From patchwork Tue Sep 14 16:33:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 12494201 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-21.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58C22C4167D for ; Tue, 14 Sep 2021 16:34:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2FD1561159 for ; Tue, 14 Sep 2021 16:34:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229850AbhINQfm (ORCPT ); Tue, 14 Sep 2021 12:35:42 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:3795 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229492AbhINQfm (ORCPT ); Tue, 14 Sep 2021 12:35:42 -0400 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4H884w3zWLz67xjd; Wed, 15 Sep 2021 00:32:00 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Tue, 14 Sep 2021 18:34:21 +0200 From: Roberto Sassu To: , , CC: , , , , , Roberto Sassu Subject: [PATCH v3 01/13] diglim: Overview Date: Tue, 14 Sep 2021 18:33:49 +0200 Message-ID: <20210914163401.864635-2-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210914163401.864635-1-roberto.sassu@huawei.com> References: <20210914163401.864635-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml754-chm.china.huawei.com (10.201.108.204) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: Add an overview of DIGLIM to Documentation/security/diglim/introduction.rst and the architecture to Documentation/security/diglim/architecture.rst Signed-off-by: Roberto Sassu --- .../security/diglim/architecture.rst | 46 ++ Documentation/security/diglim/index.rst | 11 + .../security/diglim/introduction.rst | 599 ++++++++++++++++++ Documentation/security/index.rst | 1 + MAINTAINERS | 9 + 5 files changed, 666 insertions(+) create mode 100644 Documentation/security/diglim/architecture.rst create mode 100644 Documentation/security/diglim/index.rst create mode 100644 Documentation/security/diglim/introduction.rst diff --git a/Documentation/security/diglim/architecture.rst b/Documentation/security/diglim/architecture.rst new file mode 100644 index 000000000000..bb22e25c92a1 --- /dev/null +++ b/Documentation/security/diglim/architecture.rst @@ -0,0 +1,46 @@ +.. SPDX-License-Identifier: GPL-2.0 + +Architecture +============ + +This section introduces the high level architecture of DIGLIM. + +:: + + 5. add/delete from hash table and add refs to digest list + +---------------------------------------------+ + | +-----+ +-------------+ +--+ + | | key |-->| digest refs |-->...-->| | + V +-----+ +-------------+ +--+ + +-------------+ +-----+ +-------------+ + | digest list | | key |-->| digest refs | + | (compact) | +-----+ +-------------+ + +-------------+ +-----+ +-------------+ + ^ 4. copy to | key |-->| digest refs | + | kernel memory +-----+ +-------------+ kernel space + -------------------------------------------------------------------------- + ^ ^ user space + |<----------------+ 3b. upload | + +-------------+ +------------+ | 6. query digest + | digest list | | user space | 2b. convert + | (compact) | | parser | + +-------------+ +------------+ + 1a. upload ^ 1b. read + | + +------------+ + | RPM header | + +------------+ + + +As mentioned at Documentation/security/diglim/introductions.rst, digest +lists can be uploaded directly if they are in the compact format (step 1a) +or can be uploaded indirectly by the user space parser if they are in an +alternative format (steps 1b-3b). + +During upload, the kernel makes a copy of the digest list to the kernel +memory (step 4), and creates the necessary structures to index the digests +(hash table and a linked list of digest list references to locate the +digests in the digest list) (step 5). + +Finally, digests can be searched from user space through a securityfs file +(step 6) or by the kernel itself. diff --git a/Documentation/security/diglim/index.rst b/Documentation/security/diglim/index.rst new file mode 100644 index 000000000000..0fc5ab019bc0 --- /dev/null +++ b/Documentation/security/diglim/index.rst @@ -0,0 +1,11 @@ +.. SPDX-License-Identifier: GPL-2.0 + +====================================== +Digest Lists Integrity Module (DIGLIM) +====================================== + +.. toctree:: + :maxdepth: 1 + + introduction + architecture diff --git a/Documentation/security/diglim/introduction.rst b/Documentation/security/diglim/introduction.rst new file mode 100644 index 000000000000..c73fe70c0f44 --- /dev/null +++ b/Documentation/security/diglim/introduction.rst @@ -0,0 +1,599 @@ +.. SPDX-License-Identifier: GPL-2.0 + +Introduction +============ + +Digest Lists Integrity Module (DIGLIM) is a component of the integrity +subsystem in the kernel, primarily aiming to aid Integrity Measurement +Architecture (IMA) in the process of checking the integrity of file content +and metadata. It accomplishes this task by storing reference values coming +from software vendors and by reporting whether or not the digest of file +content or metadata calculated by IMA (or EVM) is found among those values. +In this way, IMA can decide, depending on the result of a query, if a +measurement should be taken or access to the file should be granted. The +`Security Assumptions`_ section explains more in detail why this component +has been placed in the kernel. + +The main benefits of using IMA in conjunction with DIGLIM are the ability +to implement advanced remote attestation schemes based on the usage of a +TPM key for establishing a TLS secure channel [1]_ [2]_, and to reduce the +burden on Linux distribution vendors to extend secure boot at OS level to +applications. + +DIGLIM does not have the complexity of feature-rich databases. In fact, its +main functionality comes from the hash table primitives already in the +kernel. It does not have an ad-hoc storage module, it just indexes data in +a fixed format (digest lists, a set of concatenated digests preceded by a +header), copied to kernel memory as they are. Lastly, it does not support +database-oriented languages such as SQL, but only accepts a digest and its +algorithm as a query. + +The only digest list format supported by DIGLIM is called ``compact``. +However, Linux distribution vendors don't have to generate new digest lists +in this format for the packages they release, as already available +information, such as RPM headers and DEB package metadata, can be used as a +source for reference values (they include file digests), with a user space +parser taking care of the conversion to the compact format. + +Although one might perceive that storing file or metadata digests for a +Linux distribution would significantly increase the memory usage, this does +not seem to be the case. As an anticipation of the evaluation done in the +`Preliminary Performance Evaluation`_ section, protecting binaries and +shared libraries of a minimal Fedora 33 installation requires 208K of +memory for the digest lists plus 556K for indexing. + +In exchange for a slightly increased memory usage, DIGLIM improves the +performance of the integrity subsystem. In the considered scenario, IMA +measurement and appraisal of 5896 files with digest lists requires +respectively less than one quarter and less than half the time, compared to +the current solution. + +DIGLIM also keeps track of whether digest lists have been processed in some +way (e.g. measured or appraised by IMA). This is important for example for +remote attestation, so that remote verifiers understand what has been +uploaded to the kernel. + +Operations in DIGLIM are atomic: if an error occurs during the addition of +a digest list, DIGLIM rolls back the entire insert operation; deletions +instead always succeed. This capability has been tested with an ad-hoc +fault injection mechanism capable of simulating failures during the +operations. + +Finally, DIGLIM exposes to user space, through securityfs, the digest lists +currently loaded, the number of digests added, a query interface and an +interface to set digest list labels. + +.. [1] LSS EU 2019 + `slides `__ + and `video `__ + +.. [2] FutureTPM EU project, final review meeting demo + `slides `__ + and `video `__ + + +Binary Integrity +---------------- + +Integrity is a fundamental security property in information systems. +Integrity could be described as the condition in which a generic +component is just after it has been released by the entity that created it. + +One way to check whether a component is in this condition (called binary +integrity) is to calculate its digest and to compare it with a reference +value (i.e. the digest calculated in controlled conditions, when the +component is released). + +IMA, a software part of the integrity subsystem, can perform such +evaluation and execute different actions: + +- store the digest in an integrity-protected measurement list, so that it + can be sent to a remote verifier for analysis; +- compare the calculated digest with a reference value (usually protected + with a signature) and deny operations if the file is found corrupted; +- store the digest in the system log. + + +Benefits +-------- + +DIGLIM further enhances the capabilities offered by IMA-based solutions +and, at the same time, makes them more practical to adopt by reusing +existing sources as reference values for integrity decisions. + +Possible sources for digest lists are: + +- RPM headers; +- Debian repository metadata. + + +Benefits for IMA Measurement +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +One of the issues that arises when files are measured by the OS is that, +due to parallel execution, the order in which file accesses happen cannot +be predicted. Since the TPM Platform Configuration Register (PCR) extend +operation, executed after each file measurement, cryptographically binds +the current measurement to the previous ones, the PCR value at the end of a +workload cannot be predicted too. + +Thus, even if the usage of a TPM key, bound to a PCR value, should be +allowed when only good files were accessed, the TPM could unexpectedly deny +an operation on that key if files accesses did not happen as stated by the +key policy (which allows only one of the possible sequences). + +DIGLIM solves this issue by making the PCR value stable over the time and +not dependent on file accesses. The following figure depicts the current +and the new approaches:: + + IMA measurement list (current) + + entry# 1st boot 2nd boot 3rd boot + +----+---------------+ +----+---------------+ +----+---------------+ + 1: | 10 | file1 measur. | | 10 | file3 measur. | | 10 | file2 measur. | + +----+---------------+ +----+---------------+ +----+---------------+ + 2: | 10 | file2 measur. | | 10 | file2 measur. | | 10 | file3 measur. | + +----+---------------+ +----+---------------+ +----+---------------+ + 3: | 10 | file3 measur. | | 10 | file1 measur. | | 10 | file4 measur. | + +----+---------------+ +----+---------------+ +----+---------------+ + + PCR: Extend != Extend != Extend + file1, file2, file3 file3, file2, file1 file2, file3, file4 + + + PCR Extend definition: + + PCR(new value) = Hash(Hash(meas. entry), PCR(previous value)) + +A new entry in the measurement list is created by IMA for each file access. +Assuming that ``file1``, ``file2`` and ``file3`` are files provided by the +software vendor, ``file4`` is an unknown file, the first two PCR values +above represent a good system state, the third a bad system state. The PCR +values are the result of the PCR extend operation performed for each +measurement entry with the digest of the measurement entry as an input. + +:: + + IMA measurement list (with DIGLIM) + + dlist + +--------------+ + | header | + +--------------+ + | file1 digest | + | file2 digest | + | file3 digest | + +--------------+ + +``dlist`` is a digest list containing the digest of ``file1``, ``file2`` +and ``file3``. In the intended scenario, it is generated by a software +vendor at the end of the building process, and retrieved by the +administrator of the system where the digest list is loaded. + +:: + + entry# 1st boot 2nd boot 3rd boot + +----+---------------+ +----+---------------+ +----+---------------+ + 0: | 11 | dlist measur. | | 11 | dlist measur. | | 11 | dlist measur. | + +----+---------------+ +----+---------------+ +----+---------------+ + 1: < file1 measur. skip > < file3 measur. skip > < file2 measur. skip > + + 2: < file2 measur. skip > < file2 measur. skip > < file3 measur. skip > + +----+---------------+ + 3: < file3 measur. skip > < file1 measur. skip > | 11 | file4 measur. | + +----+---------------+ + + PCR: Extend = Extend != Extend + dlist dlist dlist, file4 + + +The first entry in the measurement list contains the digest of the digest +list uploaded to the kernel at kernel initialization time. + +When a file is accessed, IMA queries DIGLIM with the calculated file digest +and, if it is found, IMA skips the measurement. + +Thus, the only information sent to remote verifiers are: the list of +files that could possibly be accessed (from the digest list), but not if +they were accessed and when; the measurement of unknown files. + +Despite providing less information, this solution has the advantage that +the good system state (i.e. when only ``file1``, ``file2`` and ``file3`` +are accessed) now can be represented with a deterministic PCR value (the +PCR is extended only with the measurement of the digest list). Also, the +bad system state can still be distinguished from the good state (the PCR is +extended also with the measurement of ``file4``). + +If a TPM key is bound to the good PCR value, the TPM would allow the key to +be used if ``file1``, ``file2`` or ``file3`` are accessed, regardless of +the sequence in which they are accessed (the PCR value does not change), +and would revoke the permission when the unknown ``file4`` is accessed (the +PCR value changes). If a system is able to establish a TLS connection with +a peer, this implicitly means that the system was in a good state (i.e. +``file4`` was not accessed, otherwise the TPM would have denied the usage +of the TPM key due to the key policy). + + +Benefits for IMA Appraisal +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Extending secure boot to applications means being able to verify the +provenance of files accessed. IMA does it by verifying file signatures with +a key that it trusts, which requires Linux distribution vendors to +additionally include in the package header a signature for each file that +must be verified (there is the dedicated ``RPMTAG_FILESIGNATURES`` section +in the RPM header). + +The proposed approach would be instead to verify data provenance from +already available metadata (file digests) in existing packages. IMA would +verify the signature of package metadata and search file digests extracted +from package metadata and added to the hash table in the kernel. + +For RPMs, file digests can be found in the ``RPMTAG_FILEDIGESTS`` section +of ``RPMTAG_IMMUTABLE``, whose signature is in ``RPMTAG_RSAHEADER``. For +DEBs, file digests (unsafe to use due to a weak digest algorithm) can be +found in the ``md5sum`` file, which can be indirectly verified from +``Release.gpg``. + +The following figure highlights the differences between the current and the +proposed approach. + +:: + + IMA appraisal (current solution, with file signatures): + + appraise + +-----------+ + V | + +-------------------------+-----+ +-------+-----+ | + | RPM header | | ima rpm | file1 | sig | | + | ... | | plugin +-------+-----+ +-----+ + | file1 sig [to be added] | sig |--------> ... | IMA | + | ... | | +-------+-----+ +-----+ + | fileN sig [to be added] | | | fileN | sig | + +-------------------------+-----+ +-------+-----+ + +In this case, file signatures must be added to the RPM header, so that the +``ima`` rpm plugin can extract them together with the file content. The RPM +header signature is not used. + +:: + + IMA appraisal (with DIGLIM): + + kernel hash table + with RPM header content + +---+ +--------------+ + | |--->| file1 digest | + +---+ +--------------+ + ... + +---+ appraise (file1) + | | <--------------+ + +----------------+-----+ +---+ | + | RPM header | | ^ | + | ... | | digest_list | | + | file1 digest | sig | rpm plugin | +-------+ +-----+ + | ... | |-------------+--->| file1 | | IMA | + | fileN digest | | +-------+ +-----+ + +----------------+-----+ | + ^ | + +------------------------------------+ + appraise (RPM header) + +In this case, the RPM header is used as it is, and its signature is used +for IMA appraisal. Then, the ``digest_list`` rpm plugin executes the user +space parser to parse the RPM header and add the extracted digests to an +hash table in the kernel. IMA appraisal of the files in the RPM package +consists in searching their digest in the hash table. + +Other than reusing available information as digest list, another advantage +is the lower computational overhead compared to the solution with file +signatures (only one signature verification for many files and digest +lookup, instead of per file signature verification, see `Preliminary +Performance Evaluation`_ for more details). + + +Lifecycle +--------- + +The lifecycle of DIGLIM is represented in the following figure:: + + Vendor premises (release process with modifications): + + +------------+ +-----------------------+ +------------------------+ + | 1. build a | | 2. generate and sign | | 3. publish the package | + | package |-->| a digest list from |-->| and digest list in | + | | | packaged files | | a repository | + +------------+ +-----------------------+ +------------------------+ + | + | + User premises: | + V + +---------------------+ +------------------------+ +-----------------+ + | 6. use digest lists | | 5. download the digest | | 4. download and | + | for measurement |<--| list and upload to |<--| install the | + | and/or appraisal | | the kernel | | package | + +---------------------+ +------------------------+ +-----------------+ + +The figure above represents all the steps when a digest list is generated +separately. However, as mentioned in `Benefits`_, in most cases existing +packages can be already used as a source for digest lists, limiting the +effort for software vendors. + +If, for example, RPMs are used as a source for digest lists, the figure +above becomes:: + + Vendor premises (release process without modifications): + + +------------+ +------------------------+ + | 1. build a | | 2. publish the package | + | package |-->| in a repository |---------------------+ + | | | | | + +------------+ +------------------------+ | + | + | + User premises: | + V + +---------------------+ +------------------------+ +-----------------+ + | 5. use digest lists | | 4. extract digest list | | 3. download and | + | for measurement |<--| from the package |<--| install the | + | and/or appraisal | | and upload to the | | package | + | | | kernel | | | + +---------------------+ +------------------------+ +-----------------+ + +Step 4 can be performed with the ``digest_list`` rpm plugin and the user +space parser, without changes to rpm itself. + + +Security Assumptions +-------------------- + +As mentioned in the `Introduction`_, DIGLIM will be primarily used in +conjunction with IMA to enforce a mandatory policy on all user space +processes, including those owned by root. Even root, in a system with a +locked-down kernel, cannot affect the enforcement of the mandatory policy +or, if changes are permitted, it cannot do so without being detected. + +Given that the target of the enforcement are user space processes, DIGLIM +cannot be placed in the target, as a Mandatory Access Control (MAC) design +is required to have the components responsible to enforce the mandatory +policy separated from the target. + +While locking-down a system and limiting actions with a mandatory policy is +generally perceived by users as an obstacle, it has noteworthy benefits for +the users themselves. + +First, it would timely block attempts by malicious software to steal or +misuse user assets. Although users could query the package managers to +detect them, detection would happen after the fact, or it wouldn't happen +at all if the malicious software tampered with package managers. With a +mandatory policy enforced by the kernel, users would still be able to +decide which software they want to be executed except that, unlike package +managers, the kernel is not affected by user space processes or root. + +Second, it might make systems more easily verifiable from outside, due to +the limited actions the system allows. When users connect to a server, not +only they would be able to verify the server identity, which is already +possible with communication protocols like TLS, but also if the software +running on that server can be trusted to handle their sensitive data. + + +Adoption +-------- + +A former version of DIGLIM is used in the following OSes: + +- openEuler 20.09 + https://github.com/openeuler-mirror/kernel/tree/openEuler-20.09 + +- openEuler 21.03 + https://github.com/openeuler-mirror/kernel/tree/openEuler-21.03 + +Originally, DIGLIM was part of IMA (known as IMA Digest Lists). In this +version, it has been redesigned as a standalone module with an API that +makes its functionality accessible by IMA and, eventually, other +subsystems. + +User Space Support +------------------ + +Digest lists can be generated and managed with ``digest-list-tools``: + +https://github.com/openeuler-mirror/digest-list-tools + +It includes two main applications: + +- ``gen_digest_lists``: generates digest lists from files in the + filesystem or from the RPM database (more digest list sources can be + supported); +- ``manage_digest_lists``: converts and uploads digest lists to the + kernel. + +Integration with rpm is done with the ``digest_list`` plugin: + +https://gitee.com/src-openeuler/rpm/blob/master/Add-digest-list-plugin.patch + +This plugin writes the RPM header and its signature to a file, so that the +file is ready to be appraised by IMA, and calls the user space parser to +convert and upload the digest list to the kernel. + + +Simple Usage Example (Tested with Fedora 33) +-------------------------------------------- + +1. Digest list generation (RPM headers and their signature are copied to + the specified directory): + +.. code-block:: bash + + # mkdir /etc/digest_lists + # gen_digest_lists -t file -f rpm+db -d /etc/digest_lists -o add + +2. Digest list upload with the user space parser: + +.. code-block:: bash + + # manage_digest_lists -p add-digest -d /etc/digest_lists + +3. First digest list query: + +.. code-block:: bash + + # echo sha256-$(sha256sum /bin/cat) > /sys/kernel/security/integrity/diglim/digest_query + # cat /sys/kernel/security/integrity/diglim/digest_query + sha256-[...]-0-file_list-rpm-coreutils-8.32-18.fc33.x86_64 (actions: 0): version: 1, algo: sha256, type: 2, modifiers: 1, count: 106, datalen: 3392 + +4. Second digest list query: + +.. code-block:: bash + + # echo sha256-$(sha256sum /bin/zip) > /sys/kernel/security/integrity/diglim/digest_query + # cat /sys/kernel/security/integrity/diglim/digest_query + sha256-[...]-0-file_list-rpm-zip-3.0-27.fc33.x86_64 (actions: 0): version: 1, algo: sha256, type: 2, modifiers: 1, count: 4, datalen: 128 + + +Preliminary Performance Evaluation +---------------------------------- + +This section provides an initial estimation of the overhead introduced by +DIGLIM. The estimation has been performed on a Fedora 33 virtual machine +with 1447 packages installed. The virtual machine has 16 vCPU (host CPU: +AMD Ryzen Threadripper PRO 3955WX 16-Cores) and 2G of RAM (host memory: +64G). The virtual machine also has a vTPM with libtpms and swtpm as +backend. + +After writing the RPM headers to files, the size of the directory +containing them is 36M. + +After converting the RPM headers to the compact digest list, the size of +the data being uploaded to the kernel is 3.6M. + +The time to load the entire RPM database is 0.628s. + +After loading the digest lists to the kernel, the slab usage due to +indexing is (obtained with slab_nomerge in the kernel command line):: + + OBJS ACTIVE USE OBJ SIZE SLABS OBJ/SLAB CACHE SIZE NAME + 118144 118144 100% 0,03K 923 128 3692K digest_list_item_ref_cache + 102400 102400 100% 0,03K 800 128 3200K digest_item_cache + 2646 2646 100% 0,09K 63 42 252K digest_list_item_cache + +The stats, obtained from the ``digests_count`` interface, introduced later, +are:: + + Parser digests: 0 + File digests: 99100 + Metadata digests: 0 + Digest list digests: 1423 + +On this installation, this would be the worst case in which all files are +measured and/or appraised, which is currently not recommended without +enforcing an integrity policy protecting mutable files. Infoflow LSM is a +component to accomplish this task: + +https://patchwork.kernel.org/project/linux-integrity/cover/20190818235745.1417-1-roberto.sassu@huawei.com/ + +The first manageable goal of IMA with DIGLIM is to use an execution policy, +with measurement and/or appraisal of files executed or mapped in memory as +executable (in addition to kernel modules and firmware). In this +case, the digest list contains the digest only for those files. The numbers +above change as follows. + +After converting the RPM headers to the compact digest list, the size of +the data being uploaded to the kernel is 208K. + +The time to load the digest of binaries and shared libraries is 0.062s. + +After loading the digest lists to the kernel, the slab usage due to +indexing is:: + + OBJS ACTIVE USE OBJ SIZE SLABS OBJ/SLAB CACHE SIZE NAME + 7168 7168 100% 0,03K 56 128 224K digest_list_item_ref_cache + 7168 7168 100% 0,03K 56 128 224K digest_item_cache + 1134 1134 100% 0,09K 27 42 108K digest_list_item_cache + + +The stats, obtained from the ``digests_count`` interface, are:: + + Parser digests: 0 + File digests: 5986 + Metadata digests: 0 + Digest list digests: 1104 + + +Comparison with IMA +~~~~~~~~~~~~~~~~~~~ + +This section compares the performance between the current solution for IMA +measurement and appraisal, and IMA with DIGLIM. + + +Workload A (without DIGLIM): + +#. cat file[0-5985] > /dev/null + + +Workload B (with DIGLIM): + +#. echo $PWD/0-file_list-compact-file[0-1103] > /integrity/diglim/digest_list_add +#. cat file[0-5985] > /dev/null + + +Workload A execution time without IMA policy:: + + real 0m0,155s + user 0m0,008s + sys 0m0,066s + + +Measurement +........... + +IMA policy:: + + measure fowner=2000 func=FILE_CHECK mask=MAY_READ use_diglim=allow pcr=11 ima_template=ima-sig + +``use_diglim`` is a policy keyword not yet supported by IMA. + + +Workload A execution time with IMA and 5986 files with signature measured:: + + real 0m8,273s + user 0m0,008s + sys 0m2,537s + + +Workload B execution time with IMA, 1104 digest lists with signature +measured and uploaded to the kernel, and 5986 files with signature accessed +but not measured (due to the file digest being found in the hash table):: + + real 0m1,837s + user 0m0,036s + sys 0m0,583s + + +Appraisal +......... + +IMA policy:: + + appraise fowner=2000 func=FILE_CHECK mask=MAY_READ use_diglim=allow + +``use_diglim`` is a policy keyword not yet supported by IMA. + + +Workload A execution time with IMA and 5986 files with file signature +appraised:: + + real 0m2,197s + user 0m0,011s + sys 0m2,022s + + +Workload B execution time with IMA, 1104 digest lists with signature +appraised and uploaded to the kernel, and with 5986 files with signature +not verified (due to the file digest being found in the hash table):: + + real 0m0,982s + user 0m0,020s + sys 0m0,865s diff --git a/Documentation/security/index.rst b/Documentation/security/index.rst index 16335de04e8c..6c3aea41c55b 100644 --- a/Documentation/security/index.rst +++ b/Documentation/security/index.rst @@ -17,3 +17,4 @@ Security Documentation tpm/index digsig landlock + diglim/index diff --git a/MAINTAINERS b/MAINTAINERS index eeb4c70b3d5b..a3e8a6f2e34d 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -5502,6 +5502,15 @@ L: linux-gpio@vger.kernel.org S: Maintained F: drivers/gpio/gpio-gpio-mm.c +DIGLIM +M: Roberto Sassu +L: linux-integrity@vger.kernel.org +S: Supported +T: git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git +F: Documentation/security/diglim/architecture.rst +F: Documentation/security/diglim/index.rst +F: Documentation/security/diglim/introduction.rst + DIOLAN U2C-12 I2C DRIVER M: Guenter Roeck L: linux-i2c@vger.kernel.org From patchwork Tue Sep 14 16:33:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 12494203 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-21.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8261FC28CA2 for ; Tue, 14 Sep 2021 16:34:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 60F3061163 for ; Tue, 14 Sep 2021 16:34:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229929AbhINQfn (ORCPT ); Tue, 14 Sep 2021 12:35:43 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:3796 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229448AbhINQfm (ORCPT ); Tue, 14 Sep 2021 12:35:42 -0400 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4H885B0pryz67YZ9; Wed, 15 Sep 2021 00:32:14 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Tue, 14 Sep 2021 18:34:22 +0200 From: Roberto Sassu To: , , CC: , , , , , Roberto Sassu Subject: [PATCH v3 02/13] diglim: Basic definitions Date: Tue, 14 Sep 2021 18:33:50 +0200 Message-ID: <20210914163401.864635-3-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210914163401.864635-1-roberto.sassu@huawei.com> References: <20210914163401.864635-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml754-chm.china.huawei.com (10.201.108.204) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: Introduce the basic definitions, exported to user space, to use digest lists. The definitions, added to include/uapi/linux/diglim.h, are documented in Documentation/security/diglim/implementation.rst. Signed-off-by: Roberto Sassu --- .../security/diglim/implementation.rst | 97 +++++++++++++++++++ Documentation/security/diglim/index.rst | 1 + MAINTAINERS | 2 + include/uapi/linux/diglim.h | 51 ++++++++++ 4 files changed, 151 insertions(+) create mode 100644 Documentation/security/diglim/implementation.rst create mode 100644 include/uapi/linux/diglim.h diff --git a/Documentation/security/diglim/implementation.rst b/Documentation/security/diglim/implementation.rst new file mode 100644 index 000000000000..59a180b3bb3f --- /dev/null +++ b/Documentation/security/diglim/implementation.rst @@ -0,0 +1,97 @@ +.. SPDX-License-Identifier: GPL-2.0 + +Implementation +============== + +This section describes the implementation of DIGLIM. + + +Basic Definitions +----------------- + +This section introduces the basic definitions required to use DIGLIM. + + +Compact Digest List Format +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. kernel-doc:: include/uapi/linux/diglim.h + :identifiers: compact_list_hdr + +Compact Types +............. + +Digests can be of different types: + +- ``COMPACT_PARSER``: digests of executables which are given the ability to + parse digest lists not in the compact format and to upload to the kernel + the digest list converted to the compact format; +- ``COMPACT_FILE``: digests of regular files; +- ``COMPACT_METADATA``: digests of file metadata (e.g. the digest + calculated by EVM to verify a portable signature); +- ``COMPACT_DIGEST_LIST``: digests of digest lists (only used internally by + the kernel). + +Different users of DIGLIM might query digests with different compact types. +For example, IMA would be interested in COMPACT_FILE, as it deals with +regular files, while EVM would be interested in COMPACT_METADATA, as it +verifies file metadata. + + +Compact Modifiers +................. + +Digests can also have specific attributes called modifiers (bit position): + +- ``COMPACT_MOD_IMMUTABLE``: file content or metadata should not be + modifiable. + +IMA might use this information to deny open for writing, or EVM to deny +setxattr operations. + + +Actions +....... + +This section defines a set of possible actions that have been executed on +the digest lists (bit position): + +- ``COMPACT_ACTION_IMA_MEASURED``: the digest list has been measured by + IMA; +- ``COMPACT_ACTION_IMA_APPRAISED``: the digest list has been successfully + appraised by IMA; +- ``COMPACT_ACTION_IMA_APPRAISED_DIGSIG``: the digest list has been + successfully appraised by IMA by verifying a digital signature. + +This information might help users of DIGLIM to decide whether to use the +result of a queried digest. + +For example, if a digest belongs to a digest list that was not measured +before, IMA should ignore the result of the query, as the measurement list +sent to remote verifiers would lack which digests have been uploaded to the +kernel. + + +Compact Digest List Example +........................... + +:: + + version: 1, type: 2, modifiers: 0 algo: 4, count: 3, datalen: 96 + + version: 1, type: 3, modifiers: 1 algo: 6, count: 2, datalen: 128 + + +This digest list consists of two blocks. The first block contains three +SHA256 digests of regular files. The second block contains two SHA512 +digests of immutable metadata. + + +Compact Digest List Operations +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Finally, this section defines the possible operations that can be performed +with digest lists: + +- ``DIGEST_LIST_ADD``: the digest list is being added; +- ``DIGEST_LIST_DEL``: the digest list is being deleted. diff --git a/Documentation/security/diglim/index.rst b/Documentation/security/diglim/index.rst index 0fc5ab019bc0..4771134c2f0d 100644 --- a/Documentation/security/diglim/index.rst +++ b/Documentation/security/diglim/index.rst @@ -9,3 +9,4 @@ Digest Lists Integrity Module (DIGLIM) introduction architecture + implementation diff --git a/MAINTAINERS b/MAINTAINERS index a3e8a6f2e34d..b02a8616362b 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -5508,8 +5508,10 @@ L: linux-integrity@vger.kernel.org S: Supported T: git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git F: Documentation/security/diglim/architecture.rst +F: Documentation/security/diglim/implementation.rst F: Documentation/security/diglim/index.rst F: Documentation/security/diglim/introduction.rst +F: include/uapi/linux/diglim.h DIOLAN U2C-12 I2C DRIVER M: Guenter Roeck diff --git a/include/uapi/linux/diglim.h b/include/uapi/linux/diglim.h new file mode 100644 index 000000000000..423ad43b0880 --- /dev/null +++ b/include/uapi/linux/diglim.