[PATCH v3 1/2] ima_evm_utils: erroneous "verification failed: 0 (invalid padding)" message

[PATCH v3 1/2] ima_evm_utils: erroneous "verification failed: 0 (invalid padding)" message

[Mimi Zohar]

When public keys are specified on the boot command line (--key <public
key file>, [<public key file>, ...]), the appropriate public key is used
to verify EVM or file signatures.  If no keys are specified, the default
x509_evm.der or x509_evm.pem file is used to verify the DIGSIG_VERSION_2
or DIGSIG_VERSION_1 signatures respectively, without first checking the
keyids.  Instead of emitting a "verification failed: 0 (invalid
padding)" message, an "unknown keyid" message would be clearer.

To address this problem, when no public keys are specified, this patch
loads the x509_evm.der default public key onto the "public_keys" list,
while the x509_evm.pem continues to be passed to verify_hash_v1().  As a
result of this change, the verify_hash_v2() "key" parameter is
unnecssary and is removed.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 src/evmctl.c    | 14 +++++++++++---
 src/libimaevm.c | 56 ++++++++++++++++++++++----------------------------------
 2 files changed, 33 insertions(+), 37 deletions(-)

diff --git a/src/evmctl.c b/src/evmctl.c
index 61808d276419..9e0926f10404 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -838,6 +838,11 @@ static int cmd_verify_evm(struct command *cmd)
 		return -1;
 	}
 
+	if (params.keyfile)	/* Support multiple public keys */
+		init_public_keys(params.keyfile);
+	else			/* assume read pubkey from x509 cert */
+		init_public_keys("/etc/keys/x509_evm.der");
+
 	err = verify_evm(file);
 	if (!err && params.verbose >= LOG_INFO)
 		log_info("%s: verification is OK\n", file);
@@ -879,8 +884,10 @@ static int cmd_verify_ima(struct command *cmd)
 	char *file = g_argv[optind++];
 	int err;
 
-	if (params.keyfile)
+	if (params.keyfile)	/* Support multiple public keys */
 		init_public_keys(params.keyfile);
+	else			/* assume read pubkey from x509 cert */
+		init_public_keys("/etc/keys/x509_evm.der");
 
 	errno = 0;
 	if (!file) {
@@ -1602,9 +1609,10 @@ static int ima_measurement(const char *file)
 		return -1;
 	}
 
-	/* Support multiple public keys */
-	if (params.keyfile)
+	if (params.keyfile)	/* Support multiple public keys */
 		init_public_keys(params.keyfile);
+	else			/* assume read pubkey from x509 cert */
+		init_public_keys("/etc/keys/x509_evm.der");
 
 	while (fread(&entry.header, sizeof(entry.header), 1, fp)) {
 		ima_extend_pcr(pcr[entry.header.pcr], entry.header.digest,
diff --git a/src/libimaevm.c b/src/libimaevm.c
index ae487f9fe36c..43eb4ef2412c 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -302,6 +302,9 @@ EVP_PKEY *read_pub_pkey(const char *keyfile, int x509)
 	X509 *crt = NULL;
 	EVP_PKEY *pkey = NULL;
 
+	if (!keyfile)
+		return NULL;
+
 	fp = fopen(keyfile, "r");
 	if (!fp) {
 		log_err("Failed to open keyfile: %s\n", keyfile);
@@ -348,8 +351,8 @@ RSA *read_pub_key(const char *keyfile, int x509)
 	return key;
 }
 
-int verify_hash_v1(const char *file, const unsigned char *hash, int size,
-		   unsigned char *sig, int siglen, const char *keyfile)
+static int verify_hash_v1(const char *file, const unsigned char *hash, int size,
+			  unsigned char *sig, int siglen, const char *keyfile)
 {
 	int err, len;
 	SHA_CTX ctx;
@@ -449,12 +452,13 @@ void init_public_keys(const char *keyfiles)
 /*
  * Return: 0 verification good, 1 verification bad, -1 error.
  */
-int verify_hash_v2(const char *file, const unsigned char *hash, int size,
-		   unsigned char *sig, int siglen, const char *keyfile)
+static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
+			  unsigned char *sig, int siglen)
 {
 	int ret = -1;
 	EVP_PKEY *pkey, *pkey_free = NULL;
 	struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
+	uint32_t keyid = hdr->keyid;
 	EVP_PKEY_CTX *ctx;
 	const EVP_MD *md;
 	const char *st;
@@ -464,20 +468,11 @@ int verify_hash_v2(const char *file, const unsigned char *hash, int size,
 		log_dump(hash, size);
 	}
 
