evm_crypto.c source code [linux/security/integrity/evm/evm_crypto.c]

1	// SPDX-License-Identifier: GPL-2.0-only
2	/*
3	* Copyright (C) 2005-2010 IBM Corporation
4	*
5	* Authors:
6	* Mimi Zohar <zohar@us.ibm.com>
7	* Kylene Hall <kjhall@us.ibm.com>
8	*
9	* File: evm_crypto.c
10	* Using root's kernel master key (kmk), calculate the HMAC
11	*/
12
13	#define pr_fmt(fmt) "EVM: "fmt
14
15	#include <linux/export.h>
16	#include <linux/crypto.h>
17	#include <linux/xattr.h>
18	#include <linux/evm.h>
19	#include <keys/encrypted-type.h>
20	#include <crypto/hash.h>
21	#include <crypto/hash_info.h>
22	#include "evm.h"
23
24	#define EVMKEY "evm-key"
25	#define MAX_KEY_SIZE 128
26	static unsigned char evmkey[MAX_KEY_SIZE];
27	static const int evmkey_len = MAX_KEY_SIZE;
28
29	static struct crypto_shash *hmac_tfm;
30	static struct crypto_shash *evm_tfm[HASH_ALGO__LAST];
31
32	static DEFINE_MUTEX(mutex);
33
34	#define EVM_SET_KEY_BUSY 0
35
36	static unsigned long evm_set_key_flags;
37
38	static const char evm_hmac[] = "hmac(sha1)";
39
40	/**
41	* evm_set_key() - set EVM HMAC key from the kernel
42	* @key: pointer to a buffer with the key data
43	* @keylen: length of the key data
44	*
45	* This function allows setting the EVM HMAC key from the kernel
46	* without using the "encrypted" key subsystem keys. It can be used
47	* by the crypto HW kernel module which has its own way of managing
48	* keys.
49	*
50	* key length should be between 32 and 128 bytes long
51	*/
52	int evm_set_key(void *key, size_t keylen)
53	{
54	int rc;
55
56	rc = -EBUSY;
57	if (test_and_set_bit(EVM_SET_KEY_BUSY, addr: &evm_set_key_flags))
58	goto busy;
59	rc = -EINVAL;
60	if (keylen > MAX_KEY_SIZE)
61	goto inval;
62	memcpy(evmkey, key, keylen);
63	evm_initialized \|= EVM_INIT_HMAC;
64	pr_info("key initialized\n");
65	return `0`;
66	inval:
67	clear_bit(EVM_SET_KEY_BUSY, addr: &evm_set_key_flags);
68	busy:
69	pr_err("key initialization failed\n");
70	return rc;
71	}
72	EXPORT_SYMBOL_GPL(evm_set_key);
73
74	static struct shash_desc init_desc(char* type, uint8_t hash_algo)
75	{
76	long rc;
77	const char *algo;
78	struct crypto_shash *tfm, tmp_tfm;
79	struct shash_desc *desc;
80
81	if (type == EVM_XATTR_HMAC) {
82	if (!(evm_initialized & EVM_INIT_HMAC)) {
83	pr_err_once("HMAC key is not set\n");
84	return ERR_PTR(error: -ENOKEY);
85	}
86	tfm = &hmac_tfm;
87	algo = evm_hmac;
88	} else {
89	if (hash_algo >= HASH_ALGO__LAST)
90	return ERR_PTR(error: -EINVAL);
91
92	tfm = &evm_tfm[hash_algo];
93	algo = hash_algo_name[hash_algo];
94	}
95
96	if (*tfm)
97	goto alloc;
98	mutex_lock(&mutex);
99	if (*tfm)
100	goto unlock;
101
102	tmp_tfm = crypto_alloc_shash(alg_name: algo, type: `0`, CRYPTO_NOLOAD);
103	if (IS_ERR(ptr: tmp_tfm)) {
104	pr_err("Can not allocate %s (reason: %ld)\n", algo,
105	PTR_ERR(tmp_tfm));
106	mutex_unlock(lock: &mutex);
107	return ERR_CAST(ptr: tmp_tfm);
108	}
109	if (type == EVM_XATTR_HMAC) {
110	rc = crypto_shash_setkey(tfm: tmp_tfm, key: evmkey, keylen: evmkey_len);
111	if (rc) {
112	crypto_free_shash(tfm: tmp_tfm);
113	mutex_unlock(lock: &mutex);
114	return ERR_PTR(error: rc);
115	}
116	}
117	*tfm = tmp_tfm;
118	unlock:
119	mutex_unlock(lock: &mutex);
120	alloc:
121	desc = kmalloc(size: sizeof(desc) + crypto_shash_descsize(tfm: tfm),
122	GFP_KERNEL);
123	if (!desc)
124	return ERR_PTR(error: -ENOMEM);
125
126	desc->tfm = *tfm;
127
128	rc = crypto_shash_init(desc);
129	if (rc) {
130	kfree(objp: desc);
131	return ERR_PTR(error: rc);
132	}
133	return desc;
134	}
135
136	/ Protect against 'cutting & pasting' security.evm xattr, include inode*
137	* specific info.
