| /* |
| * Copyright (C) 2009-2010 IBM Corporation |
| * |
| * Authors: |
| * Mimi Zohar <zohar@us.ibm.com> |
| * |
| * This program is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU General Public License as |
| * published by the Free Software Foundation, version 2 of the |
| * License. |
| * |
| */ |
| |
| #include <linux/types.h> |
| #include <linux/integrity.h> |
| #include <crypto/sha.h> |
| |
| /* iint action cache flags */ |
| #define IMA_MEASURE 0x0001 |
| #define IMA_MEASURED 0x0002 |
| #define IMA_APPRAISE 0x0004 |
| #define IMA_APPRAISED 0x0008 |
| /*#define IMA_COLLECT 0x0010 do not use this flag */ |
| #define IMA_COLLECTED 0x0020 |
| #define IMA_AUDIT 0x0040 |
| #define IMA_AUDITED 0x0080 |
| |
| /* iint cache flags */ |
| #define IMA_ACTION_FLAGS 0xff00 |
| #define IMA_DIGSIG 0x0100 |
| #define IMA_DIGSIG_REQUIRED 0x0200 |
| |
| #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT) |
| #define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED \ |
| | IMA_COLLECTED) |
| |
| enum evm_ima_xattr_type { |
| IMA_XATTR_DIGEST = 0x01, |
| EVM_XATTR_HMAC, |
| EVM_IMA_XATTR_DIGSIG, |
| }; |
| |
| struct evm_ima_xattr_data { |
| u8 type; |
| u8 digest[SHA1_DIGEST_SIZE]; |
| } __attribute__((packed)); |
| |
| /* integrity data associated with an inode */ |
| struct integrity_iint_cache { |
| struct rb_node rb_node; /* rooted in integrity_iint_tree */ |
| struct inode *inode; /* back pointer to inode in question */ |
| u64 version; /* track inode changes */ |
| unsigned short flags; |
| struct evm_ima_xattr_data ima_xattr; |
| enum integrity_status ima_status:4; |
| enum integrity_status evm_status:4; |
| }; |
| |
| /* rbtree tree calls to lookup, insert, delete |
| * integrity data associated with an inode. |
| */ |
| struct integrity_iint_cache *integrity_iint_insert(struct inode *inode); |
| struct integrity_iint_cache *integrity_iint_find(struct inode *inode); |
| |
| #define INTEGRITY_KEYRING_EVM 0 |
| #define INTEGRITY_KEYRING_MODULE 1 |
| #define INTEGRITY_KEYRING_IMA 2 |
| #define INTEGRITY_KEYRING_MAX 3 |
| |
| #ifdef CONFIG_INTEGRITY_SIGNATURE |
| |
| int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, |
| const char *digest, int digestlen); |
| |
| #else |
| |
| static inline int integrity_digsig_verify(const unsigned int id, |
| const char *sig, int siglen, |
| const char *digest, int digestlen) |
| { |
| return -EOPNOTSUPP; |
| } |
| |
| #endif /* CONFIG_INTEGRITY_SIGNATURE */ |
| |
| /* set during initialization */ |
| extern int iint_initialized; |