1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Copyright (C) 2009-2010 IBM Corporation 4 * 5 * Authors: 6 * Mimi Zohar <zohar@us.ibm.com> 7 */ 8 9 #ifdef pr_fmt 10 #undef pr_fmt 11 #endif 12 13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15 #include <linux/types.h> 16 #include <linux/integrity.h> 17 #include <crypto/sha1.h> 18 #include <crypto/hash.h> 19 #include <linux/key.h> 20 #include <linux/audit.h> 21 #include <linux/lsm_hooks.h> 22 23 /* iint action cache flags */ 24 #define IMA_MEASURE 0x00000001 25 #define IMA_MEASURED 0x00000002 26 #define IMA_APPRAISE 0x00000004 27 #define IMA_APPRAISED 0x00000008 28 /*#define IMA_COLLECT 0x00000010 do not use this flag */ 29 #define IMA_COLLECTED 0x00000020 30 #define IMA_AUDIT 0x00000040 31 #define IMA_AUDITED 0x00000080 32 #define IMA_HASH 0x00000100 33 #define IMA_HASHED 0x00000200 34 35 /* iint policy rule cache flags */ 36 #define IMA_NONACTION_FLAGS 0xff000000 37 #define IMA_DIGSIG_REQUIRED 0x01000000 38 #define IMA_PERMIT_DIRECTIO 0x02000000 39 #define IMA_NEW_FILE 0x04000000 40 #define EVM_IMMUTABLE_DIGSIG 0x08000000 41 #define IMA_FAIL_UNVERIFIABLE_SIGS 0x10000000 42 #define IMA_MODSIG_ALLOWED 0x20000000 43 #define IMA_CHECK_BLACKLIST 0x40000000 44 #define IMA_VERITY_REQUIRED 0x80000000 45 46 #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \ 47 IMA_HASH | IMA_APPRAISE_SUBMASK) 48 #define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED | \ 49 IMA_HASHED | IMA_COLLECTED | \ 50 IMA_APPRAISED_SUBMASK) 51 52 /* iint subaction appraise cache flags */ 53 #define IMA_FILE_APPRAISE 0x00001000 54 #define IMA_FILE_APPRAISED 0x00002000 55 #define IMA_MMAP_APPRAISE 0x00004000 56 #define IMA_MMAP_APPRAISED 0x00008000 57 #define IMA_BPRM_APPRAISE 0x00010000 58 #define IMA_BPRM_APPRAISED 0x00020000 59 #define IMA_READ_APPRAISE 0x00040000 60 #define IMA_READ_APPRAISED 0x00080000 61 #define IMA_CREDS_APPRAISE 0x00100000 62 #define IMA_CREDS_APPRAISED 0x00200000 63 #define IMA_APPRAISE_SUBMASK (IMA_FILE_APPRAISE | IMA_MMAP_APPRAISE | \ 64 IMA_BPRM_APPRAISE | IMA_READ_APPRAISE | \ 65 IMA_CREDS_APPRAISE) 66 #define IMA_APPRAISED_SUBMASK (IMA_FILE_APPRAISED | IMA_MMAP_APPRAISED | \ 67 IMA_BPRM_APPRAISED | IMA_READ_APPRAISED | \ 68 IMA_CREDS_APPRAISED) 69 70 /* iint cache atomic_flags */ 71 #define IMA_CHANGE_XATTR 0 72 #define IMA_UPDATE_XATTR 1 73 #define IMA_CHANGE_ATTR 2 74 #define IMA_DIGSIG 3 75 #define IMA_MUST_MEASURE 4 76 77 enum evm_ima_xattr_type { 78 IMA_XATTR_DIGEST = 0x01, 79 EVM_XATTR_HMAC, 80 EVM_IMA_XATTR_DIGSIG, 81 IMA_XATTR_DIGEST_NG, 82 EVM_XATTR_PORTABLE_DIGSIG, 83 IMA_VERITY_DIGSIG, 84 IMA_XATTR_LAST 85 }; 86 87 struct evm_ima_xattr_data { 88 u8 type; 89 u8 data[]; 90 } __packed; 91 92 /* Only used in the EVM HMAC code. */ 93 struct evm_xattr { 94 struct evm_ima_xattr_data data; 95 u8 digest[SHA1_DIGEST_SIZE]; 96 } __packed; 97 98 #define IMA_MAX_DIGEST_SIZE HASH_MAX_DIGESTSIZE 99 100 struct ima_digest_data { 101 u8 algo; 102 u8 length; 103 union { 104 struct { 105 u8 unused; 106 u8 type; 107 } sha1; 108 struct { 109 u8 type; 110 u8 algo; 111 } ng; 112 u8 data[2]; 113 } xattr; 114 u8 digest[]; 115 } __packed; 116 117 /* 118 * Instead of wrapping the ima_digest_data struct inside a local structure 119 * with the maximum hash size, define ima_max_digest_data struct. 