1 // SPDX-License-Identifier: GPL-2.0-only
3  * Copyright (C) 2005-2010 IBM Corporation
17 #include <keys/encrypted-type.h>
22 #define EVMKEY "evm-key"
39  * evm_set_key() - set EVM HMAC key from the kernel
44  * without using the "encrypted" key subsystem keys. It can be used
46  * keys.
54 	rc = -EBUSY;  in evm_set_key()
57 	rc = -EINVAL;  in evm_set_key()
82 			return ERR_PTR(-ENOKEY);  in init_desc()
88 			return ERR_PTR(-EINVAL);  in init_desc()
98 		goto unlock;  in init_desc()
116 unlock:  in init_desc()
122 		return ERR_PTR(-ENOMEM);  in init_desc()
124 	desc->tfm = *tfm;  in init_desc()
156 		hmac_misc.ino = inode->i_ino;  in hmac_add_misc()
157 		hmac_misc.generation = inode->i_generation;  in hmac_add_misc()
167 	hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid);  in hmac_add_misc()
168 	hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid);  in hmac_add_misc()
169 	hmac_misc.mode = inode->i_mode;  in hmac_add_misc()
173 		crypto_shash_update(desc, (u8 *)&inode->i_sb->s_uuid, UUID_SIZE);  in hmac_add_misc()
182  * each xattr, but attempt to re-use the previously allocated memory.
199 	if (!(inode->i_opflags & IOP_XATTR) ||  in evm_calc_hmac_or_hash()
200 	    inode->i_sb->s_user_ns != &init_user_ns)  in evm_calc_hmac_or_hash()
201 		return -EOPNOTSUPP;  in evm_calc_hmac_or_hash()
203 	desc = init_desc(type, data->hdr.algo);  in evm_calc_hmac_or_hash()
207 	data->hdr.length = crypto_shash_digestsize(desc->tfm);  in evm_calc_hmac_or_hash()
209 	error = -ENODATA;  in evm_calc_hmac_or_hash()
213 		if (strcmp(xattr->name, XATTR_NAME_IMA) == 0)  in evm_calc_hmac_or_hash()
217 		    && !strcmp(xattr->name, req_xattr_name)) {  in evm_calc_hmac_or_hash()
225 		size = vfs_getxattr_alloc(dentry, xattr->name,  in evm_calc_hmac_or_hash()
227 		if (size == -ENOMEM) {  in evm_calc_hmac_or_hash()
228 			error = -ENOMEM;  in evm_calc_hmac_or_hash()
240 	hmac_add_misc(desc, inode, type, data->digest);  in evm_calc_hmac_or_hash()
244 		error = -EPERM;  in evm_calc_hmac_or_hash()
274 	if (iint && (iint->flags & EVM_IMMUTABLE_DIGSIG))  in evm_is_immutable()
281 		if (rc == -ENODATA)  in evm_is_immutable()
285 	if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG)  in evm_is_immutable()
315 		return -EPERM;  in evm_update_evmxattr()
325 	} else if (rc == -ENODATA && (inode->i_opflags & IOP_XATTR)) {  in evm_update_evmxattr()
342 	crypto_shash_update(desc, lsm_xattr->value, lsm_xattr->value_len);  in evm_init_hmac()
349  * Get the key from the TPM for the SHA1-HMAC
359 		return -ENOENT;  in evm_init_key()
361 	down_read(&evm_key->sem);  in evm_init_key()
362 	ekp = evm_key->payload.data[0];  in evm_init_key()
364 	rc = evm_set_key(ekp->decrypted_data, ekp->decrypted_datalen);  in evm_init_key()
367 	memset(ekp->decrypted_data, 0, ekp->decrypted_datalen);  in evm_init_key()
368 	up_read(&evm_key->sem);  in evm_init_key()