]>
Commit | Line | Data |
---|---|---|
b886d83c | 1 | // SPDX-License-Identifier: GPL-2.0-only |
66dbc325 MZ |
2 | /* |
3 | * Copyright (C) 2005-2010 IBM Corporation | |
4 | * | |
5 | * Authors: | |
6 | * Mimi Zohar <zohar@us.ibm.com> | |
7 | * Kylene Hall <kjhall@us.ibm.com> | |
8 | * | |
66dbc325 MZ |
9 | * File: evm_crypto.c |
10 | * Using root's kernel master key (kmk), calculate the HMAC | |
11 | */ | |
12 | ||
876979c9 | 13 | #include <linux/export.h> |
66dbc325 MZ |
14 | #include <linux/crypto.h> |
15 | #include <linux/xattr.h> | |
76266763 | 16 | #include <linux/evm.h> |
66dbc325 | 17 | #include <keys/encrypted-type.h> |
d46eb369 | 18 | #include <crypto/hash.h> |
5feeb611 | 19 | #include <crypto/hash_info.h> |
66dbc325 MZ |
20 | #include "evm.h" |
21 | ||
22 | #define EVMKEY "evm-key" | |
23 | #define MAX_KEY_SIZE 128 | |
24 | static unsigned char evmkey[MAX_KEY_SIZE]; | |
b2724d58 | 25 | static const int evmkey_len = MAX_KEY_SIZE; |
66dbc325 | 26 | |
d46eb369 | 27 | struct crypto_shash *hmac_tfm; |
5feeb611 | 28 | static struct crypto_shash *evm_tfm[HASH_ALGO__LAST]; |
d46eb369 | 29 | |
97426f98 DK |
30 | static DEFINE_MUTEX(mutex); |
31 | ||
76266763 DK |
32 | #define EVM_SET_KEY_BUSY 0 |
33 | ||
34 | static unsigned long evm_set_key_flags; | |
35 | ||
b2724d58 | 36 | static const char evm_hmac[] = "hmac(sha1)"; |
1a82cee3 | 37 | |
76266763 DK |
38 | /** |
39 | * evm_set_key() - set EVM HMAC key from the kernel | |
40 | * @key: pointer to a buffer with the key data | |
41 | * @size: length of the key data | |
42 | * | |
43 | * This function allows setting the EVM HMAC key from the kernel | |
44 | * without using the "encrypted" key subsystem keys. It can be used | |
45 | * by the crypto HW kernel module which has its own way of managing | |
46 | * keys. | |
47 | * | |
48 | * key length should be between 32 and 128 bytes long | |
49 | */ | |
50 | int evm_set_key(void *key, size_t keylen) | |
51 | { | |
52 | int rc; | |
53 | ||
54 | rc = -EBUSY; | |
55 | if (test_and_set_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags)) | |
56 | goto busy; | |
57 | rc = -EINVAL; | |
58 | if (keylen > MAX_KEY_SIZE) | |
59 | goto inval; | |
60 | memcpy(evmkey, key, keylen); | |
61 | evm_initialized |= EVM_INIT_HMAC; | |
62 | pr_info("key initialized\n"); | |
63 | return 0; | |
64 | inval: | |
65 | clear_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags); | |
66 | busy: | |
67 | pr_err("key initialization failed\n"); | |
68 | return rc; | |
69 | } | |
70 | EXPORT_SYMBOL_GPL(evm_set_key); | |
71 | ||
5feeb611 | 72 | static struct shash_desc *init_desc(char type, uint8_t hash_algo) |
66dbc325 | 73 | { |
143b01d3 | 74 | long rc; |
5feeb611 | 75 | const char *algo; |
ccf11dba | 76 | struct crypto_shash **tfm, *tmp_tfm = NULL; |
d46eb369 DK |
77 | struct shash_desc *desc; |
78 | ||
15647eb3 | 79 | if (type == EVM_XATTR_HMAC) { |
26ddabfe | 80 | if (!(evm_initialized & EVM_INIT_HMAC)) { |
0485d066 | 81 | pr_err_once("HMAC key is not set\n"); |
26ddabfe DK |
82 | return ERR_PTR(-ENOKEY); |
83 | } | |
15647eb3 DK |
84 | tfm = &hmac_tfm; |
85 | algo = evm_hmac; | |
86 | } else { | |
221be106 RS |
87 | if (hash_algo >= HASH_ALGO__LAST) |
88 | return ERR_PTR(-EINVAL); | |
89 | ||
5feeb611 MG |
90 | tfm = &evm_tfm[hash_algo]; |
91 | algo = hash_algo_name[hash_algo]; | |
15647eb3 DK |
92 | } |
93 | ||
84338569 DC |
94 | if (*tfm) |
95 | goto alloc; | |
96 | mutex_lock(&mutex); | |
97 | if (*tfm) | |
98 | goto unlock; | |
99 | ||
100 | tmp_tfm = crypto_alloc_shash(algo, 0, CRYPTO_NOLOAD); | |
