| xj | b04a402 | 2021-11-25 15:01:52 +0800 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (C) 2005-2010 IBM Corporation |
| 3 | * |
| 4 | * Authors: |
| 5 | * Mimi Zohar <zohar@us.ibm.com> |
| 6 | * Kylene Hall <kjhall@us.ibm.com> |
| 7 | * |
| 8 | * This program is free software; you can redistribute it and/or modify |
| 9 | * it under the terms of the GNU General Public License as published by |
| 10 | * the Free Software Foundation, version 2 of the License. |
| 11 | * |
| 12 | * File: evm.h |
| 13 | * |
| 14 | */ |
| 15 | |
| 16 | #ifndef __INTEGRITY_EVM_H |
| 17 | #define __INTEGRITY_EVM_H |
| 18 | |
| 19 | #include <linux/xattr.h> |
| 20 | #include <linux/security.h> |
| 21 | |
| 22 | #include "../integrity.h" |
| 23 | |
| 24 | #define EVM_INIT_HMAC 0x0001 |
| 25 | #define EVM_INIT_X509 0x0002 |
| 26 | #define EVM_ALLOW_METADATA_WRITES 0x0004 |
| 27 | #define EVM_SETUP_COMPLETE 0x80000000 /* userland has signaled key load */ |
| 28 | |
| 29 | #define EVM_KEY_MASK (EVM_INIT_HMAC | EVM_INIT_X509) |
| 30 | #define EVM_INIT_MASK (EVM_INIT_HMAC | EVM_INIT_X509 | EVM_SETUP_COMPLETE | \ |
| 31 | EVM_ALLOW_METADATA_WRITES) |
| 32 | |
| 33 | struct xattr_list { |
| 34 | struct list_head list; |
| 35 | char *name; |
| 36 | }; |
| 37 | |
| 38 | extern int evm_initialized; |
| 39 | |
| 40 | #define EVM_ATTR_FSUUID 0x0001 |
| 41 | |
| 42 | extern int evm_hmac_attrs; |
| 43 | |
| 44 | extern struct crypto_shash *hmac_tfm; |
| 45 | extern struct crypto_shash *hash_tfm; |
| 46 | |
| 47 | /* List of EVM protected security xattrs */ |
| 48 | extern struct list_head evm_config_xattrnames; |
| 49 | |
| 50 | struct evm_digest { |
| 51 | struct ima_digest_data hdr; |
| 52 | char digest[IMA_MAX_DIGEST_SIZE]; |
| 53 | } __packed; |
| 54 | |
| 55 | int evm_init_key(void); |
| 56 | int evm_update_evmxattr(struct dentry *dentry, |
| 57 | const char *req_xattr_name, |
| 58 | const char *req_xattr_value, |
| 59 | size_t req_xattr_value_len); |
| 60 | int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name, |
| 61 | const char *req_xattr_value, |
| 62 | size_t req_xattr_value_len, struct evm_digest *data); |
| 63 | int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name, |
| 64 | const char *req_xattr_value, |
| 65 | size_t req_xattr_value_len, char type, |
| 66 | struct evm_digest *data); |
| 67 | int evm_init_hmac(struct inode *inode, const struct xattr *xattr, |
| 68 | char *hmac_val); |
| 69 | int evm_init_secfs(void); |
| 70 | |
| 71 | #endif |