1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Copyright (C) 2009-2010 IBM Corporation 4 * 5 * Authors: 6 * Mimi Zohar <zohar@us.ibm.com> 7 */ 8 9 #ifdef pr_fmt 10 #undef pr_fmt 11 #endif 12 13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15 #include <linux/types.h> 16 #include <linux/integrity.h> 17 #include <crypto/sha1.h> 18 #include <crypto/hash.h> 19 #include <linux/key.h> 20 #include <linux/audit.h> 21 22 /* iint action cache flags */ 23 #define IMA_MEASURE 0x00000001 24 #define IMA_MEASURED 0x00000002 25 #define IMA_APPRAISE 0x00000004 26 #define IMA_APPRAISED 0x00000008 27 /*#define IMA_COLLECT 0x00000010 do not use this flag */ 28 #define IMA_COLLECTED 0x00000020 29 #define IMA_AUDIT 0x00000040 30 #define IMA_AUDITED 0x00000080 31 #define IMA_HASH 0x00000100 32 #define IMA_HASHED 0x00000200 33 34 /* iint policy rule cache flags */ 35 #define IMA_NONACTION_FLAGS 0xff000000 36 #define IMA_DIGSIG_REQUIRED 0x01000000 37 #define IMA_PERMIT_DIRECTIO 0x02000000 38 #define IMA_NEW_FILE 0x04000000 39 #define EVM_IMMUTABLE_DIGSIG 0x08000000 40 #define IMA_FAIL_UNVERIFIABLE_SIGS 0x10000000 41 #define IMA_MODSIG_ALLOWED 0x20000000 42 #define IMA_CHECK_BLACKLIST 0x40000000 43 #define IMA_VERITY_REQUIRED 0x80000000 44 45 #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \ 46 IMA_HASH | IMA_APPRAISE_SUBMASK) 47 #define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED | \ 48 IMA_HASHED | IMA_COLLECTED | \ 49 IMA_APPRAISED_SUBMASK) 50 51 /* iint subaction appraise cache flags */ 52 #define IMA_FILE_APPRAISE 0x00001000 53 #define IMA_FILE_APPRAISED 0x00002000 54 #define IMA_MMAP_APPRAISE 0x00004000 55 #define IMA_MMAP_APPRAISED 0x00008000 56 #define IMA_BPRM_APPRAISE 0x00010000 57 #define IMA_BPRM_APPRAISED 0x00020000 58 #define IMA_READ_APPRAISE 0x00040000 59 #define IMA_READ_APPRAISED 0x00080000 60 #define IMA_CREDS_APPRAISE 0x00100000 61 #define IMA_CREDS_APPRAISED 0x00200000 62 #define IMA_APPRAISE_SUBMASK (IMA_FILE_APPRAISE | IMA_MMAP_APPRAISE | \ 63 IMA_BPRM_APPRAISE | IMA_READ_APPRAISE | \ 64 IMA_CREDS_APPRAISE) 65 #define IMA_APPRAISED_SUBMASK (IMA_FILE_APPRAISED | IMA_MMAP_APPRAISED | \ 66 IMA_BPRM_APPRAISED | IMA_READ_APPRAISED | \ 67 IMA_CREDS_APPRAISED) 68 69 /* iint cache atomic_flags */ 70 #define IMA_CHANGE_XATTR 0 71 #define IMA_UPDATE_XATTR 1 72 #define IMA_CHANGE_ATTR 2 73 #define IMA_DIGSIG 3 74 #define IMA_MUST_MEASURE 4 75 76 enum evm_ima_xattr_type { 77 IMA_XATTR_DIGEST = 0x01, 78 EVM_XATTR_HMAC, 79 EVM_IMA_XATTR_DIGSIG, 80 IMA_XATTR_DIGEST_NG, 81 EVM_XATTR_PORTABLE_DIGSIG, 82 IMA_VERITY_DIGSIG, 83 IMA_XATTR_LAST 84 }; 85 86 struct evm_ima_xattr_data { 87 u8 type; 88 u8 data[]; 89 } __packed; 90 91 /* Only used in the EVM HMAC code. */ 92 struct evm_xattr { 93 struct evm_ima_xattr_data data; 94 u8 digest[SHA1_DIGEST_SIZE]; 95 } __packed; 96 97 #define IMA_MAX_DIGEST_SIZE HASH_MAX_DIGESTSIZE 98 99 struct ima_digest_data { 100 u8 algo; 101 u8 length; 102 union { 103 struct { 104 u8 unused; 105 u8 type; 106 } sha1; 107 struct { 108 u8 type; 109 u8 algo; 110 } ng; 111 u8 data[2]; 112 } xattr; 113 u8 digest[]; 114 } __packed; 115 116 /* 117 * Instead of wrapping the ima_digest_data struct inside a local structure 118 * with the maximum hash size, define ima_max_digest_data struct. 