-	if (public_keys) {
-		uint32_t keyid = hdr->keyid;
-
-		pkey = find_keyid(keyid);
-		if (!pkey) {
-			log_err("%s: unknown keyid: %x\n", file,
-				__be32_to_cpup(&keyid));
-			return -1;
-		}
-	} else {
-		pkey = read_pub_pkey(keyfile, 1);
-		if (!pkey)
-			return -1;
-		pkey_free = pkey;
+	pkey = find_keyid(keyid);
+	if (!pkey) {
+		log_err("%s: unknown keyid: %x\n",
+			file, __be32_to_cpup(&keyid));
+		return -1;
 	}
 
 	st = "EVP_PKEY_CTX_new";
@@ -569,28 +564,21 @@ static int get_hash_algo_from_sig(unsigned char *sig)
 int verify_hash(const char *file, const unsigned char *hash, int size, unsigned char *sig,
 		int siglen)
 {
-	const char *key;
-	int x509;
-	verify_hash_fn_t verify_hash;
+	const char *key = NULL;
 
 	/* Get signature type from sig header */
 	if (sig[0] == DIGSIG_VERSION_1) {
-		verify_hash = verify_hash_v1;
+
 		/* Read pubkey from RSA key */
-		x509 = 0;
-	} else if (sig[0] == DIGSIG_VERSION_2) {
-		verify_hash = verify_hash_v2;
-		/* Read pubkey from x509 cert */
-		x509 = 1;
-	} else
-		return -1;
+		if (!params.keyfile)
+			key = "/etc/keys/pubkey_evm.pem";
+		return verify_hash_v1(file, hash, size, sig, siglen, key);
+	}
 
-	/* Determine what key to use for verification*/
-	key = params.keyfile ? : x509 ?
-			"/etc/keys/x509_evm.der" :
-			"/etc/keys/pubkey_evm.pem";
+	if (sig[0] == DIGSIG_VERSION_2)
+		return verify_hash_v2(file, hash, size, sig, siglen);
 
-	return verify_hash(file, hash, size, sig, siglen, key);
+	return -1;
 }
 
 int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
-- 
2.7.5

[PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors

[Mimi Zohar]

Each tima a new unknown key is encountered, emit a message of the format
"key #: <keyid> unknown".  The individual files using unknown keys are
then only logged in verbose mode.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 src/libimaevm.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/libimaevm.c b/src/libimaevm.c
index 43eb4ef2412c..d2194a6ca0f8 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -402,13 +402,26 @@ static struct public_key_entry *public_keys = NULL;
 
 static EVP_PKEY *find_keyid(uint32_t keyid)
 {
-	struct public_key_entry *entry;
+	struct public_key_entry *entry, *tail = public_keys;
+	int i = 1;
 
 	for (entry = public_keys; entry != NULL; entry = entry->next) {
 		if (entry->keyid == keyid)
 			return entry->key;
+		i++;
+		tail = entry;
 	}
-	return NULL;
+
+	/* add unknown keys to list */
+	entry = calloc(1, sizeof(struct public_key_entry));
+	if (!entry) {
+		perror("calloc");
+		return 0;
+	}
+	entry->keyid = keyid;
+	tail->next = entry;
+	log_err("key %d: %x unknown\n", i,  __be32_to_cpup(&keyid));
+	return 0;
 }
 
 void init_public_keys(const char *keyfiles)
@@ -470,8 +483,8 @@ static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
 
 	pkey = find_keyid(keyid);
 	if (!pkey) {
-		log_err("%s: unknown keyid: %x\n",
-			file, __be32_to_cpup(&keyid));
+		log_info("%s: unknown keyid: %x\n",
+			 file, __be32_to_cpup(&keyid));
 		return -1;
 	}
 
-- 
2.7.5

Re: [PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors

[Vitaly Chikunov]

