1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2005-2010 IBM Corporation
4 *
5 * Authors:
6 * Mimi Zohar <zohar@us.ibm.com>
7 * Kylene Hall <kjhall@us.ibm.com>
8 *
9 * File: evm_crypto.c
10 * Using root's kernel master key (kmk), calculate the HMAC
11 */
12
13 #define pr_fmt(fmt) "EVM: "fmt
14
15 #include <linux/export.h>
16 #include <linux/hex.h>
17 #include <linux/crypto.h>
18 #include <linux/xattr.h>
19 #include <linux/evm.h>
20 #include <keys/encrypted-type.h>
21 #include <crypto/hash.h>
22 #include <crypto/hash_info.h>
23 #include "evm.h"
24
25 #define EVMKEY "evm-key"
26 #define MAX_KEY_SIZE 128
27 static unsigned char evmkey[MAX_KEY_SIZE];
28 static const int evmkey_len = MAX_KEY_SIZE;
29
30 static struct crypto_shash *hmac_tfm;
31 static struct crypto_shash *evm_tfm[HASH_ALGO__LAST];
32
33 static DEFINE_MUTEX(mutex);
34
35 #define EVM_SET_KEY_BUSY 0
36
37 static unsigned long evm_set_key_flags;
38
39 static const char evm_hmac[] = "hmac(sha1)";
40
41 /**
42 * evm_set_key() - set EVM HMAC key from the kernel
43 * @key: pointer to a buffer with the key data
44 * @keylen: length of the key data
45 *
46 * This function allows setting the EVM HMAC key from the kernel
47 * without using the "encrypted" key subsystem keys. It can be used
48 * by the crypto HW kernel module which has its own way of managing
49 * keys.
50 *
51 * key length should be between 32 and 128 bytes long
52 */
evm_set_key(void * key,size_t keylen)53 int evm_set_key(void *key, size_t keylen)
54 {
55 int rc;
56
57 rc = -EBUSY;
58 if (test_and_set_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags))
59 goto busy;
60 rc = -EINVAL;
61 if (keylen > MAX_KEY_SIZE)
62 goto inval;
63 memcpy(evmkey, key, keylen);
64 evm_initialized |= EVM_INIT_HMAC;
65 pr_info("key initialized\n");
66 return 0;
67 inval:
68 clear_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags);
69 busy:
70 pr_err("key initialization failed\n");
71 return rc;
72 }
73 EXPORT_SYMBOL_GPL(evm_set_key);
74
init_desc(char type,uint8_t hash_algo)75 static struct shash_desc *init_desc(char type, uint8_t hash_algo)
76 {
77 long rc;
78 const char *algo;
79 struct crypto_shash **tfm, *tmp_tfm;
80 struct shash_desc *desc;
81
82 if (type == EVM_XATTR_HMAC) {
83 if (!(evm_initialized & EVM_INIT_HMAC)) {
84 pr_err_once("HMAC key is not set\n");
85 return ERR_PTR(-ENOKEY);
86 }
87 tfm = &hmac_tfm;
88 algo = evm_hmac;
89 } else {
90 if (hash_algo >= HASH_ALGO__LAST)
91 return ERR_PTR(-EINVAL);
92
93 tfm = &evm_tfm[hash_algo];
94 algo = hash_algo_name[hash_algo];
95 }
96
97 if (*tfm)
98 goto alloc;
99 mutex_lock(&mutex);
100 if (*tfm)
101 goto unlock;
102
103 tmp_tfm = crypto_alloc_shash(algo, 0, CRYPTO_NOLOAD);
104 if (IS_ERR(tmp_tfm)) {
105 pr_err("Can not allocate %s (reason: %ld)\n", algo,
106 PTR_ERR(tmp_tfm));
107 mutex_unlock(&mutex);
108 return ERR_CAST(tmp_tfm);
109 }
110 if (type == EVM_XATTR_HMAC) {
111 rc = crypto_shash_setkey(tmp_tfm, evmkey, evmkey_len);
112 if (rc) {
113 crypto_free_shash(tmp_tfm);
114 mutex_unlock(&mutex);
115 return ERR_PTR(rc);
116 }
117 }
118 *tfm = tmp_tfm;
119 unlock:
120 mutex_unlock(&mutex);
121 alloc:
122 desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm),
123 GFP_KERNEL);
124 if (!desc)
125 return ERR_PTR(-ENOMEM);
126
127 desc->tfm = *tfm;
128
129 rc = crypto_shash_init(desc);
130 if (rc) {
131 kfree(desc);
132 return ERR_PTR(rc);
133 }
134 return desc;
135 }
136
137 /* Protect against 'cutting & pasting' security.evm xattr, include inode
138 * specific info.
