1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Copyright (C) 2009-2010 IBM Corporation 4 * 5 * Authors: 6 * Mimi Zohar <zohar@us.ibm.com> 7 */ 8 9 #ifdef pr_fmt 10 #undef pr_fmt 11 #endif 12 13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15 #include <linux/types.h> 16 #include <linux/integrity.h> 17 #include <crypto/sha1.h> 18 #include <crypto/hash.h> 19 #include <linux/key.h> 20 #include <linux/audit.h> 21 22 /* iint action cache flags */ 23 #define IMA_MEASURE 0x00000001 24 #define IMA_MEASURED 0x00000002 25 #define IMA_APPRAISE 0x00000004 26 #define IMA_APPRAISED 0x00000008 27 /*#define IMA_COLLECT 0x00000010 do not use this flag */ 28 #define IMA_COLLECTED 0x00000020 29 #define IMA_AUDIT 0x00000040 30 #define IMA_AUDITED 0x00000080 31 #define IMA_HASH 0x00000100 32 #define IMA_HASHED 0x00000200 33 34 /* iint policy rule cache flags */ 35 #define IMA_NONACTION_FLAGS 0xff000000 36 #define IMA_DIGSIG_REQUIRED 0x01000000 37 #define IMA_PERMIT_DIRECTIO 0x02000000 38 #define IMA_NEW_FILE 0x04000000 39 #define EVM_IMMUTABLE_DIGSIG 0x08000000 40 #define IMA_FAIL_UNVERIFIABLE_SIGS 0x10000000 41 #define IMA_MODSIG_ALLOWED 0x20000000 42 #define IMA_CHECK_BLACKLIST 0x40000000 43 #define IMA_VERITY_REQUIRED 0x80000000 44 45 #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \ 46 IMA_HASH | IMA_APPRAISE_SUBMASK) 47 #define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED | \ 48 IMA_HASHED | IMA_COLLECTED | \ 49 IMA_APPRAISED_SUBMASK) 50 51 /* iint subaction appraise cache flags */ 52 #define IMA_FILE_APPRAISE 0x00001000 53 #define IMA_FILE_APPRAISED 0x00002000 54 #define IMA_MMAP_APPRAISE 0x00004000 55 #define IMA_MMAP_APPRAISED 0x00008000 56 #define IMA_BPRM_APPRAISE 0x00010000 57 #define IMA_BPRM_APPRAISED 0x00020000 58 #define IMA_READ_APPRAISE 0x00040000 59 #define IMA_READ_APPRAISED 0x00080000 60 #define IMA_CREDS_APPRAISE 0x00100000 61 #define IMA_CREDS_APPRAISED 0x00200000 62 #define IMA_APPRAISE_SUBMASK (IMA_FILE_APPRAISE | IMA_MMAP_APPRAISE | \ 63 IMA_BPRM_APPRAISE | IMA_READ_APPRAISE | \ 64 IMA_CREDS_APPRAISE) 65 #define IMA_APPRAISED_SUBMASK (IMA_FILE_APPRAISED | IMA_MMAP_APPRAISED | \ 66 IMA_BPRM_APPRAISED | IMA_READ_APPRAISED | \ 67 IMA_CREDS_APPRAISED) 68 69 /* iint cache atomic_flags */ 70 #define IMA_CHANGE_XATTR 0 71 #define IMA_UPDATE_XATTR 1 72 #define IMA_CHANGE_ATTR 2 73 #define IMA_DIGSIG 3 74 #define IMA_MUST_MEASURE 4 75 76 enum evm_ima_xattr_type { 77 IMA_XATTR_DIGEST = 0x01, 78 EVM_XATTR_HMAC, 79 EVM_IMA_XATTR_DIGSIG, 80 IMA_XATTR_DIGEST_NG, 81 EVM_XATTR_PORTABLE_DIGSIG, 82 IMA_VERITY_DIGSIG, 83 IMA_XATTR_LAST 84 }; 85 86 struct evm_ima_xattr_data { 87 u8 type; 88 u8 data[]; 89 } __packed; 90 91 /* Only used in the EVM HMAC code. */ 92 struct evm_xattr { 93 struct evm_ima_xattr_data data; 94 u8 digest[SHA1_DIGEST_SIZE]; 95 } __packed; 96 97 #define IMA_MAX_DIGEST_SIZE HASH_MAX_DIGESTSIZE 98 99 struct ima_digest_data { 100 u8 algo; 101 u8 length; 102 union { 103 struct { 104 u8 unused; 105 u8 type; 106 } sha1; 107 struct { 108 u8 type; 109 u8 algo; 110 } ng; 111 u8 data[2]; 112 } xattr; 113 u8 digest[]; 114 } __packed; 115 116 /* 117 * Instead of wrapping the ima_digest_data struct inside a local structure 118 * with the maximum hash size, define ima_max_digest_data struct. 