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* + * Copyright (C) 2017-2021 Huawei Technologies Duesseldorf GmbH + * + * Author: Roberto Sassu + * + * DIGLIM definitions exported to user space, useful for generating digest + * lists. + */ + +#ifndef _UAPI__LINUX_DIGLIM_H +#define _UAPI__LINUX_DIGLIM_H + +#include +#include + +enum compact_types { COMPACT_PARSER, COMPACT_FILE, COMPACT_METADATA, + COMPACT_DIGEST_LIST, COMPACT__LAST }; + +enum compact_modifiers { COMPACT_MOD_IMMUTABLE, COMPACT_MOD__LAST }; + +enum compact_actions { COMPACT_ACTION_IMA_MEASURED, + COMPACT_ACTION_IMA_APPRAISED, + COMPACT_ACTION_IMA_APPRAISED_DIGSIG, + COMPACT_ACTION__LAST }; + +enum ops { DIGEST_LIST_ADD, DIGEST_LIST_DEL, DIGEST_LIST_OP__LAST }; + +/** + * struct compact_list_hdr - header of the following concatenated digests + * @version: version of the digest list + * @_reserved: field set to zero and reserved for future use + * @type: type of digest list among enum compact_types + * @modifiers: bitmask of attributes with pos defined in enum compact_modifiers + * @algo: digest algo among enum hash_algo in include/uapi/linux/hash_info.h + * @count: number of digests + * @datalen: length of concatenated digests + * + * A digest list is a set of blocks composed by struct compact_list_hdr and + * the following concatenated digests. + */ +struct compact_list_hdr { + __u8 version; + __u8 _reserved; + __le16 type; + __le16 modifiers; + __le16 algo; + __le32 count; + __le32 datalen; +} __packed; +#endif /*_UAPI__LINUX_DIGLIM_H*/ From patchwork Tue Sep 14 16:33:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 12494199 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8A33CC28B5D for ; Tue, 14 Sep 2021 16:34:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 78E5B61163 for ; Tue, 14 Sep 2021 16:34:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229942AbhINQfo (ORCPT ); Tue, 14 Sep 2021 12:35:44 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:3797 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229522AbhINQfn (ORCPT ); Tue, 14 Sep 2021 12:35:43 -0400 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.201]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4H884x6TV0z6H6mX; Wed, 15 Sep 2021 00:32:01 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Tue, 14 Sep 2021 18:34:23 +0200 From: Roberto Sassu To: , , CC: , , , , , Roberto Sassu Subject: [PATCH v3 03/13] diglim: Objects Date: Tue, 14 Sep 2021 18:33:51 +0200 Message-ID: <20210914163401.864635-4-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210914163401.864635-1-roberto.sassu@huawei.com> References: <20210914163401.864635-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml754-chm.china.huawei.com (10.201.108.204) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: Define the objects to manage digest lists: - digest_list_item: a digest list loaded into the kernel; - digest_list_item_ref: a reference to a digest list; - digest_item: a digest of a digest list. Also define some helpers for the objects. More information can be found in Documentation/security/diglim/implementation.rst. Signed-off-by: Roberto Sassu --- .../security/diglim/implementation.rst | 78 +++++++ MAINTAINERS | 1 + security/integrity/diglim/diglim.h | 203 ++++++++++++++++++ 3 files changed, 282 insertions(+) create mode 100644 security/integrity/diglim/diglim.h diff --git a/Documentation/security/diglim/implementation.rst b/Documentation/security/diglim/implementation.rst index 59a180b3bb3f..2089b854e5a5 100644 --- a/Documentation/security/diglim/implementation.rst +++ b/Documentation/security/diglim/implementation.rst @@ -95,3 +95,81 @@ with digest lists: - ``DIGEST_LIST_ADD``: the digest list is being added; - ``DIGEST_LIST_DEL``: the digest list is being deleted. + + +Objects +------- + +This section defines the objects to manage digest lists. + +.. kernel-doc:: security/integrity/diglim/diglim.h + +They are represented in the following class diagram:: + + digest_offset, + hdr_offset---------------+ + | + | + +------------------+ | +----------------------+ + | digest_list_item |--- N:1 ---| digest_list_item_ref | + +------------------+ +----------------------+ + | + 1:N + | + +-------------+ + | digest_item | + +-------------+ + +A ``digest_list_item`` is associated to one or multiple +``digest_list_item_ref``, one for each digest it contains. However, +a ``digest_list_item_ref`` is associated to only one ``digest_list_item``, +as it represents a single location within a specific digest list. + +Given that a ``digest_list_item_ref`` represents a single location, it is +associated to only one ``digest_item``. However, a ``digest_item`` can have +multiple references (as it might appears multiple times within the same +digest list or in different digest lists, if it is duplicated). + +All digest list references are stored for a given digest, so that a query +result can include the OR of the modifiers and actions of each referenced +digest list. + +The relationship between the described objects can be graphically +represented as:: + + Hash table +-------------+ +-------------+ + PARSER +-----+ | digest_item | | digest_item | + FILE | key |-->| |-->...-->| | + METADATA +-----+ |ref0|...|refN| |ref0|...|refN| + +-------------+ +-------------+ + ref0: | | refN: + digest_offset | +-----------------------------+ digest_offset + hdr_offset | | hdr_offset + | | + V V + +--------------------+ + | digest_list_item | + | | + | size, buf, actions | + +--------------------+ + ^ + | + Hash table +-------------+ +-------------+ + DIGEST_LIST +-----+ |ref0 | |ref0 | + | key |-->| |-->...-->| | + +-----+ | digest_item | | digest_item | + +-------------+ +-------------+ + +The reference for the digest of the digest list differs from the references +for the other digest types. ``digest_offset`` and ``hdr_offset`` are set to +zero, so that the digest of the digest list is retrieved from the +``digest_list_item`` structure directly (see ``get_digest()`` below). + +Finally, this section defines useful helpers to access a digest or the +header the digest belongs to. For example: + +.. kernel-doc:: security/integrity/diglim/diglim.h + :identifiers: get_hdr + +.. kernel-doc:: security/integrity/diglim/diglim.h + :identifiers: get_digest diff --git a/MAINTAINERS b/MAINTAINERS index b02a8616362b..49e3989677a1 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -5512,6 +5512,7 @@ F: Documentation/security/diglim/implementation.rst F: Documentation/security/diglim/index.rst F: Documentation/security/diglim/introduction.rst F: include/uapi/linux/diglim.h +F: security/integrity/diglim/diglim.h DIOLAN U2C-12 I2C DRIVER M: Guenter Roeck diff --git a/security/integrity/diglim/diglim.h b/security/integrity/diglim/diglim.h new file mode 100644 index 000000000000..1c1f513060c7 --- /dev/null +++ b/security/integrity/diglim/diglim.h @@ -0,0 +1,203 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2005,2006,2007,2008 IBM Corporation + * Copyright (C) 2017-2021 Huawei Technologies Duesseldorf GmbH + * + * Author: Roberto Sassu + * + * Definitions only used inside DIGLIM. + */ + +#ifndef __DIGLIM_INTERNAL_H +#define __DIGLIM_INTERNAL_H + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define MAX_DIGEST_SIZE 64 +#define HASH_BITS 10 +#define DIGLIM_HTABLE_SIZE (1 << HASH_BITS) + +/** + * struct digest_list_item - a digest list loaded into the kernel + * + * @size: size of the digest list buffer + * @buf: digest list buffer + * @digest: digest of the digest list + * @label: label used to identify the digest list (e.g. file name) + * @actions: actions performed on the digest list + * @algo: digest algorithm + */ +struct digest_list_item { + loff_t size; + u8 *buf; + u8 digest[64]; + const char *label; + u8 actions; + enum hash_algo algo; +}; + +/** + * struct digest_list_item_ref - a reference to a digest list + * + * @list: linked list pointers + * @digest_list: pointer to struct digest_list_item + * @digest_offset: offset of the digest in the referenced digest list + * @hdr_offset: offset of the header the digest refers to in the digest list + */ +struct digest_list_item_ref { + struct list_head list; + struct digest_list_item *digest_list; + u32 digest_offset; + u32 hdr_offset; +}; + +/** + * struct digest_item - a digest of a digest list + * + * @hnext: pointers of the hash table + * @refs: linked list of struct digest_list_item_ref + */ +struct digest_item { + struct hlist_node hnext; + struct list_head refs; +}; + +/** + * struct h_table - hash table of struct digest_item + * + * @len: number of stored struct digest_item + * @queue: heads of the hash table + */ +struct h_table { + unsigned long len; + struct hlist_head queue[DIGLIM_HTABLE_SIZE]; +}; + +static inline unsigned int hash_key(u8 *digest) +{ + return (digest[0] | digest[1] << 8) % DIGLIM_HTABLE_SIZE; +} + +/** + * get_hdr - get a compact header from a digest list + * @digest_list: digest list the header is obtained from + * @hdr_offset: header offset relative to the digest list buffer + * + * This function obtains a header from a digest list buffer and a header offset. + * + * Return: a compact list header + */ +static inline struct compact_list_hdr * +get_hdr(struct digest_list_item *digest_list, loff_t hdr_offset) +{ + return (struct compact_list_hdr *)(digest_list->buf + hdr_offset); +} + +/** + * get_algo - get a digest algorithm from a digest list + * @digest_list: digest list the digest algorithm is obtained from + * @digest_offset: offset of the digest relative to the digest list buffer + * @hdr_offset: offset of the header relative to the digest list buffer + * + * This function returns the algorithm from struct digest_list_item if the + * passed digest offset is zero, or from the header the digest refers to if the + * digest offset is not zero. + * + * Return: the algorithm of the digest list digest or a digest inside the digest + * list + */ +static inline enum hash_algo get_algo(struct digest_list_item *digest_list, + loff_t digest_offset, loff_t hdr_offset) +{ + /* Digest list digest algorithm is stored in a different place. */ + if (!digest_offset) + return digest_list->algo; + + return get_hdr(digest_list, hdr_offset)->algo; +} + +/** + * get_digest - get a digest from a digest list + * @digest_list: digest list the digest is obtained from + * @digest_offset: offset of the digest relative to the digest list buffer + * @hdr_offset: offset of the header relative to the digest list buffer + * + * This function returns the digest from struct digest_list_item if the + * passed digest offset is zero, or from the digest list buffer if the + * digest offset is not zero. + * + * Return: the digest list digest or a digest inside the digest list + */ +static inline u8 *get_digest(struct digest_list_item *digest_list, + loff_t digest_offset, loff_t hdr_offset) +{ + /* Digest list digest is stored in a different place. */ + if (!digest_offset) + return digest_list->digest; + + return digest_list->buf + digest_offset; +} + +/** + * get_hdr_ref - get a compact header from a digest list reference + * @ref: digest list reference the header is obtained from + * + * This function obtains a header from a digest list reference, which contains + * the pointer to the digest list buffer and the digest and header offsets. + * + * Return: a compact list header + */ +static inline struct compact_list_hdr * +get_hdr_ref(struct digest_list_item_ref *ref) +{ + return get_hdr(ref->digest_list, ref->hdr_offset); +} + +/** + * get_algo_ref - get a digest algorithm from a digest list reference + * @ref: digest list reference the digest algorithm is obtained from + * + * This function returns the algorithm from struct digest_list_item_ref, which + * contains the pointer to the digest list buffer and the digest and header + * offsets. + * + * Return: the algorithm of the digest list digest or a digest inside the digest + * list + */ +static inline enum hash_algo get_algo_ref(struct digest_list_item_ref *ref) +{ + /* Digest list digest algorithm is stored in a different place. */ + if (!ref->digest_offset) + return ref->digest_list->algo; + + return get_hdr_ref(ref)->algo; +} + +/** + * get_digest_ref - get a digest from a digest list reference + * @ref: digest list reference the digest is obtained from + * + * This function returns the digest from struct digest_list_item_ref, which + * contains the pointer to the digest list buffer and the digest and header + * offsets. + * + * Return: the digest list digest or a digest inside the digest list + */ +static inline u8 *get_digest_ref(struct digest_list_item_ref *ref) +{ + /* Digest list digest is stored in a different place. */ + if (!ref->digest_offset) + return ref->digest_list->digest; + + return ref->digest_list->buf + ref->digest_offset; +} +#endif /*__DIGLIM_INTERNAL_H*/ From patchwork Tue Sep 14 16:33:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 12494205 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BA3DAC28B5F for ; Tue, 14 Sep 2021 16:34:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A41246112E for ; Tue, 14 Sep 2021 16:34:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229990AbhINQfp (ORCPT ); Tue, 14 Sep 2021 12:35:45 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:3798 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229801AbhINQfo (ORCPT ); Tue, 14 Sep 2021 12:35:44 -0400 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4H885C3ZFBz67wqf; Wed, 15 Sep 2021 00:32:15 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Tue, 14 Sep 2021 18:34:23 +0200 From: Roberto Sassu To: , , CC: , , , , , Roberto Sassu Subject: [PATCH v3 04/13] diglim: Methods Date: Tue, 14 Sep 2021 18:33:52 +0200 Message-ID: <20210914163401.864635-5-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210914163401.864635-1-roberto.sassu@huawei.com> References: <20210914163401.864635-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml754-chm.china.huawei.com (10.201.108.204) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: Introduce the methods requires to manage the three objects defined. - digest_item methods: - digest_add() - digest_del() - __digest_lookup() - diglim_digest_get_info() - digest_list_item_ref methods: - digest_list_ref_add() - digest_list_ref_del() - digest_list_item methods: - digest_list_add() - digest_list_del() More information about these functions can be found in Documentation/security/diglim/implementation.rst. Signed-off-by: Roberto Sassu --- .../security/diglim/implementation.rst | 9 + MAINTAINERS | 2 + include/linux/diglim.h | 28 + security/integrity/Kconfig | 1 + security/integrity/Makefile | 1 + security/integrity/diglim/Kconfig | 11 + security/integrity/diglim/Makefile | 8 + security/integrity/diglim/diglim.h | 20 +- security/integrity/diglim/methods.c | 513 ++++++++++++++++++ 9 files changed, 592 insertions(+), 1 deletion(-) create mode 100644 include/linux/diglim.h create mode 100644 security/integrity/diglim/Kconfig create mode 100644 security/integrity/diglim/Makefile create mode 100644 security/integrity/diglim/methods.c diff --git a/Documentation/security/diglim/implementation.rst b/Documentation/security/diglim/implementation.rst index 2089b854e5a5..83342ec12f74 100644 --- a/Documentation/security/diglim/implementation.rst +++ b/Documentation/security/diglim/implementation.rst @@ -173,3 +173,12 @@ header the digest belongs to. For example: .. kernel-doc:: security/integrity/diglim/diglim.h :identifiers: get_digest + + +Methods +------- + +This section