From patchwork Wed Nov 15 21:05:27 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matthew Garrett <mjg59@google.com>
X-Patchwork-Id: 10060271
Return-Path: <linux-integrity-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	EA13F604D4 for <patchwork-linux-integrity@patchwork.kernel.org>;
	Wed, 15 Nov 2017 21:05:36 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CE0F72A307
	for <patchwork-linux-integrity@patchwork.kernel.org>;
	Wed, 15 Nov 2017 21:05:36 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id C22402A30E; Wed, 15 Nov 2017 21:05:36 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3D8452A307
	for <patchwork-linux-integrity@patchwork.kernel.org>;
	Wed, 15 Nov 2017 21:05:36 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1757865AbdKOVFg (ORCPT
	<rfc822;patchwork-linux-integrity@patchwork.kernel.org>);
	Wed, 15 Nov 2017 16:05:36 -0500
Received: from mail-qt0-f201.google.com ([209.85.216.201]:61614 "EHLO
	mail-qt0-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750946AbdKOVFf (ORCPT
	<rfc822;linux-integrity@vger.kernel.org>);
	Wed, 15 Nov 2017 16:05:35 -0500
Received: by mail-qt0-f201.google.com with SMTP id 31so21809300qtz.20
	for <linux-integrity@vger.kernel.org>;
	Wed, 15 Nov 2017 13:05:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20161025;
	h=mime-version:date:message-id:subject:from:to:cc;
	bh=tee8Zyq5frkXumHSYmsWcUSZfEfeJhPo94Mi1uMA0SY=;
	b=EZ/2tMRz1BrRcjCz7N1gD6yBsSDYV9oIr4mP7rn7JbYfiE+hl8Bj8sY8WSzd8mCrf2
	78sZLDjCDcOP7ROGan8Z1TeMDYsdXoC14Jlq1OiTzHEVO297eF+kEssjREhUpFeU6Sw6
	XGBxZ0Wl50WVGq0FFPzK/o2tUbQdF1F23oUx6WQHmuQDDzoM6U4xwKR4dlPFdiZpiKeM
	Cz2TkZwn/+G6+rOcX0qPJ7frY/ezq8LtzMYwuvEtuqVk880suD8phaNojz1Y3SY2g62x
	FR44y7vOAH8+Sv82PYpVyO/suRpxP7YDqgLbJPPlHCDYKTSIjhqrz2rJFtWvICdNaAAw
	Dibg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc;
	bh=tee8Zyq5frkXumHSYmsWcUSZfEfeJhPo94Mi1uMA0SY=;
	b=c1M8CFSmT5weVP6apaKl0GMrqIZsjetJTZlx+MGpaySz1uaFkpbxKDmvdrm9jf72sw
	5UzuSlrU0ZuwH+d4e4SQGDQPOCfFEwm3zoRKKQuZmgCfeJloYsgif6zLsBVgSrYGczHq
	8/LQG4gLdWElO30Et9WC3JCnVCYtunsiU2I5ebdwY+mMeRTqVb5CyHXo2T1bdogWFkpM
	f8/RHYYZzDU9n+tYVY3rXcrTQ+bdxSp5OBGXETVlA4kZiHwPvl1M0oEbscJIjYEWhH2O
	zxM2Lpsv/nn3/HGR8JT3ZloVPt7j+S3G5JxomYTAt1CtZec/lPkM+l8dRefZdgCeQgpN
	fiNA==
X-Gm-Message-State: AJaThX7IM9inZOwx22HqxW1AigtIFNyuQvtXMkQZuiZ3fHtC7wHuMOdX
	SZE38Mvlfaci7Bgto8lrDeddAISEGpExTp2dWRdgqJHxA9q8qe1IdLHPxKCDSlTjKrAr7YaWrzS
	8SlOaM2z1hCwBUv21Tt/mplMjqQ7WM0TiHmQ=
X-Google-Smtp-Source: 
 AGs4zMa6Qj3jRQa+PHN9aXt8kN/FqpOlc0r4qsh6UvB/UXSq8NGeUchoYLtEVSdfo8Kty8/vDR5+R9EcaDtFoNT+WD8djA==
MIME-Version: 1.0
X-Received: by 10.55.157.21 with SMTP id g21mr18228608qke.6.1510779934296;
	Wed, 15 Nov 2017 13:05:34 -0800 (PST)
Date: Wed, 15 Nov 2017 13:05:27 -0800
Message-Id: <20171115210527.11488-1-mjg59@google.com>
X-Mailer: git-send-email 2.15.0.448.gf294e3d99a-goog
Subject: [USER] [PATCH] Add support for portable EVM format
From: Matthew Garrett <mjg59@google.com>
To: linux-integrity@vger.kernel.org
Cc: zohar@linux.vnet.ibm.com, Matthew Garrett <mjg59@google.com>
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Add a --portable argument that generates EVM signatures without using
the inode number and generation or fs UUID.

