evm_crypto.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * Copyright (C) 2005-2010 IBM Corporation
  4. *
  5. * Authors:
  6. * Mimi Zohar <zohar@us.ibm.com>
  7. * Kylene Hall <kjhall@us.ibm.com>
  8. *
  9. * File: evm_crypto.c
  10. * Using root's kernel master key (kmk), calculate the HMAC
  11. */
  12. #define pr_fmt(fmt) "EVM: "fmt
  13. #include <linux/export.h>
  14. #include <linux/hex.h>
  15. #include <linux/crypto.h>
  16. #include <linux/xattr.h>
  17. #include <linux/evm.h>
  18. #include <keys/encrypted-type.h>
  19. #include <crypto/hash.h>
  20. #include <crypto/hash_info.h>
  21. #include "evm.h"
  22. #define EVMKEY "evm-key"
  23. #define MAX_KEY_SIZE 128
  24. static unsigned char evmkey[MAX_KEY_SIZE];
  25. static const int evmkey_len = MAX_KEY_SIZE;
  26. static struct crypto_shash *hmac_tfm;
  27. static struct crypto_shash *evm_tfm[HASH_ALGO__LAST];
  28. static DEFINE_MUTEX(mutex);
  29. #define EVM_SET_KEY_BUSY 0
  30. static unsigned long evm_set_key_flags;
  31. static const char evm_hmac[] = "hmac(sha1)";
  32. /**
  33. * evm_set_key() - set EVM HMAC key from the kernel
  34. * @key: pointer to a buffer with the key data
  35. * @keylen: length of the key data
  36. *
  37. * This function allows setting the EVM HMAC key from the kernel
  38. * without using the "encrypted" key subsystem keys. It can be used
  39. * by the crypto HW kernel module which has its own way of managing
  40. * keys.
  41. *
  42. * key length should be between 32 and 128 bytes long
  43. */
  44. int evm_set_key(void *key, size_t keylen)
  45. {
  46. int rc;
  47. rc = -EBUSY;
  48. if (test_and_set_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags))
  49. goto busy;
  50. rc = -EINVAL;
  51. if (keylen > MAX_KEY_SIZE)
  52. goto inval;
  53. memcpy(evmkey, key, keylen);
  54. evm_initialized |= EVM_INIT_HMAC;
  55. pr_info("key initialized\n");
  56. return 0;
  57. inval:
  58. clear_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags);
  59. busy:
  60. pr_err("key initialization failed\n");
  61. return rc;
  62. }
  63. EXPORT_SYMBOL_GPL(evm_set_key);
  64. static struct shash_desc *init_desc(char type, uint8_t hash_algo)
  65. {
  66. long rc;
  67. const char *algo;
  68. struct crypto_shash **tfm, *tmp_tfm;
  69. struct shash_desc *desc;
  70. if (type == EVM_XATTR_HMAC) {
  71. if (!(evm_initialized & EVM_INIT_HMAC)) {
  72. pr_err_once("HMAC key is not set\n");
  73. return ERR_PTR(-ENOKEY);
  74. }
  75. tfm = &hmac_tfm;
  76. algo = evm_hmac;
  77. } else {
  78. if (hash_algo >= HASH_ALGO__LAST)
  79. return ERR_PTR(-EINVAL);
  80. tfm = &evm_tfm[hash_algo];
  81. algo = hash_algo_name[hash_algo];
  82. }
  83. if (*tfm)
  84. goto alloc;
  85. mutex_lock(&mutex);
  86. if (*tfm)
  87. goto unlock;
  88. tmp_tfm = crypto_alloc_shash(algo, 0, CRYPTO_NOLOAD);
  89. if (IS_ERR(tmp_tfm)) {
  90. pr_err("Can not allocate %s (reason: %ld)\n", algo,
  91. PTR_ERR(tmp_tfm));
  92. mutex_unlock(&mutex);
  93. return ERR_CAST(tmp_tfm);
  94. }
  95. if (type == EVM_XATTR_HMAC) {
  96. rc = crypto_shash_setkey(tmp_tfm, evmkey, evmkey_len);
  97. if (rc) {
  98. crypto_free_shash(tmp_tfm);
  99. mutex_unlock(&mutex);
  100. return ERR_PTR(rc);
  101. }
  102. }
  103. *tfm = tmp_tfm;
  104. unlock:
  105. mutex_unlock(&mutex);
  106. alloc:
  107. desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm),
  108. GFP_KERNEL);
  109. if (!desc)
  110. return ERR_PTR(-ENOMEM);
  111. desc->tfm = *tfm;
  112. rc = crypto_shash_init(desc);
  113. if (rc) {
  114. kfree(desc);
  115. return ERR_PTR(rc);
  116. }
  117. return desc;
  118. }
  119. /* Protect against 'cutting & pasting' security.evm xattr, include inode
  120. * specific info.
