tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / security / integrity / integrity.h
at v6.2 333 lines 9.1 kB view raw
1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * Copyright (C) 2009-2010 IBM Corporation 4 * 5 * Authors: 6 * Mimi Zohar <zohar@us.ibm.com> 7 */ 8 9#ifdef pr_fmt 10#undef pr_fmt 11#endif 12 13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15#include <linux/types.h> 16#include <linux/integrity.h> 17#include <crypto/sha1.h> 18#include <crypto/hash.h> 19#include <linux/key.h> 20#include <linux/audit.h> 21 22/* iint action cache flags */ 23#define IMA_MEASURE 0x00000001 24#define IMA_MEASURED 0x00000002 25#define IMA_APPRAISE 0x00000004 26#define IMA_APPRAISED 0x00000008 27/*#define IMA_COLLECT 0x00000010 do not use this flag */ 28#define IMA_COLLECTED 0x00000020 29#define IMA_AUDIT 0x00000040 30#define IMA_AUDITED 0x00000080 31#define IMA_HASH 0x00000100 32#define IMA_HASHED 0x00000200 33 34/* iint policy rule cache flags */ 35#define IMA_NONACTION_FLAGS 0xff000000 36#define IMA_DIGSIG_REQUIRED 0x01000000 37#define IMA_PERMIT_DIRECTIO 0x02000000 38#define IMA_NEW_FILE 0x04000000 39#define EVM_IMMUTABLE_DIGSIG 0x08000000 40#define IMA_FAIL_UNVERIFIABLE_SIGS 0x10000000 41#define IMA_MODSIG_ALLOWED 0x20000000 42#define IMA_CHECK_BLACKLIST 0x40000000 43#define IMA_VERITY_REQUIRED 0x80000000 44 45#define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \ 46 IMA_HASH | IMA_APPRAISE_SUBMASK) 47#define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED | \ 48 IMA_HASHED | IMA_COLLECTED | \ 49 IMA_APPRAISED_SUBMASK) 50 51/* iint subaction appraise cache flags */ 52#define IMA_FILE_APPRAISE 0x00001000 53#define IMA_FILE_APPRAISED 0x00002000 54#define IMA_MMAP_APPRAISE 0x00004000 55#define IMA_MMAP_APPRAISED 0x00008000 56#define IMA_BPRM_APPRAISE 0x00010000 57#define IMA_BPRM_APPRAISED 0x00020000 58#define IMA_READ_APPRAISE 0x00040000 59#define IMA_READ_APPRAISED 0x00080000 60#define IMA_CREDS_APPRAISE 0x00100000 61#define IMA_CREDS_APPRAISED 0x00200000 62#define IMA_APPRAISE_SUBMASK (IMA_FILE_APPRAISE | IMA_MMAP_APPRAISE | \ 63 IMA_BPRM_APPRAISE | IMA_READ_APPRAISE | \ 64 IMA_CREDS_APPRAISE) 65#define IMA_APPRAISED_SUBMASK (IMA_FILE_APPRAISED | IMA_MMAP_APPRAISED | \ 66 IMA_BPRM_APPRAISED | IMA_READ_APPRAISED | \ 67 IMA_CREDS_APPRAISED) 68 69/* iint cache atomic_flags */ 70#define IMA_CHANGE_XATTR 0 71#define IMA_UPDATE_XATTR 1 72#define IMA_CHANGE_ATTR 2 73#define IMA_DIGSIG 3 74#define IMA_MUST_MEASURE 4 75 76enum evm_ima_xattr_type { 77 IMA_XATTR_DIGEST = 0x01, 78 EVM_XATTR_HMAC, 79 EVM_IMA_XATTR_DIGSIG, 80 IMA_XATTR_DIGEST_NG, 81 EVM_XATTR_PORTABLE_DIGSIG, 82 IMA_VERITY_DIGSIG, 83 IMA_XATTR_LAST 84}; 85 86struct evm_ima_xattr_data { 87 u8 type; 88 u8 data[]; 89} __packed; 90 91/* Only used in the EVM HMAC code. */ 92struct evm_xattr { 93 struct evm_ima_xattr_data data; 94 u8 digest[SHA1_DIGEST_SIZE]; 95} __packed; 96 97#define IMA_MAX_DIGEST_SIZE HASH_MAX_DIGESTSIZE 98 99struct ima_digest_data { 100 u8 algo; 101 u8 length; 102 union { 103 struct { 104 u8 unused; 105 u8 type; 106 } sha1; 107 struct { 108 u8 type; 109 u8 algo; 110 } ng; 111 u8 data[2]; 112 } xattr; 113 u8 digest[]; 114} __packed; 115 116/* 117 * Instead of wrapping the ima_digest_data struct inside a local structure 118 * with the maximum hash size, define ima_max_digest_data struct. 