138	*
139	* (Additional directory/file metadata needs to be added for more complete
140	* protection.)
141	*/
142	static void hmac_add_misc(struct shash_desc desc, struct* inode *inode,
143	char type, char *digest)
144	{
145	struct h_misc {
146	unsigned long ino;
147	__u32 generation;
148	uid_t uid;
149	gid_t gid;
150	umode_t mode;
151	} hmac_misc;
152
153	memset(&hmac_misc, `0`, sizeof(hmac_misc));
154	/ Don't include the inode or generation number in portable*
155	* signatures
156	*/
157	if (type != EVM_XATTR_PORTABLE_DIGSIG) {
158	hmac_misc.ino = inode->i_ino;
159	hmac_misc.generation = inode->i_generation;
160	}
161	/ The hmac uid and gid must be encoded in the initial user*
162	* namespace (not the filesystems user namespace) as encoding
163	* them in the filesystems user namespace allows an attack
164	* where first they are written in an unprivileged fuse mount
165	* of a filesystem and then the system is tricked to mount the
166	* filesystem for real on next boot and trust it because
167	* everything is signed.
168	*/
169	hmac_misc.uid = from_kuid(to: &init_user_ns, uid: inode->i_uid);
170	hmac_misc.gid = from_kgid(to: &init_user_ns, gid: inode->i_gid);
171	hmac_misc.mode = inode->i_mode;
172	crypto_shash_update(desc, data: (const u8 )&hmac_misc, len: sizeof*(hmac_misc));
173	if ((evm_hmac_attrs & EVM_ATTR_FSUUID) &&
174	type != EVM_XATTR_PORTABLE_DIGSIG)
175	crypto_shash_update(desc, data: (u8 *)&inode->i_sb->s_uuid, UUID_SIZE);
176	crypto_shash_final(desc, out: digest);
177
178	pr_debug("hmac_misc: (%zu) [%phN]\n", sizeof(struct* h_misc),
179	(int)sizeof(struct h_misc), &hmac_misc);
180	}
181
182	/*
183	* Dump large security xattr values as a continuous ascii hexademical string.
184	* (pr_debug is limited to 64 bytes.)
185	*/
186	static void dump_security_xattr_l(const char prefix, const* void *src,
187	size_t count)
188	{
189	#if defined(DEBUG) \|\| defined(CONFIG_DYNAMIC_DEBUG)
190	char asciihex, p;
191
192	p = asciihex = kmalloc(size: count * `2` + `1`, GFP_KERNEL);
193	if (!asciihex)
194	return;
195
196	p = bin2hex(dst: p, src, count);
197	*p = `0`;
198	pr_debug("%s: (%zu) %.s\n", prefix, count, (int)count `2`, asciihex);
199	kfree(objp: asciihex);
200	#endif
201	}
202
203	static void dump_security_xattr(const char name, const* char *value,
204	size_t value_len)
205	{
206	if (value_len < `64`)
207	pr_debug("%s: (%zu) [%*phN]\n", name, value_len,
208	(int)value_len, value);
209	else
210	dump_security_xattr_l(prefix: name, src: value, count: value_len);
211	}
212
213	/*
214	* Calculate the HMAC value across the set of protected security xattrs.
