forked from Minki/linux
ima: Store template digest directly in ima_template_entry
In preparation for the patch that calculates a digest for each allocated PCR bank, this patch passes to ima_calc_field_array_hash() the ima_template_entry structure, so that digests can be directly stored in that structure instead of ima_digest_data. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
parent
e144d6b265
commit
7ca79645a1
@ -138,8 +138,7 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash);
|
||||
int ima_calc_buffer_hash(const void *buf, loff_t len,
|
||||
struct ima_digest_data *hash);
|
||||
int ima_calc_field_array_hash(struct ima_field_data *field_data,
|
||||
struct ima_template_desc *desc, int num_fields,
|
||||
struct ima_digest_data *hash);
|
||||
struct ima_template_entry *entry);
|
||||
int __init ima_calc_boot_aggregate(struct ima_digest_data *hash);
|
||||
void ima_add_violation(struct file *file, const unsigned char *filename,
|
||||
struct integrity_iint_cache *iint,
|
||||
|
@ -96,26 +96,16 @@ int ima_store_template(struct ima_template_entry *entry,
|
||||
static const char audit_cause[] = "hashing_error";
|
||||
char *template_name = entry->template_desc->name;
|
||||
int result;
|
||||
struct {
|
||||
struct ima_digest_data hdr;
|
||||
char digest[TPM_DIGEST_SIZE];
|
||||
} hash;
|
||||
|
||||
if (!violation) {
|
||||
int num_fields = entry->template_desc->num_fields;
|
||||
|
||||
/* this function uses default algo */
|
||||
hash.hdr.algo = HASH_ALGO_SHA1;
|
||||
result = ima_calc_field_array_hash(&entry->template_data[0],
|
||||
entry->template_desc,
|
||||
num_fields, &hash.hdr);
|
||||
entry);
|
||||
if (result < 0) {
|
||||
integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode,
|
||||
template_name, op,
|
||||
audit_cause, result, 0);
|
||||
return result;
|
||||
}
|
||||
memcpy(entry->digest, hash.hdr.digest, hash.hdr.length);
|
||||
}
|
||||
entry->pcr = pcr;
|
||||
result = ima_add_template_entry(entry, violation, op, inode, filename);
|
||||
|
@ -464,18 +464,16 @@ out:
|
||||
* Calculate the hash of template data
|
||||
*/
|
||||
static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
|
||||
struct ima_template_desc *td,
|
||||
int num_fields,
|
||||
struct ima_digest_data *hash,
|
||||
struct ima_template_entry *entry,
|
||||
struct crypto_shash *tfm)
|
||||
{
|
||||
SHASH_DESC_ON_STACK(shash, tfm);
|
||||
struct ima_template_desc *td = entry->template_desc;
|
||||
int num_fields = entry->template_desc->num_fields;
|
||||
int rc, i;
|
||||
|
||||
shash->tfm = tfm;
|
||||
|
||||
hash->length = crypto_shash_digestsize(tfm);
|
||||
|
||||
rc = crypto_shash_init(shash);
|
||||
if (rc != 0)
|
||||
return rc;
|
||||
@ -504,24 +502,22 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
|
||||
}
|
||||
|
||||
if (!rc)
|
||||
rc = crypto_shash_final(shash, hash->digest);
|
||||
rc = crypto_shash_final(shash, entry->digest);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
int ima_calc_field_array_hash(struct ima_field_data *field_data,
|
||||
struct ima_template_desc *desc, int num_fields,
|
||||
struct ima_digest_data *hash)
|
||||
struct ima_template_entry *entry)
|
||||
{
|
||||
struct crypto_shash *tfm;
|
||||
int rc;
|
||||
|
||||
tfm = ima_alloc_tfm(hash->algo);
|
||||
tfm = ima_alloc_tfm(HASH_ALGO_SHA1);
|
||||
if (IS_ERR(tfm))
|
||||
return PTR_ERR(tfm);
|
||||
|
||||
rc = ima_calc_field_array_hash_tfm(field_data, desc, num_fields,
|
||||
hash, tfm);
|
||||
rc = ima_calc_field_array_hash_tfm(field_data, entry, tfm);
|
||||
|
||||
ima_free_tfm(tfm);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user