1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3 * Copyright (C) 2009-2010 IBM Corporation
4 *
5 * Authors:
6 * Mimi Zohar <zohar@us.ibm.com>
7 */
8
9 #ifdef pr_fmt
10 #undef pr_fmt
11 #endif
12
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15 #include <linux/types.h>
16 #include <linux/integrity.h>
17 #include <crypto/sha1.h>
18 #include <crypto/hash.h>
19 #include <linux/key.h>
20 #include <linux/audit.h>
21
22 /* iint action cache flags */
23 #define IMA_MEASURE 0x00000001
24 #define IMA_MEASURED 0x00000002
25 #define IMA_APPRAISE 0x00000004
26 #define IMA_APPRAISED 0x00000008
27 /*#define IMA_COLLECT 0x00000010 do not use this flag */
28 #define IMA_COLLECTED 0x00000020
29 #define IMA_AUDIT 0x00000040
30 #define IMA_AUDITED 0x00000080
31 #define IMA_HASH 0x00000100
32 #define IMA_HASHED 0x00000200
33
34 /* iint policy rule cache flags */
35 #define IMA_NONACTION_FLAGS 0xff000000
36 #define IMA_DIGSIG_REQUIRED 0x01000000
37 #define IMA_PERMIT_DIRECTIO 0x02000000
38 #define IMA_NEW_FILE 0x04000000
39 #define EVM_IMMUTABLE_DIGSIG 0x08000000
40 #define IMA_FAIL_UNVERIFIABLE_SIGS 0x10000000
41 #define IMA_MODSIG_ALLOWED 0x20000000
42 #define IMA_CHECK_BLACKLIST 0x40000000
43 #define IMA_VERITY_REQUIRED 0x80000000
44
45 /* Exclude non-action flags which are not rule-specific. */
46 #define IMA_NONACTION_RULE_FLAGS (IMA_NONACTION_FLAGS & ~IMA_NEW_FILE)
47
48 #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \
49 IMA_HASH | IMA_APPRAISE_SUBMASK)
50 #define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED | \
51 IMA_HASHED | IMA_COLLECTED | \
52 IMA_APPRAISED_SUBMASK)
53
54 /* iint subaction appraise cache flags */
55 #define IMA_FILE_APPRAISE 0x00001000
56 #define IMA_FILE_APPRAISED 0x00002000
57 #define IMA_MMAP_APPRAISE 0x00004000
58 #define IMA_MMAP_APPRAISED 0x00008000
59 #define IMA_BPRM_APPRAISE 0x00010000
60 #define IMA_BPRM_APPRAISED 0x00020000
61 #define IMA_READ_APPRAISE 0x00040000
62 #define IMA_READ_APPRAISED 0x00080000
63 #define IMA_CREDS_APPRAISE 0x00100000
64 #define IMA_CREDS_APPRAISED 0x00200000
65 #define IMA_APPRAISE_SUBMASK (IMA_FILE_APPRAISE | IMA_MMAP_APPRAISE | \
66 IMA_BPRM_APPRAISE | IMA_READ_APPRAISE | \
67 IMA_CREDS_APPRAISE)
68 #define IMA_APPRAISED_SUBMASK (IMA_FILE_APPRAISED | IMA_MMAP_APPRAISED | \
69 IMA_BPRM_APPRAISED | IMA_READ_APPRAISED | \
70 IMA_CREDS_APPRAISED)
71
72 /* iint cache atomic_flags */
73 #define IMA_CHANGE_XATTR 0
74 #define IMA_UPDATE_XATTR 1
75 #define IMA_CHANGE_ATTR 2
76 #define IMA_DIGSIG 3
77 #define IMA_MUST_MEASURE 4
78
79 enum evm_ima_xattr_type {
80 IMA_XATTR_DIGEST = 0x01,
81 EVM_XATTR_HMAC,
82 EVM_IMA_XATTR_DIGSIG,
83 IMA_XATTR_DIGEST_NG,
84 EVM_XATTR_PORTABLE_DIGSIG,
85 IMA_VERITY_DIGSIG,
86 IMA_XATTR_LAST
87 };
88
89 struct evm_ima_xattr_data {
90 u8 type;
91 u8 data[];
92 } __packed;
93
94 /* Only used in the EVM HMAC code. */
95 struct evm_xattr {
96 struct evm_ima_xattr_data data;
97 u8 digest[SHA1_DIGEST_SIZE];
98 } __packed;
99
100 #define IMA_MAX_DIGEST_SIZE HASH_MAX_DIGESTSIZE
101
102 struct ima_digest_data {
103 u8 algo;
104 u8 length;
105 union {
106 struct {
107 u8 unused;
108 u8 type;
109 } sha1;
110 struct {
111 u8 type;
112 u8 algo;
113 } ng;
114 u8 data[2];
115 } xattr;
116 u8 digest[];
117 } __packed;
118
119 /*
120 * Instead of wrapping the ima_digest_data struct inside a local structure
121 * with the maximum hash size, define ima_max_digest_data struct.
