Commit | Line | Data |
---|---|---|
b886d83c | 1 | // SPDX-License-Identifier: GPL-2.0-only |
66dbc325 MZ |
2 | /* |
3 | * Copyright (C) 2005-2010 IBM Corporation | |
4 | * | |
5 | * Authors: | |
6 | * Mimi Zohar <zohar@us.ibm.com> | |
7 | * Kylene Hall <kjhall@us.ibm.com> | |
8 | * | |
66dbc325 MZ |
9 | * File: evm_crypto.c |
10 | * Using root's kernel master key (kmk), calculate the HMAC | |
11 | */ | |
12 | ||
20ee451f JP |
13 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
14 | ||
876979c9 | 15 | #include <linux/export.h> |
66dbc325 MZ |
16 | #include <linux/crypto.h> |
17 | #include <linux/xattr.h> | |
76266763 | 18 | #include <linux/evm.h> |
66dbc325 | 19 | #include <keys/encrypted-type.h> |
d46eb369 | 20 | #include <crypto/hash.h> |
5feeb611 | 21 | #include <crypto/hash_info.h> |
66dbc325 MZ |
22 | #include "evm.h" |
23 | ||
24 | #define EVMKEY "evm-key" | |
25 | #define MAX_KEY_SIZE 128 | |
26 | static unsigned char evmkey[MAX_KEY_SIZE]; | |
b2724d58 | 27 | static const int evmkey_len = MAX_KEY_SIZE; |
66dbc325 | 28 | |
d46eb369 | 29 | struct crypto_shash *hmac_tfm; |
5feeb611 | 30 | static struct crypto_shash *evm_tfm[HASH_ALGO__LAST]; |
d46eb369 | 31 | |
97426f98 DK |
32 | static DEFINE_MUTEX(mutex); |
33 | ||
76266763 DK |
34 | #define EVM_SET_KEY_BUSY 0 |
35 | ||
36 | static unsigned long evm_set_key_flags; | |
37 | ||
b2724d58 | 38 | static const char evm_hmac[] = "hmac(sha1)"; |
1a82cee3 | 39 | |
76266763 DK |
40 | /** |
41 | * evm_set_key() - set EVM HMAC key from the kernel | |
42 | * @key: pointer to a buffer with the key data | |
43 | * @size: length of the key data | |
44 | * | |
45 | * This function allows setting the EVM HMAC key from the kernel | |
46 | * without using the "encrypted" key subsystem keys. It can be used | |
47 | * by the crypto HW kernel module which has its own way of managing | |
48 | * keys. | |
49 | * | |
50 | * key length should be between 32 and 128 bytes long | |
51 | */ | |
52 | int evm_set_key(void *key, size_t keylen) | |
53 | { | |
54 | int rc; | |
55 | ||
56 | rc = -EBUSY; | |
57 | if (test_and_set_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags)) | |
58 | goto busy; | |
59 | rc = -EINVAL; | |
60 | if (keylen > MAX_KEY_SIZE) | |
61 | goto inval; | |
62 | memcpy(evmkey, key, keylen); | |
63 | evm_initialized |= EVM_INIT_HMAC; | |
64 | pr_info("key initialized\n"); | |
65 | return 0; | |
66 | inval: | |
67 | clear_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags); | |
68 | busy: | |
69 | pr_err("key initialization failed\n"); | |
70 | return rc; | |
71 | } | |
72 | EXPORT_SYMBOL_GPL(evm_set_key); | |
73 | ||
5feeb611 | 74 | static struct shash_desc *init_desc(char type, uint8_t hash_algo) |
66dbc325 | 75 | { |
143b01d3 | 76 | long rc; |
5feeb611 | 77 | const char *algo; |
15647eb3 | 78 | struct crypto_shash **tfm; |
d46eb369 DK |
79 | struct shash_desc *desc; |
80 | ||
15647eb3 | 81 | if (type == EVM_XATTR_HMAC) { |
26ddabfe | 82 | if (!(evm_initialized & EVM_INIT_HMAC)) { |
0485d066 | 83 | pr_err_once("HMAC key is not set\n"); |
26ddabfe DK |
84 | return ERR_PTR(-ENOKEY); |
85 | } | |
15647eb3 DK |
86 | tfm = &hmac_tfm; |
87 | algo = evm_hmac; | |
88 | } else { | |
221be106 RS |
89 | if (hash_algo >= HASH_ALGO__LAST) |
90 | return ERR_PTR(-EINVAL); | |
91 | ||
5feeb611 MG |
92 | tfm = &evm_tfm[hash_algo]; |
93 | algo = hash_algo_name[hash_algo]; | |
15647eb3 DK |
94 | } |
95 | ||
96 | if (*tfm == NULL) { | |
97426f98 | 97 | mutex_lock(&mutex); |
143b01d3 | 98 | if (*tfm) |
97426f98 | 99 | goto out; |
