Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp128325ybv; Wed, 5 Feb 2020 02:36:46 -0800 (PST) X-Google-Smtp-Source: APXvYqxbNvLG4G8w420IoT+pqk6P8eUVZjkqX7mPqn05mXVbGctsLNIt5gMiQRg2O7aV0TtuJ36G X-Received: by 2002:a05:6808:487:: with SMTP id z7mr2440686oid.59.1580899006052; Wed, 05 Feb 2020 02:36:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580899006; cv=none; d=google.com; s=arc-20160816; b=eyPxEkf2wn/Pfan8DWcxJ4152TAgPQaZC5qndYT13Tn4sA4MzcW99GqT2iLDM8QXkH 7jt5pCasjRciOJAYjvOPfn0Fi2xcBwB9wY7DqtpumlxCucrqBEG/cOYIVIbe57mVxW// iL3G1DZtUt6hhu3QtheQG+Tefw0+E7lOAQhyZo6Xztuw7a0J/eV/nAwrPW88AZaBBz5S oSfNsPHRzoC2SSXgFHKN/PxcQjcqEzCDzson6zRRQ4T5rwDNQqpy+7oVgjD/Cft3NSfQ 6MRopEwKAObACWtgZypSXGcusfgMSUqdtRzDsAg7PzNR1j2wqQEvEhboD8Y2RBfQ1p7m GYOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=r6/rUCC3mS63Pd/IJKKDpyq4CKi6Qqq2yMsY/PR98SQ=; b=p/mgFYK2NtmWVqOjDb8ZoJdXyfUYwWzl3QY9yLmuYp81kiQy4doDfMmuhV4UMYbBpv Nh+oMIEufvv2uSTxtVArnnyjxReUAALomfMTfUKM4lTdpoVPRHlW3CwLh4CM50sKvVDX dA2fY1VzNB/R36e0lbG+EiN99dTBB4YozM6REjNfVLLAl3ICjszgGHpX+hZxsFSTbYWn TkFSb55Q/ZHTLEcc9fjxA3+uvjoflD6V8e1ge/sgmGhuIs8z/rGjM/NQ/MBx1u9Z1+Xb Q1Mdv61089P7qbMMlg6gw7lkcFax4BkeQHNrH6INeBmDPAjzb9cDSuc5oAAaj9UA61u5 rhMg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q26si12131552oij.38.2020.02.05.02.36.34; Wed, 05 Feb 2020 02:36:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728332AbgBEKfY (ORCPT + 99 others); Wed, 5 Feb 2020 05:35:24 -0500 Received: from lhrrgout.huawei.com ([185.176.76.210]:2369 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728034AbgBEKfY (ORCPT ); Wed, 5 Feb 2020 05:35:24 -0500 Received: from lhreml702-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 59F0B3955AFFD81C74E8; Wed, 5 Feb 2020 10:35:22 +0000 (GMT) Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.65.160) by smtpsuk.huawei.com (10.201.108.43) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 5 Feb 2020 10:35:15 +0000 From: Roberto Sassu To: , , CC: , , , , Roberto Sassu Subject: [PATCH v2 4/8] ima: Store template digest directly in ima_template_entry Date: Wed, 5 Feb 2020 11:33:13 +0100 Message-ID: <20200205103317.29356-5-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200205103317.29356-1-roberto.sassu@huawei.com> References: <20200205103317.29356-1-roberto.sassu@huawei.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.204.65.160] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In preparation for the patch that calculates a digest for each allocated PCR bank, this patch passes to ima_calc_field_array_hash() the ima_template_entry structure, so that digests can be directly stored in that structure instead of ima_digest_data. Signed-off-by: Roberto Sassu --- security/integrity/ima/ima.h | 3 +-- security/integrity/ima/ima_api.c | 12 +----------- security/integrity/ima/ima_crypto.c | 18 +++++++----------- 3 files changed, 9 insertions(+), 24 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index df4ca482fb53..2f380fb92a7a 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -138,8 +138,7 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash); int ima_calc_buffer_hash(const void *buf, loff_t len, struct ima_digest_data *hash); int ima_calc_field_array_hash(struct ima_field_data *field_data, - struct ima_template_desc *desc, int num_fields, - struct ima_digest_data *hash); + struct ima_template_entry *entry); int __init ima_calc_boot_aggregate(struct ima_digest_data *hash); void ima_add_violation(struct file *file, const unsigned char *filename, struct integrity_iint_cache *iint, diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 610759fe63b8..51f562111864 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -96,26 +96,16 @@ int ima_store_template(struct ima_template_entry *entry, static const char audit_cause[] = "hashing_error"; char *template_name = entry->template_desc->name; int result; - struct { - struct ima_digest_data hdr; - char digest[TPM_DIGEST_SIZE]; - } hash; if (!violation) { - int num_fields = entry->template_desc->num_fields; - - /* this function uses default algo */ - hash.hdr.algo = HASH_ALGO_SHA1; result = ima_calc_field_array_hash(&entry->template_data[0], - entry->template_desc, - num_fields, &hash.hdr); + entry); if (result < 0) { integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, template_name, op, audit_cause, result, 0); return result; } - memcpy(entry->digest, hash.hdr.digest, hash.hdr.length); } entry->pcr = pcr; result = ima_add_template_entry(entry, violation, op, inode, filename); diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index f2f41a2bc3d4..2d356ae8e823 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -464,18 +464,16 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash) * Calculate the hash of template data */ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data, - struct ima_template_desc *td, - int num_fields, - struct ima_digest_data *hash, + struct ima_template_entry *entry, struct crypto_shash *tfm) { SHASH_DESC_ON_STACK(shash, tfm); + struct ima_template_desc *td = entry->template_desc; + int num_fields = entry->template_desc->num_fields; int rc, i; shash->tfm = tfm; - hash->length = crypto_shash_digestsize(tfm); - rc = crypto_shash_init(shash); if (rc != 0) return rc; @@ -504,24 +502,22 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data, } if (!rc) - rc = crypto_shash_final(shash, hash->digest); + rc = crypto_shash_final(shash, entry->digest); return rc; } int ima_calc_field_array_hash(struct ima_field_data *field_data, - struct ima_template_desc *desc, int num_fields, - struct ima_digest_data *hash) + struct ima_template_entry *entry) { struct crypto_shash *tfm; int rc; - tfm = ima_alloc_tfm(hash->algo); + tfm = ima_alloc_tfm(HASH_ALGO_SHA1); if (IS_ERR(tfm)) return PTR_ERR(tfm); - rc = ima_calc_field_array_hash_tfm(field_data, desc, num_fields, - hash, tfm); + rc = ima_calc_field_array_hash_tfm(field_data, entry, tfm); ima_free_tfm(tfm); -- 2.17.1