]>
Commit | Line | Data |
---|---|---|
66dbc325 MZ |
1 | /* |
2 | * Copyright (C) 2005-2010 IBM Corporation | |
3 | * | |
4 | * Authors: | |
5 | * Mimi Zohar <zohar@us.ibm.com> | |
6 | * Kylene Hall <kjhall@us.ibm.com> | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify | |
9 | * it under the terms of the GNU General Public License as published by | |
10 | * the Free Software Foundation, version 2 of the License. | |
11 | * | |
12 | * File: evm_crypto.c | |
13 | * Using root's kernel master key (kmk), calculate the HMAC | |
14 | */ | |
15 | ||
20ee451f JP |
16 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
17 | ||
66dbc325 MZ |
18 | #include <linux/module.h> |
19 | #include <linux/crypto.h> | |
20 | #include <linux/xattr.h> | |
76266763 | 21 | #include <linux/evm.h> |
66dbc325 | 22 | #include <keys/encrypted-type.h> |
d46eb369 | 23 | #include <crypto/hash.h> |
5feeb611 | 24 | #include <crypto/hash_info.h> |
66dbc325 MZ |
25 | #include "evm.h" |
26 | ||
27 | #define EVMKEY "evm-key" | |
28 | #define MAX_KEY_SIZE 128 | |
29 | static unsigned char evmkey[MAX_KEY_SIZE]; | |
30 | static int evmkey_len = MAX_KEY_SIZE; | |
31 | ||
d46eb369 | 32 | struct crypto_shash *hmac_tfm; |
5feeb611 | 33 | static struct crypto_shash *evm_tfm[HASH_ALGO__LAST]; |
d46eb369 | 34 | |
97426f98 DK |
35 | static DEFINE_MUTEX(mutex); |
36 | ||
76266763 DK |
37 | #define EVM_SET_KEY_BUSY 0 |
38 | ||
39 | static unsigned long evm_set_key_flags; | |
40 | ||
1a82cee3 | 41 | static char * const evm_hmac = "hmac(sha1)"; |
1a82cee3 | 42 | |
76266763 DK |
43 | /** |
44 | * evm_set_key() - set EVM HMAC key from the kernel | |
45 | * @key: pointer to a buffer with the key data | |
46 | * @size: length of the key data | |
47 | * | |
48 | * This function allows setting the EVM HMAC key from the kernel | |
49 | * without using the "encrypted" key subsystem keys. It can be used | |
50 | * by the crypto HW kernel module which has its own way of managing | |
51 | * keys. | |
52 | * | |
53 | * key length should be between 32 and 128 bytes long | |
54 | */ | |
55 | int evm_set_key(void *key, size_t keylen) | |
56 | { | |
57 | int rc; | |
58 | ||
59 | rc = -EBUSY; | |
60 | if (test_and_set_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags)) | |
61 | goto busy; | |
62 | rc = -EINVAL; | |
63 | if (keylen > MAX_KEY_SIZE) | |
64 | goto inval; | |
65 | memcpy(evmkey, key, keylen); | |
66 | evm_initialized |= EVM_INIT_HMAC; | |
67 | pr_info("key initialized\n"); | |
68 | return 0; | |
69 | inval: | |
70 | clear_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags); | |
71 | busy: | |
72 | pr_err("key initialization failed\n"); | |
73 | return rc; | |
74 | } | |
75 | EXPORT_SYMBOL_GPL(evm_set_key); | |
76 | ||
5feeb611 | 77 | static struct shash_desc *init_desc(char type, uint8_t hash_algo) |
66dbc325 | 78 | { |
143b01d3 | 79 | long rc; |
5feeb611 | 80 | const char *algo; |
15647eb3 | 81 | struct crypto_shash **tfm; |
d46eb369 DK |
82 | struct shash_desc *desc; |
83 | ||
15647eb3 | 84 | if (type == EVM_XATTR_HMAC) { |
26ddabfe | 85 | if (!(evm_initialized & EVM_INIT_HMAC)) { |
0485d066 | 86 | pr_err_once("HMAC key is not set\n"); |
26ddabfe DK |
87 | return ERR_PTR(-ENOKEY); |
88 | } | |
15647eb3 DK |
89 | tfm = &hmac_tfm; |
90 | algo = evm_hmac; | |
91 | } else { | |
5feeb611 MG |
92 | tfm = &evm_tfm[hash_algo]; |
93 | algo = hash_algo_name[hash_algo]; | |
15647eb3 DK |
94 | } |
95 | ||
96 | if (*tfm == NULL) { | |
97426f98 | 97 | mutex_lock(&mutex); |
143b01d3 | 98 | if (*tfm) |
97426f98 | 99 | goto out; |
e2861fa7 MG |