3d234b33 | 100 | *tfm = crypto_alloc_shash(algo, 0, CRYPTO_NOLOAD); |
15647eb3 | 101 | if (IS_ERR(*tfm)) { |
15647eb3 | 102 | rc = PTR_ERR(*tfm); |
143b01d3 | 103 | pr_err("Can not allocate %s (reason: %ld)\n", algo, rc); |
15647eb3 | 104 | *tfm = NULL; |
97426f98 | 105 | mutex_unlock(&mutex); |
d46eb369 DK |
106 | return ERR_PTR(rc); |
107 | } | |
88d7ed35 DK |
108 | if (type == EVM_XATTR_HMAC) { |
109 | rc = crypto_shash_setkey(*tfm, evmkey, evmkey_len); | |
110 | if (rc) { | |
111 | crypto_free_shash(*tfm); | |
112 | *tfm = NULL; | |
143b01d3 | 113 | mutex_unlock(&mutex); |
88d7ed35 DK |
114 | return ERR_PTR(rc); |
115 | } | |
d21b5945 | 116 | } |
97426f98 DK |
117 | out: |
118 | mutex_unlock(&mutex); | |
66dbc325 | 119 | } |
d46eb369 | 120 | |
15647eb3 | 121 | desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm), |
d46eb369 DK |
122 | GFP_KERNEL); |
123 | if (!desc) | |
124 | return ERR_PTR(-ENOMEM); | |
125 | ||
15647eb3 | 126 | desc->tfm = *tfm; |
d46eb369 | 127 | |
d46eb369 | 128 | rc = crypto_shash_init(desc); |
d46eb369 DK |
129 | if (rc) { |
130 | kfree(desc); | |
131 | return ERR_PTR(rc); | |
132 | } | |
133 | return desc; | |
66dbc325 MZ |
134 | } |
135 | ||
136 | /* Protect against 'cutting & pasting' security.evm xattr, include inode | |
137 | * specific info. | |
138 | * | |
139 | * (Additional directory/file metadata needs to be added for more complete | |
140 | * protection.) | |
141 | */ | |
d46eb369 | 142 | static void hmac_add_misc(struct shash_desc *desc, struct inode *inode, |
50b97748 | 143 | char type, char *digest) |
66dbc325 MZ |
144 | { |
145 | struct h_misc { | |
146 | unsigned long ino; | |
147 | __u32 generation; | |
148 | uid_t uid; | |
149 | gid_t gid; | |
150 | umode_t mode; | |
151 | } hmac_misc; | |
66dbc325 | 152 | |
2bb930ab | 153 | memset(&hmac_misc, 0, sizeof(hmac_misc)); |
50b97748 MG |
154 | /* Don't include the inode or generation number in portable |
155 | * signatures | |
156 | */ | |
157 | if (type != EVM_XATTR_PORTABLE_DIGSIG) { | |
158 | hmac_misc.ino = inode->i_ino; | |
159 | hmac_misc.generation = inode->i_generation; | |
160 | } | |
19339c25 EB |
161 | /* The hmac uid and gid must be encoded in the initial user |
162 | * namespace (not the filesystems user namespace) as encoding | |
163 | * them in the filesystems user namespace allows an attack | |
164 | * where first they are written in an unprivileged fuse mount | |
165 | * of a filesystem and then the system is tricked to mount the | |
166 | * filesystem for real on next boot and trust it because | |
167 | * everything is signed. | |
168 | */ | |
169 | hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid); | |
170 | hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid); | |
66dbc325 | 171 | hmac_misc.mode = inode->i_mode; |
2bb930ab | 172 | crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc)); |
50b97748 MG |
173 | if ((evm_hmac_attrs & EVM_ATTR_FSUUID) && |
174 | type != EVM_XATTR_PORTABLE_DIGSIG) | |
e7fde070 | 175 | crypto_shash_update(desc, (u8 *)&inode->i_sb->s_uuid, UUID_SIZE); |
d46eb369 | 176 | crypto_shash_final(desc, digest); |
66dbc325 MZ |
177 | } |
178 | ||
179 | /* | |
180 | * Calculate the HMAC value across the set of protected security xattrs. | |
181 | * | |
182 | * Instead of retrieving the requested xattr, for performance, calculate | |
183 | * the hmac using the requested xattr value. Don't alloc/free memory for | |
184 | * each xattr, but attempt to re-use the previously allocated memory. | |
185 | */ | |
