-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
229 lines (153 loc) · 6.27 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
The source files present in this directory consists of implementation and usage of new system call sys_integrity(). This system call is used to maintain the integrity of the files.
--------------
| Source files |
--------------
xhw1.c
------
User program which invokes the system call in different modes
sys_integrity_args.h
--------------------
This file consists of the structures and #defines which are needed for using the system call. Both user
program and system share this header file.
sys_xintegrity.c
----------------
This file consists of the actual implementation of system call. The system call is written to serve in
three modes.
Mode1 - Returns the existing integrity of the file stored at xattr, if there is one
Mode2 - Computes and sets the integrity value of the file and stores it in xattr on authentication
Mode3 - Returns file descriptor if the file integrity is good
The code augumented in EXTRA_CREDIT, handles dynamic crypto algo. User can specify the algo to be used
for computing the integrity hash value.
This file also contain static kernel code i.e function pointer and actual xintegrity() system call and is burned into the kernel. The function pointer is exposed out, so that the loadable module can change the address to make it point to the implementation in loadable module. The actual sys_integrity() system call just invokes the function pointed by the function pointer.
kernel.config
-------------
I tried to build kernel with minimum configuration. I have used http://www.linuxtopia.org/, http://www.kernel-seeds.org to configure the kernel. Based on the hardware present, I have included the drivers needed for them.
----------------
| How to compile |
----------------
Executing "make clean" in this directory will remove all the intermediate files and output files.
Executing "make" on kernel tree produces sys_integrity.o, sys_integrity.ko, xhw1 and some intermediate
files.
install_module is a shell script, contains commands to unload and load the built system call as kernel module.
------------------
| Steps to execute |
------------------
1. Clean any intermediate files
make clean
2. Compile the source file
make
3. Unload and load the system call as kernel module
sh install_modules.sh
4. Execute the user program
./xhw1 1 sample.txt
5. Check for logged kernel message
dmesg | tail
-----------------------------------------
| Execute user program in different modes |
-----------------------------------------
User program is made to invoke system call in different modes by passing different arguements on command line.
Mode1 usage: ./[exe] 1 [filename]
Mode2 usage: ./[exe] 2 [filename] [password]
Mode3 usage: ./[exe] 3 [filename]
for EXTRA_CREDIT:
Mode1 usage: ./[exe] 1 [filename] [algo]
Mode2 usage: ./[exe] 2 [filename] [password] [algo]
Mode3 usage: ./[exe] 3 [filename] [algo]
------------------
| Error codes used |
------------------
(ERRNO 1) EPERM : Operation not permitted when the integrity check failed
(ERRNO 2) ENOENT : File doesn't exist
(ERRNO 12) ENOMEM : Unable to allocate memory in kernel for a variable
(ERRNO 13) EACCES : Permission denied if the authenticaion fails
(ERRNO 14) EFAULT : Cannot access the user arguments
(ERRNO 22) EINVAL : Invalid values for the arguments given
(ERRNO 36) ENAMETOOLONG : Name field in the arguments is too long
(ERRNO 61) ENODATA : Integrity value doesn't exist for the file
------------------
| High level logic |
------------------
Mode1:
------
Returns the existing integrity of the file. It can also return a integrity value computed using specified crypto algo. Returns error if no integrity value is present or the buf len provided is too short or crypto algo is not supported.
Mode2:
------
Computes and returns the integrity value for a file using the specified algo. Returns error if the crypto algo is not supported or passwords dont match or buf len is not sufficient to hold the integrity value.
Mode3:
------
Returns file descriptor of the file when the stored integrity value matches with the existing integrity value of the file. The integrity value is again computed using the specified crypto algo. Returns error if the crypto algo is not supported or carry and return the same error from filp_open or integrity check is failed.
---------------------
| Sample Output files |
---------------------
sample_output_mode1.txt - contains the sample output for running the system call in mode1
sample_output_mode2.txt - contains the sample output for running the system call in mode2
sample_output_mode3.txt - contains the sample output for running the system call in mode3
------------
| Test Cases |
------------
Mode 1:
------
1. Basic testing
./xhw1 1 sample.txt
2. When there is not integrity value
./xhw1 1 new_sample.txt
3. Less no of arguments
./xhw1 1
4. When file doesn't exist or doesn't have read access
./xhw1 1 newfile.txt
./xhw1 1 read_restricted.txt
5. Fetch integrity using short buffer
Modify xhw1 at line-no:9
#define BUFLEN 10
./xhw1 1 sample.txt
6. Test with invalid arguments
filename = NULL
ibuf = NULL
ilen = 0
./xhw1 1 sample.txt
Mode 2:
------
1. Basic testing
./xhw1 2 sample.txt "password"
2. When integrity value already exists
./xhw1 2 sample.txt "password"
3. When credentials doesn't match
./xhw1 2 sample.txt "password1"
3. Set integrity value for files > 4K, 1M
./xhw1 2 big_sample.txt "password"
4. Less no of arguments
./xhw1 2 sample.txt
./xhw1 2
5. When file doesn't exist or doesn't have read/write access
./xhw1 2 newfile.txt "password"
./xhw1 2 write_restricted.txt "password"
6. Fetch integrity using short buffer
Modify xhw1 at line-no:9
#define BUFLEN 10
./xhw1 2 sample.txt "password"
7. Test with invalid arguments
filename = NULL
ibuf = NULL
credbuf = NULL
clen = 0
ilen = 0
./xhw1 2 sample.txt "password"
Mode 3:
------
1. Basic testing
./xhw1 3 sample.txt
2. When there is not integrity value
./xhw1 3 new_sample.txt
3. When the integrity values doesn't match
Manually open a file and modify it
./xhw1 3 modified_sample.txt
3. Less no of arguments
./xhw1 3
4. When file doesn't exist or doesn't have read access
./xhw1 3 newfile.txt
./xhw1 3 read_restricted.txt
6. Test with invalid arguments
filename = NULL
oflag = 0
mode = 0
./xhw1 3 sample.txt