122 */
123 struct ima_max_digest_data {
124 struct ima_digest_data hdr;
125 u8 digest[HASH_MAX_DIGESTSIZE];
126 } __packed;
127
128 /*
129 * signature header format v2 - for using with asymmetric keys
130 *
131 * The signature_v2_hdr struct includes a signature format version
132 * to simplify defining new signature formats.
133 *
134 * signature format:
135 * version 2: regular file data hash based signature
136 * version 3: struct ima_file_id data based signature
137 */
138 struct signature_v2_hdr {
139 uint8_t type; /* xattr type */
140 uint8_t version; /* signature format version */
141 uint8_t hash_algo; /* Digest algorithm [enum hash_algo] */
142 __be32 keyid; /* IMA key identifier - not X509/PGP specific */
143 __be16 sig_size; /* signature size */
144 uint8_t sig[]; /* signature payload */
145 } __packed;
146
147 /*
148 * IMA signature version 3 disambiguates the data that is signed, by
149 * indirectly signing the hash of the ima_file_id structure data,
150 * containing either the fsverity_descriptor struct digest or, in the
151 * future, the regular IMA file hash.
152 *
153 * (The hash of the ima_file_id structure is only of the portion used.)
154 */
155 struct ima_file_id {
156 __u8 hash_type; /* xattr type [enum evm_ima_xattr_type] */
157 __u8 hash_algorithm; /* Digest algorithm [enum hash_algo] */
158 __u8 hash[HASH_MAX_DIGESTSIZE];
159 } __packed;
160
161 /* integrity data associated with an inode */
162 struct integrity_iint_cache {
163 struct rb_node rb_node; /* rooted in integrity_iint_tree */
164 struct mutex mutex; /* protects: version, flags, digest */
165 struct inode *inode; /* back pointer to inode in question */
166 u64 version; /* track inode changes */
167 unsigned long flags;
168 unsigned long measured_pcrs;
169 unsigned long atomic_flags;
170 unsigned long real_ino;
171 dev_t real_dev;
172 enum integrity_status ima_file_status:4;
173 enum integrity_status ima_mmap_status:4;
174 enum integrity_status ima_bprm_status:4;
175 enum integrity_status ima_read_status:4;
176 enum integrity_status ima_creds_status:4;
177 enum integrity_status evm_status:4;
178 struct ima_digest_data *ima_hash;
179 };
180
181 /* rbtree tree calls to lookup, insert, delete
182 * integrity data associated with an inode.
183 */
184 struct integrity_iint_cache *integrity_iint_find(struct inode *inode);
185
186 int integrity_kernel_read(struct file *file, loff_t offset,
187 void *addr, unsigned long count);
188
189 #define INTEGRITY_KEYRING_EVM 0
190 #define INTEGRITY_KEYRING_IMA 1
191 #define INTEGRITY_KEYRING_PLATFORM 2
192 #define INTEGRITY_KEYRING_MACHINE 3
193 #define INTEGRITY_KEYRING_MAX 4
194
195 extern struct dentry *integrity_dir;
196
197 struct modsig;
198
199 #ifdef CONFIG_INTEGRITY_SIGNATURE
200
201 int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
202 const char *digest, int digestlen);
203 int integrity_modsig_verify(unsigned int id, const struct modsig *modsig);
204
205 int __init integrity_init_keyring(const unsigned int id);
206 int __init integrity_load_x509(const unsigned int id, const char *path);
207 int __init integrity_load_cert(const unsigned int id, const char *source,
208 const void *data, size_t len, key_perm_t perm);
209 #else
210
integrity_digsig_verify(const unsigned int id,const char * sig,int siglen,const char * digest,int digestlen)211 static inline int integrity_digsig_verify(const unsigned int id,
212 const char *sig, int siglen,
213 const char *digest, int digestlen)
214 {
215 return -EOPNOTSUPP;
216 }
217
integrity_modsig_verify(unsigned int id,const struct modsig * modsig)218 static inline int integrity_modsig_verify(unsigned int id,
219 const struct modsig *modsig)
220 {
221 return -EOPNOTSUPP;
222 }
223
integrity_init_keyring(const unsigned int id)224 static inline int integrity_init_keyring(const unsigned int id)
225 {
226 return 0;
227 }
228
