~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/integrity/evm/evm_crypto.c

Version: ~ [ linux-5.4-rc3 ] ~ [ linux-5.3.6 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.79 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.149 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.196 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.196 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.75 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * Copyright (C) 2005-2010 IBM Corporation
  3  *
  4  * Authors:
  5  * Mimi Zohar <zohar@us.ibm.com>
  6  * Kylene Hall <kjhall@us.ibm.com>
  7  *
  8  * This program is free software; you can redistribute it and/or modify
  9  * it under the terms of the GNU General Public License as published by
 10  * the Free Software Foundation, version 2 of the License.
 11  *
 12  * File: evm_crypto.c
 13  *       Using root's kernel master key (kmk), calculate the HMAC
 14  */
 15 
 16 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 17 
 18 #include <linux/module.h>
 19 #include <linux/crypto.h>
 20 #include <linux/xattr.h>
 21 #include <linux/evm.h>
 22 #include <keys/encrypted-type.h>
 23 #include <crypto/hash.h>
 24 #include "evm.h"
 25 
 26 #define EVMKEY "evm-key"
 27 #define MAX_KEY_SIZE 128
 28 static unsigned char evmkey[MAX_KEY_SIZE];
 29 static int evmkey_len = MAX_KEY_SIZE;
 30 
 31 struct crypto_shash *hmac_tfm;
 32 struct crypto_shash *hash_tfm;
 33 
 34 static DEFINE_MUTEX(mutex);
 35 
 36 #define EVM_SET_KEY_BUSY 0
 37 
 38 static unsigned long evm_set_key_flags;
 39 
 40 /**
 41  * evm_set_key() - set EVM HMAC key from the kernel
 42  * @key: pointer to a buffer with the key data
 43  * @size: length of the key data
 44  *
 45  * This function allows setting the EVM HMAC key from the kernel
 46  * without using the "encrypted" key subsystem keys. It can be used
 47  * by the crypto HW kernel module which has its own way of managing
 48  * keys.
 49  *
 50  * key length should be between 32 and 128 bytes long
 51  */
 52 int evm_set_key(void *key, size_t keylen)
 53 {
 54         int rc;
 55 
 56         rc = -EBUSY;
 57         if (test_and_set_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags))
 58                 goto busy;
 59         rc = -EINVAL;
 60         if (keylen > MAX_KEY_SIZE)
 61                 goto inval;
 62         memcpy(evmkey, key, keylen);
 63         evm_initialized |= EVM_INIT_HMAC;
 64         pr_info("key initialized\n");
 65         return 0;
 66 inval:
 67         clear_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags);
 68 busy:
 69         pr_err("key initialization failed\n");
 70         return rc;
 71 }
 72 EXPORT_SYMBOL_GPL(evm_set_key);
 73 
 74 static struct shash_desc *init_desc(char type)
 75 {
 76         long rc;
 77         char *algo;
 78         struct crypto_shash **tfm;
 79         struct shash_desc *desc;
 80 
 81         if (type == EVM_XATTR_HMAC) {
 82                 if (!(evm_initialized & EVM_INIT_HMAC)) {
 83                         pr_err("HMAC key is not set\n");
 84                         return ERR_PTR(-ENOKEY);
 85                 }
 86                 tfm = &hmac_tfm;
 87                 algo = evm_hmac;
 88         } else {
 89                 tfm = &hash_tfm;
 90                 algo = evm_hash;
 91         }
 92 
 93         if (*tfm == NULL) {
 94                 mutex_lock(&mutex);
 95                 if (*tfm)
 96                         goto out;
 97                 *tfm = crypto_alloc_shash(algo, 0, CRYPTO_ALG_ASYNC);
 98                 if (IS_ERR(*tfm)) {
 99                         rc = PTR_ERR(*tfm);
100                         pr_err("Can not allocate %s (reason: %ld)\n", algo, rc);
101                         *tfm = NULL;
102                         mutex_unlock(&mutex);
103                         return ERR_PTR(rc);
104                 }
105                 if (type == EVM_XATTR_HMAC) {
106                         rc = crypto_shash_setkey(*tfm, evmkey, evmkey_len);
107                         if (rc) {
108                                 crypto_free_shash(*tfm);
109                                 *tfm = NULL;
110                                 mutex_unlock(&mutex);
111                                 return ERR_PTR(rc);
112                         }
113                 }
114 out:
115                 mutex_unlock(&mutex);
116         }
117 
118         desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm),
119                         GFP_KERNEL);
120         if (!desc)
121                 return ERR_PTR(-ENOMEM);
122 
123         desc->tfm = *tfm;
124         desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
125 
126         rc = crypto_shash_init(desc);
127         if (rc) {
128                 kfree(desc);
129                 return ERR_PTR(rc);
130         }
131         return desc;
132 }
133 
134 /* Protect against 'cutting & pasting' security.evm xattr, include inode
135  * specific info.
136  *
137  * (Additional directory/file metadata needs to be added for more complete
138  * protection.)
139  */
140 static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
141                           char *digest)
142 {
143         struct h_misc {
144                 unsigned long ino;
145                 __u32 generation;
146                 uid_t uid;
147                 gid_t gid;
148                 umode_t mode;
149         } hmac_misc;
150 
151         memset(&hmac_misc, 0, sizeof(hmac_misc));
152         hmac_misc.ino = inode->i_ino;
153         hmac_misc.generation = inode->i_generation;
154         /* The hmac uid and gid must be encoded in the initial user
155          * namespace (not the filesystems user namespace) as encoding
156          * them in the filesystems user namespace allows an attack
157          * where first they are written in an unprivileged fuse mount
158          * of a filesystem and then the system is tricked to mount the
159          * filesystem for real on next boot and trust it because
160          * everything is signed.
