2011-03-10 03:13:22 +08:00
|
|
|
/*
|
|
|
|
|
* Copyright (C) 2009-2010 IBM Corporation
|
|
|
|
|
*
|
|
|
|
|
* Authors:
|
|
|
|
|
* Mimi Zohar <zohar@us.ibm.com>
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License as
|
|
|
|
|
* published by the Free Software Foundation, version 2 of the
|
|
|
|
|
* License.
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <linux/types.h>
|
|
|
|
|
#include <linux/integrity.h>
|
|
|
|
|
#include <crypto/sha.h>
|
|
|
|
|
|
2012-09-13 01:51:32 +08:00
|
|
|
/* iint action cache flags */
|
|
|
|
|
#define IMA_MEASURE 0x0001
|
|
|
|
|
#define IMA_MEASURED 0x0002
|
|
|
|
|
#define IMA_APPRAISE 0x0004
|
|
|
|
|
#define IMA_APPRAISED 0x0008
|
|
|
|
|
/*#define IMA_COLLECT 0x0010 do not use this flag */
|
|
|
|
|
#define IMA_COLLECTED 0x0020
|
2012-06-15 01:04:36 +08:00
|
|
|
#define IMA_AUDIT 0x0040
|
|
|
|
|
#define IMA_AUDITED 0x0080
|
2012-09-13 01:51:32 +08:00
|
|
|
|
2011-03-10 03:13:22 +08:00
|
|
|
/* iint cache flags */
|
2012-09-13 01:51:32 +08:00
|
|
|
#define IMA_DIGSIG 0x0100
|
|
|
|
|
|
2012-06-15 01:04:36 +08:00
|
|
|
#define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT)
|
|
|
|
|
#define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED \
|
|
|
|
|
| IMA_COLLECTED)
|
2011-03-10 03:13:22 +08:00
|
|
|
|
2011-03-10 03:28:20 +08:00
|
|
|
enum evm_ima_xattr_type {
|
|
|
|
|
IMA_XATTR_DIGEST = 0x01,
|
|
|
|
|
EVM_XATTR_HMAC,
|
|
|
|
|
EVM_IMA_XATTR_DIGSIG,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct evm_ima_xattr_data {
|
|
|
|
|
u8 type;
|
|
|
|
|
u8 digest[SHA1_DIGEST_SIZE];
|
|
|
|
|
} __attribute__((packed));
|
|
|
|
|
|
2011-03-10 03:13:22 +08:00
|
|
|
/* integrity data associated with an inode */
|
|
|
|
|
struct integrity_iint_cache {
|
|
|
|
|
struct rb_node rb_node; /* rooted in integrity_iint_tree */
|
|
|
|
|
struct inode *inode; /* back pointer to inode in question */
|
|
|
|
|
u64 version; /* track inode changes */
|
2012-09-19 20:32:49 +08:00
|
|
|
unsigned short flags;
|
2012-01-10 11:59:36 +08:00
|
|
|
struct evm_ima_xattr_data ima_xattr;
|
2012-09-21 22:00:43 +08:00
|
|
|
enum integrity_status ima_status:4;
|
|
|
|
|
enum integrity_status evm_status:4;
|
2011-03-10 03:13:22 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* rbtree tree calls to lookup, insert, delete
|
|
|
|
|
* integrity data associated with an inode.
|
|
|
|
|
*/
|
|
|
|
|
struct integrity_iint_cache *integrity_iint_insert(struct inode *inode);
|
|
|
|
|
struct integrity_iint_cache *integrity_iint_find(struct inode *inode);
|
2011-08-17 08:34:33 +08:00
|
|
|
|
2011-10-05 16:54:46 +08:00
|
|
|
#define INTEGRITY_KEYRING_EVM 0
|
|
|
|
|
#define INTEGRITY_KEYRING_MODULE 1
|
|
|
|
|
#define INTEGRITY_KEYRING_IMA 2
|
|
|
|
|
#define INTEGRITY_KEYRING_MAX 3
|
|
|
|
|
|
2012-01-17 23:12:07 +08:00
|
|
|
#ifdef CONFIG_INTEGRITY_SIGNATURE
|
2011-10-05 16:54:46 +08:00
|
|
|
|
|
|
|
|
int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
|
|
|
|
|
const char *digest, int digestlen);
|
|
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
|
|
static inline int integrity_digsig_verify(const unsigned int id,
|
|
|
|
|
const char *sig, int siglen,
|
|
|
|
|
const char *digest, int digestlen)
|
|
|
|
|
{
|
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
}
|
|
|
|
|
|
2012-01-17 23:12:07 +08:00
|
|
|
#endif /* CONFIG_INTEGRITY_SIGNATURE */
|
2011-10-05 16:54:46 +08:00
|
|
|
|
2011-08-17 08:34:33 +08:00
|
|
|
/* set during initialization */
|
|
|
|
|
extern int iint_initialized;
|
