ima: switch to new template management mechanism
This patch performs the switch to the new template mechanism by modifying the functions ima_alloc_init_template(), ima_measurements_show() and ima_ascii_measurements_show(). The old function ima_template_show() was removed as it is no longer needed. Also, if the template descriptor used to generate a measurement entry is not 'ima', the whole length of field data stored for an entry is provided before the data itself through the binary_runtime_measurement interface. Changelog: - unnecessary to use strncmp() (Mimi Zohar) - create new variable 'field' in ima_alloc_init_template() (Roberto Sassu) - use GFP_NOFS flag in ima_alloc_init_template() (Roberto Sassu) - new variable 'num_fields' in ima_store_template() (Roberto Sassu, proposed by Mimi Zohar) - rename ima_calc_buffer_hash/template_hash() to ima_calc_field_array_hash(), something more generic (Mimi, requested by Dmitry) - sparse error fix - Fengguang Wu - fix lindent warnings - always include the field length in the template data length - include the template field length variable size in the template data length - include both the template field data and field length in the template digest calculation. Simplifies verifying the template digest. (Mimi) Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Roberto Sassu
committed by
Mimi Zohar
Mimi Zohar
parent
4d7aeee73f
commit
a71dc65d30
@@ -137,26 +137,46 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
|
||||
}
|
||||
|
||||
/*
|
||||
* Calculate the hash of a given buffer
|
||||
* Calculate the hash of template data
|
||||
*/
|
||||
static int ima_calc_buffer_hash_tfm(const void *buf, int len,
|
||||
struct ima_digest_data *hash,
|
||||
struct crypto_shash *tfm)
|
||||
static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
|
||||
int num_fields,
|
||||
struct ima_digest_data *hash,
|
||||
struct crypto_shash *tfm)
|
||||
{
|
||||
struct {
|
||||
struct shash_desc shash;
|
||||
char ctx[crypto_shash_descsize(tfm)];
|
||||
} desc;
|
||||
int rc, i;
|
||||
|
||||
desc.shash.tfm = tfm;
|
||||
desc.shash.flags = 0;
|
||||
|
||||
hash->length = crypto_shash_digestsize(tfm);
|
||||
|
||||
return crypto_shash_digest(&desc.shash, buf, len, hash->digest);
|
||||
rc = crypto_shash_init(&desc.shash);
|
||||
if (rc != 0)
|
||||
return rc;
|
||||
|
||||
for (i = 0; i < num_fields; i++) {
|
||||
rc = crypto_shash_update(&desc.shash,
|
||||
(const u8 *) &field_data[i].len,
|
||||
sizeof(field_data[i].len));
|
||||
rc = crypto_shash_update(&desc.shash, field_data[i].data,
|
||||
field_data[i].len);
|
||||
if (rc)
|
||||
break;
|
||||
}
|
||||
|
||||
if (!rc)
|
||||
rc = crypto_shash_final(&desc.shash, hash->digest);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
int ima_calc_buffer_hash(const void *buf, int len, struct ima_digest_data *hash)
|
||||
int ima_calc_field_array_hash(struct ima_field_data *field_data, int num_fields,
|
||||
struct ima_digest_data *hash)
|
||||
{
|
||||
struct crypto_shash *tfm;
|
||||
int rc;
|
||||
@@ -165,7 +185,7 @@ int ima_calc_buffer_hash(const void *buf, int len, struct ima_digest_data *hash)
|
||||
if (IS_ERR(tfm))
|
||||
return PTR_ERR(tfm);
|
||||
|
||||
rc = ima_calc_buffer_hash_tfm(buf, len, hash, tfm);
|
||||
rc = ima_calc_field_array_hash_tfm(field_data, num_fields, hash, tfm);
|
||||
|
||||
ima_free_tfm(tfm);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user