215	*
216	* Instead of retrieving the requested xattr, for performance, calculate
217	* the hmac using the requested xattr value. Don't alloc/free memory for
218	* each xattr, but attempt to re-use the previously allocated memory.
219	*/
220	static int evm_calc_hmac_or_hash(struct dentry *dentry,
221	const char *req_xattr_name,
222	const char *req_xattr_value,
223	size_t req_xattr_value_len,
224	uint8_t type, struct evm_digest *data)
225	{
226	struct inode *inode = d_backing_inode(upper: dentry);
227	struct xattr_list *xattr;
228	struct shash_desc *desc;
229	size_t xattr_size = `0`;
230	char *xattr_value = NULL;
231	int error;
232	int size, user_space_size;
233	bool ima_present = false;
234
235	if (!(inode->i_opflags & IOP_XATTR) \|\|
236	inode->i_sb->s_user_ns != &init_user_ns)
237	return -EOPNOTSUPP;
238
239	desc = init_desc(type, hash_algo: data->hdr.algo);
240	if (IS_ERR(ptr: desc))
241	return PTR_ERR(ptr: desc);
242
243	data->hdr.length = crypto_shash_digestsize(tfm: desc->tfm);
244
245	error = -ENODATA;
246	list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
247	bool is_ima = false;
248
249	if (strcmp(xattr->name, XATTR_NAME_IMA) == `0`)
250	is_ima = true;
251
252	/*
253	* Skip non-enabled xattrs for locally calculated
254	* signatures/HMACs.
255	*/
256	if (type != EVM_XATTR_PORTABLE_DIGSIG && !xattr->enabled)
257	continue;
258
259	if ((req_xattr_name && req_xattr_value)
260	&& !strcmp(xattr->name, req_xattr_name)) {
261	error = `0`;
262	crypto_shash_update(desc, data: (const u8 *)req_xattr_value,
263	len: req_xattr_value_len);
264	if (is_ima)
265	ima_present = true;
266
267	dump_security_xattr(name: req_xattr_name,
268	value: req_xattr_value,
269	value_len: req_xattr_value_len);
270	continue;
271	}
272	size = vfs_getxattr_alloc(idmap: &nop_mnt_idmap, dentry, name: xattr->name,
273	xattr_value: &xattr_value, size: xattr_size, GFP_NOFS);
274	if (size == -ENOMEM) {
275	error = -ENOMEM;
276	goto out;
277	}
278	if (size < `0`)
279	continue;
280
281	user_space_size = vfs_getxattr(&nop_mnt_idmap, dentry,
282	xattr->name, NULL, `0`);
283	if (user_space_size != size)
284	pr_debug("file %s: xattr %s size mismatch (kernel: %d, user: %d)\n",
285	dentry->d_name.name, xattr->name, size,
286	user_space_size);
287	error = `0`;
288	xattr_size = size;
289	crypto_shash_update(desc, data: (const u8 *)xattr_value, len: xattr_size);
290	if (is_ima)
291	ima_present = true;
292
293	dump_security_xattr(name: xattr->name, value: xattr_value, value_len: xattr_size);
294	}
295	hmac_add_misc(desc, inode, type, digest: data->digest);
296
297	/ Portable EVM signatures must include an IMA hash /
298	if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present)
299	error = -EPERM;
300	out:
301	kfree(objp: xattr_value);
302	kfree(objp: desc);
303	return error;
304	}
305
306	int evm_calc_hmac(struct dentry dentry, const* char *req_xattr_name,
307	const char *req_xattr_value, size_t req_xattr_value_len,
308	struct evm_digest *data)
309	{
310	return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value,
311	req_xattr_value_len, type: EVM_XATTR_HMAC, data);
312	}
313
314	int evm_calc_hash(struct dentry dentry, const* char *req_xattr_name,
315	const char *req_xattr_value, size_t req_xattr_value_len,
316	char type, struct evm_digest *data)
317	{
318	return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value,
319	req_xattr_value_len, type, data);
320	}
321
322	static int evm_is_immutable(struct dentry dentry, struct* inode *inode)
323	{
324	const struct evm_ima_xattr_data *xattr_data = NULL;
325	struct evm_iint_cache *iint;
326	int rc = `0`;
327
328	iint = evm_iint_inode(inode);
329	if (iint && (iint->flags & EVM_IMMUTABLE_DIGSIG))
330	return `1`;
331
332	/ Do this the hard way /
333	rc = vfs_getxattr_alloc(idmap: &nop_mnt_idmap, dentry, XATTR_NAME_EVM,
334	xattr_value: (char **)&xattr_data, size: `0`, GFP_NOFS);
335	if (rc <= `0`) {
336	if (rc == -ENODATA)
337	rc = `0`;
338	goto out;
339	}
340	if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG)
341	rc = `1`;
342	else
343	rc = `0`;
344
345	out:
346	kfree(objp: xattr_data);
347	return rc;
348	}
349
350
351	/*
352	* Calculate the hmac and update security.evm xattr
353	*
354	* Expects to be called with i_mutex locked.