119 */ 120struct ima_max_digest_data { 121 struct ima_digest_data hdr; 122 u8 digest[HASH_MAX_DIGESTSIZE]; 123} __packed; 124 125/* 126 * signature header format v2 - for using with asymmetric keys 127 * 128 * The signature_v2_hdr struct includes a signature format version 129 * to simplify defining new signature formats. 130 * 131 * signature format: 132 * version 2: regular file data hash based signature 133 * version 3: struct ima_file_id data based signature 134 */ 135struct signature_v2_hdr { 136 uint8_t type; /* xattr type */ 137 uint8_t version; /* signature format version */ 138 uint8_t hash_algo; /* Digest algorithm [enum hash_algo] */ 139 __be32 keyid; /* IMA key identifier - not X509/PGP specific */ 140 __be16 sig_size; /* signature size */ 141 uint8_t sig[]; /* signature payload */ 142} __packed; 143 144/* 145 * IMA signature version 3 disambiguates the data that is signed, by 146 * indirectly signing the hash of the ima_file_id structure data, 147 * containing either the fsverity_descriptor struct digest or, in the 148 * future, the regular IMA file hash. 149 * 150 * (The hash of the ima_file_id structure is only of the portion used.) 151 */ 152struct ima_file_id { 153 __u8 hash_type; /* xattr type [enum evm_ima_xattr_type] */ 154 __u8 hash_algorithm; /* Digest algorithm [enum hash_algo] */ 155 __u8 hash[HASH_MAX_DIGESTSIZE]; 156} __packed; 157 158/* integrity data associated with an inode */ 159struct integrity_iint_cache { 160 struct rb_node rb_node; /* rooted in integrity_iint_tree */ 161 struct mutex mutex; /* protects: version, flags, digest */ 162 struct inode *inode; /* back pointer to inode in question */ 163 u64 version; /* track inode changes */ 164 unsigned long flags; 165 unsigned long measured_pcrs; 166 unsigned long atomic_flags; 167 enum integrity_status ima_file_status:4; 168 enum integrity_status ima_mmap_status:4; 169 enum integrity_status ima_bprm_status:4; 170 enum integrity_status ima_read_status:4; 171 enum integrity_status ima_creds_status:4; 172 enum integrity_status evm_status:4; 173 struct ima_digest_data *ima_hash; 174}; 175 176/* rbtree tree calls to lookup, insert, delete 177 * integrity data associated with an inode. 178 */ 179struct integrity_iint_cache *integrity_iint_find(struct inode *inode); 180 181int integrity_kernel_read(struct file *file, loff_t offset, 182 void *addr, unsigned long count); 183 184#define INTEGRITY_KEYRING_EVM 0 185#define INTEGRITY_KEYRING_IMA 1 186#define INTEGRITY_KEYRING_PLATFORM 2 187#define INTEGRITY_KEYRING_MACHINE 3 188#define INTEGRITY_KEYRING_MAX 4 189 190extern struct dentry *integrity_dir; 191 192struct modsig; 193 194#ifdef CONFIG_INTEGRITY_SIGNATURE 195 196int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, 197 const char *digest, int digestlen); 198int integrity_modsig_verify(unsigned int id, const struct modsig *modsig); 199 200int __init integrity_init_keyring(const unsigned int id); 201int __init integrity_load_x509(const unsigned int id, const char *path); 202int __init integrity_load_cert(const unsigned int id, const char *source, 203 const void *data, size_t len, key_perm_t perm); 204#else 205 206static inline int integrity_digsig_verify(const