[linux-2.6-block.git] / security / integrity / evm / evm.h

/* SPDX-License-Identifier: GPL-2.0-only */
/*
 * Copyright (C) 2005-2010 IBM Corporation
 *
 * Authors:
 * Mimi Zohar <zohar@us.ibm.com>
 * Kylene Hall <kjhall@us.ibm.com>
 *
 * File: evm.h
 */

#ifndef __INTEGRITY_EVM_H
#define __INTEGRITY_EVM_H

#include <linux/xattr.h>
#include <linux/security.h>

#include "../integrity.h"

#define EVM_INIT_HMAC	0x0001
#define EVM_INIT_X509	0x0002
#define EVM_ALLOW_METADATA_WRITES	0x0004
#define EVM_SETUP_COMPLETE 0x80000000 /* userland has signaled key load */

#define EVM_KEY_MASK (EVM_INIT_HMAC | EVM_INIT_X509)
#define EVM_INIT_MASK (EVM_INIT_HMAC | EVM_INIT_X509 | EVM_SETUP_COMPLETE | \
		       EVM_ALLOW_METADATA_WRITES)

struct xattr_list {
	struct list_head list;
	char *name;
	bool enabled;
};

#define EVM_NEW_FILE			0x00000001
#define EVM_IMMUTABLE_DIGSIG		0x00000002

/* EVM integrity metadata associated with an inode */
struct evm_iint_cache {
	unsigned long flags;
	enum integrity_status evm_status:4;
};

extern struct lsm_blob_sizes evm_blob_sizes;

static inline struct evm_iint_cache *evm_iint_inode(const struct inode *inode)
{
	if (unlikely(!inode->i_security))
		return NULL;

	return inode->i_security + evm_blob_sizes.lbs_inode;
}

extern int evm_initialized;

#define EVM_ATTR_FSUUID		0x0001

extern int evm_hmac_attrs;

/* List of EVM protected security xattrs */
extern struct list_head evm_config_xattrnames;

struct evm_digest {
	struct ima_digest_data hdr;
	char digest[IMA_MAX_DIGEST_SIZE];
} __packed;

int evm_protected_xattr(const char *req_xattr_name);

int evm_init_key(void);
int evm_update_evmxattr(struct dentry *dentry,
			const char *req_xattr_name,
			const char *req_xattr_value,
			size_t req_xattr_value_len);
int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name,
		  const char *req_xattr_value,
		  size_t req_xattr_value_len, struct evm_digest *data);
int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name,
		  const char *req_xattr_value,
		  size_t req_xattr_value_len, char type,
		  struct evm_digest *data);
int evm_init_hmac(struct inode *inode, const struct xattr *xattrs,
		  char *hmac_val);
int evm_init_secfs(void);

#endif
Commit	Line	Data
b886d83c	1	/* SPDX-License-Identifier: GPL-2.0-only */
66dbc325 MZ	2	/*
	3	* Copyright (C) 2005-2010 IBM Corporation
	4	*
	5	* Authors:
	6	* Mimi Zohar <zohar@us.ibm.com>
	7	* Kylene Hall <kjhall@us.ibm.com>
	8	*
66dbc325	9	* File: evm.h
66dbc325	10	*/
15647eb3 DK	11
	12	#ifndef __INTEGRITY_EVM_H
	13	#define __INTEGRITY_EVM_H
	14
cb723180	15	#include <linux/xattr.h>
66dbc325	16	#include <linux/security.h>
15647eb3	17
66dbc325 MZ	18	#include "../integrity.h"
66dbc325 MZ	19
26ddabfe DK	20	#define EVM_INIT_HMAC 0x0001
26ddabfe DK	21	#define EVM_INIT_X509 0x0002
ae1ba167 MG	22	#define EVM_ALLOW_METADATA_WRITES 0x0004
ae1ba167 MG	23	#define EVM_SETUP_COMPLETE 0x80000000 /* userland has signaled key load */
f00d7975	24
ae1ba167 MG	25	#define EVM_KEY_MASK (EVM_INIT_HMAC \| EVM_INIT_X509)
	26	#define EVM_INIT_MASK (EVM_INIT_HMAC \| EVM_INIT_X509 \| EVM_SETUP_COMPLETE \| \
	27	EVM_ALLOW_METADATA_WRITES)
26ddabfe	28
21af7663 MG	29	struct xattr_list {
	30	struct list_head list;
	31	char *name;
8c7a703e	32	bool enabled;
21af7663 MG	33	};
21af7663 MG	34
75a323e6 RS	35	#define EVM_NEW_FILE 0x00000001
	36	#define EVM_IMMUTABLE_DIGSIG 0x00000002
	37
	38	/* EVM integrity metadata associated with an inode */
	39	struct evm_iint_cache {
	40	unsigned long flags;
	41	enum integrity_status evm_status:4;
	42	};
	43
	44	extern struct lsm_blob_sizes evm_blob_sizes;
	45
	46	static inline struct evm_iint_cache evm_iint_inode(const struct inode inode)
	47	{
	48	if (unlikely(!inode->i_security))
	49	return NULL;
	50
	51	return inode->i_security + evm_blob_sizes.lbs_inode;
	52	}
	53
66dbc325	54	extern int evm_initialized;
d3b33679 DK	55
	56	#define EVM_ATTR_FSUUID 0x0001
	57
	58	extern int evm_hmac_attrs;
66dbc325 MZ	59
66dbc325 MZ	60	/* List of EVM protected security xattrs */
21af7663	61	extern struct list_head evm_config_xattrnames;
66dbc325	62
5feeb611 MG	63	struct evm_digest {
	64	struct ima_digest_data hdr;
	65	char digest[IMA_MAX_DIGEST_SIZE];
	66	} __packed;
	67
c31288e5 RS	68	int evm_protected_xattr(const char *req_xattr_name);
c31288e5 RS	69
2bb930ab DK	70	int evm_init_key(void);
	71	int evm_update_evmxattr(struct dentry *dentry,
	72	const char *req_xattr_name,
	73	const char *req_xattr_value,
	74	size_t req_xattr_value_len);
	75	int evm_calc_hmac(struct dentry dentry, const char req_xattr_name,
	76	const char *req_xattr_value,
5feeb611	77	size_t req_xattr_value_len, struct evm_digest *data);
2bb930ab DK	78	int evm_calc_hash(struct dentry dentry, const char req_xattr_name,
2bb930ab DK	79	const char *req_xattr_value,
5feeb611 MG	80	size_t req_xattr_value_len, char type,
5feeb611 MG	81	struct evm_digest *data);
c31288e5	82	int evm_init_hmac(struct inode inode, const struct xattr xattrs,
2bb930ab DK	83	char *hmac_val);
2bb930ab DK	84	int evm_init_secfs(void);
15647eb3 DK	85
15647eb3 DK	86	#endif