evm.h (1650B)
1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * Copyright (C) 2005-2010 IBM Corporation 4 * 5 * Authors: 6 * Mimi Zohar <zohar@us.ibm.com> 7 * Kylene Hall <kjhall@us.ibm.com> 8 * 9 * File: evm.h 10 */ 11 12#ifndef __INTEGRITY_EVM_H 13#define __INTEGRITY_EVM_H 14 15#include <linux/xattr.h> 16#include <linux/security.h> 17 18#include "../integrity.h" 19 20#define EVM_INIT_HMAC 0x0001 21#define EVM_INIT_X509 0x0002 22#define EVM_ALLOW_METADATA_WRITES 0x0004 23#define EVM_SETUP_COMPLETE 0x80000000 /* userland has signaled key load */ 24 25#define EVM_KEY_MASK (EVM_INIT_HMAC | EVM_INIT_X509) 26#define EVM_INIT_MASK (EVM_INIT_HMAC | EVM_INIT_X509 | EVM_SETUP_COMPLETE | \ 27 EVM_ALLOW_METADATA_WRITES) 28 29struct xattr_list { 30 struct list_head list; 31 char *name; 32 bool enabled; 33}; 34 35extern int evm_initialized; 36 37#define EVM_ATTR_FSUUID 0x0001 38 39extern int evm_hmac_attrs; 40 41/* List of EVM protected security xattrs */ 42extern struct list_head evm_config_xattrnames; 43 44struct evm_digest { 45 struct ima_digest_data hdr; 46 char digest[IMA_MAX_DIGEST_SIZE]; 47} __packed; 48 49int evm_init_key(void); 50int evm_update_evmxattr(struct dentry *dentry, 51 const char *req_xattr_name, 52 const char *req_xattr_value, 53 size_t req_xattr_value_len); 54int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name, 55 const char *req_xattr_value, 56 size_t req_xattr_value_len, struct evm_digest *data); 57int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name, 58 const char *req_xattr_value, 59 size_t req_xattr_value_len, char type, 60 struct evm_digest *data); 61int evm_init_hmac(struct inode *inode, const struct xattr *xattr, 62 char *hmac_val); 63int evm_init_secfs(void); 64 65#endif