]>
Commit | Line | Data |
---|---|---|
66dbc325 MZ |
1 | /* |
2 | * Copyright (C) 2005-2010 IBM Corporation | |
3 | * | |
4 | * Authors: | |
5 | * Mimi Zohar <zohar@us.ibm.com> | |
6 | * Kylene Hall <kjhall@us.ibm.com> | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify | |
9 | * it under the terms of the GNU General Public License as published by | |
10 | * the Free Software Foundation, version 2 of the License. | |
11 | * | |
12 | * File: evm_crypto.c | |
13 | * Using root's kernel master key (kmk), calculate the HMAC | |
14 | */ | |
15 | ||
20ee451f JP |
16 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
17 | ||
66dbc325 MZ |
18 | #include <linux/module.h> |
19 | #include <linux/crypto.h> | |
20 | #include <linux/xattr.h> | |
76266763 | 21 | #include <linux/evm.h> |
66dbc325 | 22 | #include <keys/encrypted-type.h> |
d46eb369 | 23 | #include <crypto/hash.h> |
66dbc325 MZ |
24 | #include "evm.h" |
25 | ||
26 | #define EVMKEY "evm-key" | |
27 | #define MAX_KEY_SIZE 128 | |
28 | static unsigned char evmkey[MAX_KEY_SIZE]; | |
29 | static int evmkey_len = MAX_KEY_SIZE; | |
30 | ||
d46eb369 | 31 | struct crypto_shash *hmac_tfm; |
15647eb3 | 32 | struct crypto_shash *hash_tfm; |
d46eb369 | 33 | |
97426f98 DK |
34 | static DEFINE_MUTEX(mutex); |
35 | ||
76266763 DK |
36 | #define EVM_SET_KEY_BUSY 0 |
37 | ||
38 | static unsigned long evm_set_key_flags; | |
39 | ||
40 | /** | |
41 | * evm_set_key() - set EVM HMAC key from the kernel | |
42 | * @key: pointer to a buffer with the key data | |
43 | * @size: length of the key data | |
44 | * | |
45 | * This function allows setting the EVM HMAC key from the kernel | |
46 | * without using the "encrypted" key subsystem keys. It can be used | |
47 | * by the crypto HW kernel module which has its own way of managing | |
48 | * keys. | |
49 | * | |
50 | * key length should be between 32 and 128 bytes long | |
51 | */ | |
52 | int evm_set_key(void *key, size_t keylen) | |
53 | { | |
54 | int rc; | |
55 | ||
56 | rc = -EBUSY; | |
57 | if (test_and_set_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags)) | |
58 | goto busy; | |
59 | rc = -EINVAL; | |
60 | if (keylen > MAX_KEY_SIZE) | |
61 | goto inval; | |
62 | memcpy(evmkey, key, keylen); | |
63 | evm_initialized |= EVM_INIT_HMAC; | |
64 | pr_info("key initialized\n"); | |
65 | return 0; | |
66 | inval: | |
67 | clear_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags); | |
68 | busy: | |
69 | pr_err("key initialization failed\n"); | |
70 | return rc; | |
71 | } | |
72 | EXPORT_SYMBOL_GPL(evm_set_key); | |
73 | ||
8fcc9954 | 74 | static struct shash_desc *init_desc(char type) |
66dbc325 | 75 | { |
143b01d3 | 76 | long rc; |
15647eb3 DK |
77 | char *algo; |
78 | struct crypto_shash **tfm; | |
d46eb369 DK |
79 | struct shash_desc *desc; |
80 | ||
15647eb3 | 81 | if (type == EVM_XATTR_HMAC) { |
26ddabfe | 82 | if (!(evm_initialized & EVM_INIT_HMAC)) { |
0485d066 | 83 | pr_err_once("HMAC key is not set\n"); |
26ddabfe DK |
84 | return ERR_PTR(-ENOKEY); |
85 | } | |
15647eb3 DK |
86 | tfm = &hmac_tfm; |
87 | algo = evm_hmac; | |
88 | } else { | |
89 | tfm = &hash_tfm; | |
90 | algo = evm_hash; | |
91 | } | |
92 | ||
93 | if (*tfm == NULL) { | |
97426f98 | 94 | mutex_lock(&mutex); |
143b01d3 | 95 | if (*tfm) |
97426f98 | 96 | goto out; |
42a729ed MG |
97 | *tfm = crypto_alloc_shash(algo, 0, |
98 | CRYPTO_ALG_ASYNC | CRYPTO_NOLOAD); | |
