integrity/evm/evm_crypto.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * Copyright (C) 2005-2010 IBM Corporation
0004  *
0005  * Authors:
0006  * Mimi Zohar <zohar@us.ibm.com>
0007  * Kylene Hall <kjhall@us.ibm.com>
0008  *
0009  * File: evm_crypto.c
0010  *   Using root's kernel master key (kmk), calculate the HMAC
0011  */
0012
0013 #define pr_fmt(fmt) "EVM: "fmt
0014
0015 #include <linux/export.h>
0016 #include <linux/crypto.h>
0017 #include <linux/xattr.h>
0018 #include <linux/evm.h>
0019 #include <keys/encrypted-type.h>
0020 #include <crypto/hash.h>
0021 #include <crypto/hash_info.h>
0022 #include "evm.h"
0023
0024 #define EVMKEY "evm-key"
0025 #define MAX_KEY_SIZE 128
0026 static unsigned char evmkey[MAX_KEY_SIZE];
0027 static const int evmkey_len = MAX_KEY_SIZE;
0028
0029 static struct crypto_shash *hmac_tfm;
0030 static struct crypto_shash *evm_tfm[HASH_ALGO__LAST];
0031
0032 static DEFINE_MUTEX(mutex);
0033
0034 #define EVM_SET_KEY_BUSY 0
0035
0036 static unsigned long evm_set_key_flags;
0037
0038 static const char evm_hmac[] = "hmac(sha1)";
0039
0040 /**
0041  * evm_set_key() - set EVM HMAC key from the kernel
0042  * @key: pointer to a buffer with the key data
0043  * @size: length of the key data
0044  *
0045  * This function allows setting the EVM HMAC key from the kernel
0046  * without using the "encrypted" key subsystem keys. It can be used
0047  * by the crypto HW kernel module which has its own way of managing
0048  * keys.
0049  *
0050  * key length should be between 32 and 128 bytes long
0051  */
0052 int evm_set_key(void *key, size_t keylen)
0053 {
0054     int rc;
0055
0056     rc = -EBUSY;
0057     if (test_and_set_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags))
0058         goto busy;
0059     rc = -EINVAL;
0060     if (keylen > MAX_KEY_SIZE)
0061         goto inval;
0062     memcpy(evmkey, key, keylen);
0063     evm_initialized |= EVM_INIT_HMAC;
0064     pr_info("key initialized\n");
0065     return 0;
0066 inval:
0067     clear_bit(EVM_SET_KEY_BUSY, &evm_set_key_flags);
0068 busy:
0069     pr_err("key initialization failed\n");
0070     return rc;
0071 }
0072 EXPORT_SYMBOL_GPL(evm_set_key);
0073
0074 static struct shash_desc *init_desc(char type, uint8_t hash_algo)
0075 {
0076     long rc;
0077     const char *algo;
0078     struct crypto_shash **tfm, *tmp_tfm;
0079     struct shash_desc *desc;
0080
0081     if (type == EVM_XATTR_HMAC) {
0082         if (!(evm_initialized & EVM_INIT_HMAC)) {
0083             pr_err_once("HMAC key is not set\n");
0084             return ERR_PTR(-ENOKEY);
0085         }
0086         tfm = &hmac_tfm;
0087         algo = evm_hmac;
0088     } else {
0089         if (hash_algo >= HASH_ALGO__LAST)
0090             return ERR_PTR(-EINVAL);
0091
0092         tfm = &evm_tfm[hash_algo];
0093         algo = hash_algo_name[hash_algo];
0094     }
0095
0096     if (*tfm)
0097         goto alloc;
0098     mutex_lock(&mutex);
0099     if (*tfm)
0100         goto unlock;
0101
0102     tmp_tfm = crypto_alloc_shash(algo, 0, CRYPTO_NOLOAD);
0103     if (IS_ERR(tmp_tfm)) {
0104         pr_err("Can not allocate %s (reason: %ld)\n", algo,
0105                PTR_ERR(tmp_tfm));
0106         mutex_unlock(&mutex);
0107         return ERR_CAST(tmp_tfm);
0108     }
0109     if (type == EVM_XATTR_HMAC) {
0110         rc = crypto_shash_setkey(tmp_tfm, evmkey, evmkey_len);
0111         if (rc) {
0112             crypto_free_shash(tmp_tfm);
0113             mutex_unlock(&mutex);
0114             return ERR_PTR(rc);
0115         }
0116     }
0117     *tfm = tmp_tfm;
0118 unlock:
0119     mutex_unlock(&mutex);
0120 alloc:
0121     desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm),
0122             GFP_KERNEL);
0123     if (!desc)
0124         return ERR_PTR(-ENOMEM);
0125
0126     desc->tfm = *tfm;
0127
0128     rc = crypto_shash_init(desc);
0129     if (rc) {
0130         kfree(desc);
0131         return ERR_PTR(rc);
0132     }
0133     return desc;
0134 }
0135
0136 /* Protect against 'cutting & pasting' security.evm xattr, include inode
0137  * specific info.