  121. *
  122. * (Additional directory/file metadata needs to be added for more complete
  123. * protection.)
  124. */
  125. static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
  126. char type, char *digest)
  127. {
  128. struct h_misc {
  129. unsigned long ino;
  130. __u32 generation;
  131. uid_t uid;
  132. gid_t gid;
  133. umode_t mode;
  134. } hmac_misc;
  135. memset(&hmac_misc, 0, sizeof(hmac_misc));
  136. /* Don't include the inode or generation number in portable
  137. * signatures
  138. */
  139. if (type != EVM_XATTR_PORTABLE_DIGSIG) {
  140. hmac_misc.ino = inode->i_ino;
  141. hmac_misc.generation = inode->i_generation;
  142. }
  143. /* The hmac uid and gid must be encoded in the initial user
  144. * namespace (not the filesystems user namespace) as encoding
  145. * them in the filesystems user namespace allows an attack
  146. * where first they are written in an unprivileged fuse mount
  147. * of a filesystem and then the system is tricked to mount the
  148. * filesystem for real on next boot and trust it because
  149. * everything is signed.
  150. */
  151. hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid);
  152. hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid);
  153. hmac_misc.mode = inode->i_mode;
  154. crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc));
  155. if ((evm_hmac_attrs & EVM_ATTR_FSUUID) &&
  156. type != EVM_XATTR_PORTABLE_DIGSIG)
  157. crypto_shash_update(desc, (u8 *)&inode->i_sb->s_uuid, UUID_SIZE);
  158. crypto_shash_final(desc, digest);
  159. pr_debug("hmac_misc: (%zu) [%*phN]\n", sizeof(struct h_misc),
  160. (int)sizeof(struct h_misc), &hmac_misc);
  161. }
  162. /*
  163. * Dump large security xattr values as a continuous ascii hexadecimal string.
  164. * (pr_debug is limited to 64 bytes.)
  165. */
  166. static void dump_security_xattr_l(const char *prefix, const void *src,
  167. size_t count)
  168. {
  169. #if defined(DEBUG) || defined(CONFIG_DYNAMIC_DEBUG)
  170. char *asciihex, *p;
  171. p = asciihex = kmalloc(count * 2 + 1, GFP_KERNEL);
  172. if (!asciihex)
  173. return;
  174. p = bin2hex(p, src, count);
  175. *p = 0;
  176. pr_debug("%s: (%zu) %.*s\n", prefix, count, (int)count * 2, asciihex);
  177. kfree(asciihex);
  178. #endif
  179. }
  180. static void dump_security_xattr(const char *name, const char *value,
  181. size_t value_len)
  182. {
  183. if (value_len < 64)
  184. pr_debug("%s: (%zu) [%*phN]\n", name, value_len,
  185. (int)value_len, value);
  186. else
  187. dump_security_xattr_l(name, value, value_len);
  188. }
  189. /*
  190. * Calculate the HMAC value across the set of protected security xattrs.
  191. *
  192. * Instead of retrieving the requested xattr, for performance, calculate
  193. * the hmac using the requested xattr value. Don't alloc/free memory for
  194. * each xattr, but attempt to re-use the previously allocated memory.
