2 * Copyright (C) 2005-2010 IBM Corporation
5 * Mimi Zohar <zohar@us.ibm.com>
6 * Kylene Hall <kjhall@us.ibm.com>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation, version 2 of the License.
13 * Using root's kernel master key (kmk), calculate the HMAC
16 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
18 #include <linux/module.h>
19 #include <linux/crypto.h>
20 #include <linux/xattr.h>
21 #include <linux/evm.h>
22 #include <keys/encrypted-type.h>
23 #include <crypto/hash.h>
24 #include <crypto/hash_info.h>
27 #define EVMKEY "evm-key"
28 #define MAX_KEY_SIZE 128
29 static unsigned char evmkey
[MAX_KEY_SIZE
];
30 static int evmkey_len
= MAX_KEY_SIZE
;
32 struct crypto_shash
*hmac_tfm
;
33 static struct crypto_shash
*evm_tfm
[HASH_ALGO__LAST
];
35 static DEFINE_MUTEX(mutex
);
37 #define EVM_SET_KEY_BUSY 0
39 static unsigned long evm_set_key_flags
;
41 static char * const evm_hmac
= "hmac(sha1)";
44 * evm_set_key() - set EVM HMAC key from the kernel
45 * @key: pointer to a buffer with the key data
46 * @size: length of the key data
48 * This function allows setting the EVM HMAC key from the kernel
49 * without using the "encrypted" key subsystem keys. It can be used
50 * by the crypto HW kernel module which has its own way of managing
53 * key length should be between 32 and 128 bytes long
55 int evm_set_key(void *key
, size_t keylen
)
60 if (test_and_set_bit(EVM_SET_KEY_BUSY
, &evm_set_key_flags
))
63 if (keylen
> MAX_KEY_SIZE
)
65 memcpy(evmkey
, key
, keylen
);
66 evm_initialized
|= EVM_INIT_HMAC
;
67 pr_info("key initialized\n");
70 clear_bit(EVM_SET_KEY_BUSY
, &evm_set_key_flags
);
72 pr_err("key initialization failed\n");
75 EXPORT_SYMBOL_GPL(evm_set_key
);
77 static struct shash_desc
*init_desc(char type
, uint8_t hash_algo
)
81 struct crypto_shash
**tfm
;
82 struct shash_desc
*desc
;
84 if (type
== EVM_XATTR_HMAC
) {
85 if (!(evm_initialized
& EVM_INIT_HMAC
)) {
86 pr_err_once("HMAC key is not set\n");
87 return ERR_PTR(-ENOKEY
);
92 tfm
= &evm_tfm
[hash_algo
];
93 algo
= hash_algo_name
[hash_algo
];
100 *tfm
= crypto_alloc_shash(algo
, 0,
101 CRYPTO_ALG_ASYNC
| CRYPTO_NOLOAD
);
104 pr_err("Can not allocate %s (reason: %ld)\n", algo
, rc
);
106 mutex_unlock(&mutex
);
109 if (type
== EVM_XATTR_HMAC
) {
110 rc
= crypto_shash_setkey(*tfm
, evmkey
, evmkey_len
);
112 crypto_free_shash(*tfm
);
114 mutex_unlock(&mutex
);
119 mutex_unlock(&mutex
);
122 desc
= kmalloc(sizeof(*desc
) + crypto_shash_descsize(*tfm
),
125 return ERR_PTR(-ENOMEM
);
128 desc
->flags
= CRYPTO_TFM_REQ_MAY_SLEEP
;
130 rc
= crypto_shash_init(desc
);
138 /* Protect against 'cutting & pasting' security.evm xattr, include inode
141 * (Additional directory/file metadata needs to be added for more complete
144 static void hmac_add_misc(struct shash_desc
*desc
, struct inode
*inode
,
145 char type
, char *digest
)
155 memset(&hmac_misc
, 0, sizeof(hmac_misc
));
156 /* Don't include the inode or generation number in portable
159 if (type
!= EVM_XATTR_PORTABLE_DIGSIG
) {
160 hmac_misc
.ino
= inode
->i_ino
;
161 hmac_misc
.generation
= inode
->i_generation
;
163 /* The hmac uid and gid must be encoded in the initial user
164 * namespace (not the filesystems user namespace) as encoding
165 * them in the filesystems user namespace allows an attack
166 * where first they are written in an unprivileged fuse mount
167 * of a filesystem and then the system is tricked to mount the
168 * filesystem for real on next boot and trust it because
169 * everything is signed.
171 hmac_misc
.uid
= from_kuid(&init_user_ns
, inode
->i_uid
);
172 hmac_misc
.gid
= from_kgid(&init_user_ns
, inode
->i_gid
);
173 hmac_misc
.mode
= inode
->i_mode
;
174 crypto_shash_update(desc
, (const u8
*)&hmac_misc
, sizeof(hmac_misc
));
175 if ((evm_hmac_attrs
& EVM_ATTR_FSUUID
) &&
176 type
!= EVM_XATTR_PORTABLE_DIGSIG
)
177 crypto_shash_update(desc
, &inode
->i_sb
->s_uuid
.b
[0],
178 sizeof(inode
->i_sb
->s_uuid
));
179 crypto_shash_final(desc
, digest
);
183 * Calculate the HMAC value across the set of protected security xattrs.
185 * Instead of retrieving the requested xattr, for performance, calculate
186 * the hmac using the requested xattr value. Don't alloc/free memory for
187 * each xattr, but attempt to re-use the previously allocated memory.