introduces the methods requires to manage the three objects +defined. + +.. kernel-doc:: security/integrity/diglim/methods.c diff --git a/MAINTAINERS b/MAINTAINERS index 49e3989677a1..06c6ba0b3f25 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -5511,8 +5511,10 @@ F: Documentation/security/diglim/architecture.rst F: Documentation/security/diglim/implementation.rst F: Documentation/security/diglim/index.rst F: Documentation/security/diglim/introduction.rst +F: include/linux/diglim.h F: include/uapi/linux/diglim.h F: security/integrity/diglim/diglim.h +F: security/integrity/diglim/methods.c DIOLAN U2C-12 I2C DRIVER M: Guenter Roeck diff --git a/include/linux/diglim.h b/include/linux/diglim.h new file mode 100644 index 000000000000..d4b4548a288b --- /dev/null +++ b/include/linux/diglim.h @@ -0,0 +1,28 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2017-2021 Huawei Technologies Duesseldorf GmbH + * + * Author: Roberto Sassu + * + * DIGLIM functions available for use by kernel subsystems. + */ + +#ifndef __DIGLIM_H +#define __DIGLIM_H + +#include +#include + +#ifdef CONFIG_DIGLIM +extern int diglim_digest_get_info(u8 *digest, enum hash_algo algo, + enum compact_types type, u16 *modifiers, + u8 *actions); +#else +static inline int diglim_digest_get_info(u8 *digest, enum hash_algo algo, + enum compact_types type, + u16 *modifiers, u8 *actions) +{ + return -ENOENT; +} +#endif /*CONFIG_DIGLIM*/ +#endif /*__DIGLIM_H*/ diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig index 71f0177e8716..8f94f4dcc052 100644 --- a/security/integrity/Kconfig +++ b/security/integrity/Kconfig @@ -98,5 +98,6 @@ config INTEGRITY_AUDIT source "security/integrity/ima/Kconfig" source "security/integrity/evm/Kconfig" +source "security/integrity/diglim/Kconfig" endif # if INTEGRITY diff --git a/security/integrity/Makefile b/security/integrity/Makefile index 7ee39d66cf16..d6166550a6b8 100644 --- a/security/integrity/Makefile +++ b/security/integrity/Makefile @@ -19,3 +19,4 @@ integrity-$(CONFIG_LOAD_PPC_KEYS) += platform_certs/efi_parser.o \ platform_certs/keyring_handler.o obj-$(CONFIG_IMA) += ima/ obj-$(CONFIG_EVM) += evm/ +obj-$(CONFIG_DIGLIM) += diglim/ diff --git a/security/integrity/diglim/Kconfig b/security/integrity/diglim/Kconfig new file mode 100644 index 000000000000..436a76a14337 --- /dev/null +++ b/security/integrity/diglim/Kconfig @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-only +# Digest Lists Integrity Module (DIGLIM) +# +config DIGLIM + bool "Digest Lists Integrity Module (DIGLIM)" + select SECURITYFS + select CRYPTO + select CRYPTO_HASH_INFO + help + DIGLIM provides reference values for file content and metadata, + that can be used for measurement and appraisal with IMA. diff --git a/security/integrity/diglim/Makefile b/security/integrity/diglim/Makefile new file mode 100644 index 000000000000..b761ed8cfb3e --- /dev/null +++ b/security/integrity/diglim/Makefile @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Makefile for building Digest Lists Integrity Module (DIGLIM). +# + +obj-$(CONFIG_DIGLIM) += diglim.o + +diglim-y := methods.o diff --git a/security/integrity/diglim/diglim.h b/security/integrity/diglim/diglim.h index 1c1f513060c7..75359f9cd3dd 100644 --- a/security/integrity/diglim/diglim.h +++ b/security/integrity/diglim/diglim.h @@ -20,7 +20,7 @@ #include #include #include -#include +#include #define MAX_DIGEST_SIZE 64 #define HASH_BITS 10 @@ -87,6 +87,8 @@ static inline unsigned int hash_key(u8 *digest) return (digest[0] | digest[1] << 8) % DIGLIM_HTABLE_SIZE; } +extern struct h_table diglim_htable[COMPACT__LAST]; + /** * get_hdr - get a compact header from a digest list * @digest_list: digest list the header is obtained from @@ -200,4 +202,20 @@ static inline u8 *get_digest_ref(struct digest_list_item_ref *ref) return ref->digest_list->buf + ref->digest_offset; } + +struct digest_item *__digest_lookup(u8 *digest, enum hash_algo algo, + enum compact_types type, u16 *modifiers, + u8 *actions); +struct digest_item *digest_add(u8 *digest, enum hash_algo algo, + enum compact_types type, + struct digest_list_item *digest_list, + loff_t digest_offset, loff_t hdr_offset); +void digest_del(u8 *digest, enum hash_algo algo, enum compact_types type, + struct digest_list_item *digest_list, loff_t digest_offset, + loff_t hdr_offset); +struct digest_item *digest_list_add(u8 *digest, enum hash_algo algo, + loff_t size, u8 *buf, u8 actions, + const char *label); +void digest_list_del(u8 *digest, enum hash_algo algo, u8 actions, + struct digest_list_item *digest_list); #endif /*__DIGLIM_INTERNAL_H*/ diff --git a/security/integrity/diglim/methods.c b/security/integrity/diglim/methods.c new file mode 100644 index 000000000000..b90c8c9dbd1a --- /dev/null +++ b/security/integrity/diglim/methods.c @@ -0,0 +1,513 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2005,2006,2007,2008 IBM Corporation + * Copyright (C) 2017-2021 Huawei Technologies Duesseldorf GmbH + * + * Author: Roberto Sassu + * + * Functions to manage digest lists. + */ + +#include +#include +#include + +#include "diglim.h" +#include "../integrity.h" + +/* Define a cache for each object type. */ +static struct kmem_cache *digest_list_item_cache __read_mostly; +static struct kmem_cache *digest_list_item_ref_cache __read_mostly; +static struct kmem_cache *digest_item_cache __read_mostly; + +/* Define a hash table for each digest type. */ +struct h_table diglim_htable[COMPACT__LAST] = {{ + .queue[0 ... DIGLIM_HTABLE_SIZE - 1] = HLIST_HEAD_INIT +}}; + +#ifdef CONFIG_FAULT_INJECTION_DEBUG_FS +static DECLARE_FAULT_ATTR(fail_diglim); + +static int __init fail_diglim_debugfs(void) +{ + struct dentry *dir = fault_create_debugfs_attr("fail_diglim", NULL, + &fail_diglim); + + return PTR_ERR_OR_ZERO(dir); +} + +static inline bool should_fail_diglim(void) +{ + return should_fail(&fail_diglim, 1); +} + +late_initcall(fail_diglim_debugfs); +#else +static inline bool should_fail_diglim(void) +{ + return false; +} +#endif + +/** + * __digest_lookup - lookup digest and return associated modifiers and actions + * @digest: digest to lookup + * @algo: digest algorithm + * @type: type of digest to lookup (e.g. file, metadata) + * @modifiers: modifiers (attributes) associated to the found digest + * @actions: actions performed by IMA on the digest list containing the digest + * + * This function searches the given digest in the hash table depending on the + * passed type and sets the modifiers and actions associated to the digest, if + * the pointers are not NULL. + * + * This function is not intended for external use, as the returned digest item + * could be freed at any time after it has been returned. + * diglim_digest_get_info() should be used instead by external callers, as it + * only returns the modifiers and the actions associated to the digest at the + * time the digest is searched. + * + * RCU protects both the hash table and the linked list of references to the + * digest lists containing the found digest. + * + * Return: a digest_item structure if the digest is found, NULL otherwise. + */ +struct digest_item *__digest_lookup(u8 *digest, enum hash_algo algo, + enum compact_types type, u16 *modifiers, + u8 *actions) +{ + struct digest_item *d = NULL; + struct digest_list_item_ref *ref; + int digest_len = hash_digest_size[algo]; + unsigned int key = hash_key(digest); + bool found = false; + + rcu_read_lock(); + hlist_for_each_entry_rcu(d, &diglim_htable[type].queue[key], hnext) { + list_for_each_entry_rcu(ref, &d->refs, list) { + if (get_algo_ref(ref) != algo || + memcmp(get_digest_ref(ref), digest, digest_len)) + break; + + found = true; + + /* There is no need to scan all digest list refs. */ + if (!modifiers || !actions) + break; + + /* + * The resulting modifiers and actions are the OR of the + * modifiers and actions for each digest list. + */ + *modifiers |= get_hdr_ref(ref)->modifiers; + *actions |= ref->digest_list->actions; + } + + if (found) + break; + } + + rcu_read_unlock(); + return d; +} + +/** + * diglim_digest_get_info - lookup digest and return modifiers and actions + * @digest: digest to lookup + * @algo: digest algorithm + * @type: type of digest to lookup (e.g. file, metadata) + * @modifiers: modifiers (attributes) associated to the found digest + * @actions: actions performed by IMA on the digest lists containing the digest + * + * This function searches the given digest in the hash table depending on the + * passed type and sets the modifiers and actions associated to the digest, if + * the pointers are not NULL. + * + * This function is safe for external use, as it does not return pointers of + * objects that can be freed without the caller notices it. + * + * Return: 0 if the digest is found, -ENOENT otherwise. + */ +int diglim_digest_get_info(u8 *digest, enum hash_algo algo, + enum compact_types type, u16 *modifiers, u8 *actions) +{ + struct digest_item *d; + + d = __digest_lookup(digest, algo, type, modifiers, actions); + if (!d) + return -ENOENT; + + return 0; +} + +/** + * digest_list_ref_add - add reference to a digest list + * @d: digest a new reference is added to + * @digest_list: digest list whose reference is being added + * @digest_offset: offset of the digest in the buffer of the digest list + * @hdr_offset: offset of the header within the digest list the digest refers to + * + * This function adds a new reference to an existing digest list for a given + * digest. The reference is described by the digest_list_item_ref structure and + * consists of a pointer of the digest list, the offset of the digest to the + * beginning of the digest list buffer and the offset of the header the digest + * refers to (each digest list might be composed of several digest blocks, each + * prefixed by a header describing the attributes of those digests). + * + * Return: 0 if a new digest list reference was successfully added, a negative + * value otherwise. + */ +static int digest_list_ref_add(struct digest_item *d, + struct digest_list_item *digest_list, + loff_t digest_offset, loff_t hdr_offset) +{ + struct digest_list_item_ref *new_ref = NULL; + u8 *digest = get_digest(digest_list, digest_offset, hdr_offset); + enum hash_algo algo = get_algo(digest_list, digest_offset, hdr_offset); + int digest_len = hash_digest_size[algo]; + + /* Allocate a new reference. */ + if (!should_fail_diglim()) + new_ref = kmem_cache_alloc(digest_list_item_ref_cache, + GFP_KERNEL); + if (!new_ref) { + print_hex_dump(KERN_ERR, "digest list ref allocation failed: ", + DUMP_PREFIX_NONE, digest_len, 1, digest, + digest_len, true); + return -ENOMEM; + } + + /* Set the new reference. */ + new_ref->digest_list = digest_list; + /* Converting loff_t -> u32 is fine as long as the digest list < 4G. */ + new_ref->digest_offset = digest_offset; + new_ref->hdr_offset = hdr_offset; + + list_add_tail_rcu(&new_ref->list, &d->refs); + + print_hex_dump_debug("add digest list ref: ", DUMP_PREFIX_NONE, + digest_len, 1, digest, digest_len, true); + return 0; +} + +/** + * digest_list_ref_del - del reference to a digest list + * @d: digest a reference is deleted from + * @digest_list: digest list whose reference is being deleted + * @digest_offset: offset of the digest in the buffer of the digest list + * @hdr_offset: offset of the header within the digest list the digest refers to + * + * This function searches the reference to an already loaded digest list in the + * linked list of references stored for each digest item. If the reference is + * found (if not, it is a bug), the function deletes it from the linked list. + */ +static void digest_list_ref_del(struct digest_item *d, + struct digest_list_item *digest_list, + loff_t digest_offset, loff_t hdr_offset) +{ + struct digest_list_item_ref *ref; + u8 *digest = get_digest(digest_list, digest_offset, hdr_offset); + enum hash_algo algo = get_algo(digest_list, digest_offset, hdr_offset); + int digest_len = hash_digest_size[algo]; + + /* Search for a digest list reference. */ + list_for_each_entry(ref, &d->refs, list) + if (ref->digest_list == digest_list) + break; + + if (!ref) { + print_hex_dump(KERN_ERR, "digest list ref not found: ", + DUMP_PREFIX_NONE, digest_len, 1, digest, + digest_len, true); + return; + } + + list_del_rcu(&ref->list); + kmem_cache_free(digest_list_item_ref_cache, ref); + + print_hex_dump_debug("del digest list ref: ", DUMP_PREFIX_NONE, + digest_len, 1, digest, digest_len, true); +} + +/** + * digest_add - add a new digest + * @digest: digest in binary form + * @algo: digest algorithm + * @type: digest type + * @digest_list: digest list the new digest belongs to + * @digest_offset: offset of the digest in the buffer of the digest list + * @hdr_offset: offset of the header within the digest list the digest refers to + * + * This function first searches if the digest is already in the hash table for + * the given type. The digest is searched by comparing the passed digest and + * algorithm with the digest obtained from the first digest list reference + * (buffer + digest_offset), or from the digest field of a digest list item, + * for a digest list. + * + * If the digest exists, only a new reference is added (there might be multiple + * references to the same digest list). + * + * If the digest is not found, a new digest item is allocated and a reference to + * the passed digest list is added to that item. The digest item is finally + * added to the hash table for the given type. + * + * Proper locking must be provided by the caller. + * + * Return: a new or the found digest item on success, an error pointer + * otherwise. + */ +struct digest_item *digest_add(u8 *digest, enum hash_algo algo, + enum compact_types type, + struct digest_list_item *digest_list, + loff_t digest_offset, loff_t hdr_offset) +{ + int digest_len = hash_digest_size[algo]; + struct digest_item *d; + int ret; + + /* Search the digest. */ + d = __digest_lookup(digest, algo, type, NULL, NULL); + if (d) { + /* + * Add a new digest list reference to the existing digest item. + */ + ret = digest_list_ref_add(d, digest_list, digest_offset, + hdr_offset); + if (ret < 0) + return ERR_PTR(ret); + + print_hex_dump_debug("digest add duplicate: ", DUMP_PREFIX_NONE, + digest_len, 1, digest, digest_len, true); + return d; + } + + /* Allocate a new digest item. */ + if (!should_fail_diglim()) + d = kmem_cache_alloc(digest_item_cache, GFP_KERNEL); + if (!d) { + print_hex_dump_debug("digest allocation failed: ", + DUMP_PREFIX_NONE, digest_len, 1, digest, + digest_len, true); + return ERR_PTR(-ENOMEM); + } + + INIT_LIST_HEAD(&d->refs); + + /* Add a new digest list reference to the new digest item. */ + ret = digest_list_ref_add(d, digest_list, digest_offset, hdr_offset); + if (ret < 0) { + kmem_cache_free(digest_item_cache, d); + return ERR_PTR(ret); + } + + /* Add the new digest item to the hash table for the given type. */ + hlist_add_head_rcu(&d->hnext, + &diglim_htable[type].queue[hash_key(digest)]); + diglim_htable[type].len++; + + print_hex_dump_debug("digest add: ", DUMP_PREFIX_NONE, digest_len, 1, + digest, digest_len, true); + return d; +} + +/** + * digest_del - delete a digest with one reference, or just a reference + * @digest: digest in binary form + * @algo: digest algorithm + * @type: digest type + * @digest_list: digest list the digest belongs to + * @digest_offset: offset of the digest in the buffer of the digest list + * @hdr_offset: offset of the header within the digest list the digest refers to + * + * This function is called when a digest list is being removed. The digest is + * first searched in the hash table for the given type. If it is found (if not, + * it is a bug, because digest lists can be deleted only if they were added + * previously), a reference of the passed digest list is deleted from the linked + * list of references of the digest item. + * + * If the last reference was deleted, the digest item is also deleted and + * removed from the hash table. + * + * Proper locking must be provided by the caller. + */ +void digest_del(u8 *digest, enum hash_algo algo, enum compact_types type, + struct digest_list_item *digest_list, loff_t digest_offset, + loff_t hdr_offset) +{ + struct digest_item *d; + int digest_len = hash_digest_size[algo]; + + /* Search the digest. */ + d = __digest_lookup(digest, algo, type, NULL, NULL); + if (!d) { + print_hex_dump(KERN_ERR, "digest not found: ", DUMP_PREFIX_NONE, + digest_len, 1, digest, digest_len, true); + return; + } + + /* Delete a reference of the passed digest list. */ + digest_list_ref_del(d, digest_list, digest_offset, hdr_offset); + + print_hex_dump_debug(!list_empty(&d->refs) ? + "digest del duplicate: " : "digest del: ", + DUMP_PREFIX_NONE, digest_len, 1, digest, + digest_len, true); + + /* Return if there are still references. */ + if (!list_empty(&d->refs)) + return; + + /* + * Remove the digest item from the hash table and free it if there are + * no more references left. + */ + hlist_del_rcu(&d->hnext); + diglim_htable[type].len--; + kmem_cache_free(digest_item_cache, d); +} + +static void digest_list_free(struct digest_list_item *digest_list) +{ + kfree(digest_list->label); + kfree(digest_list->buf); + kmem_cache_free(digest_list_item_cache, digest_list); +} + +/** + * digest_list_add - add a new digest list + * @digest: digest of the digest list in binary form + * @algo: digest algorithm + * @size: digest list size + * @buf: digest list buffer + * @actions: actions (measure/appraise) performed by IMA on the digest list + * @label: label to be used to identify the digest list + * + * This function allocates a new digest list item, which contains the buffer, + * size, actions performed by IMA and a label. Each digest list item is + * associated to a digest item representing the digest of the digest list. + * + * This function prevents the same digest list to be added multiple times by + * searching its digest in the hash table for the COMPACT_DIGEST_LIST type. + * + * The passed buffer is copied in a new memory area, to avoid to reference + * memory that could be freed by the caller. + * + * If allocation of a new digest list and the associated buffer was successful, + * its digest is added to the hash table for the COMPACT_DIGEST_LIST type. + * + * Proper locking must be provided by the caller. + * + * Return: the digest item associated to the digest list item on success, an + * error pointer otherwise. + */ +struct digest_item *digest_list_add(u8 *digest, enum hash_algo algo, + loff_t size, u8 *buf, u8 actions, + const char *label) +{ + struct digest_item *d; + struct digest_list_item *digest_list = NULL; + int digest_len = hash_digest_size[algo]; + + /* Search the digest of the digest list. */ + d = __digest_lookup(digest, algo, COMPACT_DIGEST_LIST, NULL, NULL); + if (d) { + print_hex_dump_debug("digest list already uploaded: ", + DUMP_PREFIX_NONE, digest_len, 1, digest, + digest_len, true); + return ERR_PTR(-EEXIST); + } + + /* Allocate a new digest list. */ + if (!should_fail_diglim()) + digest_list = kmem_cache_alloc(digest_list_item_cache, + GFP_KERNEL); + if (!digest_list) { + print_hex_dump(KERN_ERR, "digest list allocation failed: ", + DUMP_PREFIX_NONE, digest_len, 1, digest, + digest_len, true); + return ERR_PTR(-ENOMEM); + } + + digest_list->buf = NULL; + digest_list->size = size; + digest_list->label = NULL; + + if (!should_fail_diglim()) + digest_list->buf = kmemdup(buf, size, GFP_KERNEL); + if (!digest_list->buf) { + print_hex_dump(KERN_ERR, "digest list allocation failed: ", + DUMP_PREFIX_NONE, digest_len, 1, digest, + digest_len, true); + digest_list_free(digest_list); + return ERR_PTR(-ENOMEM); + } + + digest_list->actions = actions; + memcpy(digest_list->digest, digest, hash_digest_size[algo]); + digest_list->algo = algo; + if (!should_fail_diglim()) + digest_list->label = kstrdup(label, GFP_KERNEL); + if (!digest_list->label) { + print_hex_dump(KERN_ERR, "digest list allocation failed: ", + DUMP_PREFIX_NONE, digest_len, 1, digest, + digest_len, true); + digest_list_free(digest_list); + return ERR_PTR(-ENOMEM); + } + + /* Add the digest of the digest list to the hash table. */ + d = digest_add(digest, algo, COMPACT_DIGEST_LIST, digest_list, 0, 0); + if (IS_ERR(d)) + digest_list_free(digest_list); + + return d; +} + +/** + * digest_list_del - delete an existing digest list + * @digest: digest of the digest list in binary form + * @algo: digest algorithm + * @actions: actions (measure/appraise) performed by IMA on the digest list + * @digest_list: digest list to delete + * + * This function searches the digest of the digest list in the hash table for + * the COMPACT_DIGEST_LIST type. If it is found, this function frees the buffer + * and the digest list item allocated in digest_list_add(). + * + * This function will be executed only for digest lists that were previously + * added. + * + * Proper locking must be provided by the caller. + */ +void digest_list_del(u8 *digest, enum hash_algo algo, u8 actions, + struct digest_list_item *digest_list) +{ + /* Delete the digest item associated to the digest list. */ + digest_del(digest, algo, COMPACT_DIGEST_LIST, digest_list, 0, 0); + + /* + * Free the buffer, the label and the digest list item allocated when + * the digest list was added. + */ + digest_list_free(digest_list); +} + +static int __init digest_list_cache_init(void) +{ + digest_list_item_cache = kmem_cache_create("digest_list_item_cache", + sizeof(struct digest_list_item), + 0, SLAB_PANIC, NULL); + + digest_list_item_ref_cache = kmem_cache_create( + "digest_list_item_ref_cache", + sizeof(struct digest_list_item_ref), 0, + SLAB_PANIC, NULL); + + digest_item_cache = kmem_cache_create("digest_item_cache", + sizeof(struct digest_item), 0, + SLAB_PANIC, NULL); + + return 0; +} + +late_initcall(digest_list_cache_init) From patchwork Tue Sep 14 16:33:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 12494207 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C30F9C4332F for ; Tue, 14 Sep 2021 16:35:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9F52A61107 for ; Tue, 14 Sep 2021 16:35:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229868AbhINQhD (ORCPT ); Tue, 14 Sep 2021 12:37:03 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:3799 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229675AbhINQg4 (ORCPT ); Tue, 14 Sep 2021 12:36:56 -0400 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.207]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4H886c14mFz67stq; Wed, 15 Sep 2021 00:33:28 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Tue, 14 Sep 2021 18:35:36 +0200 From: Roberto Sassu To: , , CC: , , , , , Roberto Sassu Subject: [PATCH v3 05/13] diglim: Parser Date: Tue, 14 Sep 2021 18:33:53 +0200 Message-ID: <20210914163401.864635-6-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210914163401.864635-1-roberto.sassu@huawei.com> References: <20210914163401.864635-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml754-chm.china.huawei.com (10.201.108.204) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: Introduce the necessary functions to parse a digest list and to execute the requested operation. The main function is digest_list_parse(), which coordinates the various steps required to add or delete a digest list, and has the logic to roll back when one of the steps fails. A more detailed description about the steps can be found in Documentation/security/diglim/implementation.rst Signed-off-by: Roberto Sassu --- .../security/diglim/implementation.rst | 35 +++ MAINTAINERS | 1 + security/integrity/diglim/Makefile | 2 +- security/integrity/diglim/diglim.h | 3 + security/integrity/diglim/parser.c | 274 ++++++++++++++++++ 5 files changed, 314 insertions(+), 1 deletion(-) create mode 100644 security/integrity/diglim/parser.c diff --git a/Documentation/security/diglim/implementation.rst b/Documentation/security/diglim/implementation.rst index 83342ec12f74..626af0d245ef 100644 --- a/Documentation/security/diglim/implementation.rst +++ b/Documentation/security/diglim/implementation.rst @@ -182,3 +182,38 @@ This section introduces the methods requires to manage the three objects defined. .. kernel-doc:: security/integrity/diglim/methods.c + + +Parser +------ + +This section introduces the necessary functions to parse a digest list and +to execute the requested operation. + +.. kernel-doc:: security/integrity/diglim/parser.c + +The main function is digest_list_parse(), which coordinates the various +steps required to add or delete a digest list, and has the logic to roll +back when one of the steps fails. + +#. Calls digest_list_validate() to validate the passed buffer containing + the digest list to ensure that the format is correct. + +#. Calls get_digest_list() to create a new digest_list_item for the add + operation, or to retrieve the existing one for the delete operation. + get_digest_list() refuses to add digest lists that were previously + added and to delete digest lists that weren't previously added. Also, + get_digest_list() refuses to delete digest lists if there are actions + done at addition time that are not currently being performed (it would + guarantee that also deletion is notified to remote verifiers). + +#. Calls _digest_list_parse() which takes the created/retrieved + struct digest_list_item and adds or delete the digests included in the + digest list. + +#. If an error occurred, performs a rollback to the previous state, by + calling _digest_list_parse() with the opposite operation and the buffer + size at the time the error occurred. + +#. digest_list_parse() deletes the struct digest_list_item on unsuccessful + add or successful delete. diff --git a/MAINTAINERS b/MAINTAINERS index 06c6ba0b3f25..f5959936d490 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -5515,6 +5515,7 @@ F: include/linux/diglim.h F: include/uapi/linux/diglim.h F: security/integrity/diglim/diglim.h F: security/integrity/diglim/methods.c +F: security/integrity/diglim/parser.c DIOLAN U2C-12 I2C DRIVER M: Guenter Roeck diff --git a/security/integrity/diglim/Makefile b/security/integrity/diglim/Makefile index b761ed8cfb3e..34e4e154fff3 100644 --- a/security/integrity/diglim/Makefile +++ b/security/integrity/diglim/Makefile @@ -5,4 +5,4 @@ obj-$(CONFIG_DIGLIM) += diglim.o -diglim-y := methods.o +diglim-y := methods.o parser.o diff --git a/security/integrity/diglim/diglim.h b/security/integrity/diglim/diglim.h index 75359f9cd3dd..afdb0affdc5e 100644 --- a/security/integrity/diglim/diglim.h +++ b/security/integrity/diglim/diglim.h @@ -218,4 +218,7 @@ struct digest_item *digest_list_add(u8 *digest, enum hash_algo algo, const char *label); void digest_list_del(u8 *digest, enum hash_algo algo, u8 actions, struct digest_list_item *digest_list); + +int digest_list_parse(loff_t size, void *buf, enum ops op, u8 actions, + u8 *digest, enum hash_algo algo, const char *label); #endif /*__DIGLIM_INTERNAL_H*/ diff --git a/security/integrity/diglim/parser.c b/security/integrity/diglim/parser.c new file mode 100644 index 000000000000..435d231028c7 --- /dev/null +++ b/security/integrity/diglim/parser.c @@ -0,0 +1,274 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2005,2006,2007,2008 IBM Corporation + * Copyright (C) 2017-2021 Huawei Technologies Duesseldorf GmbH + * + * Author: Roberto Sassu + * + * Functions to parse digest lists. + */ + +#include +#include + +#include "diglim.h" +#include "../integrity.h" + +/** + * digest_list_validate - validate format of digest list + * @size: buffer size + * @buf: buffer containing the digest list + * + * This function validates the format of the passed digest list. + * + * Return: 0 if the digest list was successfully validated, -EINVAL otherwise. + */ +static int digest_list_validate(loff_t size, void *buf) +{ + void *bufp = buf, *bufendp = buf + size; + struct compact_list_hdr *hdr; + size_t digest_len; + + while (bufp < bufendp) { + if (bufp + sizeof(*hdr) > bufendp) { + pr_err("insufficient data\n"); + return -EINVAL; + } + + hdr = bufp; + + if (hdr->version != 1) { + pr_err("unsupported version\n"); + return -EINVAL; + } + + if (hdr->_reserved != 0) { + pr_err("unexpected value for _reserved field\n"); + return -EINVAL; + } + + hdr->type = le16_to_cpu(hdr->type); + hdr->modifiers = le16_to_cpu(hdr->modifiers); + hdr->algo = le16_to_cpu(hdr->algo); + hdr->count = le32_to_cpu(hdr->count); + hdr->datalen = le32_to_cpu(hdr->datalen); + + if (hdr->algo >= HASH_ALGO__LAST) { + pr_err("invalid hash algorithm\n"); + return -EINVAL; + } + + digest_len = hash_digest_size[hdr->algo]; + + if (hdr->type >= COMPACT__LAST || + hdr->type == COMPACT_DIGEST_LIST) { + pr_err("invalid type %d\n", hdr->type); + return -EINVAL; + } + + bufp += sizeof(*hdr); + + if (hdr->datalen != hdr->count * digest_len || + bufp + hdr->datalen > bufendp) { + pr_err("invalid data\n"); + return -EINVAL; + } + + bufp += hdr->count * digest_len; + } + + return 0; +} + +/** + * _digest_list_parse - parse digest list and add/delete digests + * @size: buffer size + * @buf: buffer containing the digest list + * @op: operation to be performed + * @digest_list: digest list digests being added/deleted belong to + * + * This function parses the digest list and adds or delete the digests in the + * found digest blocks. + * + * Return: the buffer size if all digests were successfully added or deleted, + * the size of the already parsed buffer on error. + */ +static int _digest_list_parse(loff_t size, void *buf, enum ops op, + struct digest_list_item *digest_list) +{ + void *bufp = buf, *bufendp = buf + size; + struct compact_list_hdr *hdr; + struct digest_item *d = ERR_PTR(-EINVAL); + size_t digest_len; + int i; + + while (bufp < bufendp) { + if (bufp + sizeof(*hdr) > bufendp) + break; + + hdr = bufp; + bufp += sizeof(*hdr); + + digest_len = hash_digest_size[hdr->algo]; + + for (i = 0; i < hdr->count && bufp + digest_len <= bufendp; + i++, bufp += digest_len) { + switch (op) { + case DIGEST_LIST_ADD: + d = digest_add(bufp, hdr->algo, hdr->type, + digest_list, bufp - buf, + (void *)hdr - buf); + if (IS_ERR(d)) { + pr_err( + "failed to add a digest from %s\n", + digest_list->label); + goto out; + } + + break; + case DIGEST_LIST_DEL: + digest_del(bufp, hdr->algo, hdr->type, + digest_list, bufp - buf, + (void *)hdr - buf); + break; + default: + break; + } + } + } +out: + return bufp - buf; +} + +/** + * get_digest_list - get the digest list extracted digests will be associated to + * @size: buffer size + * @buf: buffer containing the digest list + * @op: digest list operation + * @actions: actions performed on the digest list being processed + * @digest: digest of the digest list + * @algo: digest algorithm + * @label: label to identify the digest list (e.g. file name) + * + * This function retrieves the digest list item for the passed digest and + * algorithm. If it is not found at addition time, this function creates a new + * one. + * + * This function prevents the imbalance of digests (references left after + * delete) by ensuring that only digest lists that were previously added can be + * deleted. + * + * This function also ensures that the actions done at the time of addition are + * also performed at the time of deletion (it would guarantee that also deletion + * is notified to remote verifiers). + * + * Return: the retrieved/created digest list item on success, an error pointer + * otherwise. + */ +static struct digest_list_item *get_digest_list(loff_t size, void *buf, + enum ops op, u8 actions, + u8 *digest, enum hash_algo algo, + const char *label) +{ + struct digest_item *d; + struct digest_list_item *digest_list; + int digest_len = hash_digest_size[algo]; + + switch (op) { + case DIGEST_LIST_ADD: + /* Add digest list to be associated to each digest. */ + d = digest_list_add(digest, algo, size, buf, actions, label); + if (IS_ERR(d)) + return (void *)d; + + digest_list = list_first_entry(&d->refs, + struct digest_list_item_ref, list)->digest_list; + break; + case DIGEST_LIST_DEL: + /* Lookup digest list to delete the references. */ + d = __digest_lookup(digest, algo, COMPACT_DIGEST_LIST, NULL, + NULL); + if (!d) { + print_hex_dump(KERN_ERR, + "digest list digest not found: ", + DUMP_PREFIX_NONE, digest_len, 1, digest, + digest_len, true); + return ERR_PTR(-ENOENT); + } + + digest_list = list_first_entry(&d->refs, + struct digest_list_item_ref, list)->digest_list; + + /* + * Reject deletion if there are actions done at addition time + * that are currently not being performed. + */ + if ((digest_list->actions & actions) != digest_list->actions) { + pr_err("missing actions, add: %d, del: %d\n", + digest_list->actions, actions); + return ERR_PTR(-EPERM); + } + + break; + default: + return ERR_PTR(-EINVAL); + } + + return digest_list; +} + +/** + * digest_list_parse - parse a digest list + * @size: buffer size + * @buf: buffer containing the digest list + * @op: digest list operation + * @actions: actions performed on the digest list being processed + * @digest: digest of the digest list + * @algo: digest algorithm + * @label: label to identify the digest list (e.g. file name) + * + * This function parses the passed digest list and executed the requested + * operation. If the operation cannot be successfully executed, this function + * performs a rollback to the previous state. + * + * Return: the