15647eb3 | 186 | static int evm_calc_hmac_or_hash(struct dentry *dentry, |
5feeb611 MG |
187 | const char *req_xattr_name, |
188 | const char *req_xattr_value, | |
189 | size_t req_xattr_value_len, | |
190 | uint8_t type, struct evm_digest *data) | |
66dbc325 | 191 | { |
c6f493d6 | 192 | struct inode *inode = d_backing_inode(dentry); |
21af7663 | 193 | struct xattr_list *xattr; |
d46eb369 | 194 | struct shash_desc *desc; |
66dbc325 MZ |
195 | size_t xattr_size = 0; |
196 | char *xattr_value = NULL; | |
197 | int error; | |
198 | int size; | |
50b97748 | 199 | bool ima_present = false; |
66dbc325 | 200 | |
a3a5c966 SF |
201 | if (!(inode->i_opflags & IOP_XATTR) || |
202 | inode->i_sb->s_user_ns != &init_user_ns) | |
66dbc325 | 203 | return -EOPNOTSUPP; |
5d6c3191 | 204 | |
5feeb611 | 205 | desc = init_desc(type, data->hdr.algo); |
d46eb369 DK |
206 | if (IS_ERR(desc)) |
207 | return PTR_ERR(desc); | |
66dbc325 | 208 | |
5feeb611 MG |
209 | data->hdr.length = crypto_shash_digestsize(desc->tfm); |
210 | ||
66dbc325 | 211 | error = -ENODATA; |
fa516b66 | 212 | list_for_each_entry_rcu(xattr, &evm_config_xattrnames, list) { |
50b97748 MG |
213 | bool is_ima = false; |
214 | ||
21af7663 | 215 | if (strcmp(xattr->name, XATTR_NAME_IMA) == 0) |
50b97748 MG |
216 | is_ima = true; |
217 | ||
66dbc325 | 218 | if ((req_xattr_name && req_xattr_value) |
21af7663 | 219 | && !strcmp(xattr->name, req_xattr_name)) { |
66dbc325 | 220 | error = 0; |
d46eb369 DK |
221 | crypto_shash_update(desc, (const u8 *)req_xattr_value, |
222 | req_xattr_value_len); | |
50b97748 MG |
223 | if (is_ima) |
224 | ima_present = true; | |
66dbc325 MZ |
225 | continue; |
226 | } | |
21af7663 | 227 | size = vfs_getxattr_alloc(dentry, xattr->name, |
66dbc325 MZ |
228 | &xattr_value, xattr_size, GFP_NOFS); |
229 | if (size == -ENOMEM) { | |
230 | error = -ENOMEM; | |
231 | goto out; | |
232 | } | |
233 | if (size < 0) | |
234 | continue; | |
235 | ||
236 | error = 0; | |
237 | xattr_size = size; | |
d46eb369 | 238 | crypto_shash_update(desc, (const u8 *)xattr_value, xattr_size); |
50b97748 MG |
239 | if (is_ima) |
240 | ima_present = true; | |
66dbc325 | 241 | } |
5feeb611 | 242 | hmac_add_misc(desc, inode, type, data->digest); |
d46eb369 | 243 | |
50b97748 MG |
244 | /* Portable EVM signatures must include an IMA hash */ |
245 | if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present) | |
246 | return -EPERM; | |
66dbc325 | 247 | out: |
d46eb369 DK |
248 | kfree(xattr_value); |
249 | kfree(desc); | |
66dbc325 MZ |
250 | return error; |
251 | } | |
252 | ||
15647eb3 DK |
253 | int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name, |
254 | const char *req_xattr_value, size_t req_xattr_value_len, | |
5feeb611 | 255 | struct evm_digest *data) |
15647eb3 DK |
256 | { |
257 | return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value, | |
5feeb611 | 258 | req_xattr_value_len, EVM_XATTR_HMAC, data); |
15647eb3 DK |
259 | } |
260 | ||
261 | int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name, | |
262 | const char *req_xattr_value, size_t req_xattr_value_len, | |
5feeb611 | 263 | char type, struct evm_digest *data) |
15647eb3 DK |
264 | { |
265 | return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value, | |
5feeb611 | 266 | req_xattr_value_len, type, data); |
50b97748 MG |
267 | } |
268 | ||
269 | static int evm_is_immutable(struct dentry *dentry, struct inode *inode) | |
270 | { | |
271 | const struct evm_ima_xattr_data *xattr_data = NULL; | |
272 | struct integrity_iint_cache *iint; | |