120 */ 121 struct ima_max_digest_data { 122 struct ima_digest_data hdr; 123 u8 digest[HASH_MAX_DIGESTSIZE]; 124 } __packed; 125 126 /* 127 * signature header format v2 - for using with asymmetric keys 128 * 129 * The signature_v2_hdr struct includes a signature format version 130 * to simplify defining new signature formats. 131 * 132 * signature format: 133 * version 2: regular file data hash based signature 134 * version 3: struct ima_file_id data based signature 135 */ 136 struct signature_v2_hdr { 137 uint8_t type; /* xattr type */ 138 uint8_t version; /* signature format version */ 139 uint8_t hash_algo; /* Digest algorithm [enum hash_algo] */ 140 __be32 keyid; /* IMA key identifier - not X509/PGP specific */ 141 __be16 sig_size; /* signature size */ 142 uint8_t sig[]; /* signature payload */ 143 } __packed; 144 145 /* 146 * IMA signature version 3 disambiguates the data that is signed, by 147 * indirectly signing the hash of the ima_file_id structure data, 148 * containing either the fsverity_descriptor struct digest or, in the 149 * future, the regular IMA file hash. 150 * 151 * (The hash of the ima_file_id structure is only of the portion used.) 152 */ 153 struct ima_file_id { 154 __u8 hash_type; /* xattr type [enum evm_ima_xattr_type] */ 155 __u8 hash_algorithm; /* Digest algorithm [enum hash_algo] */ 156 __u8 hash[HASH_MAX_DIGESTSIZE]; 157 } __packed; 158 159 /* integrity data associated with an inode */ 160 struct integrity_iint_cache { 161 struct rb_node rb_node; /* rooted in integrity_iint_tree */ 162 struct mutex mutex; /* protects: version, flags, digest */ 163 struct inode *inode; /* back pointer to inode in question */ 164 u64 version; /* track inode changes */ 165 unsigned long flags; 166 unsigned long measured_pcrs; 167 unsigned long atomic_flags; 168 unsigned long real_ino; 169 dev_t real_dev; 170 enum integrity_status ima_file_status:4; 171 enum integrity_status ima_mmap_status:4; 172 enum integrity_status ima_bprm_status:4; 173 enum integrity_status ima_read_status:4; 174 enum integrity_status ima_creds_status:4; 175 enum integrity_status evm_status:4; 176 struct ima_digest_data *ima_hash; 177 }; 178 179 /* rbtree tree calls to lookup, insert, delete 180 * integrity data associated with an inode. 181 */ 182 struct integrity_iint_cache *integrity_iint_find(struct inode *inode); 183 184 int integrity_kernel_read(struct file *file, loff_t offset, 185 void *addr, unsigned long count); 186 187 #define INTEGRITY_KEYRING_EVM 0 188 #define INTEGRITY_KEYRING_IMA 1 189 #define INTEGRITY_KEYRING_PLATFORM 2 190 #define INTEGRITY_KEYRING_MACHINE 3 191 #define INTEGRITY_KEYRING_MAX 4 192 193 extern struct dentry *integrity_dir; 194 195 struct modsig; 196 197 #ifdef CONFIG_INTEGRITY_SIGNATURE 198 199 int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, 200 const char *digest, int digestlen); 201 int integrity_modsig_verify(unsigned int id, const struct modsig *modsig); 202 203 int __init integrity_init_keyring(const unsigned int id); 204 int __init integrity_load_x509(const unsigned int id, const char *path); 205 int __init integrity_load_cert(const unsigned int id, const char *source, 206 const void *data, size_t len, key_perm_t perm); 207 #else 208 209 static inline int integrity_digsig_verify(const unsigned int id, 210 const