  195. */
  196. static int evm_calc_hmac_or_hash(struct dentry *dentry,
  197. const char *req_xattr_name,
  198. const char *req_xattr_value,
  199. size_t req_xattr_value_len,
  200. uint8_t type, struct evm_digest *data,
  201. struct evm_iint_cache *iint)
  202. {
  203. struct inode *inode = d_inode(d_real(dentry, D_REAL_METADATA));
  204. struct xattr_list *xattr;
  205. struct shash_desc *desc;
  206. size_t xattr_size = 0;
  207. char *xattr_value = NULL;
  208. int error;
  209. int size, user_space_size;
  210. bool ima_present = false;
  211. u64 i_version = 0;
  212. if (!(inode->i_opflags & IOP_XATTR) ||
  213. inode->i_sb->s_user_ns != &init_user_ns)
  214. return -EOPNOTSUPP;
  215. desc = init_desc(type, data->hdr.algo);
  216. if (IS_ERR(desc))
  217. return PTR_ERR(desc);
  218. data->hdr.length = crypto_shash_digestsize(desc->tfm);
  219. error = -ENODATA;
  220. list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
  221. bool is_ima = false;
  222. if (strcmp(xattr->name, XATTR_NAME_IMA) == 0)
  223. is_ima = true;
  224. /*
  225. * Skip non-enabled xattrs for locally calculated
  226. * signatures/HMACs.
  227. */
  228. if (type != EVM_XATTR_PORTABLE_DIGSIG && !xattr->enabled)
  229. continue;
  230. if ((req_xattr_name && req_xattr_value)
  231. && !strcmp(xattr->name, req_xattr_name)) {
  232. error = 0;
  233. crypto_shash_update(desc, (const u8 *)req_xattr_value,
  234. req_xattr_value_len);
  235. if (is_ima)
  236. ima_present = true;
  237. dump_security_xattr(req_xattr_name,
  238. req_xattr_value,
  239. req_xattr_value_len);
  240. continue;
  241. }
  242. size = vfs_getxattr_alloc(&nop_mnt_idmap, dentry, xattr->name,
  243. &xattr_value, xattr_size, GFP_NOFS);
  244. if (size == -ENOMEM) {
  245. error = -ENOMEM;
  246. goto out;
  247. }
  248. if (size < 0)
  249. continue;
  250. user_space_size = vfs_getxattr(&nop_mnt_idmap, dentry,
  251. xattr->name, NULL, 0);
  252. if (user_space_size != size)
  253. pr_debug("file %s: xattr %s size mismatch (kernel: %d, user: %d)\n",
  254. dentry->d_name.name, xattr->name, size,
  255. user_space_size);
  256. error = 0;
  257. xattr_size = size;
  258. crypto_shash_update(desc, (const u8 *)xattr_value, xattr_size);
  259. if (is_ima)
  260. ima_present = true;
  261. dump_security_xattr(xattr->name, xattr_value, xattr_size);
  262. }
  263. hmac_add_misc(desc, inode, type, data->digest);
  264. if (inode != d_backing_inode(dentry) && iint) {
  265. if (IS_I_VERSION(inode))
  266. i_version = inode_query_iversion(inode);
  267. integrity_inode_attrs_store(&iint->metadata_inode, i_version,
  268. inode);
  269. }
  270. /* Portable EVM signatures must include an IMA hash */
  271. if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present)
  272. error = -EPERM;
  273. out:
  274. kfree(xattr_value);
  275. kfree(desc);
  276. return error;
  277. }
  278. int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name,
  279. const char *req_xattr_value, size_t req_xattr_value_len,
  280. struct evm_digest *data, struct evm_iint_cache *iint)
  281. {
  282. return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value,
  283. req_xattr_value_len, EVM_XATTR_HMAC, data,
  284. iint);
  285. }
  286. int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name,
  287. const char *req_xattr_value, size_t req_xattr_value_len,
  288. char type, struct evm_digest *data, struct evm_iint_cache *iint)
  289. {
  290. return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value,
  291. req_xattr_value_len, type, data, iint);
  292. }
  293. static int evm_is_immutable(struct dentry *dentry, struct inode *inode)
  294. {
  295. const struct evm_ima_xattr_data *xattr_data = NULL;
  296. struct evm_iint_cache *iint;
  297. int rc = 0;
  298. iint = evm_iint_inode(inode);
  299. if (iint && (iint->flags & EVM_IMMUTABLE_DIGSIG))
  300. return 1;
  301. /* Do this the hard way */
  302. rc = vfs_getxattr_alloc(&nop_mnt_idmap, dentry, XATTR_NAME_EVM,
  303. (char **)&xattr_data, 0, GFP_NOFS);
  304. if (rc <= 0) {
  305. if (rc == -ENODATA)
  306. rc = 0;
  307. goto out;
  308. }
  309. if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG)
  310. rc = 1;
  311. else
  312. rc = 0;
  313. out:
  314. kfree(xattr_data);
  315. return rc;
  316. }
  317. /*
  318. * Calculate the hmac and update security.evm xattr
  319. *
  320. * Expects to be called with i_mutex locked.