15647eb3 | 99 | if (IS_ERR(*tfm)) { |
15647eb3 | 100 | rc = PTR_ERR(*tfm); |
143b01d3 | 101 | pr_err("Can not allocate %s (reason: %ld)\n", algo, rc); |
15647eb3 | 102 | *tfm = NULL; |
97426f98 | 103 | mutex_unlock(&mutex); |
d46eb369 DK |
104 | return ERR_PTR(rc); |
105 | } | |
88d7ed35 DK |
106 | if (type == EVM_XATTR_HMAC) { |
107 | rc = crypto_shash_setkey(*tfm, evmkey, evmkey_len); | |
108 | if (rc) { | |
109 | crypto_free_shash(*tfm); | |
110 | *tfm = NULL; | |
143b01d3 | 111 | mutex_unlock(&mutex); |
88d7ed35 DK |
112 | return ERR_PTR(rc); |
113 | } | |
d21b5945 | 114 | } |
97426f98 DK |
115 | out: |
116 | mutex_unlock(&mutex); | |
66dbc325 | 117 | } |
d46eb369 | 118 | |
15647eb3 | 119 | desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm), |
d46eb369 DK |
120 | GFP_KERNEL); |
121 | if (!desc) | |
122 | return ERR_PTR(-ENOMEM); | |
123 | ||
15647eb3 | 124 | desc->tfm = *tfm; |
d46eb369 DK |
125 | desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; |
126 | ||
d46eb369 | 127 | rc = crypto_shash_init(desc); |
d46eb369 DK |
128 | if (rc) { |
129 | kfree(desc); | |
130 | return ERR_PTR(rc); | |
131 | } | |
132 | return desc; | |
66dbc325 MZ |
133 | } |
134 | ||
135 | /* Protect against 'cutting & pasting' security.evm xattr, include inode | |
136 | * specific info. | |
137 | * | |
138 | * (Additional directory/file metadata needs to be added for more complete | |
139 | * protection.) | |
140 | */ | |
d46eb369 | 141 | static void hmac_add_misc(struct shash_desc *desc, struct inode *inode, |
21362f43 | 142 | char type, char *digest) |
66dbc325 MZ |
143 | { |
144 | struct h_misc { | |
145 | unsigned long ino; | |
146 | __u32 generation; | |
147 | uid_t uid; | |
148 | gid_t gid; | |
149 | umode_t mode; | |
150 | } hmac_misc; | |
66dbc325 | 151 | |
2bb930ab | 152 | memset(&hmac_misc, 0, sizeof(hmac_misc)); |
21362f43 MG |
153 | /* Don't include the inode or generation number in portable |
154 | * signatures | |
155 | */ | |
156 | if (type != EVM_XATTR_PORTABLE_DIGSIG) { | |
157 | hmac_misc.ino = inode->i_ino; | |
158 | hmac_misc.generation = inode->i_generation; | |
159 | } | |
19339c25 EB |
160 | /* The hmac uid and gid must be encoded in the initial user |
161 | * namespace (not the filesystems user namespace) as encoding | |
162 | * them in the filesystems user namespace allows an attack | |
163 | * where first they are written in an unprivileged fuse mount | |
164 | * of a filesystem and then the system is tricked to mount the | |
165 | * filesystem for real on next boot and trust it because | |
166 | * everything is signed. | |
167 | */ | |
168 | hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid); | |
169 | hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid); | |
66dbc325 | 170 | hmac_misc.mode = inode->i_mode; |
2bb930ab | 171 | crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc)); |
21362f43 MG |
172 | if ((evm_hmac_attrs & EVM_ATTR_FSUUID) && |
173 | type != EVM_XATTR_PORTABLE_DIGSIG) | |
85787090 | 174 | crypto_shash_update(desc, &inode->i_sb->s_uuid.b[0], |
74de6684 | 175 | sizeof(inode->i_sb->s_uuid)); |
d46eb369 | 176 | crypto_shash_final(desc, digest); |
66dbc325 MZ |
177 | } |
178 | ||
179 | /* | |
180 | * Calculate the HMAC value across the set of protected security xattrs. | |
181 | * | |
182 | * Instead of retrieving the requested xattr, for performance, calculate | |
183 | * the hmac using the requested xattr value. Don't alloc/free memory for | |