101 | if (IS_ERR(tmp_tfm)) { | |
102 | pr_err("Can not allocate %s (reason: %ld)\n", algo, | |
103 | PTR_ERR(tmp_tfm)); | |
104 | mutex_unlock(&mutex); | |
105 | return ERR_CAST(tmp_tfm); | |
106 | } | |
107 | if (type == EVM_XATTR_HMAC) { | |
108 | rc = crypto_shash_setkey(tmp_tfm, evmkey, evmkey_len); | |
109 | if (rc) { | |
110 | crypto_free_shash(tmp_tfm); | |
97426f98 | 111 | mutex_unlock(&mutex); |
d46eb369 DK |
112 | return ERR_PTR(rc); |
113 | } | |
66dbc325 | 114 | } |
84338569 DC |
115 | *tfm = tmp_tfm; |
116 | unlock: | |
117 | mutex_unlock(&mutex); | |
118 | alloc: | |
15647eb3 | 119 | desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm), |
d46eb369 | 120 | GFP_KERNEL); |
ccf11dba DL |
121 | if (!desc) { |
122 | crypto_free_shash(tmp_tfm); | |
d46eb369 | 123 | return ERR_PTR(-ENOMEM); |
ccf11dba | 124 | } |
d46eb369 | 125 | |
15647eb3 | 126 | desc->tfm = *tfm; |
d46eb369 | 127 | |
d46eb369 | 128 | rc = crypto_shash_init(desc); |
d46eb369 | 129 | if (rc) { |
ccf11dba | 130 | crypto_free_shash(tmp_tfm); |
d46eb369 DK |
131 | kfree(desc); |
132 | return ERR_PTR(rc); | |
133 | } | |
134 | return desc; | |
66dbc325 MZ |
135 | } |
136 | ||
137 | /* Protect against 'cutting & pasting' security.evm xattr, include inode | |
138 | * specific info. | |
139 | * | |
140 | * (Additional directory/file metadata needs to be added for more complete | |
141 | * protection.) | |
142 | */ | |
d46eb369 | 143 | static void hmac_add_misc(struct shash_desc *desc, struct inode *inode, |
50b97748 | 144 | char type, char *digest) |
66dbc325 MZ |
145 | { |
146 | struct h_misc { | |
147 | unsigned long ino; | |
148 | __u32 generation; | |
149 | uid_t uid; | |
150 | gid_t gid; | |
151 | umode_t mode; | |
152 | } hmac_misc; | |
66dbc325 | 153 | |
2bb930ab | 154 | memset(&hmac_misc, 0, sizeof(hmac_misc)); |
50b97748 MG |
155 | /* Don't include the inode or generation number in portable |
156 | * signatures | |
157 | */ | |
158 | if (type != EVM_XATTR_PORTABLE_DIGSIG) { | |
159 | hmac_misc.ino = inode->i_ino; | |
160 | hmac_misc.generation = inode->i_generation; | |
161 | } | |
19339c25 EB |
162 | /* The hmac uid and gid must be encoded in the initial user |
163 | * namespace (not the filesystems user namespace) as encoding | |
164 | * them in the filesystems user namespace allows an attack | |
165 | * where first they are written in an unprivileged fuse mount | |
166 | * of a filesystem and then the system is tricked to mount the | |
167 | * filesystem for real on next boot and trust it because | |
168 | * everything is signed. | |
169 | */ | |
170 | hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid); | |
171 | hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid); | |
66dbc325 | 172 | hmac_misc.mode = inode->i_mode; |
2bb930ab | 173 | crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc)); |
50b97748 MG |
174 | if ((evm_hmac_attrs & EVM_ATTR_FSUUID) && |
175 | type != EVM_XATTR_PORTABLE_DIGSIG) | |
e7fde070 | 176 | crypto_shash_update(desc, (u8 *)&inode->i_sb->s_uuid, UUID_SIZE); |
d46eb369 | 177 | crypto_shash_final(desc, digest); |
66dbc325 MZ |
178 | } |
179 | ||
180 | /* | |
181 | * Calculate the HMAC value across the set of protected security xattrs. | |
182 | * | |
183 | * Instead of retrieving the requested xattr, for performance, calculate | |
184 | * the hmac using the requested xattr value. Don't alloc/free memory for | |
185 | * each xattr, but attempt to re-use the previously allocated memory. | |
186 | */ | |
15647eb3 | 187 | static int evm_calc_hmac_or_hash(struct dentry *dentry, |
