tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / security / integrity / integrity.h
at v3.6 71 lines 1.8 kB view raw
1/* 2 * Copyright (C) 2009-2010 IBM Corporation 3 * 4 * Authors: 5 * Mimi Zohar <zohar@us.ibm.com> 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License as 9 * published by the Free Software Foundation, version 2 of the 10 * License. 11 * 12 */ 13 14#include <linux/types.h> 15#include <linux/integrity.h> 16#include <crypto/sha.h> 17 18/* iint cache flags */ 19#define IMA_MEASURED 0x01 20 21enum evm_ima_xattr_type { 22 IMA_XATTR_DIGEST = 0x01, 23 EVM_XATTR_HMAC, 24 EVM_IMA_XATTR_DIGSIG, 25}; 26 27struct evm_ima_xattr_data { 28 u8 type; 29 u8 digest[SHA1_DIGEST_SIZE]; 30} __attribute__((packed)); 31 32/* integrity data associated with an inode */ 33struct integrity_iint_cache { 34 struct rb_node rb_node; /* rooted in integrity_iint_tree */ 35 struct inode *inode; /* back pointer to inode in question */ 36 u64 version; /* track inode changes */ 37 unsigned char flags; 38 u8 digest[SHA1_DIGEST_SIZE]; 39 struct mutex mutex; /* protects: version, flags, digest */ 40 enum integrity_status evm_status; 41}; 42 43/* rbtree tree calls to lookup, insert, delete 44 * integrity data associated with an inode. 45 */ 46struct integrity_iint_cache *integrity_iint_insert(struct inode *inode); 47struct integrity_iint_cache *integrity_iint_find(struct inode *inode); 48 49#define INTEGRITY_KEYRING_EVM 0 50#define INTEGRITY_KEYRING_MODULE 1 51#define INTEGRITY_KEYRING_IMA 2 52#define INTEGRITY_KEYRING_MAX 3 53 54#ifdef CONFIG_INTEGRITY_SIGNATURE 55 56int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, 57 const char *digest, int digestlen); 58 59#else 60 61static inline int integrity_digsig_verify(const unsigned int id, 62 const char *sig, int siglen, 63 const char *digest, int digestlen) 64{ 65 return -EOPNOTSUPP; 66} 67 68#endif /* CONFIG_INTEGRITY_SIGNATURE */ 69 70/* set during initialization */ 71extern int iint_initialized;