119 */ 120 struct ima_max_digest_data { 121 struct ima_digest_data hdr; 122 u8 digest[HASH_MAX_DIGESTSIZE]; 123 } __packed; 124 125 /* 126 * signature header format v2 - for using with asymmetric keys 127 * 128 * The signature_v2_hdr struct includes a signature format version 129 * to simplify defining new signature formats. 130 * 131 * signature format: 132 * version 2: regular file data hash based signature 133 * version 3: struct ima_file_id data based signature 134 */ 135 struct signature_v2_hdr { 136 uint8_t type; /* xattr type */ 137 uint8_t version; /* signature format version */ 138 uint8_t hash_algo; /* Digest algorithm [enum hash_algo] */ 139 __be32 keyid; /* IMA key identifier - not X509/PGP specific */ 140 __be16 sig_size; /* signature size */ 141 uint8_t sig[]; /* signature payload */ 142 } __packed; 143 144 /* 145 * IMA signature version 3 disambiguates the data that is signed, by 146 * indirectly signing the hash of the ima_file_id structure data, 147 * containing either the fsverity_descriptor struct digest or, in the 148 * future, the regular IMA file hash. 149 * 150 * (The hash of the ima_file_id structure is only of the portion used.) 151 */ 152 struct ima_file_id { 153 __u8 hash_type; /* xattr type [enum evm_ima_xattr_type] */ 154 __u8 hash_algorithm; /* Digest algorithm [enum hash_algo] */ 155 __u8 hash[HASH_MAX_DIGESTSIZE]; 156 } __packed; 157 158 /* integrity data associated with an inode */ 159 struct integrity_iint_cache { 160 struct rb_node rb_node; /* rooted in integrity_iint_tree */ 161 struct mutex mutex; /* protects: version, flags, digest */ 162 struct inode *inode; /* back pointer to inode in question */ 163 u64 version; /* track inode changes */ 164 unsigned long flags; 165 unsigned long measured_pcrs; 166 unsigned long atomic_flags; 167 enum integrity_status ima_file_status:4; 168 enum integrity_status ima_mmap_status:4; 169 enum integrity_status ima_bprm_status:4; 170 enum integrity_status ima_read_status:4; 171 enum integrity_status ima_creds_status:4; 172 enum integrity_status evm_status:4; 173 struct ima_digest_data *ima_hash; 174 }; 175 176 /* rbtree tree calls to lookup, insert, delete 177 * integrity data associated with an inode. 178 */ 179 struct integrity_iint_cache *integrity_iint_find(struct inode *inode); 180 181 int integrity_kernel_read(struct file *file, loff_t offset, 182 void *addr, unsigned long count); 183 184 #define INTEGRITY_KEYRING_EVM 0 185 #define INTEGRITY_KEYRING_IMA 1 186 #define INTEGRITY_KEYRING_PLATFORM 2 187 #define INTEGRITY_KEYRING_MACHINE 3 188 #define INTEGRITY_KEYRING_MAX 4 189 190 extern struct dentry *integrity_dir; 191 192 struct modsig; 193 194 #ifdef CONFIG_INTEGRITY_SIGNATURE 195 196 int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, 197 const char *digest, int digestlen); 198 int integrity_modsig_verify(unsigned int id, const struct modsig *modsig); 199 200 int __init integrity_init_keyring(const unsigned int id); 201 int __init integrity_load_x509(const unsigned int id, const char *path); 202 int __init integrity_load_cert(const unsigned int id, const char *source, 203 const void *data, size_t len, key_perm_t perm); 204 #else 205 206 static inline int integrity_digsig_verify(const unsigned int id, 207 const char *sig, int siglen, 208 