Signed-off-by: Matthew Garrett <mjg59@google.com>
---
 README       |  6 ++++--
 src/evmctl.c | 35 +++++++++++++++++++++++++----------
 src/imaevm.h |  1 +
 3 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/README b/README
index b1dfafa..da828cf 100644
--- a/README
+++ b/README
@@ -26,7 +26,7 @@ COMMANDS
  --version
  help <command>
  import [--rsa] pubkey keyring
- sign [-r] [--imahash | --imasig ] [--key key] [--pass password] file
+ sign [-r] [--imahash | --imasig ] [--portable] [--key key] [--pass password] file
  verify file
  ima_sign [--sigfile] [--key key] [--pass password] file
  ima_verify file
@@ -46,6 +46,7 @@ OPTIONS
   -f, --sigfile      store IMA signature in .sig file instead of xattr
       --rsa          use RSA key type and signing scheme v1
   -k, --key          path to signing key (default: /etc/keys/{privkey,pubkey}_evm.pem)
+  -o, --portable     generate portable EVM signatures
   -p, --pass         password for encrypted signing key
   -r, --recursive    recurse into directories (sign)
   -t, --type         file types to fix 'fdsxm' (f: file, d: directory, s: block/char/symlink)
@@ -95,7 +96,8 @@ Kernel configuration option CONFIG_EVM_ATTR_FSUUID controls whether to include
 filesystem UUID into HMAC and enabled by default. Therefore evmctl also includes
 fsuuid by default. Providing '--uuid' option without parameter allows to disable
 usage of fs uuid. Providing '--uuid=UUID' option with parameter allows to use
-custom UUID.
+custom UUID. Providing the '--portable' option will disable usage of the fs uuid
+and also the inode number and generation.
 
 Kernel configuration option CONFIG_EVM_EXTRA_SMACK_XATTRS controls whether to
 include additional SMACK extended attributes into HMAC. They are following:
diff --git a/src/evmctl.c b/src/evmctl.c
index 3eb3771..f02da39 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -119,6 +119,7 @@ static int recursive;
 static int msize;
 static dev_t fs_dev;
 static bool evm_immutable;
+static bool evm_portable;
 
 #define HMAC_FLAG_NO_UUID	0x0001
 #define HMAC_FLAG_CAPS_SET	0x0002
@@ -422,8 +423,10 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
 		struct h_misc *hmac = (struct h_misc *)&hmac_misc;
 
 		hmac_size = sizeof(*hmac);
-		hmac->ino = st.st_ino;
-		hmac->generation = generation;
+		if (!evm_portable) {
+			hmac->ino = st.st_ino;
+			hmac->generation = generation;
+		}
 		hmac->uid = st.st_uid;
 		hmac->gid = st.st_gid;
 		hmac->mode = st.st_mode;
@@ -431,8 +434,10 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
 		struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc;
 
 		hmac_size = sizeof(*hmac);
-		hmac->ino = st.st_ino;
-		hmac->generation = generation;
+		if (!evm_portable) {
+			hmac->ino = st.st_ino;
+			hmac->generation = generation;
+		}
 		hmac->uid = st.st_uid;
 		hmac->gid = st.st_gid;
 		hmac->mode = st.st_mode;
@@ -440,8 +445,10 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
 		struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc;
 