Mimi,

On Thu, Jul 18, 2019 at 10:29:54AM -0400, Mimi Zohar wrote:
> Each tima a new unknown key is encountered, emit a message of the format
> "key #: <keyid> unknown".  The individual files using unknown keys are
> then only logged in verbose mode.
> 
> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> ---
>  src/libimaevm.c | 21 +++++++++++++++++----
>  1 file changed, 17 insertions(+), 4 deletions(-)
> 
> diff --git a/src/libimaevm.c b/src/libimaevm.c
> index 43eb4ef2412c..d2194a6ca0f8 100644
> --- a/src/libimaevm.c
> +++ b/src/libimaevm.c
> @@ -402,13 +402,26 @@ static struct public_key_entry *public_keys = NULL;
>  
>  static EVP_PKEY *find_keyid(uint32_t keyid)
>  {
> -	struct public_key_entry *entry;
> +	struct public_key_entry *entry, *tail = public_keys;

If user specified in `-k` filename that does not exist no key is added
into public_keys and it remains NULL.

> +	int i = 1;
>  
>  	for (entry = public_keys; entry != NULL; entry = entry->next) {
>  		if (entry->keyid == keyid)
>  			return entry->key;
> +		i++;
> +		tail = entry;
>  	}
> -	return NULL;
> +
> +	/* add unknown keys to list */
> +	entry = calloc(1, sizeof(struct public_key_entry));
> +	if (!entry) {
> +		perror("calloc");
> +		return 0;
> +	}
> +	entry->keyid = keyid;
> +	tail->next = entry;

In that case here is SIGSEGV when user try to ima_verify.

> +	log_err("key %d: %x unknown\n", i,  __be32_to_cpup(&keyid));
> +	return 0;
>  }
>  
>  void init_public_keys(const char *keyfiles)
> @@ -470,8 +483,8 @@ static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
>  
>  	pkey = find_keyid(keyid);
>  	if (!pkey) {
> -		log_err("%s: unknown keyid: %x\n",
> -			file, __be32_to_cpup(&keyid));
> +		log_info("%s: unknown keyid: %x\n",
> +			 file, __be32_to_cpup(&keyid));
>  		return -1;
>  	}
>  

Re: [PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors

[Mimi Zohar]

On Wed, 2019-07-24 at 01:18 +0300, Vitaly Chikunov wrote:
> Mimi,
> 
> On Thu, Jul 18, 2019 at 10:29:54AM -0400, Mimi Zohar wrote:
> > Each tima a new unknown key is encountered, emit a message of the format
> > "key #: <keyid> unknown".  The individual files using unknown keys are
> > then only logged in verbose mode.
> > 
> > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > ---
> >  src/libimaevm.c | 21 +++++++++++++++++----
> >  1 file changed, 17 insertions(+), 4 deletions(-)
> > 
> > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > index 43eb4ef2412c..d2194a6ca0f8 100644
> > --- a/src/libimaevm.c
> > +++ b/src/libimaevm.c
> > @@ -402,13 +402,26 @@ static struct public_key_entry *public_keys = NULL;
> >  
> >  static EVP_PKEY *find_keyid(uint32_t keyid)
> >  {
> > -	struct public_key_entry *entry;
> > +	struct public_key_entry *entry, *tail = public_keys;
> 
> If user specified in `-k` filename that does not exist no key is added
> into public_keys and it remains NULL.

Right, just the keyid is added and an error message is emitted.

> 
> > +	int i = 1;
> >  
> >  	for (entry = public_keys; entry != NULL; entry = entry->next) {
> >  		if (entry->keyid == keyid)
> >  			return entry->key;
> > +		i++;
> > +		tail = entry;
> >  	}
> > -	return NULL;
> > +
> > +	/* add unknown keys to list */
> > +	entry = calloc(1, sizeof(struct public_key_entry));
> > +	if (!entry) {
> > +		perror("calloc");
> > +		return 0;
> > +	}
> > +	entry->keyid = keyid;
> > +	tail->next = entry;
> 
> In that case here is SIGSEGV when user try to ima_verify.

find_keyid() returns NULL, which is checked before being used.
 There's only one caller of this function.

Do you have a test case to reproduce this bug?

