linux-pinenote/security/integrity/integrity.h

/*
 * Copyright (C) 2009-2010 IBM Corporation
 *
 * Authors:
 * Mimi Zohar <zohar@us.ibm.com>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation, version 2 of the
 * License.
 *
 */

#include <linux/types.h>
#include <linux/integrity.h>
#include <crypto/sha.h>

/* iint cache flags */
#define IMA_MEASURED		0x01

enum evm_ima_xattr_type {
	IMA_XATTR_DIGEST = 0x01,
	EVM_XATTR_HMAC,
	EVM_IMA_XATTR_DIGSIG,
};

struct evm_ima_xattr_data {
	u8 type;
	u8 digest[SHA1_DIGEST_SIZE];
}  __attribute__((packed));

/* integrity data associated with an inode */
struct integrity_iint_cache {
	struct rb_node rb_node; /* rooted in integrity_iint_tree */
	struct inode *inode;	/* back pointer to inode in question */
	u64 version;		/* track inode changes */
	unsigned char flags;
	u8 digest[SHA1_DIGEST_SIZE];
	struct mutex mutex;	/* protects: version, flags, digest */
	enum integrity_status evm_status;
};

/* rbtree tree calls to lookup, insert, delete
 * integrity data associated with an inode.
 */
struct integrity_iint_cache *integrity_iint_insert(struct inode *inode);
struct integrity_iint_cache *integrity_iint_find(struct inode *inode);

#define INTEGRITY_KEYRING_EVM		0
#define INTEGRITY_KEYRING_MODULE	1
#define INTEGRITY_KEYRING_IMA		2
#define INTEGRITY_KEYRING_MAX		3

#ifdef CONFIG_INTEGRITY_SIGNATURE

int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
					const char *digest, int digestlen);

#else

static inline int integrity_digsig_verify(const unsigned int id,
					  const char *sig, int siglen,
					  const char *digest, int digestlen)
{
	return -EOPNOTSUPP;
}

#endif /* CONFIG_INTEGRITY_SIGNATURE */

/* set during initialization */
extern int iint_initialized;
integrity: move ima inode integrity data management Move the inode integrity data(iint) management up to the integrity directory in order to share the iint among the different integrity models. Changelog: - don't define MAX_DIGEST_SIZE - rename several globally visible 'ima_' prefixed functions, structs, locks, etc to 'integrity_' - replace '20' with SHA1_DIGEST_SIZE - reflect location change in appropriate Kconfig and Makefiles - remove unnecessary initialization of iint_initialized to 0 - rebased on current ima_iint.c - define integrity_iint_store/lock as static There should be no other functional changes. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com> 2011-03-09 14:13:22 -05:00			`/*`
			`* Copyright (C) 2009-2010 IBM Corporation`
			`*`
			`* Authors:`
			`* Mimi Zohar <zohar@us.ibm.com>`
			`*`
			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU General Public License as`
			`* published by the Free Software Foundation, version 2 of the`
			`* License.`
			`*`
			`*/`

			`#include <linux/types.h>`
			`#include <linux/integrity.h>`
			`#include <crypto/sha.h>`

			`/* iint cache flags */`
			`#define IMA_MEASURED 0x01`

evm: add support for different security.evm data types EVM protects a file's security extended attributes(xattrs) against integrity attacks. The current patchset maintains an HMAC-sha1 value across the security xattrs, storing the value as the extended attribute 'security.evm'. We anticipate other methods for protecting the security extended attributes. This patch reserves the first byte of 'security.evm' as a place holder for the type of method. Changelog v6: - move evm_ima_xattr_type definition to security/integrity/integrity.h - defined a structure for the EVM xattr called evm_ima_xattr_data (based on Serge Hallyn's suggestion) - removed unnecessary memset Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> 2011-03-09 14:28:20 -05:00			`enum evm_ima_xattr_type {`
			`IMA_XATTR_DIGEST = 0x01,`
			`EVM_XATTR_HMAC,`
			`EVM_IMA_XATTR_DIGSIG,`
			`};`