 		hmac_size = sizeof(*hmac);
-		hmac->ino = st.st_ino;
-		hmac->generation = generation;
+		if (!evm_portable) {
+			hmac->ino = st.st_ino;
+			hmac->generation = generation;
+		}
 		hmac->uid = st.st_uid;
 		hmac->gid = st.st_gid;
 		hmac->mode = st.st_mode;
@@ -456,7 +463,8 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
 		return 1;
 	}
 
-	if (!evm_immutable && !(hmac_flags & HMAC_FLAG_NO_UUID)) {
+	if (!evm_immutable && !evm_portable &&
+	    !(hmac_flags & HMAC_FLAG_NO_UUID)) {
 		err = get_uuid(&st, uuid);
 		if (err)
 			return -1;
@@ -493,7 +501,10 @@ static int sign_evm(const char *file, const char *key)
 
 	/* add header */
 	len++;
-	sig[0] = EVM_IMA_XATTR_DIGSIG;
+	if (evm_portable)
+		sig[0] = EVM_XATTR_PORTABLE_DIGSIG;
+	else
+		sig[0] = EVM_IMA_XATTR_DIGSIG;
 
 	if (evm_immutable)
 		sig[1] = 3; /* immutable signature version */
@@ -888,7 +899,6 @@ static int cmd_import(struct command *cmd)
 		calc_keyid_v1(keyid, name, pub, len);
 	}
 
-	printf("Keyid is %x\n", *((uint32_t *)keyid));
 	log_info("Importing public key %s from file %s into keyring %d\n", name, inkey, id);
 
 	id = add_key(params.x509 ? "asymmetric" : "user", params.x509 ? NULL : name, pub, len, id);
@@ -1523,6 +1533,7 @@ static void usage(void)
 		"  -f, --sigfile      store IMA signature in .sig file instead of xattr\n"
 		"      --rsa          use RSA key type and signing scheme v1\n"
 		"  -k, --key          path to signing key (default: /etc/keys/{privkey,pubkey}_evm.pem)\n"
+		"  -o, --portable     generate portable EVM signatures\n"
 		"  -p, --pass         password for encrypted signing key\n"
 		"  -r, --recursive    recurse into directories (sign)\n"
 		"  -t, --type         file types to fix 'fdsxm' (f: file, d: directory, s: block/char/symlink)\n"
@@ -1580,6 +1591,7 @@ static struct option opts[] = {
 	{"recursive", 0, 0, 'r'},
 	{"m32", 0, 0, '3'},
 	{"m64", 0, 0, '6'},
+	{"portable", 0, 0, 'o'},
 	{"smack", 0, 0, 128},
 	{"version", 0, 0, 129},
 	{"inode", 1, 0, 130},
@@ -1636,7 +1648,7 @@ int main(int argc, char *argv[])
 	g_argc = argc;
 
 	while (1) {
-		c = getopt_long(argc, argv, "hvnsda:p::fu::k:t:riz", opts, &lind);
+		c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:riz", opts, &lind);
 		if (c == -1)
 			break;
 
@@ -1685,6 +1697,9 @@ int main(int argc, char *argv[])
 		case 'i':
 			evm_immutable = true;
 			break;
+		case 'o':
+			evm_portable = true;
+			break;
 		case 't':
 			search_type = optarg;
 			break;
diff --git a/src/imaevm.h b/src/imaevm.h
index 711596c..e397743 100644
--- a/src/imaevm.h
+++ b/src/imaevm.h
@@ -82,6 +82,7 @@ enum evm_ima_xattr_type {
 	EVM_XATTR_HMAC,
 	EVM_IMA_XATTR_DIGSIG,
 	IMA_XATTR_DIGEST_NG,
+	EVM_XATTR_PORTABLE_DIGSIG,
 };
 
 struct h_misc {