0138  *
0139  * (Additional directory/file metadata needs to be added for more complete
0140  * protection.)
0141  */
0142 static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
0143               char type, char *digest)
0144 {
0145     struct h_misc {
0146         unsigned long ino;
0147         __u32 generation;
0148         uid_t uid;
0149         gid_t gid;
0150         umode_t mode;
0151     } hmac_misc;
0152
0153     memset(&hmac_misc, 0, sizeof(hmac_misc));
0154     /* Don't include the inode or generation number in portable
0155      * signatures
0156      */
0157     if (type != EVM_XATTR_PORTABLE_DIGSIG) {
0158         hmac_misc.ino = inode->i_ino;
0159         hmac_misc.generation = inode->i_generation;
0160     }
0161     /* The hmac uid and gid must be encoded in the initial user
0162      * namespace (not the filesystems user namespace) as encoding
0163      * them in the filesystems user namespace allows an attack
0164      * where first they are written in an unprivileged fuse mount
0165      * of a filesystem and then the system is tricked to mount the
0166      * filesystem for real on next boot and trust it because
0167      * everything is signed.
0168      */
0169     hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid);
0170     hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid);
0171     hmac_misc.mode = inode->i_mode;
0172     crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc));
0173     if ((evm_hmac_attrs & EVM_ATTR_FSUUID) &&
0174         type != EVM_XATTR_PORTABLE_DIGSIG)
0175         crypto_shash_update(desc, (u8 *)&inode->i_sb->s_uuid, UUID_SIZE);
0176     crypto_shash_final(desc, digest);
0177
0178     pr_debug("hmac_misc: (%zu) [%*phN]\n", sizeof(struct h_misc),
0179          (int)sizeof(struct h_misc), &hmac_misc);
0180 }
0181
0182 /*
0183  * Dump large security xattr values as a continuous ascii hexademical string.
0184  * (pr_debug is limited to 64 bytes.)
0185  */
0186 static void dump_security_xattr(const char *prefix, const void *src,
0187                 size_t count)
0188 {
0189 #if defined(DEBUG) || defined(CONFIG_DYNAMIC_DEBUG)
0190     char *asciihex, *p;
0191
0192     p = asciihex = kmalloc(count * 2 + 1, GFP_KERNEL);
0193     if (!asciihex)
0194         return;
0195
0196     p = bin2hex(p, src, count);
0197     *p = 0;
0198     pr_debug("%s: (%zu) %.*s\n", prefix, count, (int)count * 2, asciihex);
0199     kfree(asciihex);
0200 #endif
0201 }
0202
0203 /*
0204  * Calculate the HMAC value across the set of protected security xattrs.
0205  *
0206  * Instead of retrieving the requested xattr, for performance, calculate
0207  * the hmac using the requested xattr value. Don't alloc/free memory for
0208  * each xattr, but attempt to re-use the previously allocated memory.
