ima: Store template digest directly in ima_template_entry

author Roberto Sassu <roberto.sassu@huawei.com>

Wed, 25 Mar 2020 10:47:08 +0000 (11:47 +0100)

committer Mimi Zohar <zohar@linux.ibm.com>

Mon, 20 Apr 2020 02:03:39 +0000 (22:03 -0400)
author Roberto Sassu <roberto.sassu@huawei.com>
Wed, 25 Mar 2020 10:47:08 +0000 (11:47 +0100)
committer Mimi Zohar <zohar@linux.ibm.com>
Mon, 20 Apr 2020 02:03:39 +0000 (22:03 -0400)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h

index 64317d95363e894e93d49a071cb4a2b16b491bbe..a2dfe24e04c7280f7b0cf4b5a73527f87d4df871 100644 (file)
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -138,8 +138,7 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash);
  int ima_calc_buffer_hash(const void *buf, loff_t len,
                          struct ima_digest_data *hash);
  int ima_calc_field_array_hash(struct ima_field_data *field_data,
-                             struct ima_template_desc *desc, int num_fields,
-                             struct ima_digest_data *hash);
+                             struct ima_template_entry *entry);
  int __init ima_calc_boot_aggregate(struct ima_digest_data *hash);
  void ima_add_violation(struct file *file, const unsigned char *filename,
                        struct integrity_iint_cache *iint,
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c

index f6bc00914aa5e4ed57c16a9321b0da2a917fbde1..2ef5a40c7ca53e9af7a0b6c57142ce4dcb39724a 100644 (file)
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -96,26 +96,16 @@ int ima_store_template(struct ima_template_entry *entry,
         static const char audit_cause[] = "hashing_error";
         char *template_name = entry->template_desc->name;
         int result;
-       struct {
-               struct ima_digest_data hdr;
-               char digest[TPM_DIGEST_SIZE];
-       } hash;
  
         if (!violation) {
-               int num_fields = entry->template_desc->num_fields;
-
-               /* this function uses default algo */
-               hash.hdr.algo = HASH_ALGO_SHA1;
                 result = ima_calc_field_array_hash(&entry->template_data[0],
-                                                  entry->template_desc,
-                                                  num_fields, &hash.hdr);
+                                                  entry);
                 if (result < 0) {
                         integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode,
                                             template_name, op,
                                             audit_cause, result, 0);
                         return result;
                 }
-               memcpy(entry->digest, hash.hdr.digest, hash.hdr.length);
         }
         entry->pcr = pcr;
         result = ima_add_template_entry(entry, violation, op, inode, filename);
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c

index 8e445a6712250f9dfdd2c9bc4ba5702bd66ab813..03d73a4009ab97da1824d4b114f79840e479a3c0 100644 (file)
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -464,18 +464,16 @@ out:
   * Calculate the hash of template data
   */
  static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
-                                        struct ima_template_desc *td,
-                                        int num_fields,
-                                        struct ima_digest_data *hash,
+                                        struct ima_template_entry *entry,
                                          struct crypto_shash *tfm)
  {
         SHASH_DESC_ON_STACK(shash, tfm);
+       struct ima_template_desc *td = entry->template_desc;
+       int num_fields = entry->template_desc->num_fields;
         int rc, i;
  
         shash->tfm = tfm;
  
-       hash->length = crypto_shash_digestsize(tfm);
-
         rc = crypto_shash_init(shash);
         if (rc != 0)
                 return rc;
@@ -504,24 +502,22 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
         }
  
         if (!rc)
-               rc = crypto_shash_final(shash, hash->digest);
+               rc = crypto_shash_final(shash, entry->digest);
  
         return rc;
  }
  
  int ima_calc_field_array_hash(struct ima_field_data *field_data,
-                             struct ima_template_desc *desc, int num_fields,
-                             struct ima_digest_data *hash)
+                             struct ima_template_entry *entry)
  {
         struct crypto_shash *tfm;
         int rc;
  
-       tfm = ima_alloc_tfm(hash->algo);
+       tfm = ima_alloc_tfm(HASH_ALGO_SHA1);
         if (IS_ERR(tfm))
                 return PTR_ERR(tfm);
  
-       rc = ima_calc_field_array_hash_tfm(field_data, desc, num_fields,
-                                          hash, tfm);
+       rc = ima_calc_field_array_hash_tfm(field_data, entry, tfm);
  
         ima_free_tfm(tfm);
author	Roberto Sassu <roberto.sassu@huawei.com>
	Wed, 25 Mar 2020 10:47:08 +0000 (11:47 +0100)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Mon, 20 Apr 2020 02:03:39 +0000 (22:03 -0400)
security/integrity/ima/ima.h		patch \| blob \| history
security/integrity/ima/ima_api.c		patch \| blob \| history
security/integrity/ima/ima_crypto.c		patch \| blob \| history