integrity_load_cert(const unsigned int id,const char * source,const void * data,size_t len,key_perm_t perm)229 static inline int __init integrity_load_cert(const unsigned int id,
230 const char *source,
231 const void *data, size_t len,
232 key_perm_t perm)
233 {
234 return 0;
235 }
236 #endif /* CONFIG_INTEGRITY_SIGNATURE */
237
238 #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS
239 int asymmetric_verify(struct key *keyring, const char *sig,
240 int siglen, const char *data, int datalen);
241 #else
asymmetric_verify(struct key * keyring,const char * sig,int siglen,const char * data,int datalen)242 static inline int asymmetric_verify(struct key *keyring, const char *sig,
243 int siglen, const char *data, int datalen)
244 {
245 return -EOPNOTSUPP;
246 }
247 #endif
248
249 #ifdef CONFIG_IMA_APPRAISE_MODSIG
250 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig);
251 #else
ima_modsig_verify(struct key * keyring,const struct modsig * modsig)252 static inline int ima_modsig_verify(struct key *keyring,
253 const struct modsig *modsig)
254 {
255 return -EOPNOTSUPP;
256 }
257 #endif
258
259 #ifdef CONFIG_IMA_LOAD_X509
260 void __init ima_load_x509(void);
261 #else
ima_load_x509(void)262 static inline void ima_load_x509(void)
263 {
264 }
265 #endif
266
267 #ifdef CONFIG_EVM_LOAD_X509
268 void __init evm_load_x509(void);
269 #else
evm_load_x509(void)270 static inline void evm_load_x509(void)
271 {
272 }
273 #endif
274
275 #ifdef CONFIG_INTEGRITY_AUDIT
276 /* declarations */
277 void integrity_audit_msg(int audit_msgno, struct inode *inode,
278 const unsigned char *fname, const char *op,
279 const char *cause, int result, int info);
280
281 void integrity_audit_message(int audit_msgno, struct inode *inode,
282 const unsigned char *fname, const char *op,
283 const char *cause, int result, int info,
284 int errno);
285
286 static inline struct audit_buffer *
integrity_audit_log_start(struct audit_context * ctx,gfp_t gfp_mask,int type)287 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type)
288 {
289 return audit_log_start(ctx, gfp_mask, type);
290 }
291
292 #else
integrity_audit_msg(int audit_msgno,struct inode * inode,const unsigned char * fname,const char * op,const char * cause,int result,int info)293 static inline void integrity_audit_msg(int audit_msgno, struct inode *inode,
294 const unsigned char *fname,
295 const char *op, const char *cause,
296 int result, int info)
297 {
298 }
299
integrity_audit_message(int audit_msgno,struct inode * inode,const unsigned char * fname,const char * op,const char * cause,int result,int info,int errno)300 static inline void integrity_audit_message(int audit_msgno,
301 struct inode *inode,
302 const unsigned char *fname,
303 const char *op, const char *cause,
304 int result, int info, int errno)
305 {
306 }
307
308 static inline struct audit_buffer *
integrity_audit_log_start(struct audit_context * ctx,gfp_t gfp_mask,int type)309 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type)
310 {
311 return NULL;
312 }
313
314 #endif
315
316 #ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
317 void __init add_to_platform_keyring(const char *source, const void *data,
318 size_t len);
319 #else
add_to_platform_keyring(const char * source,const void * data,size_t len)320 static inline void __init add_to_platform_keyring(const char *source,
321 const void *data, size_t len)
322 {
323 }
324 #endif
325
326 #ifdef CONFIG_INTEGRITY_MACHINE_KEYRING
327 void __init add_to_machine_keyring(const char *source, const void *data, size_t len);
328 bool __init imputed_trust_enabled(void);
329 #else
add_to_machine_keyring(const char * source,const void * data,size_t len)330 static inline void __init add_to_machine_keyring(const char *source,
331 const void *data, size_t len)
332 {
333 }
334
imputed_trust_enabled(void)335 static inline bool __init imputed_trust_enabled(void)
336 {
337 return false;
338 }
339 #endif
340