Features Download
From: Mimi Zohar <zohar <at> linux.vnet.ibm.com>
Subject: [PATCH v2 00/23] ima: larger digests and extensible template support
Newsgroups: gmane.linux.kernel.lsm
Date: Monday 21st October 2013 22:42:45 UTC (over 4 years ago)
This patch set adds support for additional hash algorithms with larger
digests, as well as support for additional file metadata in the IMA
measurement list.  The existing IMA measurement list entries, which are
exposed to userspace via the securityfs ascii/binary_runtime_measurement
lists, are fixed length, containing a file data hash, limited to a 20 byte
digest, and a pathname, limited to 255 characters.  Adding larger digest
support for signature verification, without the template changes, would
in hashing the file twice, once for appraising the file signature and,
for the measurement list.

This patch set defines an extensible template architecture with support for
larger hash algorithms.  A description of the new template architecture is
described in the "ima: new templates management mechanism" patch
and, with more detail, in Documentation/security/IMA-templates.txt.  The
two initial templates defined are: the original 'ima', for backwards
compatibility, and 'ima-ng', which eliminates the digest and pathname size
limitations.  Additional templates, that include other file metadata (eg.
uid/gid, LSM subject/object labels, file data signatures) will be posted

Two changes were made, since posting this patch set back in July
 Namely, the
measurement list can now be walked and verified, without understanding the
template field data specifics; and "mutable" files can be labeled based on
different hash algorithms.  Walking and verifying the measurement list
understanding the template field data specifics, will allow new templates
be defined in the kernel, without breaking userspace applications. 
Defining a
new extended attribute format, which includes the file hash algorithm,
eliminates the need for relabeling "mutable" files.

- fix lindent, sparse, checkpath warnings/errors
- define a new extended attribute type, which includes the file data
  hash algorithm.
- template changes:
  - simplify walking the binary measurement list
  - simplify calculating the template data hash
  - simplify parsing measurement entries by always prefixing the
    template data hash with the hash algorithm.


Dmitry Kasatkin (10):
  crypto: provide single place for hash algo information
  keys: change asymmetric keys to use common hash definitions
  ima: provide support for arbitrary hash algorithms
  ima: read and use signature hash algorithm
  ima: pass full xattr with the signature
  ima: use dynamically allocated hash storage
  ima: provide dedicated hash algo allocation function
  ima: support arbitrary hash algorithms in ima_calc_buffer_hash
  ima: ima_calc_boot_agregate must use SHA1
  ima: provide hash algo info in the xattr

Mimi Zohar (4):
  ima: differentiate between template hash and file data hash sizes
  ima: add audit log support for larger hashes
  ima: add Kconfig default measurement list template
  ima: enable support for larger default filedata hash algorithms

Roberto Sassu (9):
  ima: pass the file descriptor to ima_add_violation()
  ima: pass the filename argument up to ima_add_template_entry()
  ima: define new function ima_alloc_init_template() to API
  ima: new templates management mechanism
  ima: define template fields library and new helpers
  ima: define new template ima-ng and template fields d-ng and n-ng
  ima: switch to new template management mechanism
  ima: defer determining the appraisal hash algorithm for 'ima' template
  ima: define kernel parameter 'ima_template=' to change configured

 Documentation/kernel-parameters.txt       |  11 +-
 Documentation/security/00-INDEX           |   2 +
 Documentation/security/IMA-templates.txt  |  87 +++++++++
 crypto/Kconfig                            |   3 +
 crypto/Makefile                           |   1 +
 crypto/asymmetric_keys/Kconfig            |   1 +
 crypto/asymmetric_keys/public_key.c       |  12 --
 crypto/asymmetric_keys/rsa.c              |  14 +-
 crypto/asymmetric_keys/x509_cert_parser.c |  12 +-
 crypto/asymmetric_keys/x509_public_key.c  |   6 +-
 crypto/hash_info.c                        |  56 ++++++
 include/crypto/hash_info.h                |  40 ++++
 include/crypto/public_key.h               |  18 +-
 include/uapi/linux/hash_info.h            |  37 ++++
 kernel/module_signing.c                   |   8 +-
 security/integrity/digsig.c               |   5 +-
 security/integrity/digsig_asymmetric.c    |  11 --
 security/integrity/evm/evm_main.c         |   4 +-
 security/integrity/iint.c                 |   2 +
 security/integrity/ima/Kconfig            |  61 ++++++
 security/integrity/ima/Makefile           |   2 +-
 security/integrity/ima/ima.h              |  95 +++++++--
 security/integrity/ima/ima_api.c          | 129 ++++++++----
 security/integrity/ima/ima_appraise.c     | 100 ++++++++--
 security/integrity/ima/ima_crypto.c       | 134 +++++++++++--
 security/integrity/ima/ima_fs.c           |  64 +++---
 security/integrity/ima/ima_init.c         |  37 ++--
 security/integrity/ima/ima_main.c         |  50 ++++-
 security/integrity/ima/ima_queue.c        |  10 +-
 security/integrity/ima/ima_template.c     | 175 +++++++++++++++++
 security/integrity/ima/ima_template_lib.c | 313
 security/integrity/ima/ima_template_lib.h |  39 ++++
 security/integrity/integrity.h            |  38 +++-
 33 files changed, 1368 insertions(+), 209 deletions(-)
 create mode 100644 Documentation/security/IMA-templates.txt
 create mode 100644 crypto/hash_info.c
 create mode 100644 include/crypto/hash_info.h
 create mode 100644 include/uapi/linux/hash_info.h
 create mode 100644 security/integrity/ima/ima_template.c
 create mode 100644 security/integrity/ima/ima_template_lib.c
 create mode 100644 security/integrity/ima/ima_template_lib.h


To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
CD: 3ms