Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\integrity\evm\evm_main.c Create Date:2022-07-28 19:59:57
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:vm_verify_hmac - calculate and compare the HMAC with the EVM xattr* Compute the HMAC on the dentry's protected set of extended attributes* and compare it against the stored security

Proto:static enum integrity_status evm_verify_hmac(struct dentry *dentry, const char *xattr_name, char *xattr_value, size_t xattr_value_len, struct integrity_iint_cache *iint)

Type:enum integrity_status

Parameter:

TypeParameterName
struct dentry *dentry
const char *xattr_name
char *xattr_value
size_txattr_value_len
struct integrity_iint_cache *iint
134  struct evm_ima_xattr_data * xattr_data = NULL
136  evm_status = INTEGRITY_PASS
141  If iint && ( evm_status == INTEGRITY_PASS || evm_status == INTEGRITY_PASS_IMMUTABLE ) Then Return evm_status
148  rc = vfs_getxattr_alloc(dentry, XATTR_NAME_EVM, (char * * ) & xattr_data, 0, GFP_NOFS)
150  If rc <= 0 Then
151  evm_status = INTEGRITY_FAIL
152  If rc == -ENODATA Then
153  rc = evm_find_protected_xattrs(dentry)
154  If rc > 0 Then evm_status = INTEGRITY_NOLABEL
156  Else if rc == 0 Then evm_status = INTEGRITY_NOXATTRS
158  Else if rc == -EOPNOTSUPP Then
159  evm_status = INTEGRITY_UNKNOWN
161  Go to out
164  xattr_len = rc
168  Case type == EVM_XATTR_HMAC
169  If xattr_len != sizeof(structevm_xattr) Then
170  evm_status = INTEGRITY_FAIL
171  Go to out
174  algo = HASH_ALGO_SHA1
175  rc = evm_calc_hmac(dentry, xattr_name, xattr_value, xattr_value_len, & digest)
177  If rc Then Break
179  rc = rypto_memneq - Compare two areas of memory without leaking* timing information.*@a: One area of memory*@b: Another area of memory*@size: The size of the area.* Returns 0 when data is equal, 1 otherwise.
181  If rc Then rc = -EINVAL
183  Break
184  Case type == EVM_IMA_XATTR_DIGSIG
185  Case type == EVM_XATTR_PORTABLE_DIGSIG
186  hdr = xattr_data
187  algo = Digest algorithm [enum hash_algo]
188  rc = evm_calc_hash(dentry, xattr_name, xattr_value, xattr_value_len, type, & digest)
190  If rc Then Break
192  rc = integrity_digsig_verify(INTEGRITY_KEYRING_EVM, (constchar * )xattr_data, xattr_len, digest, length)
195  If Not rc Then
196  inode = d_backing_inode - Get upper or lower inode we should be using*@upper: The upper layer* This is the helper that should be used to get at the inode that will be used* if this dentry were to be opened as a file. The inode may be on the upper
198  If type == EVM_XATTR_PORTABLE_DIGSIG Then
202  Else if Not IS_RDONLY(inode) && Not s_readonly_remount && Not IS_IMMUTABLE(inode) Then
210  Break
211  Default
212  rc = -EINVAL
213  Break
216  If rc Then evm_status = If rc == -ENODATA Then INTEGRITY_NOXATTRS Else INTEGRITY_FAIL
219  out :
220  If iint Then evm_status = evm_status
222  kfree(xattr_data)
223  Return evm_status
Caller
NameDescribe
evm_verifyxattrvm_verifyxattr - verify the integrity of the requested xattr*@dentry: object of the verify xattr*@xattr_name: requested xattr*@xattr_value: requested xattr value*@xattr_value_len: requested xattr value length* Calculate the HMAC for the given dentry and
evm_verify_current_integrityvm_verify_current_integrity - verify the dentry's metadata integrity*@dentry: pointer to the affected dentry* Verify and return the dentry's metadata integrity. The exceptions are* before EVM is initialized or in 'fix' mode.