buffer size on success, a negative value otherwise. + */ +int digest_list_parse(loff_t size, void *buf, enum ops op, u8 actions, + u8 *digest, enum hash_algo algo, const char *label) +{ + struct digest_list_item *digest_list; + enum ops rollback_op = (op == DIGEST_LIST_ADD) ? + DIGEST_LIST_DEL : DIGEST_LIST_ADD; + int ret, rollback_size; + + ret = digest_list_validate(size, buf); + if (ret < 0) + return ret; + + digest_list = get_digest_list(size, buf, op, actions, digest, algo, + label); + if (IS_ERR(digest_list)) + return PTR_ERR(digest_list); + + ret = _digest_list_parse(size, buf, op, digest_list); + if (ret < 0) + goto out; + + if (ret != size) { + rollback_size = ret; + + ret = _digest_list_parse(rollback_size, buf, rollback_op, + digest_list); + if (ret != rollback_size) + pr_err("rollback failed\n"); + + ret = -EINVAL; + } +out: + /* Delete digest list on unsuccessful add or successful delete. */ + if ((op == DIGEST_LIST_ADD && ret < 0) || + (op == DIGEST_LIST_DEL && ret == size)) + digest_list_del(digest, algo, actions, digest_list); + + return ret; +} From patchwork Tue Sep 14 16:33:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 12494209 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70793C433EF for ; Tue, 14 Sep 2021 16:35:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 59AF7610A6 for ; Tue, 14 Sep 2021 16:35:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230106AbhINQhD (ORCPT ); Tue, 14 Sep 2021 12:37:03 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:3800 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229870AbhINQg5 (ORCPT ); Tue, 14 Sep 2021 12:36:57 -0400 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4H886W5Xzmz67Pmr; Wed, 15 Sep 2021 00:33:23 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Tue, 14 Sep 2021 18:35:37 +0200 From: Roberto Sassu To: , , CC: , , , , , Roberto Sassu Subject: [PATCH v3 06/13] diglim: IMA info Date: Tue, 14 Sep 2021 18:33:54 +0200 Message-ID: <20210914163401.864635-7-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210914163401.864635-1-roberto.sassu@huawei.com> References: <20210914163401.864635-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml754-chm.china.huawei.com (10.201.108.204) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: Introduce diglim_ima_get_info() to retrieve the digest and the actions performed by IMA on the passed digest list file or buffer. diglim_ima_get_info() requires the caller to write-lock the file to ensure that the file content the integrity status is retrieved from didn't change since the time the buffer passed as argument was filled. Signed-off-by: Roberto Sassu --- MAINTAINERS | 1 + security/integrity/diglim/Makefile | 2 +- security/integrity/diglim/diglim.h | 6 ++ security/integrity/diglim/ima.c | 122 +++++++++++++++++++++++++++++ security/integrity/integrity.h | 4 + 5 files changed, 134 insertions(+), 1 deletion(-) create mode 100644 security/integrity/diglim/ima.c diff --git a/MAINTAINERS b/MAINTAINERS index f5959936d490..f10690dda734 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -5514,6 +5514,7 @@ F: Documentation/security/diglim/introduction.rst F: include/linux/diglim.h F: include/uapi/linux/diglim.h F: security/integrity/diglim/diglim.h +F: security/integrity/diglim/ima.c F: security/integrity/diglim/methods.c F: security/integrity/diglim/parser.c diff --git a/security/integrity/diglim/Makefile b/security/integrity/diglim/Makefile index 34e4e154fff3..880dc5300792 100644 --- a/security/integrity/diglim/Makefile +++ b/security/integrity/diglim/Makefile @@ -5,4 +5,4 @@ obj-$(CONFIG_DIGLIM) += diglim.o -diglim-y := methods.o parser.o +diglim-y := methods.o parser.o ima.o diff --git a/security/integrity/diglim/diglim.h b/security/integrity/diglim/diglim.h index afdb0affdc5e..ebe8936520b5 100644 --- a/security/integrity/diglim/diglim.h +++ b/security/integrity/diglim/diglim.h @@ -22,6 +22,8 @@ #include #include +#include "../integrity.h" + #define MAX_DIGEST_SIZE 64 #define HASH_BITS 10 #define DIGLIM_HTABLE_SIZE (1 << HASH_BITS) @@ -221,4 +223,8 @@ void digest_list_del(u8 *digest, enum hash_algo algo, u8 actions, int digest_list_parse(loff_t size, void *buf, enum ops op, u8 actions, u8 *digest, enum hash_algo algo, const char *label); + +int diglim_ima_get_info(struct file *file, u8 *buffer, size_t buffer_len, + char *event_name, u8 *digest, size_t digest_len, + enum hash_algo *algo, u8 *actions); #endif /*__DIGLIM_INTERNAL_H*/ diff --git a/security/integrity/diglim/ima.c b/security/integrity/diglim/ima.c new file mode 100644 index 000000000000..2cc1ec1299f8 --- /dev/null +++ b/security/integrity/diglim/ima.c @@ -0,0 +1,122 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2021 Huawei Technologies Duesseldorf GmbH + * + * Author: Roberto Sassu + * + * Functions to retrieve the integrity status from IMA. + */ + +#include +#include +#include + +#include "diglim.h" + +static int diglim_ima_get_info_file(struct file *file, u8 *digest, + size_t digest_len, enum hash_algo *algo, + u8 *actions) +{ + struct integrity_iint_cache *iint; + struct inode *inode = file_inode(file); + int ret = -ENOENT; + + iint = integrity_iint_find(inode); + if (!iint) + return ret; + + mutex_lock(&iint->mutex); + /* File digest has not been calculated. */ + if (!(iint->flags & IMA_COLLECTED)) + goto out; + + ret = 0; + + if (iint->flags & IMA_MEASURED) + *actions |= 1 << COMPACT_ACTION_IMA_MEASURED; + + if (iint->flags & IMA_APPRAISED) + *actions |= 1 << COMPACT_ACTION_IMA_APPRAISED; + + if (test_bit(IMA_DIGSIG, &iint->atomic_flags)) + *actions |= 1 << COMPACT_ACTION_IMA_APPRAISED_DIGSIG; + + if (algo) + *algo = iint->ima_hash->algo; + if (digest) + memcpy(digest, iint->ima_hash->digest, hash_digest_size[*algo]); +out: + mutex_unlock(&iint->mutex); + return ret; +} + +static int diglim_ima_get_info_buffer(u8 *buffer, size_t buffer_len, + char *event_name, u8 *digest, + size_t digest_len, enum hash_algo *algo, + u8 *actions) +{ + int ret; + + ret = ima_measure_critical_data("diglim", event_name, buffer, + buffer_len, false, digest, digest_len); + if (ret < 0 && ret != -EEXIST) + return -ENOENT; + + *algo = ima_get_current_hash_algo(); + + if (!ret || ret == -EEXIST) + *actions |= 1 << COMPACT_ACTION_IMA_MEASURED; + + return 0; +} + +/** + * diglim_ima_get_info - retrieve the integrity status of digest list from IMA + * @file: file to retrieve the integrity status from + * @buffer: buffer to retrieve the integrity status from (alternative to file) + * @buffer_len: buffer length + * @event_name: name of the event to be generated by IMA for buffer measurement + * @digest: digest of the file or the buffer + * @digest_len: digest length + * @algo: digest algorithm + * @actions: actions performed on the file or the buffer + * + * This function attempts to retrieve some information from the passed digest + * list file or buffer: the digest, its algorithm, and the actions performed by + * IMA. + * + * This function first attempts to retrieve the information from the file, and + * if unsuccessful, attempts with the buffer. + * + * The caller must prevent writes to the file with deny_write_access() to ensure + * that the file content the integrity status is retrieved from didn't change + * since the time the buffer passed as argument was filled. + * + * Return: 0 if the information has been successfully retrieved, -ENOENT + * otherwise. + */ +int diglim_ima_get_info(struct file *file, u8 *buffer, size_t buffer_len, + char *event_name, u8 *digest, size_t digest_len, + enum hash_algo *algo, u8 *actions) +{ + int ret = -ENOENT; + + /* Ensure that the file is write-locked. */ + if (file && atomic_read(&file_inode(file)->i_writecount) >= 0) + return -EINVAL; + + if (file) { + ret = diglim_ima_get_info_file(file, digest, digest_len, algo, + actions); + if (!ret && (*actions & (1 << COMPACT_ACTION_IMA_MEASURED))) + return ret; + } + + if (buffer) { + ret = diglim_ima_get_info_buffer(buffer, buffer_len, event_name, + digest, digest_len, algo, + actions); + } + + return ret; +} diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 74919b638f52..de5dde382f11 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -6,6 +6,9 @@ * Mimi Zohar */ +#ifndef __INTEGRITY_H +#define __INTEGRITY_H + #ifdef pr_fmt #undef pr_fmt #endif @@ -285,3 +288,4 @@ static inline void __init add_to_platform_keyring(const char *source, { } #endif +#endif /*__INTEGRITY_H*/ From patchwork Tue Sep 14 16:33:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 12494215 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 380DBC4332F for ; Tue, 14 Sep 2021 16:36:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 257E061165 for ; Tue, 14 Sep 2021 16:36:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230146AbhINQhD (ORCPT ); Tue, 14 Sep 2021 12:37:03 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:3801 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229917AbhINQg5 (ORCPT ); Tue, 14 Sep 2021 12:36:57 -0400 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.201]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4H886d38wHz67tGc; Wed, 15 Sep 2021 00:33:29 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Tue, 14 Sep 2021 18:35:37 +0200 From: Roberto Sassu To: , , CC: , , , , , Roberto Sassu Subject: [PATCH v3 07/13] diglim: Interfaces - digest_list_add, digest_list_del Date: Tue, 14 Sep 2021 18:33:55 +0200 Message-ID: <20210914163401.864635-8-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210914163401.864635-1-roberto.sassu@huawei.com> References: <20210914163401.864635-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml754-chm.china.huawei.com (10.201.108.204) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: Introduce /integrity/diglim/digest_list_add, which can be used to upload a digest list and add the digests to the hash table; passed data are interpreted as file path if the first byte is / or as the digest list itself otherwise. diglim_ima_get_info() is called to retrieve from IMA the digest of the passed digest list (file or buffer), and the actions performed (measure/ appraise/appraise with signature). Also introduce /integrity/diglim/digest_list_del, which can be used to upload a digest list and delete the digests from the hash table; data are interpreted in the same way as described for digest_list_add. Signed-off-by: Roberto Sassu --- .../security/diglim/implementation.rst | 9 + MAINTAINERS | 1 + include/linux/kernel_read_file.h | 1 + security/integrity/diglim/Makefile | 2 +- security/integrity/diglim/diglim.h | 2 + security/integrity/diglim/fs.c | 276 ++++++++++++++++++ 6 files changed, 290 insertions(+), 1 deletion(-) create mode 100644 security/integrity/diglim/fs.c diff --git a/Documentation/security/diglim/implementation.rst b/Documentation/security/diglim/implementation.rst index 626af0d245ef..f7b48c093f39 100644 --- a/Documentation/security/diglim/implementation.rst +++ b/Documentation/security/diglim/implementation.rst @@ -217,3 +217,12 @@ back when one of the steps fails. #. digest_list_parse() deletes the struct digest_list_item on unsuccessful add or successful delete. + + +Interfaces +---------- + +This section introduces the interfaces in +``/integrity/diglim`` necessary to interact with DIGLIM. + +.. kernel-doc:: security/integrity/diglim/fs.c diff --git a/MAINTAINERS b/MAINTAINERS index f10690dda734..826f628f4fab 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -5514,6 +5514,7 @@ F: Documentation/security/diglim/introduction.rst F: include/linux/diglim.h F: include/uapi/linux/diglim.h F: security/integrity/diglim/diglim.h +F: security/integrity/diglim/fs.c F: security/integrity/diglim/ima.c F: security/integrity/diglim/methods.c F: security/integrity/diglim/parser.c diff --git a/include/linux/kernel_read_file.h b/include/linux/kernel_read_file.h index 575ffa1031d3..636ecdfdc616 100644 --- a/include/linux/kernel_read_file.h +++ b/include/linux/kernel_read_file.h @@ -14,6 +14,7 @@ id(KEXEC_INITRAMFS, kexec-initramfs) \ id(POLICY, security-policy) \ id(X509_CERTIFICATE, x509-certificate) \ + id(DIGEST_LIST, digest-list) \ id(MAX_ID, ) #define __fid_enumify(ENUM, dummy) READING_ ## ENUM, diff --git a/security/integrity/diglim/Makefile b/security/integrity/diglim/Makefile index 880dc5300792..5cb1a8bfa0fc 100644 --- a/security/integrity/diglim/Makefile +++ b/security/integrity/diglim/Makefile @@ -5,4 +5,4 @@ obj-$(CONFIG_DIGLIM) += diglim.o -diglim-y := methods.o parser.o ima.o +diglim-y := methods.o parser.o ima.o fs.o diff --git a/security/integrity/diglim/diglim.h b/security/integrity/diglim/diglim.h index ebe8936520b5..c597c2e7a52a 100644 --- a/security/integrity/diglim/diglim.h +++ b/security/integrity/diglim/diglim.h @@ -227,4 +227,6 @@ int digest_list_parse(loff_t size, void *buf, enum ops op, u8 actions, int diglim_ima_get_info(struct file *file, u8 *buffer, size_t buffer_len, char *event_name, u8 *digest, size_t digest_len, enum hash_algo *algo, u8 *actions); + +ssize_t digest_list_read(struct path *root, char *path, enum ops op); #endif /*__DIGLIM_INTERNAL_H*/ diff --git a/security/integrity/diglim/fs.c b/security/integrity/diglim/fs.c new file mode 100644 index 000000000000..5698afd2d18a --- /dev/null +++ b/security/integrity/diglim/fs.c @@ -0,0 +1,276 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2005,2006,2007,2008 IBM Corporation + * Copyright (C) 2017-2021 Huawei Technologies Duesseldorf GmbH + * + * Author: Roberto Sassu + * + * Functions for the interfaces exposed in securityfs. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "diglim.h" + +#define MAX_DIGEST_LIST_SIZE (64 * 1024 * 1024 - 1) + +static struct dentry *diglim_dir; +/** + * DOC: digest_list_add + * + * digest_list_add can be used to upload a digest list and add the digests + * to the hash table; passed data are interpreted as file path if the first + * byte is ``/`` or as the digest list itself otherwise. + * + * diglim_ima_get_info() is called to retrieve from IMA the digest of the passed + * digest list (file or buffer), and the actions performed (measure/appraise/ + * appraise with signature). + */ +static struct dentry *digest_list_add_dentry; +/** + * DOC: digest_list_del + * + * digest_list_del can be used to upload a digest list and delete the + * digests from the hash table; data are interpreted in the same way as + * described for digest_list_add. + */ +static struct dentry *digest_list_del_dentry; +char digest_list_label[NAME_MAX + 1]; + +/* + * check_modsig: detect appended signature + */ +static int check_modsig(u8 *buf, size_t buf_len) +{ + const size_t marker_len = strlen(MODULE_SIG_STRING); + const struct module_signature *sig; + size_t sig_len; + const void *p; + + if (buf_len <= marker_len + sizeof(*sig)) + return -ENOENT; + + p = buf + buf_len - marker_len; + if (memcmp(p, MODULE_SIG_STRING, marker_len)) + return -ENOENT; + + sig = (const struct module_signature *)(p - sizeof(*sig)); + sig_len = be32_to_cpu(sig->sig_len); + return marker_len + sig_len + sizeof(*sig); +} + +/* + * digest_list_read: read and parse the digest list from the path + */ +ssize_t digest_list_read(struct path *root, char *path, enum ops op) +{ + void *data = NULL; + char *datap; + size_t size; + u8 actions = 0; + struct file *file; + char event_name[NAME_MAX + 9 + 1]; + u8 digest[IMA_MAX_DIGEST_SIZE] = { 0 }; + enum hash_algo algo; + int rc, pathlen = strlen(path); + + /* Remove \n. */ + datap = path; + strsep(&datap, "\n"); + + if (root) + file = file_open_root(root, path, O_RDONLY, 0); + else + file = filp_open(path, O_RDONLY, 0); + if (IS_ERR(file)) { + pr_err("unable to open file: %s (%ld)", path, PTR_ERR(file)); + return PTR_ERR(file); + } + + /* Deny writes to the file to obtain stable information from IMA. */ + rc = deny_write_access(file); + if (rc < 0) { + pr_err("unable to deny write access to file: %s (%d)", path, + rc); + goto out; + } + + rc = kernel_read_file(file, 0, &data, INT_MAX, NULL, + READING_DIGEST_LIST); + if (rc < 0) { + pr_err("unable to read file: %s (%d)", path, rc); + goto out_allow_write; + } + + size = rc; + rc = check_modsig(data, size); + if (rc > 0) + size -= rc; + + snprintf(event_name, sizeof(event_name), "%s_file_%s", + op == DIGEST_LIST_ADD ? "add" : "del", + file_dentry(file)->d_name.name); + + rc = diglim_ima_get_info(file, data, size, event_name, digest, + sizeof(digest), &algo, &actions); + if (rc < 0) { + pr_err("unable to retrieve IMA info for %s (%d)\n", path, rc); + goto out_vfree; + } + + rc = digest_list_parse(size, data, op, actions, digest, algo, ""); + if (rc < 0 && rc != -EEXIST) + pr_err("unable to upload digest list %s (%d)\n", path, rc); +out_vfree: + vfree(data); +out_allow_write: + allow_write_access(file); +out: + fput(file); + + if (rc < 0) + return rc; + + return pathlen; +} + +/* + * digest_list_write: write the digest list path or the digest list itself + */ +static ssize_t digest_list_write(struct file *file, const char __user *buf, + size_t datalen, loff_t *ppos) +{ + char *data; + char *digest_list_label_ptr; + ssize_t result; + enum ops op = DIGEST_LIST_ADD; + struct dentry *dentry = file_dentry(file); + u8 digest[IMA_MAX_DIGEST_SIZE]; + char event_name[NAME_MAX + 11 + 1]; + enum hash_algo algo; + u8 actions = 0; + + /* No partial writes. */ + result = -EINVAL; + if (*ppos != 0) + goto out; + + result = -EFBIG; + if (datalen > MAX_DIGEST_LIST_SIZE) + goto out; + + data = memdup_user_nul(buf, datalen); + if (IS_ERR(data)) { + result = PTR_ERR(data); + goto out; + } + + if (dentry == digest_list_del_dentry) + op = DIGEST_LIST_DEL; + + result = -EPERM; + + if (data[0] == '/') { + result = digest_list_read(NULL, data, op); + } else { + /* Remove \n. */ + digest_list_label_ptr = digest_list_label; + strsep(&digest_list_label_ptr, "\n"); + + snprintf(event_name, sizeof(event_name), "%s_buffer_%s", + op == DIGEST_LIST_ADD ? "add" : "del", + digest_list_label); + + result = diglim_ima_get_info(NULL, data, datalen, event_name, + digest, sizeof(digest), &algo, + &actions); + if (result < 0) { + pr_err("unable to retrieve IMA info for buffer (%ld)\n", + result); + goto out_kfree; + } + + memset(digest_list_label, 0, sizeof(digest_list_label)); + + result = digest_list_parse(datalen, data, op, actions, digest, + algo, ""); + if (result < 0 && result != -EEXIST) + pr_err("unable to upload generated digest list\n"); + } +out_kfree: + kfree(data); +out: + return result; +} + +static unsigned long flags; + +/* + * digest_list_open: sequentialize access to the add/del files + */ +static int digest_list_open(struct inode *inode, struct file *filp) +{ + if ((filp->f_flags & O_ACCMODE) != O_WRONLY) + return -EACCES; + + if (test_and_set_bit(0, &flags)) + return -EBUSY; + + return 0; +} + +/* + * digest_list_release - release the add/del files + */ +static int digest_list_release(struct inode *inode, struct file *file) +{ + clear_bit(0, &flags); + return 0; +} + +static const struct file_operations digest_list_upload_ops = { + .open = digest_list_open, + .write = digest_list_write, + .read = seq_read, + .release = digest_list_release, + .llseek = generic_file_llseek, +}; + +static int __init diglim_fs_init(void) +{ + diglim_dir = securityfs_create_dir("diglim", integrity_dir); + if (IS_ERR(diglim_dir)) + return -1; + + digest_list_add_dentry = securityfs_create_file("digest_list_add", 0200, + diglim_dir, NULL, + &digest_list_upload_ops); + if (IS_ERR(digest_list_add_dentry)) + goto out; + + digest_list_del_dentry = securityfs_create_file("digest_list_del", 0200, + diglim_dir, NULL, + &digest_list_upload_ops); + if (IS_ERR(digest_list_del_dentry)) + goto out; + + return 0; +out: + securityfs_remove(digest_list_del_dentry); + securityfs_remove(digest_list_add_dentry); + securityfs_remove(diglim_dir); + return -1; +} + +late_initcall(diglim_fs_init); From patchwork Tue Sep 14 16:33:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 12494213 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3170C4332F for ; Tue, 14 Sep 2021 16:35:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CB0746112E for ; Tue, 14 Sep 2021 16:35:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230310AbhINQhF (ORCPT ); Tue, 14 Sep 2021 12:37:05 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:3802 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229663AbhINQg6 (ORCPT ); Tue, 14 Sep 2021 12:36:58 -0400 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.207]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4H886f0gvSz67wjx; Wed, 15 Sep 2021 00:33:30 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Tue, 14 Sep 2021 18:35:38 +0200 From: Roberto Sassu To: , , CC: , , , , , Roberto Sassu Subject: [PATCH v3 08/13] diglim: Interfaces - digest_lists_loaded Date: Tue, 14 Sep 2021 18:33:56 +0200 Message-ID: <20210914163401.864635-9-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210914163401.864635-1-roberto.sassu@huawei.com> References: <20210914163401.864635-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml754-chm.china.huawei.com (10.201.108.204) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: Introduce the digest_lists_loaded directory in /integrity/diglim. It contains two files for each loaded digest list: one shows the digest list in binary format, and the other (with .ascii prefix) shows the digest list in ASCII format. Files are added and removed at the same time digest lists are added and removed. Signed-off-by: Roberto Sassu --- security/integrity/diglim/fs.c | 318 ++++++++++++++++++++++++++++++++- 1 file changed, 315 insertions(+), 3 deletions(-) diff --git a/security/integrity/diglim/fs.c b/security/integrity/diglim/fs.c index 5698afd2d18a..4913c1df2918 100644 --- a/security/integrity/diglim/fs.c +++ b/security/integrity/diglim/fs.c @@ -26,6 +26,17 @@ #define MAX_DIGEST_LIST_SIZE (64 * 1024 * 1024 - 1) static struct dentry *diglim_dir; +/** + * DOC: digest_lists_loaded + * + * digest_lists_loaded is a directory containing two files for each + * loaded digest list: one shows the digest list in binary format, and the + * other (with .ascii prefix) shows the digest list in ASCII format. + * + * Files are added and removed at the same time digest lists are added and + * removed. + */ +static struct dentry *digest_lists_loaded_dir; /** * DOC: digest_list_add * @@ -48,6 +59,255 @@ static struct dentry *digest_list_add_dentry; static struct dentry *digest_list_del_dentry; char digest_list_label[NAME_MAX + 1]; +static int parse_digest_list_filename(const char *digest_list_filename, + u8 *digest, enum hash_algo *algo) +{ + u8 *sep; + int i; + + sep = strchr(digest_list_filename, '-'); + if (!sep) + return -EINVAL; + + *sep = '\0'; + i = match_string(hash_algo_name, HASH_ALGO__LAST, digest_list_filename); + *sep = '-'; + + if (i < 0) + return -ENOENT; + + *algo = i; + return hex2bin(digest, sep + 1, hash_digest_size[*algo]); +} + +/* *pos is the offset of the digest list data to show. */ +static void *digest_list_start(struct seq_file *m, loff_t *pos) +{ + struct digest_item *d; + u8 digest[IMA_MAX_DIGEST_SIZE]; + enum hash_algo algo; + struct digest_list_item *digest_list; + int ret; + + if (m->private) { + digest_list = (struct digest_list_item *)m->private; + + if (*pos == digest_list->size) + return NULL; + + return digest_list->buf + *pos; + } + + ret = parse_digest_list_filename(file_dentry(m->file)->d_name.name, + digest, &algo); + if (ret < 0) + return NULL; + + d = __digest_lookup(digest, algo, COMPACT_DIGEST_LIST, NULL, NULL); + if (!d) + return NULL; + + digest_list = list_first_entry(&d->refs, + struct digest_list_item_ref, list)->digest_list; + m->private = digest_list; + return digest_list->buf; +} + +static void *digest_list_next(struct seq_file *m, void *v, loff_t *pos) +{ + struct compact_list_hdr *hdr; + struct digest_list_item *digest_list = + (struct digest_list_item *)m->private; + void *bufp = digest_list->buf; + bool is_header = false; + + /* Determine if v points to a header or a digest. */ + while (bufp <= v) { + hdr = (struct compact_list_hdr *)bufp; + if (bufp == v) { + is_header = true; + break; + } + + bufp += sizeof(*hdr) + hdr->datalen; + } + + if (is_header) + *pos += sizeof(*hdr); + else + *pos += hash_digest_size[hdr->algo]; + + if (*pos == digest_list->size) + return NULL; + + return digest_list->buf + *pos; +} + +static void digest_list_stop(struct seq_file *m, void *v) +{ +} + +static void print_digest(struct seq_file *m, u8 *digest, u32 size) +{ + u32 i; + + for (i = 0; i < size; i++) + seq_printf(m, "%02x", *(digest + i)); +} + +static void digest_list_putc(struct seq_file *m, void *data, int datalen) +{ + while (datalen--) + seq_putc(m, *(char *)data++); +} + +static int digest_list_show_common(struct seq_file *m, void *v, bool binary) +{ + struct compact_list_hdr *hdr, hdr_orig; + struct digest_list_item *digest_list = + (struct digest_list_item *)m->private; + void *bufp = digest_list->buf; + bool is_header = false; + + /* Determine if v points to a header or a digest. */ + while (bufp <= v) { + hdr = (struct compact_list_hdr *)bufp; + if (bufp == v) { + is_header = true; + break; + } + + bufp += sizeof(*hdr) + hdr->datalen; + } + + if (is_header) { + if (binary) { + memcpy(&hdr_orig, v, sizeof(hdr_orig)); + hdr_orig.type = cpu_to_le16(hdr_orig.type); + hdr_orig.modifiers = cpu_to_le16(hdr_orig.modifiers); + hdr_orig.algo = cpu_to_le16(hdr_orig.algo); + hdr_orig.count = cpu_to_le32(hdr_orig.count); + hdr_orig.datalen = cpu_to_le32(hdr_orig.datalen); + digest_list_putc(m, &hdr_orig, sizeof(hdr_orig)); + } else { + seq_printf(m, + "actions: %d, version: %d, algo: %s, type: %d, modifiers: %d, count: %d, datalen: %d\n", + digest_list->actions, hdr->version, + hash_algo_name[hdr->algo], hdr->type, + hdr->modifiers, hdr->count, hdr->datalen); + } + return 0; + } + + if (binary) { + digest_list_putc(m, v, hash_digest_size[hdr->algo]); + } else { + print_digest(m, v, hash_digest_size[hdr->algo]); + seq_puts(m, "\n"); + } + + return 0; +} + +static int digest_list_show(struct seq_file *m, void *v) +{ + return digest_list_show_common(m, v, true); +} + +static int digest_list_ascii_show(struct seq_file *m, void *v) +{ + return digest_list_show_common(m, v, false); +} + +static const struct seq_operations digest_list_seqops = { + .start = digest_list_start, + .next = digest_list_next, + .stop = digest_list_stop, + .show = digest_list_show +}; + +static int digest_list_seq_open(struct inode *inode, struct file *file) +{ + return seq_open(file, &digest_list_seqops); +} + +static const struct file_operations digest_list_ops = { + .open = digest_list_seq_open, + .read = seq_read, + .llseek = seq_lseek, + .release = seq_release, +}; + +static const struct seq_operations digest_list_ascii_seqops = { + .start = digest_list_start, + .next = digest_list_next, + .stop = digest_list_stop, + .show = digest_list_ascii_show +}; + +static int digest_list_ascii_seq_open(struct inode *inode, struct file *file) +{ + return seq_open(file, &digest_list_ascii_seqops); +} + +static const struct file_operations digest_list_ascii_ops = { + .open = digest_list_ascii_seq_open, + .read = seq_read, + .llseek = seq_lseek, + .release = seq_release, +}; + +static int digest_list_get_secfs_files(char *label, u8 *digest, + enum hash_algo algo, enum ops op, + struct dentry **dentry, + struct dentry **dentry_ascii) +{ + char digest_list_filename[NAME_MAX + 1] = { 0 }; + u8 digest_str[IMA_MAX_DIGEST_SIZE * 2 + 1] = { 0 }; + char *dot, *label_ptr; + + label_ptr = strrchr(label, '/'); + if (label_ptr) + label = label_ptr + 1; + + bin2hex(digest_str, digest, hash_digest_size[algo]); + + snprintf(digest_list_filename, sizeof(digest_list_filename), + "%s-%s-%s.ascii", hash_algo_name[algo], digest_str, label); + + dot = strrchr(digest_list_filename, '.'); + + *dot = '\0'; + if (op == DIGEST_LIST_ADD) + *dentry = securityfs_create_file(digest_list_filename, 0440, + digest_lists_loaded_dir, NULL, + &digest_list_ops); + else + *dentry = lookup_positive_unlocked(digest_list_filename, + digest_lists_loaded_dir, + strlen(digest_list_filename)); + *dot = '.'; + if (IS_ERR(*dentry)) + return PTR_ERR(*dentry); + + if (op == DIGEST_LIST_ADD) + *dentry_ascii = securityfs_create_file(digest_list_filename, + 0440, digest_lists_loaded_dir, + NULL, &digest_list_ascii_ops); + else + *dentry_ascii = lookup_positive_unlocked(digest_list_filename, + digest_lists_loaded_dir, + strlen(digest_list_filename)); + if (IS_ERR(*dentry_ascii)) { + if (op == DIGEST_LIST_ADD) + securityfs_remove(*dentry); + + return PTR_ERR(*dentry_ascii); + } + + return 0; +} + /* * check_modsig: detect appended signature */ @@ -83,6 +343,7 @@ ssize_t digest_list_read(struct path *root, char *path, enum ops op) char event_name[NAME_MAX + 9 + 1]; u8 digest[IMA_MAX_DIGEST_SIZE] = { 0 }; enum hash_algo algo; + struct dentry *dentry, *dentry_ascii; int rc, pathlen = strlen(path); /* Remove \n. */ @@ -129,9 +390,30 @@ ssize_t digest_list_read(struct path *root, char *path, enum ops op) goto out_vfree; } - rc = digest_list_parse(size, data, op, actions, digest, algo, ""); + rc = digest_list_get_secfs_files(path, digest, algo, op, &dentry, + &dentry_ascii); + if (rc < 0) { + pr_err("unable to create securityfs entries for %s (%d)\n", + path, rc); + goto out_vfree; + } + + rc = digest_list_parse(size, data, op, actions, digest, algo, + dentry->d_name.name); if (rc < 0 && rc != -EEXIST) pr_err("unable to upload digest list %s (%d)\n", path, rc); + + /* Release reference taken in digest_list_get_secfs_files(). */ + if (op == DIGEST_LIST_DEL) { + dput(dentry); + dput(dentry_ascii); + } + + if ((rc < 0 && rc != -EEXIST && op == DIGEST_LIST_ADD) || + (rc == size && op == DIGEST_LIST_DEL)) { + securityfs_remove(dentry); + securityfs_remove(dentry_ascii); + } out_vfree: vfree(data); out_allow_write: @@ -155,7 +437,7 @@ static ssize_t digest_list_write(struct file *file, const char __user *buf, char *digest_list_label_ptr; ssize_t result; enum ops op = DIGEST_LIST_ADD; - struct dentry *dentry = file_dentry(file); + struct dentry *dentry = file_dentry(file), *dentry_ascii; u8 digest[IMA_MAX_DIGEST_SIZE]; char event_name[NAME_MAX + 11 + 1]; enum hash_algo algo; @@ -201,12 +483,36 @@ static ssize_t digest_list_write(struct file *file, const char __user *buf, goto out_kfree; } + result = digest_list_get_secfs_files( + digest_list_label[0] != '\0' ? + digest_list_label : "parser", + digest, algo, op, &dentry, + &dentry_ascii); + if (result < 0) { + pr_err("unable to create securityfs entries for buffer (%ld)\n", + result); + goto out_kfree; + } + memset(digest_list_label, 0, sizeof(digest_list_label)); result = digest_list_parse(datalen, data, op, actions, digest, - algo, ""); + algo, dentry->d_name.name); if (result < 0 && result != -EEXIST) pr_err("unable to upload generated digest list\n"); + + /* Release reference taken in digest_list_get_secfs_files(). */ + if (op == DIGEST_LIST_DEL) { + dput(dentry); + dput(dentry_ascii); + } + + if ((result < 0 && result != -EEXIST && + op == DIGEST_LIST_ADD) || + (result == datalen && op == DIGEST_LIST_DEL)) { + securityfs_remove(dentry); + securityfs_remove(dentry_ascii); + } } out_kfree: kfree(data); @@ -253,6 +559,11 @@ static int __init diglim_fs_init(void) if (IS_ERR(diglim_dir)) return -1; + digest_lists_loaded_dir = securityfs_create_dir("digest_lists_loaded", + diglim_dir); + if (IS_ERR(digest_lists_loaded_dir)) + goto out; + digest_list_add_dentry = securityfs_create_file("digest_list_add", 0200, diglim_dir, NULL, &digest_list_upload_ops); @@ -269,6 +580,7 @@ static int __init diglim_fs_init(void) out: securityfs_remove(digest_list_del_dentry); securityfs_remove(digest_list_add_dentry); + securityfs_remove(digest_lists_loaded_dir); securityfs_remove(diglim_dir); return -1; } From patchwork Tue Sep 14 16:33:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 12494211 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1C1BC4167D for ; Tue, 14 Sep 2021 16:35:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BD4D960FD7 for ; Tue, 14 Sep 2021 16:35:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231148AbhINQhH (ORCPT ); Tue, 14 Sep 2021 12:37:07 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:3803 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229931AbhINQg6 (ORCPT ); Tue, 14 Sep 2021 12:36:58 -0400 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4H886f5F28z67x8s; Wed, 15 Sep 2021 00:33:30 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Tue, 14 Sep 2021 18:35:39 +0200 From: Roberto Sassu To: , , CC: , , , , , Roberto Sassu Subject: [PATCH v3 09/13] diglim: Interfaces - digest_list_label Date: Tue, 14 Sep 2021 18:33:57 +0200 Message-ID: <20210914163401.864635-10-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210914163401.864635-1-roberto.sassu@huawei.com> References: <20210914163401.864635-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml754-chm.china.huawei.com (10.201.108.204) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: Introduce the digest_list_label interface. It can be used to set a label to be applied to the next digest list (buffer) loaded through digest_list_add. Signed-off-by: Roberto Sassu --- security/integrity/diglim/fs.c | 48 ++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/security/integrity/diglim/fs.c b/security/integrity/diglim/fs.c index 4913c1df2918..deeb04f3c42c 