119 */ 120 struct ima_max_digest_data { 121 struct ima_digest_data hdr; 122 u8 digest[HASH_MAX_DIGESTSIZE]; 123 } __packed; 124 125 /* 126 * signature header format v2 - for using with asymmetric keys 127 * 128 * The signature_v2_hdr struct includes a signature format version 129 * to simplify defining new signature formats. 130 * 131 * signature format: 132 * version 2: regular file data hash based signature 133 * version 3: struct ima_file_id data based signature 134 */ 135 struct signature_v2_hdr { 136 uint8_t type; /* xattr type */ 137 uint8_t version; /* signature format version */ 138 uint8_t hash_algo; /* Digest algorithm [enum hash_algo] */ 139 __be32 keyid; /* IMA key identifier - not X509/PGP specific */ 140 __be16 sig_size; /* signature size */ 141 uint8_t sig[]; /* signature payload */ 142 } __packed; 143 144 /* 145 * IMA signature version 3 disambiguates the data that is signed, by 146 * indirectly signing the hash of the ima_file_id structure data, 147 * containing either the fsverity_descriptor struct digest or, in the 148 * future, the regular IMA file hash. 149 * 150 * (The hash of the ima_file_id structure is only of the portion used.) 151 */ 152 struct ima_file_id { 153 __u8 hash_type; /* xattr type [enum evm_ima_xattr_type] */ 154 __u8 hash_algorithm; /* Digest algorithm [enum hash_algo] */ 155 __u8 hash[HASH_MAX_DIGESTSIZE]; 156 } __packed; 157 158 /* integrity data associated with an inode */ 159 struct integrity_iint_cache { 160 struct rb_node rb_node; /* rooted in integrity_iint_tree */ 161 struct mutex mutex; /* protects: version, flags, digest */ 162 struct inode *inode; /* back pointer to inode in question */ 163 u64 version; /* track inode changes */ 164 unsigned long flags; 165 unsigned long measured_pcrs; 166 unsigned long atomic_flags; 167 unsigned long real_ino; 168 dev_t real_dev; 169 enum integrity_status ima_file_status:4; 170 enum integrity_status ima_mmap_status:4; 171 enum integrity_status ima_bprm_status:4; 172 enum integrity_status ima_read_status:4; 173 enum integrity_status ima_creds_status:4; 174 enum integrity_status evm_status:4; 175 struct ima_digest_data *ima_hash; 176 }; 177 178 /* rbtree tree calls to lookup, insert, delete 179 * integrity data associated with an inode. 180 */ 181 struct integrity_iint_cache *integrity_iint_find(struct inode *inode); 182 183 int integrity_kernel_read(struct file *file, loff_t offset, 184 void *addr, unsigned long count); 185 186 #define INTEGRITY_KEYRING_EVM 0 187 #define INTEGRITY_KEYRING_IMA 1 188 #define INTEGRITY_KEYRING_PLATFORM 2 189 #define INTEGRITY_KEYRING_MACHINE 3 190 #define INTEGRITY_KEYRING_MAX 4 191 192 extern struct dentry *integrity_dir; 193 194 struct modsig; 195 196 #ifdef CONFIG_INTEGRITY_SIGNATURE 197 198 int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, 199 const char *digest, int digestlen); 200 int integrity_modsig_verify(unsigned int id, const struct modsig *modsig); 201 202 int __init integrity_init_keyring(const unsigned int id); 203 int __init integrity_load_x509(const unsigned int id, const char *path); 204 int __init integrity_load_cert(const unsigned int id, const char *source, 205 const void *data, size_t len, key_perm_t perm); 206 #else 207 208 static inline int integrity_digsig_verify(const unsigned int id, 209 const char *sig, int