1 // SPDX-License-Identifier: GPL-2.0-only
4  *                    TORSEC group -- https://security.polito.it
20 	{.name = IMA_TEMPLATE_IMA_NAME, .fmt = IMA_TEMPLATE_IMA_FMT},
21 	{.name = "ima-ng", .fmt = "d-ng|n-ng"},
22 	{.name = "ima-sig", .fmt = "d-ng|n-ng|sig"},
23 	{.name = "ima-buf", .fmt = "d-ng|n-ng|buf"},
24 	{.name = "ima-modsig", .fmt = "d-ng|n-ng|sig|d-modsig|modsig"},
25 	{.name = "", .fmt = ""},	/* placeholder for a custom format */
36 	{.field_id = "d-ng", .field_init = ima_eventdigest_ng_init,
38 	{.field_id = "n-ng", .field_init = ima_eventname_ng_init,
44 	{.field_id = "d-modsig", .field_init = ima_eventdigest_modsig_init,
53  * description as 'd-ng' and 'n-ng' respectively.
55 #define MAX_TEMPLATE_NAME_LEN sizeof("d-ng|n-ng|sig|buf|d-modisg|modsig")
60  * ima_template_has_modsig - Check whether template has modsig-related fields.
70 	for (i = 0; i < ima_template->num_fields; i++)  in ima_template_has_modsig()
71 		if (!strcmp(ima_template->fields[i]->field_id, "modsig") ||  in ima_template_has_modsig()
72 		    !strcmp(ima_template->fields[i]->field_id, "d-modsig"))  in ima_template_has_modsig()
89 	 * Verify that a template with the supplied name exists.  in ima_template_setup()
127 	builtin_templates[num_templates - 1].fmt = str;  in ima_template_fmt_setup()
128 	ima_template = builtin_templates + num_templates - 1;  in ima_template_fmt_setup()
134 struct ima_template_desc *lookup_template_desc(const char *name)  in lookup_template_desc()  argument
141 		if ((strcmp(template_desc->name, name) == 0) ||  in lookup_template_desc()
142 		    (strcmp(template_desc->fmt, name) == 0)) {  in lookup_template_desc()
196 		return -EINVAL;  in template_desc_init_fields()
203 		len = strchrnul(template_fmt_ptr, '|') - template_fmt_ptr;  in template_desc_init_fields()
206 			return -EINVAL;  in template_desc_init_fields()
214 			return -ENOENT;  in template_desc_init_fields()
221 			return -ENOMEM;  in template_desc_init_fields()
260 	result = template_desc_init_fields(template->fmt,  in ima_init_template()
261 					   &(template->fields),  in ima_init_template()
262 					   &(template->num_fields));  in ima_init_template()
265 		       (strlen(template->name) ?  in ima_init_template()
266 		       template->name : template->fmt), result);  in ima_init_template()
287 	template_desc->name = "";  in restore_template_fmt()
288 	template_desc->fmt = kstrdup(template_name, GFP_KERNEL);  in restore_template_fmt()
289 	if (!template_desc->fmt)  in restore_template_fmt()
293 	list_add_tail_rcu(&template_desc->list, &defined_templates);  in restore_template_fmt()
302 				     struct ima_template_entry **entry)  in ima_restore_template_data()  argument
308 	*entry = kzalloc(struct_size(*entry, template_data,  in ima_restore_template_data()
309 				     template_desc->num_fields), GFP_NOFS);  in ima_restore_template_data()
310 	if (!*entry)  in ima_restore_template_data()
311 		return -ENOMEM;  in ima_restore_template_data()
316 		kfree(*entry);  in ima_restore_template_data()
317 		return -ENOMEM;  in ima_restore_template_data()
320 	(*entry)->digests = digests;  in ima_restore_template_data()
323 			    NULL, template_desc->num_fields,  in ima_restore_template_data()
324 			    (*entry)->template_data, NULL, NULL,  in ima_restore_template_data()
327 		kfree((*entry)->digests);  in ima_restore_template_data()
328 		kfree(*entry);  in ima_restore_template_data()
332 	(*entry)->template_desc = template_desc;  in ima_restore_template_data()
333 	for (i = 0; i < template_desc->num_fields; i++) {  in ima_restore_template_data()
334 		struct ima_field_data *field_data = &(*entry)->template_data[i];  in ima_restore_template_data()
335 		u8 *data = field_data->data;  in ima_restore_template_data()
337 		(*entry)->template_data[i].data =  in ima_restore_template_data()
338 			kzalloc(field_data->len + 1, GFP_KERNEL);  in ima_restore_template_data()
339 		if (!(*entry)->template_data[i].data) {  in ima_restore_template_data()
340 			ret = -ENOMEM;  in ima_restore_template_data()
343 		memcpy((*entry)->template_data[i].data, data, field_data->len);  in ima_restore_template_data()
344 		(*entry)->template_data_len += sizeof(field_data->len);  in ima_restore_template_data()
345 		(*entry)->template_data_len += field_data->len;  in ima_restore_template_data()
349 		ima_free_template_entry(*entry);  in ima_restore_template_data()
350 		*entry = NULL;  in ima_restore_template_data()
370 	struct ima_template_entry *entry;  in ima_restore_measurement_list()  local
380 		khdr->version = le16_to_cpu(khdr->version);  in ima_restore_measurement_list()
381 		khdr->count = le64_to_cpu(khdr->count);  in ima_restore_measurement_list()
382 		khdr->buffer_size = le64_to_cpu(khdr->buffer_size);  in ima_restore_measurement_list()
385 	if (khdr->version != 1) {  in ima_restore_measurement_list()
387 		return -EINVAL;  in ima_restore_measurement_list()
390 	if (khdr->count > ULONG_MAX - 1) {  in ima_restore_measurement_list()
392 		return -EINVAL;  in ima_restore_measurement_list()
401 	 * v1 format: pcr, digest, template-name-len, template-name,  in ima_restore_measurement_list()
402 	 *	      template-data-size, template-data  in ima_restore_measurement_list()
404 	bufendp = buf + khdr->buffer_size;  in ima_restore_measurement_list()
405 	while ((bufp < bufendp) && (count++ < khdr->count)) {  in ima_restore_measurement_list()
408 		enforce_mask |= (count == khdr->count) ? ENFORCE_BUFEND : 0;  in ima_restore_measurement_list()
410 				    hdr_mask, enforce_mask, "entry header");  in ima_restore_measurement_list()
415 			pr_err("attempting to restore a template name that is too long\n");  in ima_restore_measurement_list()
416 			ret = -EINVAL;  in ima_restore_measurement_list()
420 		/* template name is not null terminated */  in ima_restore_measurement_list()
428 			ret = -EINVAL;  in ima_restore_measurement_list()
443 		ret = template_desc_init_fields(template_desc->fmt,  in ima_restore_measurement_list()
444 						&(template_desc->fields),  in ima_restore_measurement_list()
445 						&(template_desc->num_fields));  in ima_restore_measurement_list()
448 			       template_desc->fmt);  in ima_restore_measurement_list()
449 			ret = -EINVAL;  in ima_restore_measurement_list()
456 						&entry);  in ima_restore_measurement_list()
462 						&entry->template_data[0],  in ima_restore_measurement_list()
463 						entry);  in ima_restore_measurement_list()
466 				ret = -EINVAL;  in ima_restore_measurement_list()
471 		entry->pcr = !ima_canonical_fmt ? *(hdr[HDR_PCR].data) :  in ima_restore_measurement_list()
473 		ret = ima_restore_measurement_entry(entry);  in ima_restore_measurement_list()