189 static int evm_calc_hmac_or_hash(struct dentry
*dentry
,
190 const char *req_xattr_name
,
191 const char *req_xattr_value
,
192 size_t req_xattr_value_len
,
193 uint8_t type
, struct evm_digest
*data
)
195 struct inode
*inode
= d_backing_inode(dentry
);
196 struct xattr_list
*xattr
;
197 struct shash_desc
*desc
;
198 size_t xattr_size
= 0;
199 char *xattr_value
= NULL
;
202 bool ima_present
= false;
204 if (!(inode
->i_opflags
& IOP_XATTR
) ||
205 inode
->i_sb
->s_user_ns
!= &init_user_ns
)
208 desc
= init_desc(type
, data
->hdr
.algo
);
210 return PTR_ERR(desc
);
212 data
->hdr
.length
= crypto_shash_digestsize(desc
->tfm
);
215 list_for_each_entry_rcu(xattr
, &evm_config_xattrnames
, list
) {
218 if (strcmp(xattr
->name
, XATTR_NAME_IMA
) == 0)
221 if ((req_xattr_name
&& req_xattr_value
)
222 && !strcmp(xattr
->name
, req_xattr_name
)) {
224 crypto_shash_update(desc
, (const u8
*)req_xattr_value
,
225 req_xattr_value_len
);
230 size
= vfs_getxattr_alloc(dentry
, xattr
->name
,
231 &xattr_value
, xattr_size
, GFP_NOFS
);
232 if (size
== -ENOMEM
) {
241 crypto_shash_update(desc
, (const u8
*)xattr_value
, xattr_size
);
245 hmac_add_misc(desc
, inode
, type
, data
->digest
);
247 /* Portable EVM signatures must include an IMA hash */
248 if (type
== EVM_XATTR_PORTABLE_DIGSIG
&& !ima_present
)
256 int evm_calc_hmac(struct dentry
*dentry
, const char *req_xattr_name
,
257 const char *req_xattr_value
, size_t req_xattr_value_len
,
258 struct evm_digest
*data
)
260 return evm_calc_hmac_or_hash(dentry
, req_xattr_name
, req_xattr_value
,
261 req_xattr_value_len
, EVM_XATTR_HMAC
, data
);
264 int evm_calc_hash(struct dentry
*dentry
, const char *req_xattr_name
,
265 const char *req_xattr_value
, size_t req_xattr_value_len
,
266 char type
, struct evm_digest
*data
)
268 return evm_calc_hmac_or_hash(dentry
, req_xattr_name
, req_xattr_value
,
269 req_xattr_value_len
, type
, data
);
272 static int evm_is_immutable(struct dentry
*dentry
, struct inode
*inode
)
274 const struct evm_ima_xattr_data
*xattr_data
= NULL
;
275 struct integrity_iint_cache
*iint
;
278 iint
= integrity_iint_find(inode
);
279 if (iint
&& (iint
->flags
& EVM_IMMUTABLE_DIGSIG
))
282 /* Do this the hard way */
283 rc
= vfs_getxattr_alloc(dentry
, XATTR_NAME_EVM
, (char **)&xattr_data
, 0,
290 if (xattr_data
->type
== EVM_XATTR_PORTABLE_DIGSIG
)
301 * Calculate the hmac and update security.evm xattr
303 * Expects to be called with i_mutex locked.
305 int evm_update_evmxattr(struct dentry
*dentry
, const char *xattr_name
,
306 const char *xattr_value
, size_t xattr_value_len
)
308 struct inode
*inode
= d_backing_inode(dentry
);
309 struct evm_digest data
;
313 * Don't permit any transformation of the EVM xattr if the signature
314 * is of an immutable type
316 rc
= evm_is_immutable(dentry
, inode
);
322 data
.hdr
.algo
= HASH_ALGO_SHA1
;
323 rc
= evm_calc_hmac(dentry
, xattr_name
, xattr_value
,
324 xattr_value_len
, &data
);
326 data
.hdr
.xattr
.sha1
.type
= EVM_XATTR_HMAC
;
327 rc
= __vfs_setxattr_noperm(dentry
, XATTR_NAME_EVM
,
328 &data
.hdr
.xattr
.data
[1],
329 SHA1_DIGEST_SIZE
+ 1, 0);
330 } else if (rc
== -ENODATA
&& (inode
->i_opflags
& IOP_XATTR
)) {
331 rc
= __vfs_removexattr(dentry
, XATTR_NAME_EVM
);
336 int evm_init_hmac(struct inode
*inode
, const struct xattr
*lsm_xattr
,
339 struct shash_desc
*desc
;
341 desc
= init_desc(EVM_XATTR_HMAC
, HASH_ALGO_SHA1
);
343 pr_info("init_desc failed\n");
344 return PTR_ERR(desc
);
347 crypto_shash_update(desc
, lsm_xattr
->value
, lsm_xattr
->value_len
);
348 hmac_add_misc(desc
, inode
, EVM_XATTR_HMAC
, hmac_val
);
354 * Get the key from the TPM for the SHA1-HMAC
356 int evm_init_key(void)
359 struct encrypted_key_payload
*ekp
;
362 evm_key
= request_key(&key_type_encrypted
, EVMKEY
, NULL
);
366 down_read(&evm_key
->sem
);
367 ekp
= evm_key
->payload
.data
[0];
369 rc
= evm_set_key(ekp
->decrypted_data
, ekp
->decrypted_datalen
);
371 /* burn the original key contents */
372 memset(ekp
->decrypted_data
, 0, ekp
->decrypted_datalen
);
373 up_read(&evm_key
->sem
);