c6d5a76721
To meet FIPS 140 requirements, add support for building a kernel module
"fips140.ko" that contains various cryptographic algorithms built from
existing kernel source files. At load time, the module checks its own
integrity and self-tests its algorithms, then registers the algorithms
with the crypto API to supersede the original algorithms provided by the
kernel itself.
[ebiggers: this commit originated from "ANDROID: crypto: fips140 -
perform load time integrity check", but I've folded many later commits
into it to make forward porting easier. See below]
Original commits:
android12-5.10:
6be141eb36fe ("ANDROID: crypto: fips140 - perform load time integrity check")
868be244bbed ("ANDROID: inject correct HMAC digest into fips140.ko at build time")
091338cb398e ("ANDROID: fips140: add missing static keyword to fips140_init()")
c799c6644b52 ("ANDROID: fips140: adjust some log messages")
92de53472e68 ("ANDROID: fips140: log already-live algorithms")
0af06624eadc ("ANDROID: fips140: check for errors from initcalls")
634445a640a4 ("ANDROID: fips140: fix deadlock in unregister_existing_fips140_algos()")
e886dd4c339e ("ANDROID: fips140: unregister existing DRBG algorithms")
b7397e89db29 ("ANDROID: fips140: add power-up cryptographic self-tests")
50661975be74 ("ANDROID: fips140: add/update module help text")
b397a0387cb2 ("ANDROID: fips140: test all implementations")
17ccefe14021 ("ANDROID: fips140: use full 16-byte IV")
1be58af0776a ("ANDROID: fips140: remove non-prediction-resistant DRBG test")
2b5843ae2d90 ("ANDROID: fips140: add AES-CBC-CTS")
2ee56aad318c ("ANDROID: fips140: add AES-CMAC")
960ebb2b565b ("ANDROID: fips140: add jitterentropy to fips140 module")
e5b14396f9d2 ("ANDROID: fips140: take into account AES-GCM not being approvable")
52b70d491bd4 ("ANDROID: fips140: use FIPS140_CFLAGS when compiling fips140-selftests.c")
6b995f5a5403 ("ANDROID: fips140: preserve RELA sections without relying on the module loader")
e45108ecff64 ("ANDROID: fips140: block crypto operations until tests complete")
ecf9341134d1 ("ANDROID: fips140: remove in-place updating of live algorithms")
482b0323cf29 ("ANDROID: fips140: zeroize temporary values from integrity check")
64d769e53f20 ("ANDROID: fips140: add service indicators")
8d7f609cdaa4 ("ANDROID: fips140: add name and version, and a function to retrieve them")
6b7c37f6c449 ("ANDROID: fips140: use UTS_RELEASE as FIPS version")
903e97a0ca6d ("ANDROID: fips140: refactor evaluation testing support")
97fb2104fe22 ("ANDROID: fips140: add support for injecting integrity error")
109f31ac23f5 ("ANDROID: fips140: add userspace interface for evaluation testing")
android14-5.15:
84572a0c7981 ("ANDROID: fips140: split dump-section+add-section into 2 ops")
b0f8873811d4 ("ANDROID: kleaf: convert fips140 to kleaf")
2535deae8069 ("ANDROID: GKI: Source GKI_BUILD_CONFIG_FRAGMENT after setting all variables")
685a2ade28bb ("ANDROID: fips140: add crypto_memneq() back to the module")
320dfca58a3d ("ANDROID: fips140: fix in-tree builds")
d4966a820397 ("ANDROID: fips140: remove CONFIG_CRYPTO_FIPS140 option")
6da26b8750f5 ("ANDROID: fips140: require 'm' to enable CRYPTO_FIPS140_MOD")
bfcfcce3803b ("ANDROID: fips140: unapply ABS32 relocations generated by KCFI")
63f46b45dda2 ("ANDROID: fips140: eliminate crypto-fips.a build step")
ae4ca7a09bb6 ("ANDROID: fips140: allow building without LTO")
Bug: 153614920
Bug: 188620248
Test: tested that the module builds and can be loaded on raven.
