xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

evm: Allow non-SHA1 digital signatures

Browse Source 
SHA1 is reasonable in HMAC constructs, but it's desirable to be able to
use stronger hashes in digital signatures. Modify the EVM crypto code so
the hash type is imported from the digital signature and passed down to
the hash calculation code, and return the digest size to higher layers
for validation.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Matthew Garrett
2018-06-08 14:57:43 -07:00
committed by Mimi Zohar
parent e2861fa716
commit 5feeb61183
4 changed files with 46 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
security/integrity/evm/evm.h
View File

@@ -47,6 +47,11 @@ extern struct crypto_shash *hash_tfm;
/* List of EVM protected security xattrs */
extern struct list_head evm_config_xattrnames;
struct evm_digest {
struct ima_digest_data hdr;
char digest[IMA_MAX_DIGEST_SIZE];
} __packed;
int evm_init_key(void);
int evm_update_evmxattr(struct dentry *dentry,
const char *req_xattr_name,
@@ -54,10 +59,11 @@ int evm_update_evmxattr(struct dentry *dentry,
size_t req_xattr_value_len);
int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name,
const char *req_xattr_value,
size_t req_xattr_value_len, char *digest);
size_t req_xattr_value_len, struct evm_digest *data);
int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name,
const char *req_xattr_value,
size_t req_xattr_value_len, char type, char *digest);
size_t req_xattr_value_len, char type,
struct evm_digest *data);
int evm_init_hmac(struct inode *inode, const struct xattr *xattr,
char *hmac_val);
int evm_init_secfs(void);