			`struct evm_ima_xattr_data {`
			`u8 type;`
			`u8 digest[SHA1_DIGEST_SIZE];`
			`} __attribute__((packed));`

integrity: move ima inode integrity data management Move the inode integrity data(iint) management up to the integrity directory in order to share the iint among the different integrity models. Changelog: - don't define MAX_DIGEST_SIZE - rename several globally visible 'ima_' prefixed functions, structs, locks, etc to 'integrity_' - replace '20' with SHA1_DIGEST_SIZE - reflect location change in appropriate Kconfig and Makefiles - remove unnecessary initialization of iint_initialized to 0 - rebased on current ima_iint.c - define integrity_iint_store/lock as static There should be no other functional changes. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com> 2011-03-09 14:13:22 -05:00			`/* integrity data associated with an inode */`
			`struct integrity_iint_cache {`
			`struct rb_node rb_node; /* rooted in integrity_iint_tree */`
			`struct inode inode; / back pointer to inode in question */`
			`u64 version; /* track inode changes */`
			`unsigned char flags;`
			`u8 digest[SHA1_DIGEST_SIZE];`
			`struct mutex mutex; /* protects: version, flags, digest */`
evm: replace hmac_status with evm_status We will use digital signatures in addtion to hmac. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> 2011-05-06 11:34:17 +03:00			`enum integrity_status evm_status;`
integrity: move ima inode integrity data management Move the inode integrity data(iint) management up to the integrity directory in order to share the iint among the different integrity models. Changelog: - don't define MAX_DIGEST_SIZE - rename several globally visible 'ima_' prefixed functions, structs, locks, etc to 'integrity_' - replace '20' with SHA1_DIGEST_SIZE - reflect location change in appropriate Kconfig and Makefiles - remove unnecessary initialization of iint_initialized to 0 - rebased on current ima_iint.c - define integrity_iint_store/lock as static There should be no other functional changes. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com> 2011-03-09 14:13:22 -05:00			`};`

			`/* rbtree tree calls to lookup, insert, delete`
			`* integrity data associated with an inode.`
			`*/`
			`struct integrity_iint_cache integrity_iint_insert(struct inode inode);`
			`struct integrity_iint_cache integrity_iint_find(struct inode inode);`
integrity: sparse fix: move iint_initialized to integrity.h Sparse fix: move iint_initialized to integrity.h Signed-off-by: James Morris <jmorris@namei.org> 2011-08-17 10:34:33 +10:00
integrity: digital signature verification using multiple keyrings Define separate keyrings for each of the different use cases - evm, ima, and modules. Using different keyrings improves search performance, and also allows "locking" specific keyring to prevent adding new keys. This is useful for evm and module keyrings, when keys are usually only added from initramfs. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> 2011-10-05 11:54:46 +03:00			`#define INTEGRITY_KEYRING_EVM 0`
			`#define INTEGRITY_KEYRING_MODULE 1`
			`#define INTEGRITY_KEYRING_IMA 2`
			`#define INTEGRITY_KEYRING_MAX 3`

integrity: digital signature config option name change Similar to SIGNATURE, rename INTEGRITY_DIGSIG to INTEGRITY_SIGNATURE. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: James Morris <jmorris@namei.org> 2012-01-17 17:12:07 +02:00			`#ifdef CONFIG_INTEGRITY_SIGNATURE`
integrity: digital signature verification using multiple keyrings Define separate keyrings for each of the different use cases - evm, ima, and modules. Using different keyrings improves search performance, and also allows "locking" specific keyring to prevent adding new keys. This is useful for evm and module keyrings, when keys are usually only added from initramfs. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> 2011-10-05 11:54:46 +03:00
			`int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,`
			`const char *digest, int digestlen);`

			`#else`

			`static inline int integrity_digsig_verify(const unsigned int id,`
			`const char *sig, int siglen,`
			`const char *digest, int digestlen)`
			`{`
			`return -EOPNOTSUPP;`
			`}`

integrity: digital signature config option name change Similar to SIGNATURE, rename INTEGRITY_DIGSIG to INTEGRITY_SIGNATURE. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: James Morris <jmorris@namei.org> 2012-01-17 17:12:07 +02:00			`#endif /* CONFIG_INTEGRITY_SIGNATURE */`
integrity: digital signature verification using multiple keyrings Define separate keyrings for each of the different use cases - evm, ima, and modules. Using different keyrings improves search performance, and also allows "locking" specific keyring to prevent adding new keys. This is useful for evm and module keyrings, when keys are usually only added from initramfs. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> 2011-10-05 11:54:46 +03:00
integrity: sparse fix: move iint_initialized to integrity.h Sparse fix: move iint_initialized to integrity.h Signed-off-by: James Morris <jmorris@namei.org> 2011-08-17 10:34:33 +10:00			`/* set during initialization */`
			`extern int iint_initialized;`