355	*/
356	int evm_update_evmxattr(struct dentry dentry, const* char *xattr_name,
357	const char *xattr_value, size_t xattr_value_len)
358	{
359	struct inode *inode = d_backing_inode(upper: dentry);
360	struct evm_digest data;
361	int rc = `0`;
362
363	/*
364	* Don't permit any transformation of the EVM xattr if the signature
365	* is of an immutable type
366	*/
367	rc = evm_is_immutable(dentry, inode);
368	if (rc < `0`)
369	return rc;
370	if (rc)
371	return -EPERM;
372
373	data.hdr.algo = HASH_ALGO_SHA1;
374	rc = evm_calc_hmac(dentry, req_xattr_name: xattr_name, req_xattr_value: xattr_value,
375	req_xattr_value_len: xattr_value_len, data: &data);
376	if (rc == `0`) {
377	data.hdr.xattr.sha1.type = EVM_XATTR_HMAC;
378	rc = __vfs_setxattr_noperm(&nop_mnt_idmap, dentry,
379	XATTR_NAME_EVM,
380	&data.hdr.xattr.data[`1`],
381	SHA1_DIGEST_SIZE + `1`, `0`);
382	} else if (rc == -ENODATA && (inode->i_opflags & IOP_XATTR)) {
383	rc = __vfs_removexattr(&nop_mnt_idmap, dentry, XATTR_NAME_EVM);
384	}
385	return rc;
386	}
387
388	int evm_init_hmac(struct inode inode, const* struct xattr *xattrs,
389	char *hmac_val)
390	{
391	struct shash_desc *desc;
392	const struct xattr *xattr;
393
394	desc = init_desc(type: EVM_XATTR_HMAC, hash_algo: HASH_ALGO_SHA1);
395	if (IS_ERR(ptr: desc)) {
396	pr_info("init_desc failed\n");
397	return PTR_ERR(ptr: desc);
398	}
399
400	for (xattr = xattrs; xattr->name; xattr++) {
401	if (!evm_protected_xattr(req_xattr_name: xattr->name))
402	continue;
403
404	crypto_shash_update(desc, data: xattr->value, len: xattr->value_len);
405	}
406
407	hmac_add_misc(desc, inode, type: EVM_XATTR_HMAC, digest: hmac_val);
408	kfree(objp: desc);
409	return `0`;
410	}
411
412	/*
413	* Get the key from the TPM for the SHA1-HMAC
414	*/
415	int evm_init_key(void)
416	{
417	struct key *evm_key;
418	struct encrypted_key_payload *ekp;
419	int rc;
420
421	evm_key = request_key(type: &key_type_encrypted, EVMKEY, NULL);
422	if (IS_ERR(ptr: evm_key))
423	return -ENOENT;
424
425	down_read(sem: &evm_key->sem);
426	ekp = evm_key->payload.data[`0`];
427
428	rc = evm_set_key(ekp->decrypted_data, ekp->decrypted_datalen);
429
430	/ burn the original key contents /
431	memset(ekp->decrypted_data, `0`, ekp->decrypted_datalen);
432	up_read(sem: &evm_key->sem);
433	key_put(key: evm_key);
434	return rc;
435	}
436

source code of linux/security/integrity/evm/evm_crypto.c