linux/security/integrity/integrity.h
<<
>>
Prefs
   1/*
   2 * Copyright (C) 2009-2010 IBM Corporation
   3 *
   4 * Authors:
   5 * Mimi Zohar <zohar@us.ibm.com>
   6 *
   7 * This program is free software; you can redistribute it and/or
   8 * modify it under the terms of the GNU General Public License as
   9 * published by the Free Software Foundation, version 2 of the
  10 * License.
  11 *
  12 */
  13
  14#include <linux/types.h>
  15#include <linux/integrity.h>
  16#include <crypto/sha.h>
  17
  18/* iint cache flags */
  19#define IMA_MEASURED            0x01
  20
  21enum evm_ima_xattr_type {
  22        IMA_XATTR_DIGEST = 0x01,
  23        EVM_XATTR_HMAC,
  24        EVM_IMA_XATTR_DIGSIG,
  25};
  26
  27struct evm_ima_xattr_data {
  28        u8 type;
  29        u8 digest[SHA1_DIGEST_SIZE];
  30}  __attribute__((packed));
  31
  32/* integrity data associated with an inode */
  33struct integrity_iint_cache {
  34        struct rb_node rb_node; /* rooted in integrity_iint_tree */
  35        struct inode *inode;    /* back pointer to inode in question */
  36        u64 version;            /* track inode changes */
  37        unsigned char flags;
  38        u8 digest[SHA1_DIGEST_SIZE];
  39        struct mutex mutex;     /* protects: version, flags, digest */
  40        enum integrity_status evm_status;
  41};
  42
  43/* rbtree tree calls to lookup, insert, delete
  44 * integrity data associated with an inode.
  45 */
  46struct integrity_iint_cache *integrity_iint_insert(struct inode *inode);
  47struct integrity_iint_cache *integrity_iint_find(struct inode *inode);
  48
  49#define INTEGRITY_KEYRING_EVM           0
  50#define INTEGRITY_KEYRING_MODULE        1
  51#define INTEGRITY_KEYRING_IMA           2
  52#define INTEGRITY_KEYRING_MAX           3
  53
  54#ifdef CONFIG_INTEGRITY_SIGNATURE
  55
  56int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
  57                                        const char *digest, int digestlen);
  58
  59#else
  60
  61static inline int integrity_digsig_verify(const unsigned int id,
  62                                          const char *sig, int siglen,
  63                                          const char *digest, int digestlen)
  64{
  65        return -EOPNOTSUPP;
  66}
  67
  68#endif /* CONFIG_INTEGRITY_SIGNATURE */
  69
  70/* set during initialization */
  71extern int iint_initialized;
  72
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.