siglen, 210 const char *digest, int digestlen) 211 { 212 return -EOPNOTSUPP; 213 } 214 215 static inline int integrity_modsig_verify(unsigned int id, 216 const struct modsig *modsig) 217 { 218 return -EOPNOTSUPP; 219 } 220 221 static inline int integrity_init_keyring(const unsigned int id) 222 { 223 return 0; 224 } 225 226 static inline int __init integrity_load_cert(const unsigned int id, 227 const char *source, 228 const void *data, size_t len, 229 key_perm_t perm) 230 { 231 return 0; 232 } 233 #endif /* CONFIG_INTEGRITY_SIGNATURE */ 234 235 #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS 236 int asymmetric_verify(struct key *keyring, const char *sig, 237 int siglen, const char *data, int datalen); 238 #else 239 static inline int asymmetric_verify(struct key *keyring, const char *sig, 240 int siglen, const char *data, int datalen) 241 { 242 return -EOPNOTSUPP; 243 } 244 #endif 245 246 #ifdef CONFIG_IMA_APPRAISE_MODSIG 247 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig); 248 #else 249 static inline int ima_modsig_verify(struct key *keyring, 250 const struct modsig *modsig) 251 { 252 return -EOPNOTSUPP; 253 } 254 #endif 255 256 #ifdef CONFIG_IMA_LOAD_X509 257 void __init ima_load_x509(void); 258 #else 259 static inline void ima_load_x509(void) 260 { 261 } 262 #endif 263 264 #ifdef CONFIG_EVM_LOAD_X509 265 void __init evm_load_x509(void); 266 #else 267 static inline void evm_load_x509(void) 268 { 269 } 270 #endif 271 272 #ifdef CONFIG_INTEGRITY_AUDIT 273 /* declarations */ 274 void integrity_audit_msg(int audit_msgno, struct inode *inode, 275 const unsigned char *fname, const char *op, 276 const char *cause, int result, int info); 277 278 void integrity_audit_message(int audit_msgno, struct inode *inode, 279 const unsigned char *fname, const char *op, 280 const char *cause, int result, int info, 281 int errno); 282 283 static inline struct audit_buffer * 284 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) 285 { 286 return audit_log_start(ctx, gfp_mask, type); 287 } 288 289 #else 290 static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, 291 const unsigned char *fname, 292 const char *op, const char *cause, 293 int result, int info) 294 { 295 } 296 297 static inline void integrity_audit_message(int audit_msgno, 298 struct inode *inode, 299 const unsigned char *fname, 300 const char *op, const char *cause, 301 int result, int info, int errno) 302 { 303 } 304 305 static inline struct audit_buffer * 306 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) 307 { 308 return NULL; 309 } 310 311 #endif 312 313 #ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING 314 void __init add_to_platform_keyring(const char *source, const void *data, 315 size_t len); 316 #else 317 static inline void __init add_to_platform_keyring(const char *source, 318 const void *data, size_t len) 319 { 320 } 321 #endif 322 323 #ifdef CONFIG_INTEGRITY_MACHINE_KEYRING 324 void __init add_to_machine_keyring(const char *source, const void *data, size_t len); 325 bool __init imputed_trust_enabled(void); 326 #else 327 static inline void __init add_to_machine_keyring(const char *source, 328 const void *data, size_t len) 329 { 330 } 331 332 static inline bool __init imputed_trust_enabled(void) 333 { 334 return false; 335 } 336 #endif 337