  321. */
  322. int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name,
  323. const char *xattr_value, size_t xattr_value_len)
  324. {
  325. struct inode *inode = d_backing_inode(dentry);
  326. struct evm_iint_cache *iint = evm_iint_inode(inode);
  327. struct evm_digest data;
  328. int rc = 0;
  329. /*
  330. * Don't permit any transformation of the EVM xattr if the signature
  331. * is of an immutable type
  332. */
  333. rc = evm_is_immutable(dentry, inode);
  334. if (rc < 0)
  335. return rc;
  336. if (rc)
  337. return -EPERM;
  338. data.hdr.algo = HASH_ALGO_SHA1;
  339. rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
  340. xattr_value_len, &data, iint);
  341. if (rc == 0) {
  342. data.hdr.xattr.sha1.type = EVM_XATTR_HMAC;
  343. rc = __vfs_setxattr_noperm(&nop_mnt_idmap, dentry,
  344. XATTR_NAME_EVM,
  345. &data.hdr.xattr.data[1],
  346. SHA1_DIGEST_SIZE + 1, 0);
  347. } else if (rc == -ENODATA && (inode->i_opflags & IOP_XATTR)) {
  348. rc = __vfs_removexattr(&nop_mnt_idmap, dentry, XATTR_NAME_EVM);
  349. }
  350. return rc;
  351. }
  352. int evm_init_hmac(struct inode *inode, const struct xattr *xattrs,
  353. char *hmac_val)
  354. {
  355. struct shash_desc *desc;
  356. const struct xattr *xattr;
  357. struct xattr_list *xattr_entry;
  358. desc = init_desc(EVM_XATTR_HMAC, HASH_ALGO_SHA1);
  359. if (IS_ERR(desc)) {
  360. pr_info("init_desc failed\n");
  361. return PTR_ERR(desc);
  362. }
  363. list_for_each_entry_lockless(xattr_entry, &evm_config_xattrnames,
  364. list) {
  365. for (xattr = xattrs; xattr->name; xattr++) {
  366. if (strcmp(xattr_entry->name +
  367. XATTR_SECURITY_PREFIX_LEN, xattr->name) != 0)
  368. continue;
  369. crypto_shash_update(desc, xattr->value,
  370. xattr->value_len);
  371. }
  372. }
  373. hmac_add_misc(desc, inode, EVM_XATTR_HMAC, hmac_val);
  374. kfree(desc);
  375. return 0;
  376. }
  377. /*
  378. * Get the key from the TPM for the SHA1-HMAC
  379. */
  380. int evm_init_key(void)
  381. {
  382. struct key *evm_key;
  383. struct encrypted_key_payload *ekp;
  384. int rc;
  385. evm_key = request_key(&key_type_encrypted, EVMKEY, NULL);
  386. if (IS_ERR(evm_key))
  387. return -ENOENT;
  388. down_read(&evm_key->sem);
  389. ekp = evm_key->payload.data[0];
  390. rc = evm_set_key(ekp->decrypted_data, ekp->decrypted_datalen);
  391. /* burn the original key contents */
  392. memset(ekp->decrypted_data, 0, ekp->decrypted_datalen);
  393. up_read(&evm_key->sem);
  394. key_put(evm_key);
  395. return rc;
  396. }