100 | *tfm = crypto_alloc_shash(algo, 0, |
101 | CRYPTO_ALG_ASYNC | CRYPTO_NOLOAD); | |
15647eb3 | 102 | if (IS_ERR(*tfm)) { |
15647eb3 | 103 | rc = PTR_ERR(*tfm); |
143b01d3 | 104 | pr_err("Can not allocate %s (reason: %ld)\n", algo, rc); |
15647eb3 | 105 | *tfm = NULL; |
97426f98 | 106 | mutex_unlock(&mutex); |
d46eb369 DK |
107 | return ERR_PTR(rc); |
108 | } | |
88d7ed35 DK |
109 | if (type == EVM_XATTR_HMAC) { |
110 | rc = crypto_shash_setkey(*tfm, evmkey, evmkey_len); | |
111 | if (rc) { | |
112 | crypto_free_shash(*tfm); | |
113 | *tfm = NULL; | |
143b01d3 | 114 | mutex_unlock(&mutex); |
88d7ed35 DK |
115 | return ERR_PTR(rc); |
116 | } | |
d21b5945 | 117 | } |
97426f98 DK |
118 | out: |
119 | mutex_unlock(&mutex); | |
66dbc325 | 120 | } |
d46eb369 | 121 | |
15647eb3 | 122 | desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm), |
d46eb369 DK |
123 | GFP_KERNEL); |
124 | if (!desc) | |
125 | return ERR_PTR(-ENOMEM); | |
126 | ||
15647eb3 | 127 | desc->tfm = *tfm; |
d46eb369 DK |
128 | desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; |
129 | ||
d46eb369 | 130 | rc = crypto_shash_init(desc); |
d46eb369 DK |
131 | if (rc) { |
132 | kfree(desc); | |
133 | return ERR_PTR(rc); | |
134 | } | |
135 | return desc; | |
66dbc325 MZ |
136 | } |
137 | ||
138 | /* Protect against 'cutting & pasting' security.evm xattr, include inode | |
139 | * specific info. | |
140 | * | |
141 | * (Additional directory/file metadata needs to be added for more complete | |
142 | * protection.) | |
143 | */ | |
d46eb369 | 144 | static void hmac_add_misc(struct shash_desc *desc, struct inode *inode, |
50b97748 | 145 | char type, char *digest) |
66dbc325 MZ |
146 | { |
147 | struct h_misc { | |
148 | unsigned long ino; | |
149 | __u32 generation; | |
150 | uid_t uid; | |
151 | gid_t gid; | |
152 | umode_t mode; | |
153 | } hmac_misc; | |
66dbc325 | 154 | |
2bb930ab | 155 | memset(&hmac_misc, 0, sizeof(hmac_misc)); |
50b97748 MG |
156 | /* Don't include the inode or generation number in portable |
157 | * signatures | |
158 | */ | |
159 | if (type != EVM_XATTR_PORTABLE_DIGSIG) { | |
160 | hmac_misc.ino = inode->i_ino; | |
161 | hmac_misc.generation = inode->i_generation; | |
162 | } | |
19339c25 EB |
163 | /* The hmac uid and gid must be encoded in the initial user |
164 | * namespace (not the filesystems user namespace) as encoding | |
165 | * them in the filesystems user namespace allows an attack | |
166 | * where first they are written in an unprivileged fuse mount | |
167 | * of a filesystem and then the system is tricked to mount the | |
168 | * filesystem for real on next boot and trust it because | |
169 | * everything is signed. | |
170 | */ | |
171 | hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid); | |
172 | hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid); | |
66dbc325 | 173 | hmac_misc.mode = inode->i_mode; |
2bb930ab | 174 | crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc)); |
50b97748 MG |
175 | if ((evm_hmac_attrs & EVM_ATTR_FSUUID) && |
176 | type != EVM_XATTR_PORTABLE_DIGSIG) | |
85787090 | 177 | crypto_shash_update(desc, &inode->i_sb->s_uuid.b[0], |
74de6684 | 178 | sizeof(inode->i_sb->s_uuid)); |
d46eb369 | 179 | crypto_shash_final(desc, digest); |
66dbc325 MZ |
180 | } |
181 | ||
182 | /* | |
183 | * Calculate the HMAC value across the set of protected security xattrs. | |
184 | * | |
185 | * Instead of retrieving the requested xattr, for performance, calculate | |
186 | * the hmac using the requested xattr value. Don't alloc/free memory for | |