139 *
140 * (Additional directory/file metadata needs to be added for more complete
141 * protection.)
142 */
hmac_add_misc(struct shash_desc * desc,struct inode * inode,char type,char * digest)143 static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
144 char type, char *digest)
145 {
146 struct h_misc {
147 /*
148 * Although inode->i_ino is now u64, this field remains
149 * unsigned long to allow existing HMAC and signatures from
150 * 32-bit hosts to continue working when i_ino hasn't changed
151 * and fits in a u32.
152 */
153 unsigned long ino;
154 __u32 generation;
155 uid_t uid;
156 gid_t gid;
157 umode_t mode;
158 } hmac_misc;
159
160 memset(&hmac_misc, 0, sizeof(hmac_misc));
161 /* Don't include the inode or generation number in portable
162 * signatures
163 */
164 if (type != EVM_XATTR_PORTABLE_DIGSIG) {
165 hmac_misc.ino = inode->i_ino;
166 hmac_misc.generation = inode->i_generation;
167 }
168 /* The hmac uid and gid must be encoded in the initial user
169 * namespace (not the filesystems user namespace) as encoding
170 * them in the filesystems user namespace allows an attack
171 * where first they are written in an unprivileged fuse mount
172 * of a filesystem and then the system is tricked to mount the
173 * filesystem for real on next boot and trust it because
174 * everything is signed.
175 */
176 hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid);
177 hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid);
178 hmac_misc.mode = inode->i_mode;
179 crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc));
180 if ((evm_hmac_attrs & EVM_ATTR_FSUUID) &&
181 type != EVM_XATTR_PORTABLE_DIGSIG)
182 crypto_shash_update(desc, (u8 *)&inode->i_sb->s_uuid, UUID_SIZE);
183 crypto_shash_final(desc, digest);
184
185 pr_debug("hmac_misc: (%zu) [%*phN]\n", sizeof(struct h_misc),
186 (int)sizeof(struct h_misc), &hmac_misc);
187 }
188
189 /*
190 * Dump large security xattr values as a continuous ascii hexadecimal string.
191 * (pr_debug is limited to 64 bytes.)
192 */
dump_security_xattr_l(const char * prefix,const void * src,size_t count)193 static void dump_security_xattr_l(const char *prefix, const void *src,
194 size_t count)
195 {
196 #if defined(DEBUG) || defined(CONFIG_DYNAMIC_DEBUG)
197 char *asciihex, *p;
198
199 p = asciihex = kmalloc(count * 2 + 1, GFP_KERNEL);
200 if (!asciihex)
201 return;
202
203 p = bin2hex(p, src, count);
204 *p = 0;
205 pr_debug("%s: (%zu) %.*s\n", prefix, count, (int)count * 2, asciihex);
206 kfree(asciihex);
207 #endif
208 }
209
dump_security_xattr(const char * name,const char * value,size_t value_len)210 static void dump_security_xattr(const char *name, const char *value,
211 size_t value_len)
212 {
213 if (value_len < 64)
214 pr_debug("%s: (%zu) [%*phN]\n", name, value_len,
215 (int)value_len, value);
216 else
217 dump_security_xattr_l(name, value, value_len);
218 }
219
220 /*
221 * Calculate the HMAC value across the set of protected security xattrs.
222 *
223 * Instead of retrieving the requested xattr, for performance, calculate
224 * the hmac using the requested xattr value. Don't alloc/free memory for
225 * each xattr, but attempt to re-use the previously allocated memory.