0209  */
0210 static int evm_calc_hmac_or_hash(struct dentry *dentry,
0211                  const char *req_xattr_name,
0212                  const char *req_xattr_value,
0213                  size_t req_xattr_value_len,
0214                  uint8_t type, struct evm_digest *data)
0215 {
0216     struct inode *inode = d_backing_inode(dentry);
0217     struct xattr_list *xattr;
0218     struct shash_desc *desc;
0219     size_t xattr_size = 0;
0220     char *xattr_value = NULL;
0221     int error;
0222     int size, user_space_size;
0223     bool ima_present = false;
0224
0225     if (!(inode->i_opflags & IOP_XATTR) ||
0226         inode->i_sb->s_user_ns != &init_user_ns)
0227         return -EOPNOTSUPP;
0228
0229     desc = init_desc(type, data->hdr.algo);
0230     if (IS_ERR(desc))
0231         return PTR_ERR(desc);
0232
0233     data->hdr.length = crypto_shash_digestsize(desc->tfm);
0234
0235     error = -ENODATA;
0236     list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
0237         bool is_ima = false;
0238
0239         if (strcmp(xattr->name, XATTR_NAME_IMA) == 0)
0240             is_ima = true;
0241
0242         /*
0243          * Skip non-enabled xattrs for locally calculated
0244          * signatures/HMACs.
0245          */
0246         if (type != EVM_XATTR_PORTABLE_DIGSIG && !xattr->enabled)
0247             continue;
0248
0249         if ((req_xattr_name && req_xattr_value)
0250             && !strcmp(xattr->name, req_xattr_name)) {
0251             error = 0;
0252             crypto_shash_update(desc, (const u8 *)req_xattr_value,
0253                          req_xattr_value_len);
0254             if (is_ima)
0255                 ima_present = true;
0256
0257             if (req_xattr_value_len < 64)
0258                 pr_debug("%s: (%zu) [%*phN]\n", req_xattr_name,
0259                      req_xattr_value_len,
0260                      (int)req_xattr_value_len,
0261                      req_xattr_value);
0262             else
0263                 dump_security_xattr(req_xattr_name,
0264                             req_xattr_value,
0265                             req_xattr_value_len);
0266             continue;
0267         }
0268         size = vfs_getxattr_alloc(&init_user_ns, dentry, xattr->name,
0269                       &xattr_value, xattr_size, GFP_NOFS);
0270         if (size == -ENOMEM) {
0271             error = -ENOMEM;
0272             goto out;
0273         }
0274         if (size < 0)
0275             continue;
0276
0277         user_space_size = vfs_getxattr(&init_user_ns, dentry,
0278                            xattr->name, NULL, 0);
0279         if (user_space_size != size)
0280             pr_debug("file %s: xattr %s size mismatch (kernel: %d, user: %d)\n",
0281                  dentry->d_name.name, xattr->name, size,
0282                  user_space_size);
0283         error = 0;
0284         xattr_size = size;
0285         crypto_shash_update(desc, (const u8 *)xattr_value, xattr_size);
0286         if (is_ima)
0287             ima_present = true;
0288
0289         if (xattr_size < 64)
0290             pr_debug("%s: (%zu) [%*phN]", xattr->name, xattr_size,
0291                  (int)xattr_size, xattr_value);
0292         else
0293             dump_security_xattr(xattr->name, xattr_value,
0294                         xattr_size);
0295     }
0296     hmac_add_misc(desc, inode, type, data->digest);
0297
0298     /* Portable EVM signatures must include an IMA hash */
0299     if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present)
0300         error = -EPERM;
0301 out:
0302     kfree(xattr_value);
0303     kfree(desc);
0304     return error;
0305 }
0306
0307 int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name,
0308           const char *req_xattr_value, size_t req_xattr_value_len,
0309           struct evm_digest *data)