187 | * each xattr, but attempt to re-use the previously allocated memory. | |
188 | */ | |
15647eb3 | 189 | static int evm_calc_hmac_or_hash(struct dentry *dentry, |
5feeb611 MG |
190 | const char *req_xattr_name, |
191 | const char *req_xattr_value, | |
192 | size_t req_xattr_value_len, | |
193 | uint8_t type, struct evm_digest *data) | |
66dbc325 | 194 | { |
c6f493d6 | 195 | struct inode *inode = d_backing_inode(dentry); |
21af7663 | 196 | struct xattr_list *xattr; |
d46eb369 | 197 | struct shash_desc *desc; |
66dbc325 MZ |
198 | size_t xattr_size = 0; |
199 | char *xattr_value = NULL; | |
200 | int error; | |
201 | int size; | |
50b97748 | 202 | bool ima_present = false; |
66dbc325 | 203 | |
a3a5c966 SF |
204 | if (!(inode->i_opflags & IOP_XATTR) || |
205 | inode->i_sb->s_user_ns != &init_user_ns) | |
66dbc325 | 206 | return -EOPNOTSUPP; |
5d6c3191 | 207 | |
5feeb611 | 208 | desc = init_desc(type, data->hdr.algo); |
d46eb369 DK |
209 | if (IS_ERR(desc)) |
210 | return PTR_ERR(desc); | |
66dbc325 | 211 | |
5feeb611 MG |
212 | data->hdr.length = crypto_shash_digestsize(desc->tfm); |
213 | ||
66dbc325 | 214 | error = -ENODATA; |
fa516b66 | 215 | list_for_each_entry_rcu(xattr, &evm_config_xattrnames, list) { |
50b97748 MG |
216 | bool is_ima = false; |
217 | ||
21af7663 | 218 | if (strcmp(xattr->name, XATTR_NAME_IMA) == 0) |
50b97748 MG |
219 | is_ima = true; |
220 | ||
66dbc325 | 221 | if ((req_xattr_name && req_xattr_value) |
21af7663 | 222 | && !strcmp(xattr->name, req_xattr_name)) { |
66dbc325 | 223 | error = 0; |
d46eb369 DK |
224 | crypto_shash_update(desc, (const u8 *)req_xattr_value, |
225 | req_xattr_value_len); | |
50b97748 MG |
226 | if (is_ima) |
227 | ima_present = true; | |
66dbc325 MZ |
228 | continue; |
229 | } | |
21af7663 | 230 | size = vfs_getxattr_alloc(dentry, xattr->name, |
66dbc325 MZ |
231 | &xattr_value, xattr_size, GFP_NOFS); |
232 | if (size == -ENOMEM) { | |
233 | error = -ENOMEM; | |
234 | goto out; | |
235 | } | |
236 | if (size < 0) | |
237 | continue; | |
238 | ||
239 | error = 0; | |
240 | xattr_size = size; | |
d46eb369 | 241 | crypto_shash_update(desc, (const u8 *)xattr_value, xattr_size); |
50b97748 MG |
242 | if (is_ima) |
243 | ima_present = true; | |
66dbc325 | 244 | } |
5feeb611 | 245 | hmac_add_misc(desc, inode, type, data->digest); |
d46eb369 | 246 | |
50b97748 MG |
247 | /* Portable EVM signatures must include an IMA hash */ |
248 | if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present) | |
249 | return -EPERM; | |
66dbc325 | 250 | out: |
d46eb369 DK |
251 | kfree(xattr_value); |
252 | kfree(desc); | |
66dbc325 MZ |
253 | return error; |
254 | } | |
255 | ||
15647eb3 DK |
256 | int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name, |
257 | const char *req_xattr_value, size_t req_xattr_value_len, | |
5feeb611 | 258 | struct evm_digest *data) |
15647eb3 DK |
259 | { |
260 | return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value, | |
5feeb611 | 261 | req_xattr_value_len, EVM_XATTR_HMAC, data); |
15647eb3 DK |
262 | } |
263 | ||
264 | int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name, | |
265 | const char *req_xattr_value, size_t req_xattr_value_len, | |
5feeb611 | 266 | char type, struct evm_digest *data) |
15647eb3 DK |
267 | { |
268 | return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value, | |
5feeb611 | 269 | req_xattr_value_len, type, data); |
50b97748 MG |
270 | } |
271 | ||
272 | static int evm_is_immutable(struct dentry *dentry, struct inode *inode) | |
273 | { | |
274 | const struct evm_ima_xattr_data *xattr_data = NULL; | |