Change-Id: I3fde49dbc3d16b149b072a27ba5b4c6219015c94
Signed-off-by: Ard Biesheuvel <ardb@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
130 lines
3.6 KiB
C
130 lines
3.6 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* Copyright 2021 Google LLC
|
|
*
|
|
* This file can optionally be built into fips140.ko in order to support certain
|
|
* types of testing that the FIPS lab has to do to evaluate the module. It
|
|
* should not be included in production builds of the module.
|
|
*/
|
|
|
|
/*
|
|
* We have to redefine inline to mean always_inline, so that _copy_to_user()
|
|
* gets inlined. This is needed for it to be placed into the correct section.
|
|
* See fips140_copy_to_user().
|
|
*
|
|
* We also need to undefine BUILD_FIPS140_KO to allow the use of the code
|
|
* patching which copy_to_user() requires.
|
|
*/
|
|
#undef inline
|
|
#define inline inline __attribute__((__always_inline__)) __gnu_inline \
|
|
__inline_maybe_unused notrace
|
|
#undef BUILD_FIPS140_KO
|
|
|
|
#include <linux/cdev.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/module.h>
|
|
#include <linux/slab.h>
|
|
|
|
#include "fips140-module.h"
|
|
#include "fips140-eval-testing-uapi.h"
|
|
|
|
/*
|
|
* This option allows deliberately failing the self-tests for a particular
|
|
* algorithm.
|
|
*/
|
|
static char *fips140_fail_selftest;
|
|
module_param_named(fail_selftest, fips140_fail_selftest, charp, 0);
|
|
|
|
/* This option allows deliberately failing the integrity check. */
|
|
static bool fips140_fail_integrity_check;
|
|
module_param_named(fail_integrity_check, fips140_fail_integrity_check, bool, 0);
|
|
|
|
static dev_t fips140_devnum;
|
|
static struct cdev fips140_cdev;
|
|
|
|
/* Inject a self-test failure (via corrupting the result) if requested. */
|
|
void fips140_inject_selftest_failure(const char *impl, u8 *result)
|
|
{
|
|
if (fips140_fail_selftest && strcmp(impl, fips140_fail_selftest) == 0)
|
|
result[0] ^= 0xff;
|
|
}
|
|
|
|
/* Inject an integrity check failure (via corrupting the text) if requested. */
|
|
void fips140_inject_integrity_failure(u8 *textcopy)
|
|
{
|
|
if (fips140_fail_integrity_check)
|
|
textcopy[0] ^= 0xff;
|
|
}
|
|
|
|
static long fips140_ioctl_is_approved_service(unsigned long arg)
|
|
{
|
|
const char *service_name = strndup_user((const char __user *)arg, 256);
|
|
long ret;
|
|
|
|
if (IS_ERR(service_name))
|
|
return PTR_ERR(service_name);
|
|
|
|
ret = fips140_is_approved_service(service_name);
|
|
|
|
kfree(service_name);
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* Code in fips140.ko is covered by an integrity check by default, and this
|
|
* check breaks if copy_to_user() is called. This is because copy_to_user() is
|
|
* an inline function that relies on code patching. However, since this is
|
|
* "evaluation testing" code which isn't included in the production builds of
|
|
* fips140.ko, it's acceptable to just exclude it from the integrity check.
|
|
*/
|
|
static noinline unsigned long __section("text.._fips140_unchecked")
|
|
fips140_copy_to_user(void __user *to, const void *from, unsigned long n)
|
|
{
|
|
return copy_to_user(to, from, n);
|
|
}
|
|
|
|
static long fips140_ioctl_module_version(unsigned long arg)
|
|
{
|
|
const char *version = fips140_module_version();
|
|
size_t len = strlen(version) + 1;
|
|
|
|
if (len > 256)
|
|
return -EOVERFLOW;
|
|
|
|
if (fips140_copy_to_user((void __user *)arg, version, len))
|
|
return -EFAULT;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static long fips140_ioctl(struct file *file, unsigned int cmd,
|
|
unsigned long arg)
|
|
{
|
|
switch (cmd) {
|
|
case FIPS140_IOCTL_IS_APPROVED_SERVICE:
|
|
return fips140_ioctl_is_approved_service(arg);
|
|
case FIPS140_IOCTL_MODULE_VERSION:
|
|
return fips140_ioctl_module_version(arg);
|
|
default:
|
|
return -ENOTTY;
|
|
}
|
|
}
|
|
|
|
static const struct file_operations fips140_fops = {
|
|
.unlocked_ioctl = fips140_ioctl,
|
|
};
|
|
|
|
bool fips140_eval_testing_init(void)
|
|
{
|
|
if (alloc_chrdev_region(&fips140_devnum, 1, 1, "fips140") != 0) {
|
|
pr_err("failed to allocate device number\n");
|
|
return false;
|
|
}
|
|
cdev_init(&fips140_cdev, &fips140_fops);
|
|
if (cdev_add(&fips140_cdev, fips140_devnum, 1) != 0) {
|
|
pr_err("failed to add fips140 character device\n");
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|