Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 11d7646d authored by Dmitry Kasatkin's avatar Dmitry Kasatkin Committed by Mimi Zohar
Browse files

ima: provide buffer hash calculation function 



This patch provides convenient buffer hash calculation function.

Changelog v3:
- fix while hash calculation - Dmitry
v1:
- rewrite to support loff_t sized buffers - Mimi
  (based on Fenguang Wu's testing)

Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@huawei.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent bc8ca5b9

security/integrity/ima/ima.h

+2 −0
Original line number Diff line number Diff line
@@ -107,6 +107,8 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation, 
			   const char *op, struct inode *inode,

			   const unsigned char *filename);

int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash);

int ima_calc_buffer_hash(const void *buf, loff_t len,

			 struct ima_digest_data *hash);

int ima_calc_field_array_hash(struct ima_field_data *field_data,

			      struct ima_template_desc *desc, int num_fields,

			      struct ima_digest_data *hash);

security/integrity/ima/ima_crypto.c

+47 −0
Original line number Diff line number Diff line
@@ -519,6 +519,53 @@ int ima_calc_field_array_hash(struct ima_field_data *field_data, 
	return rc;

}



static int calc_buffer_shash_tfm(const void *buf, loff_t size,

				struct ima_digest_data *hash,

				struct crypto_shash *tfm)

{

	SHASH_DESC_ON_STACK(shash, tfm);

	unsigned int len;

	int rc;



	shash->tfm = tfm;

	shash->flags = 0;



	hash->length = crypto_shash_digestsize(tfm);



	rc = crypto_shash_init(shash);

	if (rc != 0)

		return rc;



	while (size) {

		len = size < PAGE_SIZE ? size : PAGE_SIZE;

		rc = crypto_shash_update(shash, buf, len);

		if (rc)

			break;

		buf += len;

		size -= len;

	}



	if (!rc)

		rc = crypto_shash_final(shash, hash->digest);

	return rc;

}



int ima_calc_buffer_hash(const void *buf, loff_t len,

			 struct ima_digest_data *hash)

{

	struct crypto_shash *tfm;

	int rc;



	tfm = ima_alloc_tfm(hash->algo);

	if (IS_ERR(tfm))

		return PTR_ERR(tfm);



	rc = calc_buffer_shash_tfm(buf, len, hash, tfm);



	ima_free_tfm(tfm);

	return rc;

}



static void __init ima_pcrread(int idx, u8 *pcr)

{

	if (!ima_used_chip)