// SPDX-License-Identifier: GPL-2.0-only /* * Copyright (C) 2005-2010 IBM Corporation * * Authors: * Mimi Zohar <[email protected]> * Kylene Hall <[email protected]> * * File: evm_crypto.c * Using root's kernel master key (kmk), calculate the HMAC */ #define pr_fmt(fmt) … #include <linux/export.h> #include <linux/crypto.h> #include <linux/xattr.h> #include <linux/evm.h> #include <keys/encrypted-type.h> #include <crypto/hash.h> #include <crypto/hash_info.h> #include "evm.h" #define EVMKEY … #define MAX_KEY_SIZE … static unsigned char evmkey[MAX_KEY_SIZE]; static const int evmkey_len = …; static struct crypto_shash *hmac_tfm; static struct crypto_shash *evm_tfm[HASH_ALGO__LAST]; static DEFINE_MUTEX(mutex); #define EVM_SET_KEY_BUSY … static unsigned long evm_set_key_flags; static const char evm_hmac[] = …; /** * evm_set_key() - set EVM HMAC key from the kernel * @key: pointer to a buffer with the key data * @keylen: length of the key data * * This function allows setting the EVM HMAC key from the kernel * without using the "encrypted" key subsystem keys. It can be used * by the crypto HW kernel module which has its own way of managing * keys. * * key length should be between 32 and 128 bytes long */ int evm_set_key(void *key, size_t keylen) { … } EXPORT_SYMBOL_GPL(…); static struct shash_desc *init_desc(char type, uint8_t hash_algo) { … } /* Protect against 'cutting & pasting' security.evm xattr, include inode * specific info. * * (Additional directory/file metadata needs to be added for more complete * protection.) */ static void hmac_add_misc(struct shash_desc *desc, struct inode *inode, char type, char *digest) { … } /* * Dump large security xattr values as a continuous ascii hexademical string. * (pr_debug is limited to 64 bytes.) */ static void dump_security_xattr_l(const char *prefix, const void *src, size_t count) { … } static void dump_security_xattr(const char *name, const char *value, size_t value_len) { … } /* * Calculate the HMAC value across the set of protected security xattrs. * * Instead of retrieving the requested xattr, for performance, calculate * the hmac using the requested xattr value. Don't alloc/free memory for * each xattr, but attempt to re-use the previously allocated memory. */ static int evm_calc_hmac_or_hash(struct dentry *dentry, const char *req_xattr_name, const char *req_xattr_value, size_t req_xattr_value_len, uint8_t type, struct evm_digest *data, struct evm_iint_cache *iint) { … } int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name, const char *req_xattr_value, size_t req_xattr_value_len, struct evm_digest *data, struct evm_iint_cache *iint) { … } int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name, const char *req_xattr_value, size_t req_xattr_value_len, char type, struct evm_digest *data, struct evm_iint_cache *iint) { … } static int evm_is_immutable(struct dentry *dentry, struct inode *inode) { … } /* * Calculate the hmac and update security.evm xattr * * Expects to be called with i_mutex locked. */ int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name, const char *xattr_value, size_t xattr_value_len) { … } int evm_init_hmac(struct inode *inode, const struct xattr *xattrs, char *hmac_val) { … } /* * Get the key from the TPM for the SHA1-HMAC */ int evm_init_key(void) { … }
Codebase Browser
linux