diff options
author | Dmitry Kasatkin <d.kasatkin@samsung.com> | 2013-04-25 09:43:56 +0200 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2013-10-25 23:16:58 +0200 |
commit | c7c8bb237fdbff932b5e431aebee5ce862ea07d1 (patch) | |
tree | 4cdbc7c250dd4418b47ab45dd1108848b50f8cff /security/integrity/integrity.h | |
parent | keys: change asymmetric keys to use common hash definitions (diff) | |
download | linux-c7c8bb237fdbff932b5e431aebee5ce862ea07d1.tar.xz linux-c7c8bb237fdbff932b5e431aebee5ce862ea07d1.zip |
ima: provide support for arbitrary hash algorithms
In preparation of supporting more hash algorithms with larger hash sizes
needed for signature verification, this patch replaces the 20 byte sized
digest, with a more flexible structure. The new structure includes the
hash algorithm, digest size, and digest.
Changelog:
- recalculate filedata hash for the measurement list, if the signature
hash digest size is greater than 20 bytes.
- use generic HASH_ALGO_
- make ima_calc_file_hash static
- scripts lindent and checkpatch fixes
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/integrity.h')
-rw-r--r-- | security/integrity/integrity.h | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index f86731649f54..0b02ea868e30 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -59,20 +59,29 @@ enum evm_ima_xattr_type { struct evm_ima_xattr_data { u8 type; u8 digest[SHA1_DIGEST_SIZE]; -} __attribute__((packed)); +} __packed; + +#define IMA_MAX_DIGEST_SIZE 64 + +struct ima_digest_data { + u8 algo; + u8 length; + u8 type; + u8 digest[IMA_MAX_DIGEST_SIZE]; +} __packed; /* integrity data associated with an inode */ struct integrity_iint_cache { - struct rb_node rb_node; /* rooted in integrity_iint_tree */ + struct rb_node rb_node; /* rooted in integrity_iint_tree */ struct inode *inode; /* back pointer to inode in question */ u64 version; /* track inode changes */ unsigned long flags; - struct evm_ima_xattr_data ima_xattr; enum integrity_status ima_file_status:4; enum integrity_status ima_mmap_status:4; enum integrity_status ima_bprm_status:4; enum integrity_status ima_module_status:4; enum integrity_status evm_status:4; + struct ima_digest_data ima_hash; }; /* rbtree tree calls to lookup, insert, delete |