• Dmitry Kasatkin's avatar
    ima: digital signature verification using asymmetric keys · e0751257
    Dmitry Kasatkin authored
    Asymmetric keys were introduced in linux-3.7 to verify the signature on
    signed kernel modules. The asymmetric keys infrastructure abstracts the
    signature verification from the crypto details. This patch adds IMA/EVM
    signature verification using asymmetric keys. Support for additional
    signature verification methods can now be delegated to the asymmetric
    key infrastructure.
    
    Although the module signature header and the IMA/EVM signature header
    could use the same format, to minimize the signature length and save
    space in the extended attribute, this patch defines a new IMA/EVM
    header format.  The main difference is that the key identifier is a
    sha1[12 - 19] hash of the key modulus and exponent, similar to the
    current implementation.  The only purpose of the key identifier is to
    identify the corresponding key in the kernel keyring.  ima-evm-utils
    was updated to support the new signature format.
    
    While asymmetric signature verification functionality supports many
    different hash algorithms, the hash used in this patch is calculated
    during the IMA collection phase, based on the configured algorithm.
    The default algorithm is sha1, but for backwards compatibility md5
    is supported.  Due to this current limitation, signatures should be
    generated using a sha1 hash algorithm.
    
    Changes in this patch:
    - Functionality has been moved to separate source file in order to get rid of
      in source #ifdefs.
    - keyid is derived according to the RFC 3280. It does not require to assign
      IMA/EVM specific "description" when loading X509 certificate. Kernel
      asymmetric key subsystem automatically generate the description. Also
      loading a certificate does not require using of ima-evm-utils and can be
      done using keyctl only.
    - keyid size is reduced to 32 bits to save xattr space.  Key search is done
      using partial match functionality of asymmetric_key_match().
    - Kconfig option title was changed
    Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
    Acked-by: default avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
    e0751257
digsig.c 1.26 KB