273 | int rc = 0; | |
274 | ||
275 | iint = integrity_iint_find(inode); | |
276 | if (iint && (iint->flags & EVM_IMMUTABLE_DIGSIG)) | |
277 | return 1; | |
278 | ||
279 | /* Do this the hard way */ | |
280 | rc = vfs_getxattr_alloc(dentry, XATTR_NAME_EVM, (char **)&xattr_data, 0, | |
281 | GFP_NOFS); | |
282 | if (rc <= 0) { | |
283 | if (rc == -ENODATA) | |
284 | return 0; | |
285 | return rc; | |
286 | } | |
287 | if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG) | |
288 | rc = 1; | |
289 | else | |
290 | rc = 0; | |
291 | ||
292 | kfree(xattr_data); | |
293 | return rc; | |
15647eb3 DK |
294 | } |
295 | ||
50b97748 | 296 | |
66dbc325 MZ |
297 | /* |
298 | * Calculate the hmac and update security.evm xattr | |
299 | * | |
300 | * Expects to be called with i_mutex locked. | |
301 | */ | |
302 | int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name, | |
303 | const char *xattr_value, size_t xattr_value_len) | |
304 | { | |
c6f493d6 | 305 | struct inode *inode = d_backing_inode(dentry); |
5feeb611 | 306 | struct evm_digest data; |
66dbc325 MZ |
307 | int rc = 0; |
308 | ||
50b97748 MG |
309 | /* |
310 | * Don't permit any transformation of the EVM xattr if the signature | |
311 | * is of an immutable type | |
312 | */ | |
313 | rc = evm_is_immutable(dentry, inode); | |
314 | if (rc < 0) | |
315 | return rc; | |
316 | if (rc) | |
317 | return -EPERM; | |
318 | ||
5feeb611 | 319 | data.hdr.algo = HASH_ALGO_SHA1; |
66dbc325 | 320 | rc = evm_calc_hmac(dentry, xattr_name, xattr_value, |
5feeb611 | 321 | xattr_value_len, &data); |
6be5cc52 | 322 | if (rc == 0) { |
5feeb611 | 323 | data.hdr.xattr.sha1.type = EVM_XATTR_HMAC; |
66dbc325 | 324 | rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_EVM, |
5feeb611 MG |
325 | &data.hdr.xattr.data[1], |
326 | SHA1_DIGEST_SIZE + 1, 0); | |
5d6c3191 AG |
327 | } else if (rc == -ENODATA && (inode->i_opflags & IOP_XATTR)) { |
328 | rc = __vfs_removexattr(dentry, XATTR_NAME_EVM); | |
a67adb99 | 329 | } |
66dbc325 MZ |
330 | return rc; |
331 | } | |
332 | ||
cb723180 MZ |
333 | int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr, |
334 | char *hmac_val) | |
335 | { | |
d46eb369 | 336 | struct shash_desc *desc; |
cb723180 | 337 | |
5feeb611 | 338 | desc = init_desc(EVM_XATTR_HMAC, HASH_ALGO_SHA1); |
d46eb369 | 339 | if (IS_ERR(desc)) { |
20ee451f | 340 | pr_info("init_desc failed\n"); |
d46eb369 | 341 | return PTR_ERR(desc); |
cb723180 MZ |
342 | } |
343 | ||
d46eb369 | 344 | crypto_shash_update(desc, lsm_xattr->value, lsm_xattr->value_len); |
50b97748 | 345 | hmac_add_misc(desc, inode, EVM_XATTR_HMAC, hmac_val); |
d46eb369 | 346 | kfree(desc); |
cb723180 MZ |
347 | return 0; |
348 | } | |
349 | ||
66dbc325 MZ |
350 | /* |
351 | * Get the key from the TPM for the SHA1-HMAC | |
352 | */ | |
353 | int evm_init_key(void) | |
354 | { | |
355 | struct key *evm_key; | |
356 | struct encrypted_key_payload *ekp; | |
76266763 | 357 | int rc; |
66dbc325 MZ |
358 | |
359 | evm_key = request_key(&key_type_encrypted, EVMKEY, NULL); | |
360 | if (IS_ERR(evm_key)) | |
361 | return -ENOENT; | |
362 | ||
363 | down_read(&evm_key->sem); | |
146aa8b1 | 364 | ekp = evm_key->payload.data[0]; |
76266763 DK |
365 | |
366 | rc = evm_set_key(ekp->decrypted_data, ekp->decrypted_datalen); | |
367 | ||
66dbc325 MZ |
368 | /* burn the original key contents */ |
369 | memset(ekp->decrypted_data, 0, ekp->decrypted_datalen); | |
370 | up_read(&evm_key->sem); | |
371 | key_put(evm_key); | |
372 | return rc; | |
373 | } |