unsigned int id, 207 const char *sig, int siglen, 208 const char *digest, int digestlen) 209{ 210 return -EOPNOTSUPP; 211} 212 213static inline int integrity_modsig_verify(unsigned int id, 214 const struct modsig *modsig) 215{ 216 return -EOPNOTSUPP; 217} 218 219static inline int integrity_init_keyring(const unsigned int id) 220{ 221 return 0; 222} 223 224static inline int __init integrity_load_cert(const unsigned int id, 225 const char *source, 226 const void *data, size_t len, 227 key_perm_t perm) 228{ 229 return 0; 230} 231#endif /* CONFIG_INTEGRITY_SIGNATURE */ 232 233#ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS 234int asymmetric_verify(struct key *keyring, const char *sig, 235 int siglen, const char *data, int datalen); 236#else 237static inline int asymmetric_verify(struct key *keyring, const char *sig, 238 int siglen, const char *data, int datalen) 239{ 240 return -EOPNOTSUPP; 241} 242#endif 243 244#ifdef CONFIG_IMA_APPRAISE_MODSIG 245int ima_modsig_verify(struct key *keyring, const struct modsig *modsig); 246#else 247static inline int ima_modsig_verify(struct key *keyring, 248 const struct modsig *modsig) 249{ 250 return -EOPNOTSUPP; 251} 252#endif 253 254#ifdef CONFIG_IMA_LOAD_X509 255void __init ima_load_x509(void); 256#else 257static inline void ima_load_x509(void) 258{ 259} 260#endif 261 262#ifdef CONFIG_EVM_LOAD_X509 263void __init evm_load_x509(void); 264#else 265static inline void evm_load_x509(void) 266{ 267} 268#endif 269 270#ifdef CONFIG_INTEGRITY_AUDIT 271/* declarations */ 272void integrity_audit_msg(int audit_msgno, struct inode *inode, 273 const unsigned char *fname, const char *op, 274 const char *cause, int result, int info); 275 276void integrity_audit_message(int audit_msgno, struct inode *inode, 277 const unsigned char *fname, const char *op, 278 const char *cause, int result, int info, 279 int errno); 280 281static inline struct audit_buffer * 282integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) 283{ 284 return audit_log_start(ctx, gfp_mask, type); 285} 286 287#else 288static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, 289 const unsigned char *fname, 290 const char *op, const char *cause, 291 int result, int info) 292{ 293} 294 295static inline void integrity_audit_message(int audit_msgno, 296 struct inode *inode, 297 const unsigned char *fname, 298 const char *op, const char *cause, 299 int result, int info, int errno) 300{ 301} 302 303static inline struct audit_buffer * 304integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) 305{ 306 return NULL; 307} 308 309#endif 310 311#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING 312void __init add_to_platform_keyring(const char *source, const void *data, 313 size_t len); 314#else 315static inline void __init add_to_platform_keyring(const char *source, 316 const void *data, size_t len) 317{ 318} 319#endif 320 321#ifdef CONFIG_INTEGRITY_MACHINE_KEYRING 322void __init add_to_machine_keyring(const char *source, const void *data, size_t len); 323bool __init trust_moklist(void); 324#else 325static inline void __init add_to_machine_keyring(const char *source, 326 const void *data, size_t len) 327{ 328} 329static inline bool __init trust_moklist(void) 330{ 331 return false; 332} 333#endif