5feeb611 MG |
188 | const char *req_xattr_name, |
189 | const char *req_xattr_value, | |
190 | size_t req_xattr_value_len, | |
191 | uint8_t type, struct evm_digest *data) | |
66dbc325 | 192 | { |
c6f493d6 | 193 | struct inode *inode = d_backing_inode(dentry); |
21af7663 | 194 | struct xattr_list *xattr; |
d46eb369 | 195 | struct shash_desc *desc; |
66dbc325 MZ |
196 | size_t xattr_size = 0; |
197 | char *xattr_value = NULL; | |
198 | int error; | |
199 | int size; | |
50b97748 | 200 | bool ima_present = false; |
66dbc325 | 201 | |
a3a5c966 SF |
202 | if (!(inode->i_opflags & IOP_XATTR) || |
203 | inode->i_sb->s_user_ns != &init_user_ns) | |
66dbc325 | 204 | return -EOPNOTSUPP; |
5d6c3191 | 205 | |
5feeb611 | 206 | desc = init_desc(type, data->hdr.algo); |
d46eb369 DK |
207 | if (IS_ERR(desc)) |
208 | return PTR_ERR(desc); | |
66dbc325 | 209 | |
5feeb611 MG |
210 | data->hdr.length = crypto_shash_digestsize(desc->tfm); |
211 | ||
66dbc325 | 212 | error = -ENODATA; |
770f6058 | 213 | list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) { |
50b97748 MG |
214 | bool is_ima = false; |
215 | ||
21af7663 | 216 | if (strcmp(xattr->name, XATTR_NAME_IMA) == 0) |
50b97748 MG |
217 | is_ima = true; |
218 | ||
66dbc325 | 219 | if ((req_xattr_name && req_xattr_value) |
21af7663 | 220 | && !strcmp(xattr->name, req_xattr_name)) { |
66dbc325 | 221 | error = 0; |
d46eb369 DK |
222 | crypto_shash_update(desc, (const u8 *)req_xattr_value, |
223 | req_xattr_value_len); | |
50b97748 MG |
224 | if (is_ima) |
225 | ima_present = true; | |
66dbc325 MZ |
226 | continue; |
227 | } | |
c7c7a1a1 | 228 | size = vfs_getxattr_alloc(&init_user_ns, dentry, xattr->name, |
66dbc325 MZ |
229 | &xattr_value, xattr_size, GFP_NOFS); |
230 | if (size == -ENOMEM) { | |
231 | error = -ENOMEM; | |
232 | goto out; | |
233 | } | |
234 | if (size < 0) | |
235 | continue; | |
236 | ||
237 | error = 0; | |
238 | xattr_size = size; | |
d46eb369 | 239 | crypto_shash_update(desc, (const u8 *)xattr_value, xattr_size); |
50b97748 MG |
240 | if (is_ima) |
241 | ima_present = true; | |
66dbc325 | 242 | } |
5feeb611 | 243 | hmac_add_misc(desc, inode, type, data->digest); |
d46eb369 | 244 | |
50b97748 MG |
245 | /* Portable EVM signatures must include an IMA hash */ |
246 | if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present) | |
0c4395fb | 247 | error = -EPERM; |
66dbc325 | 248 | out: |
d46eb369 DK |
249 | kfree(xattr_value); |
250 | kfree(desc); | |
66dbc325 MZ |
251 | return error; |
252 | } | |
253 | ||
15647eb3 DK |
254 | int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name, |
255 | const char *req_xattr_value, size_t req_xattr_value_len, | |
5feeb611 | 256 | struct evm_digest *data) |
15647eb3 DK |
257 | { |
258 | return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value, | |
5feeb611 | 259 | req_xattr_value_len, EVM_XATTR_HMAC, data); |
15647eb3 DK |
260 | } |
261 | ||
262 | int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name, | |
263 | const char *req_xattr_value, size_t req_xattr_value_len, | |
5feeb611 | 264 | char type, struct evm_digest *data) |
15647eb3 DK |
265 | { |
266 | return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value, | |
5feeb611 | 267 | req_xattr_value_len, type, data); |
50b97748 MG |
268 | } |
269 | ||
270 | static int evm_is_immutable(struct dentry *dentry, struct inode *inode) | |
271 | { | |
272 | const struct evm_ima_xattr_data *xattr_data = NULL; | |
273 | struct integrity_iint_cache *iint; | |
274 | int rc = 0; | |
275 | ||
