Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751889Ab3CNUGC (ORCPT ); Thu, 14 Mar 2013 16:06:02 -0400 Received: from mail-ve0-f173.google.com ([209.85.128.173]:58864 "EHLO mail-ve0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751363Ab3CNUGA (ORCPT ); Thu, 14 Mar 2013 16:06:00 -0400 MIME-Version: 1.0 In-Reply-To: <20130314182815.GB24238@redhat.com> References: <20130314182815.GB24238@redhat.com> Date: Thu, 14 Mar 2013 22:05:59 +0200 Message-ID: Subject: Re: [RFC PATCH] integrity: Use a new type for asymmetric signature From: "Kasatkin, Dmitry" To: Vivek Goyal Cc: Mimi Zohar , linux kernel mailing list , linux-security-module@vger.kernel.org Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 7619 Lines: 166 On Thu, Mar 14, 2013 at 8:28 PM, Vivek Goyal wrote: > Hi Dmitry/Mimi, > > Here is an RFC patch. I am playing with exporting some functions from > ima/integrity and make reuse of IMA signature format and reuse of some > of IMA verification code. > > One of the things required is that caller wants trusts only certain > type of signatures. For example, it might not trust DIGEST or HMAC > but might trust only digital signatures. So caller needs to know what > kind of signature are stored in IMA security attribute (if any) and > decide what to do. > > Currently there seem to be two types of digital signatures. Old one and > that is RSA and new one which is being called asymmetric. Right now they > both fall in the categorty of EVM_IMA_XATTR_DIGSIG and one differentiates > between two using signature version. Version 1 is old type and version 2 > is new type. > > How about asymmetric signature using a new type say > EVM_IMA_XATTR_DIGSIG_ASYMMETRIC. And version numbering can be used for > structure variation with-in signature type. > Hello Vivek, This was exactly the way how I initially implemented asymmetric key support. But then thought that we might have new versions of signature formats in the future and there is not point to create new xattr type for every signature format. What prevents just using of signature version? Thanks, Dmitry > This can allow caller to differentiate between two kinds of digital > signatures as understood by IMA. And calling subsystems will call into > ima/integrity for verification only if digital signatures are of certain > type. > > asymmetric support has gone in just now. Before it becomes an ABI, it > might be worth to discuss it. > > Yet-to-by-signed-off-by: Vivek Goyal > --- > security/integrity/digsig.c | 11 +++++++---- > security/integrity/evm/evm_main.c | 4 +++- > security/integrity/ima/ima_appraise.c | 7 +++++-- > security/integrity/integrity.h | 9 ++++++--- > 4 files changed, 21 insertions(+), 10 deletions(-) > > Index: linux-2.6/security/integrity/integrity.h > =================================================================== > --- linux-2.6.orig/security/integrity/integrity.h 2013-03-14 13:44:30.000000000 -0400 > +++ linux-2.6/security/integrity/integrity.h 2013-03-14 14:02:43.404474646 -0400 > @@ -63,6 +63,7 @@ enum evm_ima_xattr_type { > IMA_XATTR_DIGEST = 0x01, > EVM_XATTR_HMAC, > EVM_IMA_XATTR_DIGSIG, > + EVM_IMA_XATTR_DIGSIG_ASYMMETRIC, > }; > > struct evm_ima_xattr_data { > @@ -98,12 +99,14 @@ struct integrity_iint_cache *integrity_i > > #ifdef CONFIG_INTEGRITY_SIGNATURE > > -int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, > - const char *digest, int digestlen); > +int integrity_digsig_verify(enum evm_ima_xattr_type sig_type, > + const unsigned int id, const char *sig, int siglen, > + const char *digest, int digestlen); > > #else > > -static inline int integrity_digsig_verify(const unsigned int id, > +static inline int integrity_digsig_verify(enum evm_ima_xattr_type sig_type, > + const unsigned int id, > const char *sig, int siglen, > const char *digest, int digestlen) > { > Index: linux-2.6/security/integrity/ima/ima_appraise.c > =================================================================== > --- linux-2.6.orig/security/integrity/ima/ima_appraise.c 2013-03-14 13:44:30.000000000 -0400 > +++ linux-2.6/security/integrity/ima/ima_appraise.c 2013-03-14 14:00:06.027469811 -0400 > @@ -188,8 +188,10 @@ int ima_appraise_measurement(int func, s > status = INTEGRITY_PASS; > break; > case EVM_IMA_XATTR_DIGSIG: > + case EVM_IMA_XATTR_DIGSIG_ASYMMETRIC: > iint->flags |= IMA_DIGSIG; > - rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA, > + rc = integrity_digsig_verify(xattr_value->type, > + INTEGRITY_KEYRING_IMA, > xattr_value->digest, rc - 1, > iint->ima_xattr.digest, > IMA_DIGEST_SIZE); > @@ -210,7 +212,8 @@ out: > if (status != INTEGRITY_PASS) { > if ((ima_appraise & IMA_APPRAISE_FIX) && > (!xattr_value || > - xattr_value->type != EVM_IMA_XATTR_DIGSIG)) { > + (xattr_value->type != EVM_IMA_XATTR_DIGSIG && > + xattr_value->type != EVM_IMA_XATTR_DIGSIG_ASYMMETRIC))) { > if (!ima_fix_xattr(dentry, iint)) > status = INTEGRITY_PASS; > } > Index: linux-2.6/security/integrity/evm/evm_main.c > =================================================================== > --- linux-2.6.orig/security/integrity/evm/evm_main.c 2013-03-14 09:51:46.000000000 -0400 > +++ linux-2.6/security/integrity/evm/evm_main.c 2013-03-14 14:00:52.265471232 -0400 > @@ -134,11 +134,13 @@ static enum integrity_status evm_verify_ > rc = -EINVAL; > break; > case EVM_IMA_XATTR_DIGSIG: > + case EVM_IMA_XATTR_DIGSIG_ASYMMETRIC: > rc = evm_calc_hash(dentry, xattr_name, xattr_value, > xattr_value_len, calc.digest); > if (rc) > break; > - rc = integrity_digsig_verify(INTEGRITY_KEYRING_EVM, > + rc = integrity_digsig_verify(xattr_data->type, > + INTEGRITY_KEYRING_EVM, > xattr_data->digest, xattr_len, > calc.digest, sizeof(calc.digest)); > if (!rc) { > Index: linux-2.6/security/integrity/digsig.c > =================================================================== > --- linux-2.6.orig/security/integrity/digsig.c 2013-03-12 15:06:54.000000000 -0400 > +++ linux-2.6/security/integrity/digsig.c 2013-03-14 14:06:53.721482335 -0400 > @@ -27,7 +27,8 @@ static const char *keyring_name[INTEGRIT > "_ima", > }; > > -int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, > +int integrity_digsig_verify(enum evm_ima_xattr_type sig_type, > + const unsigned int id, const char *sig, int siglen, > const char *digest, int digestlen) > { > if (id >= INTEGRITY_KEYRING_MAX) > @@ -44,13 +45,15 @@ int integrity_digsig_verify(const unsign > } > } > > - switch (sig[0]) { > - case 1: > + switch (sig_type) { > + case EVM_IMA_XATTR_DIGSIG: > return digsig_verify(keyring[id], sig, siglen, > digest, digestlen); > - case 2: > + case EVM_IMA_XATTR_DIGSIG_ASYMMETRIC: > return asymmetric_verify(keyring[id], sig, siglen, > digest, digestlen); > + default: > + break; > } > > return -EOPNOTSUPP; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/