Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753080AbdHQPnv (ORCPT ); Thu, 17 Aug 2017 11:43:51 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:39743 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752587AbdHQPnr (ORCPT ); Thu, 17 Aug 2017 11:43:47 -0400 Subject: Re: [PATCH v4 7/7] ima: Support module-style appended signatures for appraisal From: Mimi Zohar To: Thiago Jung Bauermann , linux-security-module@vger.kernel.org Cc: linux-ima-devel@lists.sourceforge.net, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Dmitry Kasatkin , James Morris , "Serge E. Hallyn" , David Howells , David Woodhouse , Jessica Yu , Rusty Russell , Herbert Xu , "David S. Miller" , "AKASHI, Takahiro" Date: Thu, 17 Aug 2017 11:43:30 -0400 In-Reply-To: <20170804220330.30026-8-bauerman@linux.vnet.ibm.com> References: <20170804220330.30026-1-bauerman@linux.vnet.ibm.com> <20170804220330.30026-8-bauerman@linux.vnet.ibm.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-MML: disable x-cbid: 17081715-0004-0000-0000-0000022AB14E X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17081715-0005-0000-0000-00005E117A98 Message-Id: <1502984610.3172.41.camel@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-08-17_08:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1708170259 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2161 Lines: 76 > diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c > index 87d2b601cf8e..5a244ebc61d9 100644 > --- a/security/integrity/ima/ima_appraise.c > +++ b/security/integrity/ima/ima_appraise.c > @@ -190,6 +190,64 @@ int ima_read_xattr(struct dentry *dentry, > return ret; > } > > +static void process_xattr_error(int rc, struct integrity_iint_cache *iint, > + int opened, char const **cause, > + enum integrity_status *status) > +{ > + if (rc && rc != -ENODATA) > + return; > + > + *cause = iint->flags & IMA_DIGSIG_REQUIRED ? > + "IMA-signature-required" : "missing-hash"; > + *status = INTEGRITY_NOLABEL; > + > + if (opened & FILE_CREATED) > + iint->flags |= IMA_NEW_FILE; > + > + if ((iint->flags & IMA_NEW_FILE) && > + !(iint->flags & IMA_DIGSIG_REQUIRED)) > + *status = INTEGRITY_PASS; > +} > + > +static int appraise_modsig(struct integrity_iint_cache *iint, > + struct evm_ima_xattr_data *xattr_value, > + int xattr_len) > +{ > + enum hash_algo algo; > + const void *digest; > + void *buf; > + int rc, len; > + u8 dig_len; > + > + rc = ima_modsig_verify(INTEGRITY_KEYRING_IMA, xattr_value); > + if (rc) > + return rc; > + > + /* > + * The signature is good. Now let's put the sig hash > + * into the iint cache so that it gets stored in the > + * measurement list. > + */ > + > + rc = ima_get_modsig_hash(xattr_value, &algo, &digest, &dig_len); > + if (rc) > + return rc; > + > + len = sizeof(iint->ima_hash) + dig_len; > + buf = krealloc(iint->ima_hash, len, GFP_NOFS); > + if (!buf) > + return -ENOMEM; > + > + iint->ima_hash = buf; > + iint->flags |= IMA_DIGSIG; > + iint->ima_hash->algo = algo; > + iint->ima_hash->length = dig_len; > + > + memcpy(iint->ima_hash->digest, digest, dig_len); > + > + return 0; > +} Depending on the IMA policy, the file could already have been measured.  That measurement list entry might include the file signature, as stored in the xattr, in the ima-sig template data. I think even if a measurement list entry exists, we would want an additional measurement list entry, which includes the appended signature in the ima-sig template data. Mimi