char *sig, int siglen, 211 const char *digest, int digestlen) 212 { 213 return -EOPNOTSUPP; 214 } 215 216 static inline int integrity_modsig_verify(unsigned int id, 217 const struct modsig *modsig) 218 { 219 return -EOPNOTSUPP; 220 } 221 222 static inline int integrity_init_keyring(const unsigned int id) 223 { 224 return 0; 225 } 226 227 static inline int __init integrity_load_cert(const unsigned int id, 228 const char *source, 229 const void *data, size_t len, 230 key_perm_t perm) 231 { 232 return 0; 233 } 234 #endif /* CONFIG_INTEGRITY_SIGNATURE */ 235 236 #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS 237 int asymmetric_verify(struct key *keyring, const char *sig, 238 int siglen, const char *data, int datalen); 239 #else 240 static inline int asymmetric_verify(struct key *keyring, const char *sig, 241 int siglen, const char *data, int datalen) 242 { 243 return -EOPNOTSUPP; 244 } 245 #endif 246 247 #ifdef CONFIG_IMA_APPRAISE_MODSIG 248 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig); 249 #else 250 static inline int ima_modsig_verify(struct key *keyring, 251 const struct modsig *modsig) 252 { 253 return -EOPNOTSUPP; 254 } 255 #endif 256 257 #ifdef CONFIG_IMA_LOAD_X509 258 void __init ima_load_x509(void); 259 #else 260 static inline void ima_load_x509(void) 261 { 262 } 263 #endif 264 265 #ifdef CONFIG_EVM_LOAD_X509 266 void __init evm_load_x509(void); 267 #else 268 static inline void evm_load_x509(void) 269 { 270 } 271 #endif 272 273 #ifdef CONFIG_INTEGRITY_AUDIT 274 /* declarations */ 275 void integrity_audit_msg(int audit_msgno, struct inode *inode, 276 const unsigned char *fname, const char *op, 277 const char *cause, int result, int info); 278 279 void integrity_audit_message(int audit_msgno, struct inode *inode, 280 const unsigned char *fname, const char *op, 281 const char *cause, int result, int info, 282 int errno); 283 284 static inline struct audit_buffer * 285 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) 286 { 287 return audit_log_start(ctx, gfp_mask, type); 288 } 289 290 #else 291 static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, 292 const unsigned char *fname, 293 const char *op, const char *cause, 294 int result, int info) 295 { 296 } 297 298 static inline void integrity_audit_message(int audit_msgno, 299 struct inode *inode, 300 const unsigned char *fname, 301 const char *op, const char *cause, 302 int result, int info, int errno) 303 { 304 } 305 306 static inline struct audit_buffer * 307 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) 308 { 309 return NULL; 310 } 311 312 #endif 313 314 #ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING 315 void __init add_to_platform_keyring(const char *source, const void *data, 316 size_t len); 317 #else 318 static inline void __init add_to_platform_keyring(const char *source, 319 const void *data, size_t len) 320 { 321 } 322 #endif 323 324 #ifdef CONFIG_INTEGRITY_MACHINE_KEYRING 325 void __init add_to_machine_keyring(const char *source, const void *data, size_t len); 326 bool __init imputed_trust_enabled(void); 327 #else 328 static inline void __init add_to_machine_keyring(const char *source, 329 const void *data, size_t len) 330 { 331 } 332 333 static inline bool __init imputed_trust_enabled(void) 334 { 335 return false; 336 } 337 #endif 338