const char *digest, int digestlen) 209 { 210 return -EOPNOTSUPP; 211 } 212 213 static inline int integrity_modsig_verify(unsigned int id, 214 const struct modsig *modsig) 215 { 216 return -EOPNOTSUPP; 217 } 218 219 static inline int integrity_init_keyring(const unsigned int id) 220 { 221 return 0; 222 } 223 224 static inline int __init integrity_load_cert(const unsigned int id, 225 const char *source, 226 const void *data, size_t len, 227 key_perm_t perm) 228 { 229 return 0; 230 } 231 #endif /* CONFIG_INTEGRITY_SIGNATURE */ 232 233 #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS 234 int asymmetric_verify(struct key *keyring, const char *sig, 235 int siglen, const char *data, int datalen); 236 #else 237 static inline int asymmetric_verify(struct key *keyring, const char *sig, 238 int siglen, const char *data, int datalen) 239 { 240 return -EOPNOTSUPP; 241 } 242 #endif 243 244 #ifdef CONFIG_IMA_APPRAISE_MODSIG 245 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig); 246 #else 247 static inline int ima_modsig_verify(struct key *keyring, 248 const struct modsig *modsig) 249 { 250 return -EOPNOTSUPP; 251 } 252 #endif 253 254 #ifdef CONFIG_IMA_LOAD_X509 255 void __init ima_load_x509(void); 256 #else 257 static inline void ima_load_x509(void) 258 { 259 } 260 #endif 261 262 #ifdef CONFIG_EVM_LOAD_X509 263 void __init evm_load_x509(void); 264 #else 265 static inline void evm_load_x509(void) 266 { 267 } 268 #endif 269 270 #ifdef CONFIG_INTEGRITY_AUDIT 271 /* declarations */ 272 void integrity_audit_msg(int audit_msgno, struct inode *inode, 273 const unsigned char *fname, const char *op, 274 const char *cause, int result, int info); 275 276 void integrity_audit_message(int audit_msgno, struct inode *inode, 277 const unsigned char *fname, const char *op, 278 const char *cause, int result, int info, 279 int errno); 280 281 static inline struct audit_buffer * 282 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) 283 { 284 return audit_log_start(ctx, gfp_mask, type); 285 } 286 287 #else 288 static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, 289 const unsigned char *fname, 290 const char *op, const char *cause, 291 int result, int info) 292 { 293 } 294 295 static inline void integrity_audit_message(int audit_msgno, 296 struct inode *inode, 297 const unsigned char *fname, 298 const char *op, const char *cause, 299 int result, int info, int errno) 300 { 301 } 302 303 static inline struct audit_buffer * 304 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) 305 { 306 return NULL; 307 } 308 309 #endif 310 311 #ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING 312 void __init add_to_platform_keyring(const char *source, const void *data, 313 size_t len); 314 #else 315 static inline void __init add_to_platform_keyring(const char *source, 316 const void *data, size_t len) 317 { 318 } 319 #endif 320 321 #ifdef CONFIG_INTEGRITY_MACHINE_KEYRING 322 void __init add_to_machine_keyring(const char *source, const void *data, size_t len); 323 bool __init imputed_trust_enabled(void); 324 #else 325 static inline void __init add_to_machine_keyring(const char *source, 326 const void *data, size_t len) 327 { 328 } 329 330 static inline bool __init imputed_trust_enabled(void) 331 { 332 return false; 333 } 334 #endif 335