100644 --- a/security/integrity/diglim/fs.c +++ b/security/integrity/diglim/fs.c @@ -37,6 +37,13 @@ static struct dentry *diglim_dir; * removed. */ static struct dentry *digest_lists_loaded_dir; +/** + * DOC: digest_list_label + * + * digest_list_label can be used to set a label to be applied to the next digest + * list (buffer) loaded through digest_list_add. + */ +static struct dentry *digest_list_label_dentry; /** * DOC: digest_list_add * @@ -553,6 +560,40 @@ static const struct file_operations digest_list_upload_ops = { .llseek = generic_file_llseek, }; +/* + * digest_list_label_write: write label for next uploaded digest list. + */ +static ssize_t digest_list_label_write(struct file *file, + const char __user *buf, size_t datalen, + loff_t *ppos) +{ + int rc, i; + + if (datalen >= sizeof(digest_list_label)) + return -EINVAL; + + rc = copy_from_user(digest_list_label, buf, datalen); + if (rc) + return -EFAULT; + + for (i = 0; i < datalen; i++) { + if (!isgraph(digest_list_label[i]) && + digest_list_label[i] != '\0') { + memset(digest_list_label, 0, sizeof(digest_list_label)); + return -EINVAL; + } + } + + return datalen; +} + +static const struct file_operations digest_list_label_ops = { + .open = generic_file_open, + .write = digest_list_label_write, + .read = seq_read, + .llseek = generic_file_llseek, +}; + static int __init diglim_fs_init(void) { diglim_dir = securityfs_create_dir("diglim", integrity_dir); @@ -576,8 +617,15 @@ static int __init diglim_fs_init(void) if (IS_ERR(digest_list_del_dentry)) goto out; + digest_list_label_dentry = securityfs_create_file("digest_list_label", + 0600, diglim_dir, NULL, + &digest_list_label_ops); + if (IS_ERR(digest_list_label_dentry)) + goto out; + return 0; out: + securityfs_remove(digest_list_label_dentry); securityfs_remove(digest_list_del_dentry); securityfs_remove(digest_list_add_dentry); securityfs_remove(digest_lists_loaded_dir); From patchwork Tue Sep 14 16:33:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 12494217 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9F1AC4332F for ; Tue, 14 Sep 2021 16:36:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D838861164 for ; Tue, 14 Sep 2021 16:36:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229552AbhINQiL (ORCPT ); Tue, 14 Sep 2021 12:38:11 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:3804 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229379AbhINQiK (ORCPT ); Tue, 14 Sep 2021 12:38:10 -0400 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4H887x2378z67Ljg; Wed, 15 Sep 2021 00:34:37 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Tue, 14 Sep 2021 18:36:50 +0200 From: Roberto Sassu To: , , CC: , , , , , Roberto Sassu Subject: [PATCH v3 10/13] diglim: Interfaces - digest_query Date: Tue, 14 Sep 2021 18:33:58 +0200 Message-ID: <20210914163401.864635-11-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210914163401.864635-1-roberto.sassu@huawei.com> References: <20210914163401.864635-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml754-chm.china.huawei.com (10.201.108.204) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: Introduce the digest_query interface, which allows to write a query in the format - and to obtain all digest lists that include that digest. Signed-off-by: Roberto Sassu --- security/integrity/diglim/fs.c | 181 +++++++++++++++++++++++++++++++++ 1 file changed, 181 insertions(+) diff --git a/security/integrity/diglim/fs.c b/security/integrity/diglim/fs.c index deeb04f3c42c..e383254c72a4 100644 --- a/security/integrity/diglim/fs.c +++ b/security/integrity/diglim/fs.c @@ -44,6 +44,13 @@ static struct dentry *digest_lists_loaded_dir; * list (buffer) loaded through digest_list_add. */ static struct dentry *digest_list_label_dentry; +/** + * DOC: digest_query + * + * digest_query allows to write a query in the format - and + * to obtain all digest lists that include that digest. + */ +static struct dentry *digest_query_dentry; /** * DOC: digest_list_add * @@ -64,6 +71,7 @@ static struct dentry *digest_list_add_dentry; * described for digest_list_add. */ static struct dentry *digest_list_del_dentry; +char digest_query[CRYPTO_MAX_ALG_NAME + 1 + IMA_MAX_DIGEST_SIZE * 2 + 1]; char digest_list_label[NAME_MAX + 1]; static int parse_digest_list_filename(const char *digest_list_filename, @@ -264,6 +272,84 @@ static const struct file_operations digest_list_ascii_ops = { .release = seq_release, }; +/* + * *pos is the n-th reference to show among all the references in all digest + * items found with the query. + */ +static void *digest_query_start(struct seq_file *m, loff_t *pos) +{ + struct digest_item *d; + u8 digest[IMA_MAX_DIGEST_SIZE]; + enum hash_algo algo; + loff_t count = 0; + enum compact_types type = 0; + struct digest_list_item_ref *ref; + int ret; + + ret = parse_digest_list_filename(digest_query, digest, &algo); + if (ret < 0) + return NULL; + + for (type = 0; type < COMPACT__LAST; type++) { + d = __digest_lookup(digest, algo, type, NULL, NULL); + if (!d) + continue; + + list_for_each_entry(ref, &d->refs, list) { + if (count++ == *pos) { + m->private = d; + return ref; + } + } + } + + return NULL; +} + +static void *digest_query_next(struct seq_file *m, void *v, loff_t *pos) +{ + struct digest_item *d = (struct digest_item *)m->private; + struct digest_list_item_ref *cur_ref = (struct digest_list_item_ref *)v; + struct digest_list_item_ref *ref; + + (*pos)++; + + list_for_each_entry(ref, &d->refs, list) { + if (ref != cur_ref) + continue; + + if (!list_is_last(&cur_ref->list, &d->refs)) + return list_next_entry(cur_ref, list); + } + + return NULL; +} + +static void digest_query_stop(struct seq_file *m, void *v) +{ +} + +static int digest_query_show(struct seq_file *m, void *v) +{ + struct digest_list_item_ref *ref = (struct digest_list_item_ref *)v; + struct digest_list_item *digest_list = ref->digest_list; + struct compact_list_hdr *hdr = get_hdr_ref(ref); + + if (!ref->digest_offset) { + seq_printf(m, "%s (actions: %d): type: %d, size: %lld\n", + digest_list->label, digest_list->actions, + COMPACT_DIGEST_LIST, digest_list->size); + return 0; + } + + seq_printf(m, + "%s (actions: %d): version: %d, algo: %s, type: %d, modifiers: %d, count: %d, datalen: %d\n", + digest_list->label, digest_list->actions, hdr->version, + hash_algo_name[hdr->algo], hdr->type, hdr->modifiers, + hdr->count, hdr->datalen); + return 0; +} + static int digest_list_get_secfs_files(char *label, u8 *digest, enum hash_algo algo, enum ops op, struct dentry **dentry, @@ -594,6 +680,94 @@ static const struct file_operations digest_list_label_ops = { .llseek = generic_file_llseek, }; +static const struct seq_operations digest_query_seqops = { + .start = digest_query_start, + .next = digest_query_next, + .stop = digest_query_stop, + .show = digest_query_show, +}; + +/* + * digest_query_open: sequentialize access to the add/del/query files + */ +static int digest_query_open(struct inode *inode, struct file *file) +{ + if (test_and_set_bit(0, &flags)) + return -EBUSY; + + if (file->f_flags & O_WRONLY) + return 0; + + return seq_open(file, &digest_query_seqops); +} + +/* + * digest_query_write: write digest query (-). + */ +static ssize_t digest_query_write(struct file *file, const char __user *buf, + size_t datalen, loff_t *ppos) +{ + char *sep; + int rc, i; + + if (datalen >= sizeof(digest_query)) + return -EINVAL; + + rc = copy_from_user(digest_query, buf, datalen); + if (rc) + return -EFAULT; + + sep = strchr(digest_query, '-'); + if (!sep) { + rc = -EINVAL; + goto out; + } + + *sep = '\0'; + i = match_string(hash_algo_name, HASH_ALGO__LAST, digest_query); + if (i < 0) { + rc = -ENOENT; + goto out; + } + + *sep = '-'; + + for (i = 0; i < hash_digest_size[i] * 2; i++) { + if (!isxdigit(sep[i + 1])) { + rc = -EINVAL; + goto out; + } + } +out: + if (rc < 0) { + memset(digest_query, 0, sizeof(digest_query)); + return rc; + } + + return datalen; +} + +/* + * digest_query_release - release the query file + */ +static int digest_query_release(struct inode *inode, struct file *file) +{ + clear_bit(0, &flags); + + if (file->f_flags & O_WRONLY) + return 0; + + return seq_release(inode, file); +} + +static const struct file_operations digest_query_ops = { + .open = digest_query_open, + .write = digest_query_write, + .read = seq_read, + .release = digest_query_release, + .llseek = generic_file_llseek, +}; + static int __init diglim_fs_init(void) { diglim_dir = securityfs_create_dir("diglim", integrity_dir); @@ -623,8 +797,15 @@ static int __init diglim_fs_init(void) if (IS_ERR(digest_list_label_dentry)) goto out; + digest_query_dentry = securityfs_create_file("digest_query", 0600, + diglim_dir, NULL, + &digest_query_ops); + if (IS_ERR(digest_query_dentry)) + goto out; + return 0; out: + securityfs_remove(digest_query_dentry); securityfs_remove(digest_list_label_dentry); securityfs_remove(digest_list_del_dentry); securityfs_remove(digest_list_add_dentry); From patchwork Tue Sep 14 16:33:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 12494219 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.9 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 38AA6C4321E for ; Tue, 14 Sep 2021 16:36:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 227B561165 for ; Tue, 14 Sep 2021 16:36:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229663AbhINQiM (ORCPT ); Tue, 14 Sep 2021 12:38:12 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:3805 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229464AbhINQiL (ORCPT ); Tue, 14 Sep 2021 12:38:11 -0400 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4H8883086vz67vy0; Wed, 15 Sep 2021 00:34:43 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Tue, 14 Sep 2021 18:36:51 +0200 From: Roberto Sassu To: , , CC: , , , , , Roberto Sassu , kernel test robot Subject: [PATCH v3 11/13] diglim: Interfaces - digests_count Date: Tue, 14 Sep 2021 18:33:59 +0200 Message-ID: <20210914163401.864635-12-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210914163401.864635-1-roberto.sassu@huawei.com> References: <20210914163401.864635-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml754-chm.china.huawei.com (10.201.108.204) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: Introduce the digests_count interface, which shows the current number of items stored in the hash table by type. Reported-by: kernel test robot (frame size warning) Signed-off-by: Roberto Sassu --- security/integrity/diglim/fs.c | 48 ++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/security/integrity/diglim/fs.c b/security/integrity/diglim/fs.c index e383254c72a4..467ff4f7c0ce 100644 --- a/security/integrity/diglim/fs.c +++ b/security/integrity/diglim/fs.c @@ -24,6 +24,7 @@ #include "diglim.h" #define MAX_DIGEST_LIST_SIZE (64 * 1024 * 1024 - 1) +#define TMPBUF_SIZE 512 static struct dentry *diglim_dir; /** @@ -37,6 +38,13 @@ static struct dentry *diglim_dir; * removed. */ static struct dentry *digest_lists_loaded_dir; +/** + * DOC: digests_count + * + * digests_count shows the current number of digests stored in the hash + * table by type. + */ +static struct dentry *digests_count; /** * DOC: digest_list_label * @@ -74,6 +82,39 @@ static struct dentry *digest_list_del_dentry; char digest_query[CRYPTO_MAX_ALG_NAME + 1 + IMA_MAX_DIGEST_SIZE * 2 + 1]; char digest_list_label[NAME_MAX + 1]; +static char *types_str[COMPACT__LAST] = { + [COMPACT_PARSER] = "Parser", + [COMPACT_FILE] = "File", + [COMPACT_METADATA] = "Metadata", + [COMPACT_DIGEST_LIST] = "Digest list", +}; + +static ssize_t diglim_show_htable_len(struct file *filp, char __user *buf, + size_t count, loff_t *ppos) +{ + char *tmpbuf; + ssize_t ret, len = 0; + int i; + + tmpbuf = kmalloc(TMPBUF_SIZE, GFP_KERNEL); + if (!tmpbuf) + return -ENOMEM; + + for (i = 0; i < COMPACT__LAST; i++) + len += scnprintf(tmpbuf + len, TMPBUF_SIZE - len, + "%s digests: %lu\n", types_str[i], + diglim_htable[i].len); + + ret = simple_read_from_buffer(buf, count, ppos, tmpbuf, len); + kfree(tmpbuf); + return ret; +} + +static const struct file_operations htable_len_ops = { + .read = diglim_show_htable_len, + .llseek = generic_file_llseek, +}; + static int parse_digest_list_filename(const char *digest_list_filename, u8 *digest, enum hash_algo *algo) { @@ -779,6 +820,12 @@ static int __init diglim_fs_init(void) if (IS_ERR(digest_lists_loaded_dir)) goto out; + digests_count = securityfs_create_file("digests_count", 0440, + diglim_dir, NULL, + &htable_len_ops); + if (IS_ERR(digests_count)) + goto out; + digest_list_add_dentry = securityfs_create_file("digest_list_add", 0200, diglim_dir, NULL, &digest_list_upload_ops); @@ -809,6 +856,7 @@ static int __init diglim_fs_init(void) securityfs_remove(digest_list_label_dentry); securityfs_remove(digest_list_del_dentry); securityfs_remove(digest_list_add_dentry); + securityfs_remove(digests_count); securityfs_remove(digest_lists_loaded_dir); securityfs_remove(diglim_dir); return -1; From patchwork Tue Sep 14 16:34:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 12494221 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B1BFAC28B5B for ; Tue, 14 Sep 2021 16:36:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 97E4761155 for ; Tue, 14 Sep 2021 16:36:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229917AbhINQiN (ORCPT ); Tue, 14 Sep 2021 12:38:13 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:3806 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229482AbhINQiM (ORCPT ); Tue, 14 Sep 2021 12:38:12 -0400 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4H887y5gq4z67Vmm; Wed, 15 Sep 2021 00:34:38 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Tue, 14 Sep 2021 18:36:51 +0200 From: Roberto Sassu To: , , CC: , , , , , Roberto Sassu Subject: [PATCH v3 12/13] diglim: Remote Attestation Date: Tue, 14 Sep 2021 18:34:00 +0200 Message-ID: <20210914163401.864635-13-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210914163401.864635-1-roberto.sassu@huawei.com> References: <20210914163401.864635-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml754-chm.china.huawei.com (10.201.108.204) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: Add more information about remote attestation with IMA and DIGLIM in Documentation/security/diglim/remote_attestation.rst. Signed-off-by: Roberto Sassu --- Documentation/security/diglim/index.rst | 1 + .../security/diglim/remote_attestation.rst | 87 +++++++++++++++++++ MAINTAINERS | 1 + 3 files changed, 89 insertions(+) create mode 100644 Documentation/security/diglim/remote_attestation.rst diff --git a/Documentation/security/diglim/index.rst b/Documentation/security/diglim/index.rst index 4771134c2f0d..0f28c5ad71c0 100644 --- a/Documentation/security/diglim/index.rst +++ b/Documentation/security/diglim/index.rst @@ -10,3 +10,4 @@ Digest Lists Integrity Module (DIGLIM) introduction architecture implementation + remote_attestation diff --git a/Documentation/security/diglim/remote_attestation.rst b/Documentation/security/diglim/remote_attestation.rst new file mode 100644 index 000000000000..d22d01ce3e40 --- /dev/null +++ b/Documentation/security/diglim/remote_attestation.rst @@ -0,0 +1,87 @@ +.. SPDX-License-Identifier: GPL-2.0 + +Remote Attestation +================== + +When a digest list is added or deleted through the ``digest_list_add`` or +``digest_list_del`` interfaces, the function ``diglim_ima_get_info()`` is +called to retrieve the integrity status from IMA. This function supports +two methods: by file, where the integrity information is retrieved from +the ``integrity_iint_cache`` structure associated to the inode, if found; +by buffer, where the buffer (directly written to securityfs, or filled from +a file read by the kernel) is passed to ``ima_measure_critical_data()`` for +measurement. + +For the by file method, existing IMA rules can be used, as long as the +digest list matches the criteria. For the by buffer method, the following +rule must be added to the IMA policy:: + + measure func=CRITICAL_DATA label=diglim + +The second method gives more accurate information, as it creates a +measurement entry during addition and deletion, while the first method +creates an entry only during addition. + +Below there is an example of usage of the by buffer method. + +When a file is uploaded, the workflow and the resulting IMA measurement +list are: + +.. code-block:: bash + + # echo $PWD/0-file_list-compact-cat > /sys/kernel/security/integrity/diglim/digest_list_add + # echo $PWD/0-file_list-compact-cat > /sys/kernel/security/integrity/diglim/digest_list_del + # cat /sys/kernel/security/integrity/ima/ascii_runtime_measurements + ... + 10