1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright (C) 2005-2010 IBM Corporation
6 * Mimi Zohar <zohar@us.ibm.com>
7 * Kylene Hall <kjhall@us.ibm.com>
10 * Using root's kernel master key (kmk), calculate the HMAC
13 #include <linux/export.h>
14 #include <linux/crypto.h>
15 #include <linux/xattr.h>
16 #include <linux/evm.h>
17 #include <keys/encrypted-type.h>
18 #include <crypto/hash.h>
19 #include <crypto/hash_info.h>
22 #define EVMKEY "evm-key"
23 #define MAX_KEY_SIZE 128
24 static unsigned char evmkey
[MAX_KEY_SIZE
];
25 static const int evmkey_len
= MAX_KEY_SIZE
;
27 struct crypto_shash
*hmac_tfm
;
28 static struct crypto_shash
*evm_tfm
[HASH_ALGO__LAST
];
30 static DEFINE_MUTEX(mutex
);
32 #define EVM_SET_KEY_BUSY 0
34 static unsigned long evm_set_key_flags
;
36 static const char evm_hmac
[] = "hmac(sha1)";
39 * evm_set_key() - set EVM HMAC key from the kernel
40 * @key: pointer to a buffer with the key data
41 * @size: length of the key data
43 * This function allows setting the EVM HMAC key from the kernel
44 * without using the "encrypted" key subsystem keys. It can be used
45 * by the crypto HW kernel module which has its own way of managing
48 * key length should be between 32 and 128 bytes long
50 int evm_set_key(void *key
, size_t keylen
)
55 if (test_and_set_bit(EVM_SET_KEY_BUSY
, &evm_set_key_flags
))
58 if (keylen
> MAX_KEY_SIZE
)
60 memcpy(evmkey
, key
, keylen
);
61 evm_initialized
|= EVM_INIT_HMAC
;
62 pr_info("key initialized\n");
65 clear_bit(EVM_SET_KEY_BUSY
, &evm_set_key_flags
);
67 pr_err("key initialization failed\n");
70 EXPORT_SYMBOL_GPL(evm_set_key
);
72 static struct shash_desc
*init_desc(char type
, uint8_t hash_algo
)
76 struct crypto_shash
**tfm
, *tmp_tfm
= NULL
;
77 struct shash_desc
*desc
;
79 if (type
== EVM_XATTR_HMAC
) {
80 if (!(evm_initialized
& EVM_INIT_HMAC
)) {
81 pr_err_once("HMAC key is not set\n");
82 return ERR_PTR(-ENOKEY
);
87 if (hash_algo
>= HASH_ALGO__LAST
)
88 return ERR_PTR(-EINVAL
);
90 tfm
= &evm_tfm
[hash_algo
];
91 algo
= hash_algo_name
[hash_algo
];
100 tmp_tfm
= crypto_alloc_shash(algo
, 0, CRYPTO_NOLOAD
);
101 if (IS_ERR(tmp_tfm
)) {
102 pr_err("Can not allocate %s (reason: %ld)\n", algo
,
104 mutex_unlock(&mutex
);
105 return ERR_CAST(tmp_tfm
);
107 if (type
== EVM_XATTR_HMAC
) {
108 rc
= crypto_shash_setkey(tmp_tfm
, evmkey
, evmkey_len
);
110 crypto_free_shash(tmp_tfm
);
111 mutex_unlock(&mutex
);
117 mutex_unlock(&mutex
);
119 desc
= kmalloc(sizeof(*desc
) + crypto_shash_descsize(*tfm
),
122 crypto_free_shash(tmp_tfm
);
123 return ERR_PTR(-ENOMEM
);
128 rc
= crypto_shash_init(desc
);
130 crypto_free_shash(tmp_tfm
);
137 /* Protect against 'cutting & pasting' security.evm xattr, include inode
140 * (Additional directory/file metadata needs to be added for more complete
143 static void hmac_add_misc(struct shash_desc
*desc
, struct inode
*inode
,
144 char type
, char *digest
)
154 memset(&hmac_misc
, 0, sizeof(hmac_misc
));
155 /* Don't include the inode or generation number in portable
158 if (type
!= EVM_XATTR_PORTABLE_DIGSIG
) {
159 hmac_misc
.ino
= inode
->i_ino
;
160 hmac_misc
.generation
= inode
->i_generation
;
162 /* The hmac uid and gid must be encoded in the initial user
163 * namespace (not the filesystems user namespace) as encoding
164 * them in the filesystems user namespace allows an attack
165 * where first they are written in an unprivileged fuse mount
166 * of a filesystem and then the system is tricked to mount the
167 * filesystem for real on next boot and trust it because
168 * everything is signed.
170 hmac_misc
.uid
= from_kuid(&init_user_ns
, inode
->i_uid
);
171 hmac_misc
.gid
= from_kgid(&init_user_ns
, inode
->i_gid
);
172 hmac_misc
.mode
= inode
->i_mode
;
173 crypto_shash_update(desc
, (const u8
*)&hmac_misc
, sizeof(hmac_misc
));
174 if ((evm_hmac_attrs
& EVM_ATTR_FSUUID
) &&
175 type
!= EVM_XATTR_PORTABLE_DIGSIG
)
176 crypto_shash_update(desc
, (u8
*)&inode
->i_sb
->s_uuid
, UUID_SIZE
);
177 crypto_shash_final(desc
, digest
);
181 * Calculate the HMAC value across the set of protected security xattrs.
183 * Instead of retrieving the requested xattr, for performance, calculate
184 * the hmac using the requested xattr value. Don't alloc/free memory for
185 * each xattr, but attempt to re-use the previously allocated memory.
