Commit 7ca79645 authored by Roberto Sassu's avatar Roberto Sassu Committed by Mimi Zohar
Browse files

ima: Store template digest directly in ima_template_entry 



In preparation for the patch that calculates a digest for each allocated
PCR bank, this patch passes to ima_calc_field_array_hash() the
ima_template_entry structure, so that digests can be directly stored in
that structure instead of ima_digest_data.

Signed-off-by: default avatarRoberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
parent e144d6b2

security/integrity/ima/ima.h

+1 −2
Original line number Diff line number Diff line
@@ -138,8 +138,7 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash); 
int ima_calc_buffer_hash(const void *buf, loff_t len,

			 struct ima_digest_data *hash);

int ima_calc_field_array_hash(struct ima_field_data *field_data,

			      struct ima_template_desc *desc, int num_fields,

			      struct ima_digest_data *hash);

			      struct ima_template_entry *entry);

int __init ima_calc_boot_aggregate(struct ima_digest_data *hash);

void ima_add_violation(struct file *file, const unsigned char *filename,

		       struct integrity_iint_cache *iint,

security/integrity/ima/ima_api.c

+1 −11
Original line number Diff line number Diff line
@@ -96,26 +96,16 @@ int ima_store_template(struct ima_template_entry *entry, 
	static const char audit_cause[] = "hashing_error";

	char *template_name = entry->template_desc->name;

	int result;

	struct {

		struct ima_digest_data hdr;

		char digest[TPM_DIGEST_SIZE];

	} hash;



	if (!violation) {

		int num_fields = entry->template_desc->num_fields;



		/* this function uses default algo */

		hash.hdr.algo = HASH_ALGO_SHA1;

		result = ima_calc_field_array_hash(&entry->template_data[0],

						   entry->template_desc,

						   num_fields, &hash.hdr);

						   entry);

		if (result < 0) {

			integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode,

					    template_name, op,

					    audit_cause, result, 0);

			return result;

		}

		memcpy(entry->digest, hash.hdr.digest, hash.hdr.length);

	}

	entry->pcr = pcr;

	result = ima_add_template_entry(entry, violation, op, inode, filename);

security/integrity/ima/ima_crypto.c

+7 −11
Original line number Diff line number Diff line
@@ -464,18 +464,16 @@ out: 
 * Calculate the hash of template data

 */

static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,

					 struct ima_template_desc *td,

					 int num_fields,

					 struct ima_digest_data *hash,

					 struct ima_template_entry *entry,

					 struct crypto_shash *tfm)

{

	SHASH_DESC_ON_STACK(shash, tfm);

	struct ima_template_desc *td = entry->template_desc;

	int num_fields = entry->template_desc->num_fields;

	int rc, i;



	shash->tfm = tfm;



	hash->length = crypto_shash_digestsize(tfm);



	rc = crypto_shash_init(shash);

	if (rc != 0)

		return rc;
@@ -504,24 +502,22 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data, 
	}



	if (!rc)

		rc = crypto_shash_final(shash, hash->digest);

		rc = crypto_shash_final(shash, entry->digest);



	return rc;

}



int ima_calc_field_array_hash(struct ima_field_data *field_data,

			      struct ima_template_desc *desc, int num_fields,

			      struct ima_digest_data *hash)

			      struct ima_template_entry *entry)

{

	struct crypto_shash *tfm;

	int rc;



	tfm = ima_alloc_tfm(hash->algo);

	tfm = ima_alloc_tfm(HASH_ALGO_SHA1);

	if (IS_ERR(tfm))

		return PTR_ERR(tfm);



	rc = ima_calc_field_array_hash_tfm(field_data, desc, num_fields,

					   hash, tfm);

	rc = ima_calc_field_array_hash_tfm(field_data, entry, tfm);



	ima_free_tfm(tfm);

CRA Git | Maintained and supported by SUSTech CRA and CCSE