Mimi

> 
> > +	log_err("key %d: %x unknown\n", i,  __be32_to_cpup(&keyid));
> > +	return 0;
> >  }
> >  
> >  void init_public_keys(const char *keyfiles)
> > @@ -470,8 +483,8 @@ static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
> >  
> >  	pkey = find_keyid(keyid);
> >  	if (!pkey) {
> > -		log_err("%s: unknown keyid: %x\n",
> > -			file, __be32_to_cpup(&keyid));
> > +		log_info("%s: unknown keyid: %x\n",
> > +			 file, __be32_to_cpup(&keyid));
> >  		return -1;
> >  	}
> >  
> 

Re: [PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors

[Vitaly Chikunov]

Mimi,

On Tue, Jul 23, 2019 at 06:59:16PM -0400, Mimi Zohar wrote:
> On Wed, 2019-07-24 at 01:18 +0300, Vitaly Chikunov wrote:
> > On Thu, Jul 18, 2019 at 10:29:54AM -0400, Mimi Zohar wrote:
> > > Each tima a new unknown key is encountered, emit a message of the format
> > > "key #: <keyid> unknown".  The individual files using unknown keys are
> > > then only logged in verbose mode.
> > > 
> > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > > ---
> > >  src/libimaevm.c | 21 +++++++++++++++++----
> > >  1 file changed, 17 insertions(+), 4 deletions(-)
> > > 
> > > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > > index 43eb4ef2412c..d2194a6ca0f8 100644
> > > --- a/src/libimaevm.c
> > > +++ b/src/libimaevm.c
> > > @@ -402,13 +402,26 @@ static struct public_key_entry *public_keys = NULL;
> > >  
> > >  static EVP_PKEY *find_keyid(uint32_t keyid)
> > >  {
> > > -	struct public_key_entry *entry;
> > > +	struct public_key_entry *entry, *tail = public_keys;
> > 
> > If user specified in `-k` filename that does not exist no key is added
> > into public_keys and it remains NULL.
> 
> Right, just the keyid is added and an error message is emitted.
> 
> > 
> > > +	int i = 1;
> > >  
> > >  	for (entry = public_keys; entry != NULL; entry = entry->next) {
> > >  		if (entry->keyid == keyid)
> > >  			return entry->key;
> > > +		i++;
> > > +		tail = entry;
> > >  	}
> > > -	return NULL;
> > > +
> > > +	/* add unknown keys to list */
> > > +	entry = calloc(1, sizeof(struct public_key_entry));
> > > +	if (!entry) {
> > > +		perror("calloc");
> > > +		return 0;
> > > +	}
> > > +	entry->keyid = keyid;
> > > +	tail->next = entry;
> > 
> > In that case here is SIGSEGV when user try to ima_verify.
> 
> find_keyid() returns NULL, which is checked before being used.
>  There's only one caller of this function.

find_keyid does not return since tail is NULL, thus there is null
dereference in `tail->next`.

> Do you have a test case to reproduce this bug?

  ima-evm-utils/tests ((31b5f50...))$ rm sha1.txt
  ima-evm-utils/tests ((31b5f50...))$ touch sha1.txt
  ima-evm-utils/tests ((31b5f50...))$ evmctl ima_sign -k test-rsa1024.key -a sha1 --xattr-user sha1.txt
  ima-evm-utils/tests ((31b5f50...))$ evmctl ima_verify -k /absent --xattr-user sha1.txt
  Failed to open keyfile: /absent
  Segmentation fault

31b5f50 is head of your git next branch.

I temporary fixed like this:

-       tail->next = entry;
+       if (tail)
+               tail->next = entry;
+       else
+               public_keys = entry;

Re: [PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors

[Mimi Zohar]

