libstb/tss2/ibmtpm20tss/utils/imalib.h - skiboot - Git at Google

 /********************************************************************************/
 /*										*/
 /*			     	IMA Routines					*/
 /*			     Written by Ken Goldman				*/
 /*		       IBM Thomas J. Watson Research Center			*/
 /*										*/
 /* (c) Copyright IBM Corporation 2016 - 2019					*/
 /*										*/
 /* All rights reserved.								*/
 /* 										*/
 /* Redistribution and use in source and binary forms, with or without		*/
 /* modification, are permitted provided that the following conditions are	*/
 /* met:										*/
 /* 										*/
 /* Redistributions of source code must retain the above copyright notice,	*/
 /* this list of conditions and the following disclaimer.			*/
 /* 										*/
 /* Redistributions in binary form must reproduce the above copyright		*/
 /* notice, this list of conditions and the following disclaimer in the		*/
 /* documentation and/or other materials provided with the distribution.		*/
 /* 										*/
 /* Neither the names of the IBM Corporation nor the names of its		*/
 /* contributors may be used to endorse or promote products derived from		*/
 /* this software without specific prior written permission.			*/
 /* 										*/
 /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
 /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
 /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
 /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
 /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
 /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
 /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
 /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
 /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
 /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
 /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
 /********************************************************************************/

 #ifndef IMA_H
 #define IMA_H

 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <stdint.h>

 #include <sys/param.h>

 #include <ibmtss/TPM_Types.h>

 /* FIXME meed OS independent value */
 /* Debian/Hurd does not define MAXPATHLEN */
 #ifndef MAXPATHLEN
 #define MAXPATHLEN 4096
 #endif

 #define IMA_PCR 		10
 /* IMA currently supports only SHA-1 and SHA-256 */
 #define IMA_PCR_BANKS		2

 /* FIXME need verification */
 #define TCG_EVENT_NAME_LEN_MAX	255

 #define TCG_TEMPLATE_DATA_LEN_MAX (sizeof(ImaTemplateData))

 /* from security/integrity/integrity.h: */

 enum evm_ima_xattr_type {
     IMA_XATTR_DIGEST = 0x01,
     EVM_XATTR_HMAC,
     EVM_IMA_XATTR_DIGSIG,
     IMA_XATTR_DIGEST_NG,
     IMA_XATTR_LAST
 };

 /* from include/uapi/linux/hash_info.h: */

 enum hash_algo {
     HASH_ALGO_MD4,
     HASH_ALGO_MD5,
     HASH_ALGO_SHA1,
     HASH_ALGO_RIPE_MD_160,
     HASH_ALGO_SHA256,
     HASH_ALGO_SHA384,
     HASH_ALGO_SHA512,
     HASH_ALGO_SHA224,
     HASH_ALGO_RIPE_MD_128,
     HASH_ALGO_RIPE_MD_256,
     HASH_ALGO_RIPE_MD_320,
     HASH_ALGO_WP_256,
     HASH_ALGO_WP_384,
     HASH_ALGO_WP_512,
     HASH_ALGO_TGR_128,
     HASH_ALGO_TGR_160,
     HASH_ALGO_TGR_192,
     HASH_ALGO__LAST
 };

 /* IMA template names */

 #define IMA_UNSUPPORTED	0
 #define IMA_FORMAT_IMA_NG	1
 #define IMA_FORMAT_IMA_SIG	2
 #define IMA_FORMAT_IMA		3
 #define IMA_FORMAT_MODSIG	4
 #define IMA_FORMAT_BUF		5

 //typedef TPM_DIGEST TPM_PCRVALUE;        	/* The value inside of the PCR */

 typedef struct ImaEvent {
     uint32_t pcrIndex;
     uint8_t digest[SHA1_DIGEST_SIZE];		/* IMA hard coded to SHA-1 */
     uint32_t name_len;
     char name[TCG_EVENT_NAME_LEN_MAX + 1];
     unsigned int nameInt;			/* integer for template data handler */
     struct ima_template_desc *template_desc; 	/* template descriptor */
     uint32_t template_data_len;
     uint8_t *template_data;			/* template related data */
 } ImaEvent;

 typedef struct ImaTemplateDNG {
     uint32_t hashLength;
     char hashAlg[64+1];		/* FIXME need verification */
     TPMI_ALG_HASH hashAlgId;
     uint32_t fileDataHashLength;
     uint8_t fileDataHash[SHA256_DIGEST_SIZE];
 } ImaTemplateDNG;

 typedef struct ImaTemplateNNG {
     uint32_t fileNameLength;
     uint8_t fileName[MAXPATHLEN+1];
 } ImaTemplateNNG;

 typedef struct ImaTemplateSIG {
     uint32_t sigLength;
     uint32_t sigHeaderLength;
     uint8_t sigHeader[9];	/* FIXME need verification, length and contents */
     uint16_t signatureSize;
     uint8_t signature[256];	/* FIXME need verification */
 } ImaTemplateSIG;

 typedef struct ImaTemplateDMODSIG {
     uint32_t dModSigHashLength;
     char dModSigHashAlg[64+1];		/* FIXME need verification */
     TPMI_ALG_HASH dModSigHashAlgId;
     uint32_t dModSigFileDataHashLength;
     uint8_t dModSigFileDataHash[SHA256_DIGEST_SIZE];
 } ImaTemplateDMODSIG;

 typedef struct ImaTemplateMODSIG {
     uint32_t modSigLength;
     uint8_t modSigData[4096];	/* FIXME guess */

 } ImaTemplateMODSIG;

 typedef struct ImaTemplateBUF {
     uint32_t bufLength;
     uint8_t bufData[4096];	/* FIXME guess */
 } ImaTemplateBUF;

 typedef struct ImaTemplateData {
     /* d-ng */
     ImaTemplateDNG imaTemplateDNG;
     /* n-ng */
     ImaTemplateNNG imaTemplateNNG;
     /* sig */
     ImaTemplateSIG imaTemplateSIG;
     /* d-modsig */
     ImaTemplateDMODSIG imaTemplateDMODSIG;
     /* modsig */
     ImaTemplateMODSIG imaTemplateMODSIG;
     /* buf */
     ImaTemplateBUF imaTemplateBUF;

 } ImaTemplateData;

 #ifdef __cplusplus
 extern "C" {
 #endif

     void IMA_Event_Init(ImaEvent *imaEvent);
     void IMA_Event_Free(ImaEvent *imaEvent);
     void IMA_Event_Trace(ImaEvent *imaEvent, int traceTemplate);
     void IMA_TemplateData_Init(ImaTemplateData *imaTemplateData);
     void IMA_TemplateData_Trace(ImaTemplateData *imaTemplateData,
 				unsigned int nameInt);
     uint32_t IMA_Event_ReadFile(ImaEvent *imaEvent,
 				int *endOfFile,
 				FILE *infile,
 				int littleEndian);
     uint32_t IMA_Event_ReadBuffer(ImaEvent *imaEvent,
 				  size_t *length,
 				  uint8_t **buffer,
 				  int *endOfBuffer,
 				  int littleEndian,
 				  int getTemplate);
     uint32_t IMA_TemplateData_ReadBuffer(ImaTemplateData *imaTemplateData,
 					 ImaEvent *imaEvent,
 					 int littleEndian);
     uint32_t IMA_Event_Write(ImaEvent *imaEvent,
 			     FILE *outFile);
     uint32_t IMA_Extend(TPMT_HA *imapcr,
 			ImaEvent *imaEvent,
 			TPMI_ALG_HASH hashAlg);
     uint32_t IMA_VerifyImaDigest(uint32_t *badEvent,
 				 ImaEvent *imaEvent,
 				 int eventNum);
     TPM_RC IMA_Event_Marshal(ImaEvent *source,
 			     uint16_t *written, uint8_t **buffer, uint32_t *size);

     uint32_t IMA_Event_PcrExtend(TPMT_HA pcrs[IMA_PCR_BANKS][IMPLEMENTATION_PCR],
 				 ImaEvent *imaEvent);
 #if 0
     uint32_t IMA_Event_ToString(char **eventString,
 				ImaEvent *imaEvent);
 #endif

 #ifdef __cplusplus
 }
 #endif

 #endif
	/********************************************************************************/
	/* */
	/* IMA Routines */
	/* Written by Ken Goldman */
	/* IBM Thomas J. Watson Research Center */
	/* */
	/* (c) Copyright IBM Corporation 2016 - 2019 */
	/* */
	/* All rights reserved. */
	/* */
	/* Redistribution and use in source and binary forms, with or without */
	/* modification, are permitted provided that the following conditions are */
	/* met: */
	/* */
	/* Redistributions of source code must retain the above copyright notice, */
	/* this list of conditions and the following disclaimer. */
	/* */
	/* Redistributions in binary form must reproduce the above copyright */
	/* notice, this list of conditions and the following disclaimer in the */
	/* documentation and/or other materials provided with the distribution. */
	/* */
	/* Neither the names of the IBM Corporation nor the names of its */
	/* contributors may be used to endorse or promote products derived from */
	/* this software without specific prior written permission. */
	/* */
	/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */
	/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */
	/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */
	/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */
	/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */
	/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */
	/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */
	/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */
	/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */
	/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */
	/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
	/********************************************************************************/

	#ifndef IMA_H
	#define IMA_H

	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <stdint.h>

	#include <sys/param.h>

	#include <ibmtss/TPM_Types.h>

	/* FIXME meed OS independent value */
	/* Debian/Hurd does not define MAXPATHLEN */
	#ifndef MAXPATHLEN
	#define MAXPATHLEN 4096
	#endif

	#define IMA_PCR 10
	/* IMA currently supports only SHA-1 and SHA-256 */
	#define IMA_PCR_BANKS 2

	/* FIXME need verification */
	#define TCG_EVENT_NAME_LEN_MAX 255

	#define TCG_TEMPLATE_DATA_LEN_MAX (sizeof(ImaTemplateData))

	/* from security/integrity/integrity.h: */

	enum evm_ima_xattr_type {
	IMA_XATTR_DIGEST = 0x01,
	EVM_XATTR_HMAC,
	EVM_IMA_XATTR_DIGSIG,
	IMA_XATTR_DIGEST_NG,
	IMA_XATTR_LAST
	};

	/* from include/uapi/linux/hash_info.h: */

	enum hash_algo {
	HASH_ALGO_MD4,
	HASH_ALGO_MD5,
	HASH_ALGO_SHA1,
	HASH_ALGO_RIPE_MD_160,
	HASH_ALGO_SHA256,
	HASH_ALGO_SHA384,
	HASH_ALGO_SHA512,
	HASH_ALGO_SHA224,
	HASH_ALGO_RIPE_MD_128,
	HASH_ALGO_RIPE_MD_256,
	HASH_ALGO_RIPE_MD_320,
	HASH_ALGO_WP_256,
	HASH_ALGO_WP_384,
	HASH_ALGO_WP_512,
	HASH_ALGO_TGR_128,
	HASH_ALGO_TGR_160,
	HASH_ALGO_TGR_192,
	HASH_ALGO__LAST
	};

	/* IMA template names */

	#define IMA_UNSUPPORTED 0
	#define IMA_FORMAT_IMA_NG 1
	#define IMA_FORMAT_IMA_SIG 2
	#define IMA_FORMAT_IMA 3
	#define IMA_FORMAT_MODSIG 4
	#define IMA_FORMAT_BUF 5

	//typedef TPM_DIGEST TPM_PCRVALUE; /* The value inside of the PCR */

	typedef struct ImaEvent {
	uint32_t pcrIndex;
	uint8_t digest[SHA1_DIGEST_SIZE]; /* IMA hard coded to SHA-1 */
	uint32_t name_len;
	char name[TCG_EVENT_NAME_LEN_MAX + 1];
	unsigned int nameInt; /* integer for template data handler */
	struct ima_template_desc template_desc; / template descriptor */
	uint32_t template_data_len;
	uint8_t template_data; / template related data */
	} ImaEvent;

	typedef struct ImaTemplateDNG {
	uint32_t hashLength;
	char hashAlg[64+1]; /* FIXME need verification */
	TPMI_ALG_HASH hashAlgId;
	uint32_t fileDataHashLength;
	uint8_t fileDataHash[SHA256_DIGEST_SIZE];
	} ImaTemplateDNG;

	typedef struct ImaTemplateNNG {
	uint32_t fileNameLength;
	uint8_t fileName[MAXPATHLEN+1];
	} ImaTemplateNNG;

	typedef struct ImaTemplateSIG {
	uint32_t sigLength;
	uint32_t sigHeaderLength;
	uint8_t sigHeader[9]; /* FIXME need verification, length and contents */
	uint16_t signatureSize;
	uint8_t signature[256]; /* FIXME need verification */
	} ImaTemplateSIG;

	typedef struct ImaTemplateDMODSIG {
	uint32_t dModSigHashLength;
	char dModSigHashAlg[64+1]; /* FIXME need verification */
	TPMI_ALG_HASH dModSigHashAlgId;
	uint32_t dModSigFileDataHashLength;
	uint8_t dModSigFileDataHash[SHA256_DIGEST_SIZE];
	} ImaTemplateDMODSIG;

	typedef struct ImaTemplateMODSIG {
	uint32_t modSigLength;
	uint8_t modSigData[4096]; /* FIXME guess */

	} ImaTemplateMODSIG;

	typedef struct ImaTemplateBUF {
	uint32_t bufLength;
	uint8_t bufData[4096]; /* FIXME guess */
	} ImaTemplateBUF;

	typedef struct ImaTemplateData {
	/* d-ng */
	ImaTemplateDNG imaTemplateDNG;
	/* n-ng */
	ImaTemplateNNG imaTemplateNNG;
	/* sig */
	ImaTemplateSIG imaTemplateSIG;
	/* d-modsig */
	ImaTemplateDMODSIG imaTemplateDMODSIG;
	/* modsig */
	ImaTemplateMODSIG imaTemplateMODSIG;
	/* buf */
	ImaTemplateBUF imaTemplateBUF;

	} ImaTemplateData;

	#ifdef __cplusplus
	extern "C" {
	#endif

	void IMA_Event_Init(ImaEvent *imaEvent);
	void IMA_Event_Free(ImaEvent *imaEvent);
	void IMA_Event_Trace(ImaEvent *imaEvent, int traceTemplate);
	void IMA_TemplateData_Init(ImaTemplateData *imaTemplateData);
	void IMA_TemplateData_Trace(ImaTemplateData *imaTemplateData,
	unsigned int nameInt);
	uint32_t IMA_Event_ReadFile(ImaEvent *imaEvent,
	int *endOfFile,
	FILE *infile,
	int littleEndian);
	uint32_t IMA_Event_ReadBuffer(ImaEvent *imaEvent,
	size_t *length,
	uint8_t **buffer,
	int *endOfBuffer,
	int littleEndian,
	int getTemplate);
	uint32_t IMA_TemplateData_ReadBuffer(ImaTemplateData *imaTemplateData,
	ImaEvent *imaEvent,
	int littleEndian);
	uint32_t IMA_Event_Write(ImaEvent *imaEvent,
	FILE *outFile);
	uint32_t IMA_Extend(TPMT_HA *imapcr,
	ImaEvent *imaEvent,
	TPMI_ALG_HASH hashAlg);
	uint32_t IMA_VerifyImaDigest(uint32_t *badEvent,
	ImaEvent *imaEvent,
	int eventNum);
	TPM_RC IMA_Event_Marshal(ImaEvent *source,
	uint16_t written, uint8_t buffer, uint32_t size);

	uint32_t IMA_Event_PcrExtend(TPMT_HA pcrs[IMA_PCR_BANKS][IMPLEMENTATION_PCR],
	ImaEvent *imaEvent);
	#if 0
	uint32_t IMA_Event_ToString(char **eventString,
	ImaEvent *imaEvent);
	#endif

	#ifdef __cplusplus
	}
	#endif

	#endif