184 | * each xattr, but attempt to re-use the previously allocated memory. | |
185 | */ | |
15647eb3 DK |
186 | static int evm_calc_hmac_or_hash(struct dentry *dentry, |
187 | const char *req_xattr_name, | |
188 | const char *req_xattr_value, | |
189 | size_t req_xattr_value_len, | |
190 | char type, char *digest) | |
66dbc325 | 191 | { |
c6f493d6 | 192 | struct inode *inode = d_backing_inode(dentry); |
d46eb369 | 193 | struct shash_desc *desc; |
66dbc325 MZ |
194 | char **xattrname; |
195 | size_t xattr_size = 0; | |
196 | char *xattr_value = NULL; | |
197 | int error; | |
198 | int size; | |
21362f43 | 199 | bool ima_present = false; |
66dbc325 | 200 | |
7c026e69 SF |
201 | if (!(inode->i_opflags & IOP_XATTR) || |
202 | inode->i_sb->s_user_ns != &init_user_ns) | |
66dbc325 | 203 | return -EOPNOTSUPP; |
5d6c3191 | 204 | |
15647eb3 | 205 | desc = init_desc(type); |
d46eb369 DK |
206 | if (IS_ERR(desc)) |
207 | return PTR_ERR(desc); | |
66dbc325 MZ |
208 | |
209 | error = -ENODATA; | |
210 | for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++) { | |
21362f43 MG |
211 | bool is_ima = false; |
212 | ||
213 | if (strcmp(*xattrname, XATTR_NAME_IMA) == 0) | |
214 | is_ima = true; | |
215 | ||
66dbc325 MZ |
216 | if ((req_xattr_name && req_xattr_value) |
217 | && !strcmp(*xattrname, req_xattr_name)) { | |
218 | error = 0; | |
d46eb369 DK |
219 | crypto_shash_update(desc, (const u8 *)req_xattr_value, |
220 | req_xattr_value_len); | |
21362f43 MG |
221 | if (is_ima) |
222 | ima_present = true; | |
66dbc325 MZ |
223 | continue; |
224 | } | |
225 | size = vfs_getxattr_alloc(dentry, *xattrname, | |
226 | &xattr_value, xattr_size, GFP_NOFS); | |
227 | if (size == -ENOMEM) { | |
228 | error = -ENOMEM; | |
229 | goto out; | |
230 | } | |
231 | if (size < 0) | |
232 | continue; | |
233 | ||
234 | error = 0; | |
235 | xattr_size = size; | |
d46eb369 | 236 | crypto_shash_update(desc, (const u8 *)xattr_value, xattr_size); |
21362f43 MG |
237 | if (is_ima) |
238 | ima_present = true; | |
66dbc325 | 239 | } |
21362f43 | 240 | hmac_add_misc(desc, inode, type, digest); |
d46eb369 | 241 | |
21362f43 MG |
242 | /* Portable EVM signatures must include an IMA hash */ |
243 | if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present) | |
244 | return -EPERM; | |
66dbc325 | 245 | out: |
d46eb369 DK |
246 | kfree(xattr_value); |
247 | kfree(desc); | |
66dbc325 MZ |
248 | return error; |
249 | } | |
250 | ||
15647eb3 DK |
251 | int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name, |
252 | const char *req_xattr_value, size_t req_xattr_value_len, | |
253 | char *digest) | |
254 | { | |
255 | return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value, | |
21362f43 | 256 | req_xattr_value_len, EVM_XATTR_HMAC, digest); |
15647eb3 DK |
257 | } |
258 | ||
259 | int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name, | |
260 | const char *req_xattr_value, size_t req_xattr_value_len, | |
21362f43 | 261 | char type, char *digest) |
15647eb3 DK |
262 | { |
263 | return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value, | |
21362f43 MG |
264 | req_xattr_value_len, type, digest); |
265 | } | |
266 | ||
267 | static int evm_is_immutable(struct dentry *dentry, struct inode *inode) | |
268 | { | |
269 | const struct evm_ima_xattr_data *xattr_data = NULL; | |
270 | struct integrity_iint_cache *iint; | |
271 | int rc = 0; | |