On Wed, 2019-07-24 at 02:13 +0300, Vitaly Chikunov wrote:
> Mimi,
> 
> On Tue, Jul 23, 2019 at 06:59:16PM -0400, Mimi Zohar wrote:
> > On Wed, 2019-07-24 at 01:18 +0300, Vitaly Chikunov wrote:
> > > On Thu, Jul 18, 2019 at 10:29:54AM -0400, Mimi Zohar wrote:
> > > > Each tima a new unknown key is encountered, emit a message of the format
> > > > "key #: <keyid> unknown".  The individual files using unknown keys are
> > > > then only logged in verbose mode.
> > > > 
> > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > > > ---
> > > >  src/libimaevm.c | 21 +++++++++++++++++----
> > > >  1 file changed, 17 insertions(+), 4 deletions(-)
> > > > 
> > > > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > > > index 43eb4ef2412c..d2194a6ca0f8 100644
> > > > --- a/src/libimaevm.c
> > > > +++ b/src/libimaevm.c
> > > > @@ -402,13 +402,26 @@ static struct public_key_entry *public_keys = NULL;
> > > >  
> > > >  static EVP_PKEY *find_keyid(uint32_t keyid)
> > > >  {
> > > > -	struct public_key_entry *entry;
> > > > +	struct public_key_entry *entry, *tail = public_keys;
> > > 
> > > If user specified in `-k` filename that does not exist no key is added
> > > into public_keys and it remains NULL.
> > 
> > Right, just the keyid is added and an error message is emitted.
> > 
> > > 
> > > > +	int i = 1;
> > > >  
> > > >  	for (entry = public_keys; entry != NULL; entry = entry->next) {
> > > >  		if (entry->keyid == keyid)
> > > >  			return entry->key;
> > > > +		i++;
> > > > +		tail = entry;
> > > >  	}
> > > > -	return NULL;
> > > > +
> > > > +	/* add unknown keys to list */
> > > > +	entry = calloc(1, sizeof(struct public_key_entry));
> > > > +	if (!entry) {
> > > > +		perror("calloc");
> > > > +		return 0;
> > > > +	}
> > > > +	entry->keyid = keyid;
> > > > +	tail->next = entry;
> > > 
> > > In that case here is SIGSEGV when user try to ima_verify.
> > 
> > find_keyid() returns NULL, which is checked before being used.
> >  There's only one caller of this function.
> 
> find_keyid does not return since tail is NULL, thus there is null
> dereference in `tail->next`.
> 
> > Do you have a test case to reproduce this bug?
> 
>   ima-evm-utils/tests ((31b5f50...))$ rm sha1.txt
>   ima-evm-utils/tests ((31b5f50...))$ touch sha1.txt
>   ima-evm-utils/tests ((31b5f50...))$ evmctl ima_sign -k test-rsa1024.key -a sha1 --xattr-user sha1.txt
>   ima-evm-utils/tests ((31b5f50...))$ evmctl ima_verify -k /absent --xattr-user sha1.txt
>   Failed to open keyfile: /absent
>   Segmentation fault
> 
> 31b5f50 is head of your git next branch.
> 
> I temporary fixed like this:
> 
> -       tail->next = entry;
> +       if (tail)
> +               tail->next = entry;
> +       else
> +               public_keys = entry;

I see.  If you don't object, I'll fold this into the original patch. 

Mimi

Re: [PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors

[Vitaly Chikunov]

Mimi,

On Tue, Jul 23, 2019 at 08:19:46PM -0400, Mimi Zohar wrote:
> On Wed, 2019-07-24 at 02:13 +0300, Vitaly Chikunov wrote:
> > > > > +	tail->next = entry;
> > > > 
> > > > In that case here is SIGSEGV when user try to ima_verify.
> > > 
> > > find_keyid() returns NULL, which is checked before being used.
> > >  There's only one caller of this function.
> > 
> > find_keyid does not return since tail is NULL, thus there is null
> > dereference in `tail->next`.
> > 
> > > Do you have a test case to reproduce this bug?
> > 
> >   ima-evm-utils/tests ((31b5f50...))$ rm sha1.txt
> >   ima-evm-utils/tests ((31b5f50...))$ touch sha1.txt
> >   ima-evm-utils/tests ((31b5f50...))$ evmctl ima_sign -k test-rsa1024.key -a sha1 --xattr-user sha1.txt
> >   ima-evm-utils/tests ((31b5f50...))$ evmctl ima_verify -k /absent --xattr-user sha1.txt
> >   Failed to open keyfile: /absent
> >   Segmentation fault
> > 
> > 31b5f50 is head of your git next branch.
> > 
> > I temporary fixed like this:
> > 
> > -       tail->next = entry;
> > +       if (tail)
> > +               tail->next = entry;
> > +       else
> > +               public_keys = entry;
> 
> I see.  If you don't object, I'll fold this into the original patch. 

Of course.

Thanks,