1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | /* |
3 | * Copyright (C) 2009-2010 IBM Corporation |
4 | * |
5 | * Authors: |
6 | * Mimi Zohar <zohar@us.ibm.com> |
7 | */ |
8 | |
9 | #ifdef pr_fmt |
10 | #undef pr_fmt |
11 | #endif |
12 | |
13 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
14 | |
15 | #include <linux/types.h> |
16 | #include <linux/integrity.h> |
17 | #include <crypto/sha1.h> |
18 | #include <crypto/hash.h> |
19 | #include <linux/key.h> |
20 | #include <linux/audit.h> |
21 | #include <linux/lsm_hooks.h> |
22 | |
23 | enum evm_ima_xattr_type { |
24 | IMA_XATTR_DIGEST = 0x01, |
25 | EVM_XATTR_HMAC, |
26 | EVM_IMA_XATTR_DIGSIG, |
27 | IMA_XATTR_DIGEST_NG, |
28 | EVM_XATTR_PORTABLE_DIGSIG, |
29 | IMA_VERITY_DIGSIG, |
30 | IMA_XATTR_LAST |
31 | }; |
32 | |
33 | struct evm_ima_xattr_data { |
34 | u8 type; |
35 | u8 data[]; |
36 | } __packed; |
37 | |
38 | /* Only used in the EVM HMAC code. */ |
39 | struct evm_xattr { |
40 | struct evm_ima_xattr_data data; |
41 | u8 digest[SHA1_DIGEST_SIZE]; |
42 | } __packed; |
43 | |
44 | #define IMA_MAX_DIGEST_SIZE HASH_MAX_DIGESTSIZE |
45 | |
46 | struct ima_digest_data { |
47 | u8 algo; |
48 | u8 length; |
49 | union { |
50 | struct { |
51 | u8 unused; |
52 | u8 type; |
53 | } sha1; |
54 | struct { |
55 | u8 type; |
56 | u8 algo; |
57 | } ng; |
58 | u8 data[2]; |
59 | } xattr; |
60 | u8 digest[]; |
61 | } __packed; |
62 | |
63 | /* |
64 | * Instead of wrapping the ima_digest_data struct inside a local structure |
65 | * with the maximum hash size, define ima_max_digest_data struct. |
66 | */ |
67 | struct ima_max_digest_data { |
68 | struct ima_digest_data hdr; |
69 | u8 digest[HASH_MAX_DIGESTSIZE]; |
70 | } __packed; |
71 | |
72 | /* |
73 | * signature header format v2 - for using with asymmetric keys |
74 | * |
75 | * The signature_v2_hdr struct includes a signature format version |
76 | * to simplify defining new signature formats. |
77 | * |
78 | * signature format: |
79 | * version 2: regular file data hash based signature |
80 | * version 3: struct ima_file_id data based signature |
81 | */ |
82 | struct signature_v2_hdr { |
83 | uint8_t type; /* xattr type */ |
84 | uint8_t version; /* signature format version */ |
85 | uint8_t hash_algo; /* Digest algorithm [enum hash_algo] */ |
86 | __be32 keyid; /* IMA key identifier - not X509/PGP specific */ |
87 | __be16 sig_size; /* signature size */ |
88 | uint8_t sig[]; /* signature payload */ |
89 | } __packed; |
90 | |
91 | /* |
92 | * IMA signature version 3 disambiguates the data that is signed, by |
93 | * indirectly signing the hash of the ima_file_id structure data, |
94 | * containing either the fsverity_descriptor struct digest or, in the |
95 | * future, the regular IMA file hash. |
96 | * |
97 | * (The hash of the ima_file_id structure is only of the portion used.) |
98 | */ |
99 | struct ima_file_id { |
100 | __u8 hash_type; /* xattr type [enum evm_ima_xattr_type] */ |
101 | __u8 hash_algorithm; /* Digest algorithm [enum hash_algo] */ |
102 | __u8 hash[HASH_MAX_DIGESTSIZE]; |
103 | } __packed; |
104 | |
105 | int integrity_kernel_read(struct file *file, loff_t offset, |
106 | void *addr, unsigned long count); |
107 | |
108 | #define INTEGRITY_KEYRING_EVM 0 |
109 | #define INTEGRITY_KEYRING_IMA 1 |
110 | #define INTEGRITY_KEYRING_PLATFORM 2 |
111 | #define INTEGRITY_KEYRING_MACHINE 3 |
112 | #define INTEGRITY_KEYRING_MAX 4 |
113 | |
114 | extern struct dentry *integrity_dir; |
115 | |
116 | struct modsig; |
117 | |
118 | #ifdef CONFIG_INTEGRITY_SIGNATURE |
119 | |
120 | int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, |
121 | const char *digest, int digestlen); |
122 | int integrity_modsig_verify(unsigned int id, const struct modsig *modsig); |
123 | |
124 | int __init integrity_init_keyring(const unsigned int id); |
125 | int __init integrity_load_x509(const unsigned int id, const char *path); |
126 | int __init integrity_load_cert(const unsigned int id, const char *source, |