161          */
162         hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid);
163         hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid);
164         hmac_misc.mode = inode->i_mode;
165         crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc));
166         if (evm_hmac_attrs & EVM_ATTR_FSUUID)
167                 crypto_shash_update(desc, inode->i_sb->s_uuid,
168                                     sizeof(inode->i_sb->s_uuid));
169         crypto_shash_final(desc, digest);
170 }
171 
172 /*
173  * Calculate the HMAC value across the set of protected security xattrs.
174  *
175  * Instead of retrieving the requested xattr, for performance, calculate
176  * the hmac using the requested xattr value. Don't alloc/free memory for
177  * each xattr, but attempt to re-use the previously allocated memory.
178  */
179 static int evm_calc_hmac_or_hash(struct dentry *dentry,
180                                 const char *req_xattr_name,
181                                 const char *req_xattr_value,
182                                 size_t req_xattr_value_len,
183                                 char type, char *digest)
184 {
185         struct inode *inode = d_backing_inode(dentry);
186         struct shash_desc *desc;
187         char **xattrname;
188         size_t xattr_size = 0;
189         char *xattr_value = NULL;
190         int error;
191         int size;
192 
193         if (!(inode->i_opflags & IOP_XATTR))
194                 return -EOPNOTSUPP;
195 
196         desc = init_desc(type);
197         if (IS_ERR(desc))
198                 return PTR_ERR(desc);
199 
200         error = -ENODATA;
201         for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++) {
202                 if ((req_xattr_name && req_xattr_value)
203                     && !strcmp(*xattrname, req_xattr_name)) {
204                         error = 0;
205                         crypto_shash_update(desc, (const u8 *)req_xattr_value,
206                                              req_xattr_value_len);
207                         continue;
208                 }
209                 size = vfs_getxattr_alloc(dentry, *xattrname,
210                                           &xattr_value, xattr_size, GFP_NOFS);
211                 if (size == -ENOMEM) {
212                         error = -ENOMEM;
213                         goto out;
214                 }
215                 if (size < 0)
216                         continue;
217 
218                 error = 0;
219                 xattr_size = size;
220                 crypto_shash_update(desc, (const u8 *)xattr_value, xattr_size);
221         }
222         hmac_add_misc(desc, inode, digest);
223 
224 out:
225         kfree(xattr_value);
226         kfree(desc);
227         return error;
228 }
229 
230 int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name,
231                   const char *req_xattr_value, size_t req_xattr_value_len,
232                   char *digest)
233 {
234         return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value,
235                                 req_xattr_value_len, EVM_XATTR_HMAC, digest);
236 }
237 
238 int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name,
239                   const char *req_xattr_value, size_t req_xattr_value_len,
240                   char *digest)
241 {
242         return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value,
243                                 req_xattr_value_len, IMA_XATTR_DIGEST, digest);
244 }
245 
246 /*
247  * Calculate the hmac and update security.evm xattr
248  *
249  * Expects to be called with i_mutex locked.
250  */
251 int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name,
252                         const char *xattr_value, size_t xattr_value_len)
253 {
254         struct inode *inode = d_backing_inode(dentry);
255         struct evm_ima_xattr_data xattr_data;
256         int rc = 0;
257 
258         rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
259                            xattr_value_len, xattr_data.digest);
260         if (rc == 0) {
261                 xattr_data.type = EVM_XATTR_HMAC;
262                 rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_EVM,
263                                            &xattr_data,
264                                            sizeof(xattr_data), 0);
265         } else if (rc == -ENODATA && (inode->i_opflags & IOP_XATTR)) {
266                 rc = __vfs_removexattr(dentry, XATTR_NAME_EVM);
267         }
268         return rc;
269 }
270 
271 int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr,
272                   char *hmac_val)
273 {
274         struct shash_desc *desc;
275 
276         desc = init_desc(EVM_XATTR_HMAC);
277         if (IS_ERR(desc)) {
278                 pr_info("init_desc failed\n");
279                 return PTR_ERR(desc);
280         }
281 
282         crypto_shash_update(desc, lsm_xattr->value, lsm_xattr->value_len);
283         hmac_add_misc(desc, inode, hmac_val);
284         kfree(desc);
285         return 0;
286 }
287 
288 /*
289  * Get the key from the TPM for the SHA1-HMAC
290  */
291 int evm_init_key(void)
292 {
293         struct key *evm_key;
294         struct encrypted_key_payload *ekp;
295         int rc;
296 
297         evm_key = request_key(&key_type_encrypted, EVMKEY, NULL);
298         if (IS_ERR(evm_key))
299                 return -ENOENT;
300 
301         down_read(&evm_key->sem);
302         ekp = evm_key->payload.data[0];
303 
304         rc = evm_set_key(ekp->decrypted_data, ekp->decrypted_datalen);
305 
306         /* burn the original key contents */
307         memset(ekp->decrypted_data, 0, ekp->decrypted_datalen);
308         up_read(&evm_key->sem);
309         key_put(evm_key);
310         return rc;
311 }
312 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp