| /********************************************************************************/ |
| /* */ |
| /* IMA Routines */ |
| /* Written by Ken Goldman */ |
| /* IBM Thomas J. Watson Research Center */ |
| /* */ |
| /* (c) Copyright IBM Corporation 2016 - 2019 */ |
| /* */ |
| /* All rights reserved. */ |
| /* */ |
| /* Redistribution and use in source and binary forms, with or without */ |
| /* modification, are permitted provided that the following conditions are */ |
| /* met: */ |
| /* */ |
| /* Redistributions of source code must retain the above copyright notice, */ |
| /* this list of conditions and the following disclaimer. */ |
| /* */ |
| /* Redistributions in binary form must reproduce the above copyright */ |
| /* notice, this list of conditions and the following disclaimer in the */ |
| /* documentation and/or other materials provided with the distribution. */ |
| /* */ |
| /* Neither the names of the IBM Corporation nor the names of its */ |
| /* contributors may be used to endorse or promote products derived from */ |
| /* this software without specific prior written permission. */ |
| /* */ |
| /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ |
| /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ |
| /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ |
| /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ |
| /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ |
| /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ |
| /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ |
| /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ |
| /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ |
| /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ |
| /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ |
| /********************************************************************************/ |
| |
| #ifndef IMA_H |
| #define IMA_H |
| |
| #include <stdio.h> |
| #include <stdlib.h> |
| #include <string.h> |
| #include <stdint.h> |
| |
| #include <sys/param.h> |
| |
| #include <ibmtss/TPM_Types.h> |
| |
| /* FIXME meed OS independent value */ |
| /* Debian/Hurd does not define MAXPATHLEN */ |
| #ifndef MAXPATHLEN |
| #define MAXPATHLEN 4096 |
| #endif |
| |
| #define IMA_PCR 10 |
| /* IMA currently supports only SHA-1 and SHA-256 */ |
| #define IMA_PCR_BANKS 2 |
| |
| /* FIXME need verification */ |
| #define TCG_EVENT_NAME_LEN_MAX 255 |
| |
| #define TCG_TEMPLATE_DATA_LEN_MAX (sizeof(ImaTemplateData)) |
| |
| /* from security/integrity/integrity.h: */ |
| |
| enum evm_ima_xattr_type { |
| IMA_XATTR_DIGEST = 0x01, |
| EVM_XATTR_HMAC, |
| EVM_IMA_XATTR_DIGSIG, |
| IMA_XATTR_DIGEST_NG, |
| IMA_XATTR_LAST |
| }; |
| |
| /* from include/uapi/linux/hash_info.h: */ |
| |
| enum hash_algo { |
| HASH_ALGO_MD4, |
| HASH_ALGO_MD5, |
| HASH_ALGO_SHA1, |
| HASH_ALGO_RIPE_MD_160, |
| HASH_ALGO_SHA256, |
| HASH_ALGO_SHA384, |
| HASH_ALGO_SHA512, |
| HASH_ALGO_SHA224, |
| HASH_ALGO_RIPE_MD_128, |
| HASH_ALGO_RIPE_MD_256, |
| HASH_ALGO_RIPE_MD_320, |
| HASH_ALGO_WP_256, |
| HASH_ALGO_WP_384, |
| HASH_ALGO_WP_512, |
| HASH_ALGO_TGR_128, |
| HASH_ALGO_TGR_160, |
| HASH_ALGO_TGR_192, |
| HASH_ALGO__LAST |
| }; |
| |
| /* IMA template names */ |
| |
| #define IMA_UNSUPPORTED 0 |
| #define IMA_FORMAT_IMA_NG 1 |
| #define IMA_FORMAT_IMA_SIG 2 |
| #define IMA_FORMAT_IMA 3 |
| #define IMA_FORMAT_MODSIG 4 |
| #define IMA_FORMAT_BUF 5 |
| |
| //typedef TPM_DIGEST TPM_PCRVALUE; /* The value inside of the PCR */ |
| |
| typedef struct ImaEvent { |
| uint32_t pcrIndex; |
| uint8_t digest[SHA1_DIGEST_SIZE]; /* IMA hard coded to SHA-1 */ |
| uint32_t name_len; |
| char name[TCG_EVENT_NAME_LEN_MAX + 1]; |
| unsigned int nameInt; /* integer for template data handler */ |
| struct ima_template_desc *template_desc; /* template descriptor */ |
| uint32_t template_data_len; |
| uint8_t *template_data; /* template related data */ |
| } ImaEvent; |
| |
| typedef struct ImaTemplateDNG { |
| uint32_t hashLength; |
| char hashAlg[64+1]; /* FIXME need verification */ |
| TPMI_ALG_HASH hashAlgId; |
| uint32_t fileDataHashLength; |
| uint8_t fileDataHash[SHA256_DIGEST_SIZE]; |
| } ImaTemplateDNG; |
| |
| typedef struct ImaTemplateNNG { |
| uint32_t fileNameLength; |
| uint8_t fileName[MAXPATHLEN+1]; |
| } ImaTemplateNNG; |
| |
| typedef struct ImaTemplateSIG { |
| uint32_t sigLength; |
| uint32_t sigHeaderLength; |
| uint8_t sigHeader[9]; /* FIXME need verification, length and contents */ |
| uint16_t signatureSize; |
| uint8_t signature[256]; /* FIXME need verification */ |
| } ImaTemplateSIG; |
| |
| typedef struct ImaTemplateDMODSIG { |
| uint32_t dModSigHashLength; |
| char dModSigHashAlg[64+1]; /* FIXME need verification */ |
| TPMI_ALG_HASH dModSigHashAlgId; |
| uint32_t dModSigFileDataHashLength; |
| uint8_t dModSigFileDataHash[SHA256_DIGEST_SIZE]; |
| } ImaTemplateDMODSIG; |
| |
| typedef struct ImaTemplateMODSIG { |
| uint32_t modSigLength; |
| uint8_t modSigData[4096]; /* FIXME guess */ |
| |
| } ImaTemplateMODSIG; |
| |
| typedef struct ImaTemplateBUF { |
| uint32_t bufLength; |
| uint8_t bufData[4096]; /* FIXME guess */ |
| } ImaTemplateBUF; |
| |
| typedef struct ImaTemplateData { |
| /* d-ng */ |
| ImaTemplateDNG imaTemplateDNG; |
| /* n-ng */ |
| ImaTemplateNNG imaTemplateNNG; |
| /* sig */ |
| ImaTemplateSIG imaTemplateSIG; |
| /* d-modsig */ |
| ImaTemplateDMODSIG imaTemplateDMODSIG; |
| /* modsig */ |
| ImaTemplateMODSIG imaTemplateMODSIG; |
| /* buf */ |
| ImaTemplateBUF imaTemplateBUF; |
| |
| } ImaTemplateData; |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| |
| void IMA_Event_Init(ImaEvent *imaEvent); |
| void IMA_Event_Free(ImaEvent *imaEvent); |
| void IMA_Event_Trace(ImaEvent *imaEvent, int traceTemplate); |
| void IMA_TemplateData_Init(ImaTemplateData *imaTemplateData); |
| void IMA_TemplateData_Trace(ImaTemplateData *imaTemplateData, |
| unsigned int nameInt); |
| uint32_t IMA_Event_ReadFile(ImaEvent *imaEvent, |
| int *endOfFile, |
| FILE *infile, |
| int littleEndian); |
| uint32_t IMA_Event_ReadBuffer(ImaEvent *imaEvent, |
| size_t *length, |
| uint8_t **buffer, |
| int *endOfBuffer, |
| int littleEndian, |
| int getTemplate); |
| uint32_t IMA_TemplateData_ReadBuffer(ImaTemplateData *imaTemplateData, |
| ImaEvent *imaEvent, |
| int littleEndian); |
| uint32_t IMA_Event_Write(ImaEvent *imaEvent, |
| FILE *outFile); |
| uint32_t IMA_Extend(TPMT_HA *imapcr, |
| ImaEvent *imaEvent, |
| TPMI_ALG_HASH hashAlg); |
| uint32_t IMA_VerifyImaDigest(uint32_t *badEvent, |
| ImaEvent *imaEvent, |
| int eventNum); |
| TPM_RC IMA_Event_Marshal(ImaEvent *source, |
| uint16_t *written, uint8_t **buffer, uint32_t *size); |
| |
| uint32_t IMA_Event_PcrExtend(TPMT_HA pcrs[IMA_PCR_BANKS][IMPLEMENTATION_PCR], |
| ImaEvent *imaEvent); |
| #if 0 |
| uint32_t IMA_Event_ToString(char **eventString, |
| ImaEvent *imaEvent); |
| #endif |
| |
| #ifdef __cplusplus |
| } |
| #endif |
| |
| #endif |