187 static int evm_calc_hmac_or_hash(struct dentry
*dentry
,
188 const char *req_xattr_name
,
189 const char *req_xattr_value
,
190 size_t req_xattr_value_len
,
191 uint8_t type
, struct evm_digest
*data
)
193 struct inode
*inode
= d_backing_inode(dentry
);
194 struct xattr_list
*xattr
;
195 struct shash_desc
*desc
;
196 size_t xattr_size
= 0;
197 char *xattr_value
= NULL
;
200 bool ima_present
= false;
202 if (!(inode
->i_opflags
& IOP_XATTR
) ||
203 inode
->i_sb
->s_user_ns
!= &init_user_ns
)
206 desc
= init_desc(type
, data
->hdr
.algo
);
208 return PTR_ERR(desc
);
210 data
->hdr
.length
= crypto_shash_digestsize(desc
->tfm
);
213 list_for_each_entry_lockless(xattr
, &evm_config_xattrnames
, list
) {
216 if (strcmp(xattr
->name
, XATTR_NAME_IMA
) == 0)
219 if ((req_xattr_name
&& req_xattr_value
)
220 && !strcmp(xattr
->name
, req_xattr_name
)) {
222 crypto_shash_update(desc
, (const u8
*)req_xattr_value
,
223 req_xattr_value_len
);
228 size
= vfs_getxattr_alloc(&init_user_ns
, dentry
, xattr
->name
,
229 &xattr_value
, xattr_size
, GFP_NOFS
);
230 if (size
== -ENOMEM
) {
239 crypto_shash_update(desc
, (const u8
*)xattr_value
, xattr_size
);
243 hmac_add_misc(desc
, inode
, type
, data
->digest
);
245 /* Portable EVM signatures must include an IMA hash */
246 if (type
== EVM_XATTR_PORTABLE_DIGSIG
&& !ima_present
)
254 int evm_calc_hmac(struct dentry
*dentry
, const char *req_xattr_name
,
255 const char *req_xattr_value
, size_t req_xattr_value_len
,
256 struct evm_digest
*data
)
258 return evm_calc_hmac_or_hash(dentry
, req_xattr_name
, req_xattr_value
,
259 req_xattr_value_len
, EVM_XATTR_HMAC
, data
);
262 int evm_calc_hash(struct dentry
*dentry
, const char *req_xattr_name
,
263 const char *req_xattr_value
, size_t req_xattr_value_len
,
264 char type
, struct evm_digest
*data
)
266 return evm_calc_hmac_or_hash(dentry
, req_xattr_name
, req_xattr_value
,
267 req_xattr_value_len
, type
, data
);
270 static int evm_is_immutable(struct dentry
*dentry
, struct inode
*inode
)
272 const struct evm_ima_xattr_data
*xattr_data
= NULL
;
273 struct integrity_iint_cache
*iint
;
276 iint
= integrity_iint_find(inode
);
277 if (iint
&& (iint
->flags
& EVM_IMMUTABLE_DIGSIG
))
280 /* Do this the hard way */
281 rc
= vfs_getxattr_alloc(&init_user_ns
, dentry
, XATTR_NAME_EVM
,
282 (char **)&xattr_data
, 0, GFP_NOFS
);
288 if (xattr_data
->type
== EVM_XATTR_PORTABLE_DIGSIG
)
299 * Calculate the hmac and update security.evm xattr
301 * Expects to be called with i_mutex locked.
303 int evm_update_evmxattr(struct dentry
*dentry
, const char *xattr_name
,
304 const char *xattr_value
, size_t xattr_value_len
)
306 struct inode
*inode
= d_backing_inode(dentry
);
307 struct evm_digest data
;
311 * Don't permit any transformation of the EVM xattr if the signature
312 * is of an immutable type
314 rc
= evm_is_immutable(dentry
, inode
);
320 data
.hdr
.algo
= HASH_ALGO_SHA1
;
321 rc
= evm_calc_hmac(dentry
, xattr_name
, xattr_value
,
322 xattr_value_len
, &data
);
324 data
.hdr
.xattr
.sha1
.type
= EVM_XATTR_HMAC
;
325 rc
= __vfs_setxattr_noperm(&init_user_ns
, dentry
,
327 &data
.hdr
.xattr
.data
[1],
328 SHA1_DIGEST_SIZE
+ 1, 0);
329 } else if (rc
== -ENODATA
&& (inode
->i_opflags
& IOP_XATTR
)) {
330 rc
= __vfs_removexattr(&init_user_ns
, dentry
, XATTR_NAME_EVM
);
335 int evm_init_hmac(struct inode
*inode
, const struct xattr
*lsm_xattr
,
338 struct shash_desc
*desc
;
340 desc
= init_desc(EVM_XATTR_HMAC
, HASH_ALGO_SHA1
);
342 pr_info("init_desc failed\n");
343 return PTR_ERR(desc
);
346 crypto_shash_update(desc
, lsm_xattr
->value
, lsm_xattr
->value_len
);
347 hmac_add_misc(desc
, inode
, EVM_XATTR_HMAC
, hmac_val
);
353 * Get the key from the TPM for the SHA1-HMAC
355 int evm_init_key(void)
358 struct encrypted_key_payload
*ekp
;
361 evm_key
= request_key(&key_type_encrypted
, EVMKEY
, NULL
);
365 down_read(&evm_key
->sem
);
366 ekp
= evm_key
->payload
.data
[0];
368 rc
= evm_set_key(ekp
->decrypted_data
, ekp
->decrypted_datalen
);
370 /* burn the original key contents */
371 memset(ekp
->decrypted_data
, 0, ekp
->decrypted_datalen
);
372 up_read(&evm_key
->sem
);