127 | const void *data, size_t len, key_perm_t perm); |
128 | #else |
129 | |
130 | static inline int integrity_digsig_verify(const unsigned int id, |
131 | const char *sig, int siglen, |
132 | const char *digest, int digestlen) |
133 | { |
134 | return -EOPNOTSUPP; |
135 | } |
136 | |
137 | static inline int integrity_modsig_verify(unsigned int id, |
138 | const struct modsig *modsig) |
139 | { |
140 | return -EOPNOTSUPP; |
141 | } |
142 | |
143 | static inline int integrity_init_keyring(const unsigned int id) |
144 | { |
145 | return 0; |
146 | } |
147 | |
148 | static inline int __init integrity_load_cert(const unsigned int id, |
149 | const char *source, |
150 | const void *data, size_t len, |
151 | key_perm_t perm) |
152 | { |
153 | return 0; |
154 | } |
155 | #endif /* CONFIG_INTEGRITY_SIGNATURE */ |
156 | |
157 | #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS |
158 | int asymmetric_verify(struct key *keyring, const char *sig, |
159 | int siglen, const char *data, int datalen); |
160 | #else |
161 | static inline int asymmetric_verify(struct key *keyring, const char *sig, |
162 | int siglen, const char *data, int datalen) |
163 | { |
164 | return -EOPNOTSUPP; |
165 | } |
166 | #endif |
167 | |
168 | #ifdef CONFIG_IMA_APPRAISE_MODSIG |
169 | int ima_modsig_verify(struct key *keyring, const struct modsig *modsig); |
170 | #else |
171 | static inline int ima_modsig_verify(struct key *keyring, |
172 | const struct modsig *modsig) |
173 | { |
174 | return -EOPNOTSUPP; |
175 | } |
176 | #endif |
177 | |
178 | #ifdef CONFIG_IMA_LOAD_X509 |
179 | void __init ima_load_x509(void); |
180 | #else |
181 | static inline void ima_load_x509(void) |
182 | { |
183 | } |
184 | #endif |
185 | |
186 | #ifdef CONFIG_EVM_LOAD_X509 |
187 | void __init evm_load_x509(void); |
188 | #else |
189 | static inline void evm_load_x509(void) |
190 | { |
191 | } |
192 | #endif |
193 | |
194 | #ifdef CONFIG_INTEGRITY_AUDIT |
195 | /* declarations */ |
196 | void integrity_audit_msg(int audit_msgno, struct inode *inode, |
197 | const unsigned char *fname, const char *op, |
198 | const char *cause, int result, int info); |
199 | |
200 | void integrity_audit_message(int audit_msgno, struct inode *inode, |
201 | const unsigned char *fname, const char *op, |
202 | const char *cause, int result, int info, |
203 | int errno); |
204 | |
205 | static inline struct audit_buffer * |
206 | integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) |
207 | { |
208 | return audit_log_start(ctx, gfp_mask, type); |
209 | } |
210 | |
211 | #else |
212 | static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, |
213 | const unsigned char *fname, |
214 | const char *op, const char *cause, |
215 | int result, int info) |
216 | { |
217 | } |
218 | |
219 | static inline void integrity_audit_message(int audit_msgno, |
220 | struct inode *inode, |
221 | const unsigned char *fname, |
222 | const char *op, const char *cause, |
223 | int result, int info, int errno) |
224 | { |
225 | } |
226 | |
227 | static inline struct audit_buffer * |
228 | integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) |
229 | { |
230 | return NULL; |
231 | } |
232 | |
233 | #endif |
234 | |
235 | #ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING |
236 | void __init add_to_platform_keyring(const char *source, const void *data, |
237 | size_t len); |
238 | #else |
239 | static inline void __init add_to_platform_keyring(const char *source, |
240 | const void *data, size_t len) |
241 | { |
242 | } |
243 | #endif |
244 | |
245 | #ifdef CONFIG_INTEGRITY_MACHINE_KEYRING |
246 | void __init add_to_machine_keyring(const char *source, const void *data, size_t len); |
247 | bool __init imputed_trust_enabled(void); |
248 | #else |
249 | static inline void __init add_to_machine_keyring(const char *source, |
250 | const void *data, size_t len) |
251 | { |
252 | } |
253 | |
254 | static inline bool __init imputed_trust_enabled(void) |
255 | { |
256 | return false; |
257 | } |
258 | #endif |
259 | |