqYN6Twm+cv0qDvTXxphRlrxse3cMkSpJ+RfoLEL9Zq8SJYxB
	gBhMl1lugboCow+nvtOF91NanjVHSHfWXeHX2SRqsOyVcnuAMwYl9TxmxXzH3FoVV2H5
	H7/dh3xEggrWd+AtUZcvXo69PtSENEfWEx3oItqlmh6ZfeD8VC6rHShhQKXKnOxTiI7m
	pbF0DBCwC8/b7HMdB0S3m/BF1UK6IkdYuSKYbtOjz1jWviwhT0+rt8KmaIz7tqCm2V+y
	J7EfUHHrXxbciP/biVkvc6ItAQ3uGZGF7KOrJW8yCg6oJ+WkpUUjQL2euXwJp/bE8jWn
	Hu9w==
X-Gm-Message-State: AMCzsaXd9BLTE6LLSQ0EaYjlZ1WuwzQomEccfyW/5Ibi5fC9K67p/R4K
	9tc349EQAgGIiltvZYfJHZE0ymdWuKhl7K8I5RTbPASqNIIqKgFeIG5uqyroH5W5oLJg+KddUNV
	TRK1yOW8roKy1/+Th77GeINexeO/ZiLBM9mc=
X-Google-Smtp-Source: 
 AOwi7QCJwjR5L3xY4XDT0Hoq+0ZiWR8rOn2mUZHYZgTKcqZ/T8KOjyKaft1FQizb083CiVyir5oLJpWRxgpJgX6RDfGLhQ==
MIME-Version: 1.0
X-Received: by 10.157.15.102 with SMTP id 93mr1195410ott.42.1506550639223;
	Wed, 27 Sep 2017 15:17:19 -0700 (PDT)
Date: Wed, 27 Sep 2017 15:16:53 -0700
In-Reply-To: <20170927221653.11219-1-mjg59@google.com>
Message-Id: <20170927221653.11219-7-mjg59@google.com>
References: <20170927221653.11219-1-mjg59@google.com>
X-Mailer: git-send-email 2.14.2.822.g60be5d43e6-goog
Subject: [PATCH 6/6] EVM: Add a new digital signature format
From: Matthew Garrett <mjg59@google.com>
To: linux-integrity@vger.kernel.org
Cc: zohar@linux.vnet.ibm.com, Matthew Garrett <mjg59@google.com>
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

As a companion to

EVM: Add an hmac_ng xattr format

add an equivalent format for digital signatures, identical to the
previous format but with an additional 64 bits of information about
which metadata was used to generate the signature. This allows for
distributing digital signatures that protect the metadata without having
to include the inode number (something that's not known in advance)

Signed-off-by: Matthew Garrett <mjg59@google.com>
---
 security/integrity/evm/evm_main.c | 26 ++++++++++++++++++++++++++
 security/integrity/integrity.h    |  6 ++++++
 2 files changed, 32 insertions(+)

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 77eda423824d..a58ff5d8caf6 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -128,9 +128,11 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
 {
 	struct evm_ima_xattr_data *xattr_data = NULL;
 	struct evm_hmac_ng_data *hmac_ng_data;
+	struct evm_ima_xattr_ng_data *digsig_ng_data;
 	struct evm_ima_xattr_data calc;
 	enum integrity_status evm_status = INTEGRITY_PASS;
 	int rc, xattr_len;
+	u64 flags;
 
 	if (iint && iint->evm_status == INTEGRITY_PASS)
 		return iint->evm_status;
@@ -209,6 +211,30 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
 		if (rc)
 			rc = -EINVAL;
 		break;
+	case EVM_IMA_XATTR_DIGSIG_NG:
+		digsig_ng_data = (struct evm_ima_xattr_ng_data *)xattr_data;
+		flags = be64_to_cpu(digsig_ng_data->hdr.flags);
+
+		rc = evm_calc_hash(dentry, xattr_name, xattr_value,
+				   xattr_value_len, flags, calc.digest);
+		if (rc)
+			break;
+		rc = integrity_digsig_verify(INTEGRITY_KEYRING_EVM,
+				 (const char *)&digsig_ng_data->sig,
+				 xattr_len-sizeof(struct evm_ima_xattr_ng_hdr),
+				 calc.digest, sizeof(calc.digest));
+		if (!rc) {
+			/* Replace RSA with HMAC if not mounted readonly and
+			 * not immutable
+			 */
+			if (!IS_RDONLY(d_backing_inode(dentry)) &&
+			    !IS_IMMUTABLE(d_backing_inode(dentry)))
+				evm_update_evmxattr(dentry, xattr_name,
+						    xattr_value,
+						    xattr_value_len,
+						    evm_default_flags);
+		}
+		break;
 	default:
 		rc = -EINVAL;
 		break;
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 9abd99224916..f41ccf42df65 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -64,6 +64,7 @@ enum evm_ima_xattr_type {
 	EVM_IMA_XATTR_DIGSIG,
 	IMA_XATTR_DIGEST_NG,
 	EVM_XATTR_HMAC_NG,
+	EVM_IMA_XATTR_DIGSIG_NG,
 	IMA_XATTR_LAST
 };
 
@@ -113,6 +114,11 @@ struct evm_hmac_ng_data {
 	u8 digest[SHA1_DIGEST_SIZE];
 } __packed;
 
+struct evm_ima_xattr_ng_data {
+	struct evm_ima_xattr_ng_hdr hdr;
+	struct signature_v2_hdr sig;
+} __packed;
+
 /* integrity data associated with an inode */
 struct integrity_iint_cache {
 	struct rb_node rb_node;	/* rooted in integrity_iint_tree */