linux/security/integrity/integrity.h
<<
>>
Prefs
   1/*
   2 * Copyright (C) 2009-2010 IBM Corporation
   3 *
   4 * Authors:
   5 * Mimi Zohar <zohar@us.ibm.com>
   6 *
   7 * This program is free software; you can redistribute it and/or
   8 * modify it under the terms of the GNU General Public License as
   9 * published by the Free Software Foundation, version 2 of the
  10 * License.
  11 *
  12 */
  13
  14#include <linux/types.h>
  15#include <linux/integrity.h>
  16#include <crypto/sha.h>
  17
  18/* iint action cache flags */
  19#define IMA_MEASURE             0x0001
  20#define IMA_MEASURED            0x0002
  21#define IMA_APPRAISE            0x0004
  22#define IMA_APPRAISED           0x0008
  23/*#define IMA_COLLECT           0x0010  do not use this flag */
  24#define IMA_COLLECTED           0x0020
  25#define IMA_AUDIT               0x0040
  26#define IMA_AUDITED             0x0080
  27
  28/* iint cache flags */
  29#define IMA_DIGSIG              0x0100
  30
  31#define IMA_DO_MASK             (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT)
  32#define IMA_DONE_MASK           (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED \
  33                                 | IMA_COLLECTED)
  34
  35enum evm_ima_xattr_type {
  36        IMA_XATTR_DIGEST = 0x01,
  37        EVM_XATTR_HMAC,
  38        EVM_IMA_XATTR_DIGSIG,
  39};
  40
  41struct evm_ima_xattr_data {
  42        u8 type;
  43        u8 digest[SHA1_DIGEST_SIZE];
  44}  __attribute__((packed));
  45
  46/* integrity data associated with an inode */
  47struct integrity_iint_cache {
  48        struct rb_node rb_node; /* rooted in integrity_iint_tree */
  49        struct inode *inode;    /* back pointer to inode in question */
  50        u64 version;            /* track inode changes */
  51        unsigned short flags;
  52        struct evm_ima_xattr_data ima_xattr;
  53        enum integrity_status ima_status;
  54        enum integrity_status evm_status;
  55};
  56
  57/* rbtree tree calls to lookup, insert, delete
  58 * integrity data associated with an inode.
  59 */
  60struct integrity_iint_cache *integrity_iint_insert(struct inode *inode);
  61struct integrity_iint_cache *integrity_iint_find(struct inode *inode);
  62
  63#define INTEGRITY_KEYRING_EVM           0
  64#define INTEGRITY_KEYRING_MODULE        1
  65#define INTEGRITY_KEYRING_IMA           2
  66#define INTEGRITY_KEYRING_MAX           3
  67
  68#ifdef CONFIG_INTEGRITY_SIGNATURE
  69
  70int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
  71                                        const char *digest, int digestlen);
  72
  73#else
  74
  75static inline int integrity_digsig_verify(const unsigned int id,
  76                                          const char *sig, int siglen,
  77                                          const char *digest, int digestlen)
  78{
  79        return -EOPNOTSUPP;
  80}
  81
  82#endif /* CONFIG_INTEGRITY_SIGNATURE */
  83
  84/* set during initialization */
  85extern int iint_initialized;
  86
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.