272 | ||
273 | iint = integrity_iint_find(inode); | |
274 | if (iint && (iint->flags & EVM_IMMUTABLE_DIGSIG)) | |
275 | return 1; | |
276 | ||
277 | /* Do this the hard way */ | |
278 | rc = vfs_getxattr_alloc(dentry, XATTR_NAME_EVM, (char **)&xattr_data, 0, | |
279 | GFP_NOFS); | |
280 | if (rc <= 0) { | |
281 | if (rc == -ENODATA) | |
282 | return 0; | |
283 | return rc; | |
284 | } | |
285 | if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG) | |
286 | rc = 1; | |
287 | else | |
288 | rc = 0; | |
289 | ||
290 | kfree(xattr_data); | |
291 | return rc; | |
15647eb3 DK |
292 | } |
293 | ||
21362f43 | 294 | |
66dbc325 MZ |
295 | /* |
296 | * Calculate the hmac and update security.evm xattr | |
297 | * | |
298 | * Expects to be called with i_mutex locked. | |
299 | */ | |
300 | int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name, | |
301 | const char *xattr_value, size_t xattr_value_len) | |
302 | { | |
c6f493d6 | 303 | struct inode *inode = d_backing_inode(dentry); |
6be5cc52 | 304 | struct evm_ima_xattr_data xattr_data; |
66dbc325 MZ |
305 | int rc = 0; |
306 | ||
21362f43 MG |
307 | /* |
308 | * Don't permit any transformation of the EVM xattr if the signature | |
309 | * is of an immutable type | |
310 | */ | |
311 | rc = evm_is_immutable(dentry, inode); | |
312 | if (rc < 0) | |
313 | return rc; | |
314 | if (rc) | |
315 | return -EPERM; | |
316 | ||
66dbc325 | 317 | rc = evm_calc_hmac(dentry, xattr_name, xattr_value, |
6be5cc52 DK |
318 | xattr_value_len, xattr_data.digest); |
319 | if (rc == 0) { | |
320 | xattr_data.type = EVM_XATTR_HMAC; | |
66dbc325 | 321 | rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_EVM, |
6be5cc52 DK |
322 | &xattr_data, |
323 | sizeof(xattr_data), 0); | |
5d6c3191 AG |
324 | } else if (rc == -ENODATA && (inode->i_opflags & IOP_XATTR)) { |
325 | rc = __vfs_removexattr(dentry, XATTR_NAME_EVM); | |
a67adb99 | 326 | } |
66dbc325 MZ |
327 | return rc; |
328 | } | |
329 | ||
cb723180 MZ |
330 | int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr, |
331 | char *hmac_val) | |
332 | { | |
d46eb369 | 333 | struct shash_desc *desc; |
cb723180 | 334 | |
15647eb3 | 335 | desc = init_desc(EVM_XATTR_HMAC); |
d46eb369 | 336 | if (IS_ERR(desc)) { |
20ee451f | 337 | pr_info("init_desc failed\n"); |
d46eb369 | 338 | return PTR_ERR(desc); |
cb723180 MZ |
339 | } |
340 | ||
d46eb369 | 341 | crypto_shash_update(desc, lsm_xattr->value, lsm_xattr->value_len); |
21362f43 | 342 | hmac_add_misc(desc, inode, EVM_XATTR_HMAC, hmac_val); |
d46eb369 | 343 | kfree(desc); |
cb723180 MZ |
344 | return 0; |
345 | } | |
346 | ||
66dbc325 MZ |
347 | /* |
348 | * Get the key from the TPM for the SHA1-HMAC | |
349 | */ | |
350 | int evm_init_key(void) | |
351 | { | |
352 | struct key *evm_key; | |
353 | struct encrypted_key_payload *ekp; | |
76266763 | 354 | int rc; |
66dbc325 MZ |
355 | |
356 | evm_key = request_key(&key_type_encrypted, EVMKEY, NULL); | |
357 | if (IS_ERR(evm_key)) | |
358 | return -ENOENT; | |
359 | ||
360 | down_read(&evm_key->sem); | |
146aa8b1 | 361 | ekp = evm_key->payload.data[0]; |
76266763 DK |
362 | |
363 | rc = evm_set_key(ekp->decrypted_data, ekp->decrypted_datalen); | |
364 | ||
66dbc325 MZ |
365 | /* burn the original key contents */ |
366 | memset(ekp->decrypted_data, 0, ekp->decrypted_datalen); | |
367 | up_read(&evm_key->sem); | |
368 | key_put(evm_key); | |
369 | return rc; | |
370 | } |