226 */
evm_calc_hmac_or_hash(struct dentry * dentry,const char * req_xattr_name,const char * req_xattr_value,size_t req_xattr_value_len,uint8_t type,struct evm_digest * data,struct evm_iint_cache * iint)227 static int evm_calc_hmac_or_hash(struct dentry *dentry,
228 const char *req_xattr_name,
229 const char *req_xattr_value,
230 size_t req_xattr_value_len,
231 uint8_t type, struct evm_digest *data,
232 struct evm_iint_cache *iint)
233 {
234 struct inode *inode = d_inode(d_real(dentry, D_REAL_METADATA));
235 struct xattr_list *xattr;
236 struct shash_desc *desc;
237 size_t xattr_size = 0;
238 char *xattr_value = NULL;
239 int error;
240 int size, user_space_size;
241 bool ima_present = false;
242 u64 i_version = 0;
243
244 if (!(inode->i_opflags & IOP_XATTR) ||
245 inode->i_sb->s_user_ns != &init_user_ns)
246 return -EOPNOTSUPP;
247
248 desc = init_desc(type, data->hdr.algo);
249 if (IS_ERR(desc))
250 return PTR_ERR(desc);
251
252 data->hdr.length = crypto_shash_digestsize(desc->tfm);
253
254 error = -ENODATA;
255 list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
256 bool is_ima = false;
257
258 if (strcmp(xattr->name, XATTR_NAME_IMA) == 0)
259 is_ima = true;
260
261 /*
262 * Skip non-enabled xattrs for locally calculated
263 * signatures/HMACs.
264 */
265 if (type != EVM_XATTR_PORTABLE_DIGSIG && !xattr->enabled)
266 continue;
267
268 if ((req_xattr_name && req_xattr_value)
269 && !strcmp(xattr->name, req_xattr_name)) {
270 error = 0;
271 crypto_shash_update(desc, (const u8 *)req_xattr_value,
272 req_xattr_value_len);
273 if (is_ima)
274 ima_present = true;
275
276 dump_security_xattr(req_xattr_name,
277 req_xattr_value,
278 req_xattr_value_len);
279 continue;
280 }
281 size = vfs_getxattr_alloc(&nop_mnt_idmap, dentry, xattr->name,
282 &xattr_value, xattr_size, GFP_NOFS);
283 if (size == -ENOMEM) {
284 error = -ENOMEM;
285 goto out;
286 }
287 if (size < 0)
288 continue;
289
290 user_space_size = vfs_getxattr(&nop_mnt_idmap, dentry,
291 xattr->name, NULL, 0);
292 if (user_space_size != size)
293 pr_debug("file %s: xattr %s size mismatch (kernel: %d, user: %d)\n",
294 dentry->d_name.name, xattr->name, size,
295 user_space_size);
296 error = 0;
297 xattr_size = size;
298 crypto_shash_update(desc, (const u8 *)xattr_value, xattr_size);
299 if (is_ima)
300 ima_present = true;
301
302 dump_security_xattr(xattr->name, xattr_value, xattr_size);
303 }
304 hmac_add_misc(desc, inode, type, data->digest);
305
306 if (inode != d_backing_inode(dentry) && iint) {
307 if (IS_I_VERSION(inode))
308 i_version = inode_query_iversion(inode);
309 integrity_inode_attrs_store(&iint->metadata_inode, i_version,
310 inode);
311 }
312
313 /* Portable EVM signatures must include an IMA hash */
314 if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present)
315 error = -EPERM;
316 out:
317 kfree(xattr_value);
318 kfree(desc);
319 return error;
320 }
321
evm_calc_hmac(struct dentry * dentry,const char * req_xattr_name,const char * req_xattr_value,size_t req_xattr_value_len,struct evm_digest * data,struct evm_iint_cache * iint)322 int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name,
323 const char *req_xattr_value, size_t req_xattr_value_len,
324 struct evm_digest *data, struct evm_iint_cache *iint)
325 {
326 return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value,
327 req_xattr_value_len, EVM_XATTR_HMAC, data,
328 iint);
329 }
330
evm_calc_hash(struct dentry * dentry,const char * req_xattr_name,const char * req_xattr_value,size_t req_xattr_value_len,char type,struct evm_digest * data,struct evm_iint_cache * iint)331 int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name,
332 const char *req_xattr_value, size_t req_xattr_value_len,
333 char type, struct evm_digest *data, struct evm_iint_cache *iint)
334 {
335 return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value,
336 req_xattr_value_len, type, data, iint);
337 }
338
evm_is_immutable(struct dentry * dentry,struct inode * inode)339 static int evm_is_immutable(struct dentry *dentry, struct inode *inode)
340 {
341 const struct evm_ima_xattr_data *xattr_data = NULL;
342 struct evm_iint_cache *iint;
343 int rc = 0;
344
345 iint = evm_iint_inode(inode);
346 if (iint && (iint->flags & EVM_IMMUTABLE_DIGSIG))
347 return 1;
348
349 /* Do this the hard way */
350 rc = vfs_getxattr_alloc(&nop_mnt_idmap, dentry, XATTR_NAME_EVM,
351 (char **)&xattr_data, 0, GFP_NOFS);
352 if (rc <= 0) {
353 if (rc == -ENODATA)
354 rc = 0;
355 goto out;
356 }
357 if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG)
358 rc = 1;
359 else
360 rc = 0;
361
362 out:
363 kfree(xattr_data);
364 return rc;
365 }
366
367
368 /*
369 * Calculate the hmac and update security.evm xattr
370 *
371 * Expects to be called with i_mutex locked.
