security/integrity/integrity.h at v3.7

tjh.dev / kernel
fork atom
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / security / integrity / integrity.h
at v3.7 85 lines 2.3 kB view raw
wrap content
 1/*
 2 * Copyright (C) 2009-2010 IBM Corporation
 3 *
 4 * Authors:
 5 * Mimi Zohar <zohar@us.ibm.com>
 6 *
 7 * This program is free software; you can redistribute it and/or
 8 * modify it under the terms of the GNU General Public License as
 9 * published by the Free Software Foundation, version 2 of the
10 * License.
11 *
12 */
13
14#include <linux/types.h>
15#include <linux/integrity.h>
16#include <crypto/sha.h>
17
18/* iint action cache flags */
19#define IMA_MEASURE		0x0001
20#define IMA_MEASURED		0x0002
21#define IMA_APPRAISE		0x0004
22#define IMA_APPRAISED		0x0008
23/*#define IMA_COLLECT		0x0010  do not use this flag */
24#define IMA_COLLECTED		0x0020
25#define IMA_AUDIT		0x0040
26#define IMA_AUDITED		0x0080
27
28/* iint cache flags */
29#define IMA_DIGSIG		0x0100
30
31#define IMA_DO_MASK		(IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT)
32#define IMA_DONE_MASK		(IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED \
33				 | IMA_COLLECTED)
34
35enum evm_ima_xattr_type {
36	IMA_XATTR_DIGEST = 0x01,
37	EVM_XATTR_HMAC,
38	EVM_IMA_XATTR_DIGSIG,
39};
40
41struct evm_ima_xattr_data {
42	u8 type;
43	u8 digest[SHA1_DIGEST_SIZE];
44}  __attribute__((packed));
45
46/* integrity data associated with an inode */
47struct integrity_iint_cache {
48	struct rb_node rb_node; /* rooted in integrity_iint_tree */
49	struct inode *inode;	/* back pointer to inode in question */
50	u64 version;		/* track inode changes */
51	unsigned short flags;
52	struct evm_ima_xattr_data ima_xattr;
53	enum integrity_status ima_status;
54	enum integrity_status evm_status;
55};
56
57/* rbtree tree calls to lookup, insert, delete
58 * integrity data associated with an inode.
59 */
60struct integrity_iint_cache *integrity_iint_insert(struct inode *inode);
61struct integrity_iint_cache *integrity_iint_find(struct inode *inode);
62
63#define INTEGRITY_KEYRING_EVM		0
64#define INTEGRITY_KEYRING_MODULE	1
65#define INTEGRITY_KEYRING_IMA		2
66#define INTEGRITY_KEYRING_MAX		3
67
68#ifdef CONFIG_INTEGRITY_SIGNATURE
69
70int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
71					const char *digest, int digestlen);
72
73#else
74
75static inline int integrity_digsig_verify(const unsigned int id,
76					  const char *sig, int siglen,
77					  const char *digest, int digestlen)
78{
79	return -EOPNOTSUPP;
80}
81
82#endif /* CONFIG_INTEGRITY_SIGNATURE */
83
84/* set during initialization */
85extern int iint_initialized;