0310 {
0311     return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value,
0312                     req_xattr_value_len, EVM_XATTR_HMAC, data);
0313 }
0314
0315 int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name,
0316           const char *req_xattr_value, size_t req_xattr_value_len,
0317           char type, struct evm_digest *data)
0318 {
0319     return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value,
0320                      req_xattr_value_len, type, data);
0321 }
0322
0323 static int evm_is_immutable(struct dentry *dentry, struct inode *inode)
0324 {
0325     const struct evm_ima_xattr_data *xattr_data = NULL;
0326     struct integrity_iint_cache *iint;
0327     int rc = 0;
0328
0329     iint = integrity_iint_find(inode);
0330     if (iint && (iint->flags & EVM_IMMUTABLE_DIGSIG))
0331         return 1;
0332
0333     /* Do this the hard way */
0334     rc = vfs_getxattr_alloc(&init_user_ns, dentry, XATTR_NAME_EVM,
0335                 (char **)&xattr_data, 0, GFP_NOFS);
0336     if (rc <= 0) {
0337         if (rc == -ENODATA)
0338             return 0;
0339         return rc;
0340     }
0341     if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG)
0342         rc = 1;
0343     else
0344         rc = 0;
0345
0346     kfree(xattr_data);
0347     return rc;
0348 }
0349
0350
0351 /*
0352  * Calculate the hmac and update security.evm xattr
0353  *
0354  * Expects to be called with i_mutex locked.
0355  */
0356 int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name,
0357             const char *xattr_value, size_t xattr_value_len)
0358 {
0359     struct inode *inode = d_backing_inode(dentry);
0360     struct evm_digest data;
0361     int rc = 0;
0362
0363     /*
0364      * Don't permit any transformation of the EVM xattr if the signature
0365      * is of an immutable type
0366      */
0367     rc = evm_is_immutable(dentry, inode);
0368     if (rc < 0)
0369         return rc;
0370     if (rc)
0371         return -EPERM;
0372
0373     data.hdr.algo = HASH_ALGO_SHA1;
0374     rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
0375                xattr_value_len, &data);
0376     if (rc == 0) {
0377         data.hdr.xattr.sha1.type = EVM_XATTR_HMAC;
0378         rc = __vfs_setxattr_noperm(&init_user_ns, dentry,
0379                        XATTR_NAME_EVM,
0380                        &data.hdr.xattr.data[1],
0381                        SHA1_DIGEST_SIZE + 1, 0);
0382     } else if (rc == -ENODATA && (inode->i_opflags & IOP_XATTR)) {
0383         rc = __vfs_removexattr(&init_user_ns, dentry, XATTR_NAME_EVM);
0384     }
0385     return rc;
0386 }
0387
0388 int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr,
0389           char *hmac_val)
0390 {
0391     struct shash_desc *desc;
0392
0393     desc = init_desc(EVM_XATTR_HMAC, HASH_ALGO_SHA1);
0394     if (IS_ERR(desc)) {
0395         pr_info("init_desc failed\n");
0396         return PTR_ERR(desc);
0397     }
0398
0399     crypto_shash_update(desc, lsm_xattr->value, lsm_xattr->value_len);
0400     hmac_add_misc(desc, inode, EVM_XATTR_HMAC, hmac_val);
0401     kfree(desc);
0402     return 0;
0403 }
0404
0405 /*
0406  * Get the key from the TPM for the SHA1-HMAC
0407  */
0408 int evm_init_key(void)
0409 {
0410     struct key *evm_key;
0411     struct encrypted_key_payload *ekp;
0412     int rc;
0413
0414     evm_key = request_key(&key_type_encrypted, EVMKEY, NULL);
0415     if (IS_ERR(evm_key))
0416         return -ENOENT;
0417
0418     down_read(&evm_key->sem);
0419     ekp = evm_key->payload.data[0];
0420
0421     rc = evm_set_key(ekp->decrypted_data, ekp->decrypted_datalen);
0422
0423     /* burn the original key contents */
0424     memset(ekp->decrypted_data, 0, ekp->decrypted_datalen);
0425     up_read(&evm_key->sem);
0426     key_put(evm_key);
0427     return rc;
0428 }