372 */
evm_update_evmxattr(struct dentry * dentry,const char * xattr_name,const char * xattr_value,size_t xattr_value_len)373 int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name,
374 const char *xattr_value, size_t xattr_value_len)
375 {
376 struct inode *inode = d_backing_inode(dentry);
377 struct evm_iint_cache *iint = evm_iint_inode(inode);
378 struct evm_digest data;
379 int rc = 0;
380
381 /*
382 * Don't permit any transformation of the EVM xattr if the signature
383 * is of an immutable type
384 */
385 rc = evm_is_immutable(dentry, inode);
386 if (rc < 0)
387 return rc;
388 if (rc)
389 return -EPERM;
390
391 data.hdr.algo = HASH_ALGO_SHA1;
392 rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
393 xattr_value_len, &data, iint);
394 if (rc == 0) {
395 data.hdr.xattr.sha1.type = EVM_XATTR_HMAC;
396 rc = __vfs_setxattr_noperm(&nop_mnt_idmap, dentry,
397 XATTR_NAME_EVM,
398 &data.hdr.xattr.data[1],
399 SHA1_DIGEST_SIZE + 1, 0);
400 } else if (rc == -ENODATA && (inode->i_opflags & IOP_XATTR)) {
401 rc = __vfs_removexattr(&nop_mnt_idmap, dentry, XATTR_NAME_EVM);
402 }
403 return rc;
404 }
405
evm_init_hmac(struct inode * inode,const struct xattr * xattrs,char * hmac_val)406 int evm_init_hmac(struct inode *inode, const struct xattr *xattrs,
407 char *hmac_val)
408 {
409 struct shash_desc *desc;
410 const struct xattr *xattr;
411 struct xattr_list *xattr_entry;
412
413 desc = init_desc(EVM_XATTR_HMAC, HASH_ALGO_SHA1);
414 if (IS_ERR(desc)) {
415 pr_info("init_desc failed\n");
416 return PTR_ERR(desc);
417 }
418
419 list_for_each_entry_lockless(xattr_entry, &evm_config_xattrnames,
420 list) {
421 for (xattr = xattrs; xattr->name; xattr++) {
422 if (strcmp(xattr_entry->name +
423 XATTR_SECURITY_PREFIX_LEN, xattr->name) != 0)
424 continue;
425
426 crypto_shash_update(desc, xattr->value,
427 xattr->value_len);
428 }
429 }
430
431 hmac_add_misc(desc, inode, EVM_XATTR_HMAC, hmac_val);
432 kfree(desc);
433 return 0;
434 }
435
436 /*
437 * Get the key from the TPM for the SHA1-HMAC
438 */
evm_init_key(void)439 int evm_init_key(void)
440 {
441 struct key *evm_key;
442 struct encrypted_key_payload *ekp;
443 int rc;
444
445 evm_key = request_key(&key_type_encrypted, EVMKEY, NULL);
446 if (IS_ERR(evm_key))
447 return -ENOENT;
448
449 down_read(&evm_key->sem);
450 ekp = evm_key->payload.data[0];
451
452 rc = evm_set_key(ekp->decrypted_data, ekp->decrypted_datalen);
453
454 /* burn the original key contents */
455 memset(ekp->decrypted_data, 0, ekp->decrypted_datalen);
456 up_read(&evm_key->sem);
457 key_put(evm_key);
458 return rc;
459 }
460