| integrity.h (8c54135e2e6da677291012813a26a5f1b2c8a90a) | integrity.h (d19967764ba876f5c82dabaa28f983b21eb642a2) |
|---|---|
| 1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * Copyright (C) 2009-2010 IBM Corporation 4 * 5 * Authors: 6 * Mimi Zohar <zohar@us.ibm.com> 7 */ 8 9#ifdef pr_fmt 10#undef pr_fmt 11#endif 12 13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15#include <linux/types.h> 16#include <linux/integrity.h> 17#include <crypto/sha1.h> | 1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * Copyright (C) 2009-2010 IBM Corporation 4 * 5 * Authors: 6 * Mimi Zohar <zohar@us.ibm.com> 7 */ 8 9#ifdef pr_fmt 10#undef pr_fmt 11#endif 12 13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15#include <linux/types.h> 16#include <linux/integrity.h> 17#include <crypto/sha1.h> |
| 18#include <crypto/hash.h> | |
| 19#include <linux/key.h> 20#include <linux/audit.h> 21 22/* iint action cache flags */ 23#define IMA_MEASURE 0x00000001 24#define IMA_MEASURED 0x00000002 25#define IMA_APPRAISE 0x00000004 26#define IMA_APPRAISED 0x00000008 27/*#define IMA_COLLECT 0x00000010 do not use this flag */ 28#define IMA_COLLECTED 0x00000020 29#define IMA_AUDIT 0x00000040 30#define IMA_AUDITED 0x00000080 31#define IMA_HASH 0x00000100 32#define IMA_HASHED 0x00000200 33 | 18#include <linux/key.h> 19#include <linux/audit.h> 20 21/* iint action cache flags */ 22#define IMA_MEASURE 0x00000001 23#define IMA_MEASURED 0x00000002 24#define IMA_APPRAISE 0x00000004 25#define IMA_APPRAISED 0x00000008 26/*#define IMA_COLLECT 0x00000010 do not use this flag */ 27#define IMA_COLLECTED 0x00000020 28#define IMA_AUDIT 0x00000040 29#define IMA_AUDITED 0x00000080 30#define IMA_HASH 0x00000100 31#define IMA_HASHED 0x00000200 32 |
| 34/* iint policy rule cache flags */ 35#define IMA_NONACTION_FLAGS 0xff000000 | 33/* iint cache flags */ 34#define IMA_ACTION_FLAGS 0xff000000 |
| 36#define IMA_DIGSIG_REQUIRED 0x01000000 37#define IMA_PERMIT_DIRECTIO 0x02000000 38#define IMA_NEW_FILE 0x04000000 39#define EVM_IMMUTABLE_DIGSIG 0x08000000 40#define IMA_FAIL_UNVERIFIABLE_SIGS 0x10000000 41#define IMA_MODSIG_ALLOWED 0x20000000 42#define IMA_CHECK_BLACKLIST 0x40000000 43 --- 63 unchanged lines hidden (view full) --- 107 u8 algo; 108 } ng; 109 u8 data[2]; 110 } xattr; 111 u8 digest[]; 112} __packed; 113 114/* | 35#define IMA_DIGSIG_REQUIRED 0x01000000 36#define IMA_PERMIT_DIRECTIO 0x02000000 37#define IMA_NEW_FILE 0x04000000 38#define EVM_IMMUTABLE_DIGSIG 0x08000000 39#define IMA_FAIL_UNVERIFIABLE_SIGS 0x10000000 40#define IMA_MODSIG_ALLOWED 0x20000000 41#define IMA_CHECK_BLACKLIST 0x40000000 42 --- 63 unchanged lines hidden (view full) --- 106 u8 algo; 107 } ng; 108 u8 data[2]; 109 } xattr; 110 u8 digest[]; 111} __packed; 112 113/* |
| 115 * Instead of wrapping the ima_digest_data struct inside a local structure 116 * with the maximum hash size, define ima_max_digest_data struct. 117 */ 118struct ima_max_digest_data { 119 struct ima_digest_data hdr; 120 u8 digest[HASH_MAX_DIGESTSIZE]; 121} __packed; 122 123/* | |
| 124 * signature format v2 - for using with asymmetric keys 125 */ 126struct signature_v2_hdr { 127 uint8_t type; /* xattr type */ 128 uint8_t version; /* signature format version */ 129 uint8_t hash_algo; /* Digest algorithm [enum hash_algo] */ 130 __be32 keyid; /* IMA key identifier - not X509/PGP specific */ 131 __be16 sig_size; /* signature size */ --- 24 unchanged lines hidden (view full) --- 156struct integrity_iint_cache *integrity_iint_find(struct inode *inode); 157 158int integrity_kernel_read(struct file *file, loff_t offset, 159 void *addr, unsigned long count); 160 161#define INTEGRITY_KEYRING_EVM 0 162#define INTEGRITY_KEYRING_IMA 1 163#define INTEGRITY_KEYRING_PLATFORM 2 | 114 * signature format v2 - for using with asymmetric keys 115 */ 116struct signature_v2_hdr { 117 uint8_t type; /* xattr type */ 118 uint8_t version; /* signature format version */ 119 uint8_t hash_algo; /* Digest algorithm [enum hash_algo] */ 120 __be32 keyid; /* IMA key identifier - not X509/PGP specific */ 121 __be16 sig_size; /* signature size */ --- 24 unchanged lines hidden (view full) --- 146struct integrity_iint_cache *integrity_iint_find(struct inode *inode); 147 148int integrity_kernel_read(struct file *file, loff_t offset, 149 void *addr, unsigned long count); 150 151#define INTEGRITY_KEYRING_EVM 0 152#define INTEGRITY_KEYRING_IMA 1 153#define INTEGRITY_KEYRING_PLATFORM 2 |
| 164#define INTEGRITY_KEYRING_MAX 3 | 154#define INTEGRITY_KEYRING_MACHINE 3 155#define INTEGRITY_KEYRING_MAX 4 |
| 165 166extern struct dentry *integrity_dir; 167 168struct modsig; 169 170#ifdef CONFIG_INTEGRITY_SIGNATURE 171 172int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, --- 115 unchanged lines hidden (view full) --- 288void __init add_to_platform_keyring(const char *source, const void *data, 289 size_t len); 290#else 291static inline void __init add_to_platform_keyring(const char *source, 292 const void *data, size_t len) 293{ 294} 295#endif | 156 157extern struct dentry *integrity_dir; 158 159struct modsig; 160 161#ifdef CONFIG_INTEGRITY_SIGNATURE 162 163int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, --- 115 unchanged lines hidden (view full) --- 279void __init add_to_platform_keyring(const char *source, const void *data, 280 size_t len); 281#else 282static inline void __init add_to_platform_keyring(const char *source, 283 const void *data, size_t len) 284{ 285} 286#endif |
| 287 288#ifdef CONFIG_INTEGRITY_MACHINE_KEYRING 289void __init add_to_machine_keyring(const char *source, const void *data, size_t len); 290#else 291static inline void __init add_to_machine_keyring(const char *source, 292 const void *data, size_t len) 293{ 294} 295#endif |
|