275 | struct integrity_iint_cache *iint; | |
276 | int rc = 0; | |
277 | ||
278 | iint = integrity_iint_find(inode); | |
279 | if (iint && (iint->flags & EVM_IMMUTABLE_DIGSIG)) | |
280 | return 1; | |
281 | ||
282 | /* Do this the hard way */ | |
283 | rc = vfs_getxattr_alloc(dentry, XATTR_NAME_EVM, (char **)&xattr_data, 0, | |
284 | GFP_NOFS); | |
285 | if (rc <= 0) { | |
286 | if (rc == -ENODATA) | |
287 | return 0; | |
288 | return rc; | |
289 | } | |
290 | if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG) | |
291 | rc = 1; | |
292 | else | |
293 | rc = 0; | |
294 | ||
295 | kfree(xattr_data); | |
296 | return rc; | |
15647eb3 DK |
297 | } |
298 | ||
50b97748 | 299 | |
66dbc325 MZ |
300 | /* |
301 | * Calculate the hmac and update security.evm xattr | |
302 | * | |
303 | * Expects to be called with i_mutex locked. | |
304 | */ | |
305 | int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name, | |
306 | const char *xattr_value, size_t xattr_value_len) | |
307 | { | |
c6f493d6 | 308 | struct inode *inode = d_backing_inode(dentry); |
5feeb611 | 309 | struct evm_digest data; |
66dbc325 MZ |
310 | int rc = 0; |
311 | ||
50b97748 MG |
312 | /* |
313 | * Don't permit any transformation of the EVM xattr if the signature | |
314 | * is of an immutable type | |
315 | */ | |
316 | rc = evm_is_immutable(dentry, inode); | |
317 | if (rc < 0) | |
318 | return rc; | |
319 | if (rc) | |
320 | return -EPERM; | |
321 | ||
5feeb611 | 322 | data.hdr.algo = HASH_ALGO_SHA1; |
66dbc325 | 323 | rc = evm_calc_hmac(dentry, xattr_name, xattr_value, |
5feeb611 | 324 | xattr_value_len, &data); |
6be5cc52 | 325 | if (rc == 0) { |
5feeb611 | 326 | data.hdr.xattr.sha1.type = EVM_XATTR_HMAC; |
66dbc325 | 327 | rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_EVM, |
5feeb611 MG |
328 | &data.hdr.xattr.data[1], |
329 | SHA1_DIGEST_SIZE + 1, 0); | |
5d6c3191 AG |
330 | } else if (rc == -ENODATA && (inode->i_opflags & IOP_XATTR)) { |
331 | rc = __vfs_removexattr(dentry, XATTR_NAME_EVM); | |
a67adb99 | 332 | } |
66dbc325 MZ |
333 | return rc; |
334 | } | |
335 | ||
cb723180 MZ |
336 | int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr, |
337 | char *hmac_val) | |
338 | { | |
d46eb369 | 339 | struct shash_desc *desc; |
cb723180 | 340 | |
5feeb611 | 341 | desc = init_desc(EVM_XATTR_HMAC, HASH_ALGO_SHA1); |
d46eb369 | 342 | if (IS_ERR(desc)) { |
20ee451f | 343 | pr_info("init_desc failed\n"); |
d46eb369 | 344 | return PTR_ERR(desc); |
cb723180 MZ |
345 | } |
346 | ||
d46eb369 | 347 | crypto_shash_update(desc, lsm_xattr->value, lsm_xattr->value_len); |
50b97748 | 348 | hmac_add_misc(desc, inode, EVM_XATTR_HMAC, hmac_val); |
d46eb369 | 349 | kfree(desc); |
cb723180 MZ |
350 | return 0; |
351 | } | |
352 | ||
66dbc325 MZ |
353 | /* |
354 | * Get the key from the TPM for the SHA1-HMAC | |
355 | */ | |
356 | int evm_init_key(void) | |
357 | { | |
358 | struct key *evm_key; | |
359 | struct encrypted_key_payload *ekp; | |
76266763 | 360 | int rc; |
66dbc325 MZ |
361 | |
362 | evm_key = request_key(&key_type_encrypted, EVMKEY, NULL); | |
363 | if (IS_ERR(evm_key)) | |
364 | return -ENOENT; | |
365 | ||
366 | down_read(&evm_key->sem); | |
146aa8b1 | 367 | ekp = evm_key->payload.data[0]; |
76266763 DK |
368 | |
369 | rc = evm_set_key(ekp->decrypted_data, ekp->decrypted_datalen); | |
370 | ||
66dbc325 MZ |
371 | /* burn the original key contents */ |
372 | memset(ekp->decrypted_data, 0, ekp->decrypted_datalen); | |
373 | up_read(&evm_key->sem); | |
374 | key_put(evm_key); | |
375 | return rc; | |
376 | } |