276 | iint = integrity_iint_find(inode); | |
277 | if (iint && (iint->flags & EVM_IMMUTABLE_DIGSIG)) | |
278 | return 1; | |
279 | ||
280 | /* Do this the hard way */ | |
c7c7a1a1 TA |
281 | rc = vfs_getxattr_alloc(&init_user_ns, dentry, XATTR_NAME_EVM, |
282 | (char **)&xattr_data, 0, GFP_NOFS); | |
50b97748 MG |
283 | if (rc <= 0) { |
284 | if (rc == -ENODATA) | |
285 | return 0; | |
286 | return rc; | |
287 | } | |
288 | if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG) | |
289 | rc = 1; | |
290 | else | |
291 | rc = 0; | |
292 | ||
293 | kfree(xattr_data); | |
294 | return rc; | |
15647eb3 DK |
295 | } |
296 | ||
50b97748 | 297 | |
66dbc325 MZ |
298 | /* |
299 | * Calculate the hmac and update security.evm xattr | |
300 | * | |
301 | * Expects to be called with i_mutex locked. | |
302 | */ | |
303 | int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name, | |
304 | const char *xattr_value, size_t xattr_value_len) | |
305 | { | |
c6f493d6 | 306 | struct inode *inode = d_backing_inode(dentry); |
5feeb611 | 307 | struct evm_digest data; |
66dbc325 MZ |
308 | int rc = 0; |
309 | ||
50b97748 MG |
310 | /* |
311 | * Don't permit any transformation of the EVM xattr if the signature | |
312 | * is of an immutable type | |
313 | */ | |
314 | rc = evm_is_immutable(dentry, inode); | |
315 | if (rc < 0) | |
316 | return rc; | |
317 | if (rc) | |
318 | return -EPERM; | |
319 | ||
5feeb611 | 320 | data.hdr.algo = HASH_ALGO_SHA1; |
66dbc325 | 321 | rc = evm_calc_hmac(dentry, xattr_name, xattr_value, |
5feeb611 | 322 | xattr_value_len, &data); |
6be5cc52 | 323 | if (rc == 0) { |
5feeb611 | 324 | data.hdr.xattr.sha1.type = EVM_XATTR_HMAC; |
c7c7a1a1 TA |
325 | rc = __vfs_setxattr_noperm(&init_user_ns, dentry, |
326 | XATTR_NAME_EVM, | |
5feeb611 MG |
327 | &data.hdr.xattr.data[1], |
328 | SHA1_DIGEST_SIZE + 1, 0); | |
5d6c3191 | 329 | } else if (rc == -ENODATA && (inode->i_opflags & IOP_XATTR)) { |
c7c7a1a1 | 330 | rc = __vfs_removexattr(&init_user_ns, dentry, XATTR_NAME_EVM); |
a67adb99 | 331 | } |
66dbc325 MZ |
332 | return rc; |
333 | } | |
334 | ||
cb723180 MZ |
335 | int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr, |
336 | char *hmac_val) | |
337 | { | |
d46eb369 | 338 | struct shash_desc *desc; |
cb723180 | 339 | |
5feeb611 | 340 | desc = init_desc(EVM_XATTR_HMAC, HASH_ALGO_SHA1); |
d46eb369 | 341 | if (IS_ERR(desc)) { |
20ee451f | 342 | pr_info("init_desc failed\n"); |
d46eb369 | 343 | return PTR_ERR(desc); |
cb723180 MZ |
344 | } |
345 | ||
d46eb369 | 346 | crypto_shash_update(desc, lsm_xattr->value, lsm_xattr->value_len); |
50b97748 | 347 | hmac_add_misc(desc, inode, EVM_XATTR_HMAC, hmac_val); |
d46eb369 | 348 | kfree(desc); |
cb723180 MZ |
349 | return 0; |
350 | } | |
351 | ||
66dbc325 MZ |
352 | /* |
353 | * Get the key from the TPM for the SHA1-HMAC | |
354 | */ | |
355 | int evm_init_key(void) | |
356 | { | |
357 | struct key *evm_key; | |
358 | struct encrypted_key_payload *ekp; | |
76266763 | 359 | int rc; |
66dbc325 | 360 | |
028db3e2 | 361 | evm_key = request_key(&key_type_encrypted, EVMKEY, NULL); |
66dbc325 MZ |
362 | if (IS_ERR(evm_key)) |
363 | return -ENOENT; | |
364 | ||
365 | down_read(&evm_key->sem); | |
146aa8b1 | 366 | ekp = evm_key->payload.data[0]; |
76266763 DK |
367 | |
368 | rc = evm_set_key(ekp->decrypted_data, ekp->decrypted_datalen); | |
369 | ||
66dbc325 MZ |
370 | /* burn the original key contents */ |
371 | memset(ekp->decrypted_data, 0, ekp->decrypted_datalen); | |
372 | up_read(&evm_key->sem); | |
373 | key_put(evm_key); | |
374 | return rc; | |
375 | } |