[PATCH v2 00/23] ima: larger digests and extensible template support
From: Mimi Zohar
Date: Mon Oct 21 2013 - 18:43:26 EST
This patch set adds support for additional hash algorithms with larger
digests, as well as support for additional file metadata in the IMA
measurement list. The existing IMA measurement list entries, which are
exposed to userspace via the securityfs ascii/binary_runtime_measurement
lists, are fixed length, containing a file data hash, limited to a 20 byte
digest, and a pathname, limited to 255 characters. Adding larger digest
support for signature verification, without the template changes, would result
in hashing the file twice, once for appraising the file signature and, again,
for the measurement list.
This patch set defines an extensible template architecture with support for
larger hash algorithms. A description of the new template architecture is
described in the "ima: new templates management mechanism" patch description
and, with more detail, in Documentation/security/IMA-templates.txt. The
two initial templates defined are: the original 'ima', for backwards
compatibility, and 'ima-ng', which eliminates the digest and pathname size
limitations. Additional templates, that include other file metadata (eg.
uid/gid, LSM subject/object labels, file data signatures) will be posted
separately.
Two changes were made, since posting this patch set back in July
http://marc.info/?l=linux-security-module&m=137410629309961&w=2. Namely, the
measurement list can now be walked and verified, without understanding the
template field data specifics; and "mutable" files can be labeled based on
different hash algorithms. Walking and verifying the measurement list without
understanding the template field data specifics, will allow new templates to
be defined in the kernel, without breaking userspace applications. Defining a
new extended attribute format, which includes the file hash algorithm,
eliminates the need for relabeling "mutable" files.
Changelog:
- fix lindent, sparse, checkpath warnings/errors
- define a new extended attribute type, which includes the file data
hash algorithm.
- template changes:
- simplify walking the binary measurement list
- simplify calculating the template data hash
- simplify parsing measurement entries by always prefixing the
template data hash with the hash algorithm.
Mimi
Dmitry Kasatkin (10):
crypto: provide single place for hash algo information
keys: change asymmetric keys to use common hash definitions
ima: provide support for arbitrary hash algorithms
ima: read and use signature hash algorithm
ima: pass full xattr with the signature
ima: use dynamically allocated hash storage
ima: provide dedicated hash algo allocation function
ima: support arbitrary hash algorithms in ima_calc_buffer_hash
ima: ima_calc_boot_agregate must use SHA1
ima: provide hash algo info in the xattr
Mimi Zohar (4):
ima: differentiate between template hash and file data hash sizes
ima: add audit log support for larger hashes
ima: add Kconfig default measurement list template
ima: enable support for larger default filedata hash algorithms
Roberto Sassu (9):
ima: pass the file descriptor to ima_add_violation()
ima: pass the filename argument up to ima_add_template_entry()
ima: define new function ima_alloc_init_template() to API
ima: new templates management mechanism
ima: define template fields library and new helpers
ima: define new template ima-ng and template fields d-ng and n-ng
ima: switch to new template management mechanism
ima: defer determining the appraisal hash algorithm for 'ima' template
ima: define kernel parameter 'ima_template=' to change configured
default
Documentation/kernel-parameters.txt | 11 +-
Documentation/security/00-INDEX | 2 +
Documentation/security/IMA-templates.txt | 87 +++++++++
crypto/Kconfig | 3 +
crypto/Makefile | 1 +
crypto/asymmetric_keys/Kconfig | 1 +
crypto/asymmetric_keys/public_key.c | 12 --
crypto/asymmetric_keys/rsa.c | 14 +-
crypto/asymmetric_keys/x509_cert_parser.c | 12 +-
crypto/asymmetric_keys/x509_public_key.c | 6 +-
crypto/hash_info.c | 56 ++++++
include/crypto/hash_info.h | 40 ++++
include/crypto/public_key.h | 18 +-
include/uapi/linux/hash_info.h | 37 ++++
kernel/module_signing.c | 8 +-
security/integrity/digsig.c | 5 +-
security/integrity/digsig_asymmetric.c | 11 --
security/integrity/evm/evm_main.c | 4 +-
security/integrity/iint.c | 2 +
security/integrity/ima/Kconfig | 61 ++++++
security/integrity/ima/Makefile | 2 +-
security/integrity/ima/ima.h | 95 +++++++--
security/integrity/ima/ima_api.c | 129 ++++++++----
security/integrity/ima/ima_appraise.c | 100 ++++++++--
security/integrity/ima/ima_crypto.c | 134 +++++++++++--
security/integrity/ima/ima_fs.c | 64 +++---
security/integrity/ima/ima_init.c | 37 ++--
security/integrity/ima/ima_main.c | 50 ++++-
security/integrity/ima/ima_queue.c | 10 +-
security/integrity/ima/ima_template.c | 175 +++++++++++++++++
security/integrity/ima/ima_template_lib.c | 313 ++++++++++++++++++++++++++++++
security/integrity/ima/ima_template_lib.h | 39 ++++
security/integrity/integrity.h | 38 +++-
33 files changed, 1368 insertions(+), 209 deletions(-)
create mode 100644 Documentation/security/IMA-templates.txt
create mode 100644 crypto/hash_info.c
create mode 100644 include/crypto/hash_info.h
create mode 100644 include/uapi/linux/hash_info.h
create mode 100644 security/integrity/ima/ima_template.c
create mode 100644 security/integrity/ima/ima_template_lib.c
create mode 100644 security/integrity/ima/ima_template_lib.h
--
1.8.1.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/