ima: differentiate between template hash and file data hash sizes

The TPM v1.2 limits the template hash size to 20 bytes. This patch differentiates between the template hash size, as defined in the ima_template_entry, and the file data hash size, as defined in the ima_template_data. Subsequent patches add support for different file data hash algorithms. Change log: - hash digest definition in ima_store_template() should be TPM_DIGEST_SIZE Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
author: Mimi Zohar <zohar@linux.vnet.ibm.com> 2013-03-11 20:29:47 -0400
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2013-10-25 17:17:00 -0400
commit: 140d802240a4ba3351494b4ab199964b96f87493 (patch)
tree: 0fa711063f82e868ef589165e89e7b2298b60025 /security/integrity/ima/ima_crypto.c
parent: a35c3fb6490cc1d3446e4781693408100113c4fb (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index 2fd178651467..872c6698067c 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -155,7 +155,7 @@ static void __init ima_pcrread(int idx, u8 *pcr)
 */
 int __init ima_calc_boot_aggregate(char *digest)
 {
-        u8 pcr_i[IMA_DIGEST_SIZE];
+        u8 pcr_i[TPM_DIGEST_SIZE];
        int rc, i;
        struct {
                struct shash_desc shash;
@@ -173,7 +173,7 @@ int __init ima_calc_boot_aggregate(char *digest)
        for (i = TPM_PCR0; i < TPM_PCR8; i++) {
                ima_pcrread(i, pcr_i);
                /* now accumulate with current aggregate */
-                rc = crypto_shash_update(&desc.shash, pcr_i, IMA_DIGEST_SIZE);
+                rc = crypto_shash_update(&desc.shash, pcr_i, TPM_DIGEST_SIZE);
        }
        if (!rc)
                crypto_shash_final(&desc.shash, digest);
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2013-03-11 20:29:47 -0400
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2013-10-25 17:17:00 -0400
commit	140d802240a4ba3351494b4ab199964b96f87493 (patch)
tree	0fa711063f82e868ef589165e89e7b2298b60025 /security/integrity/ima/ima_crypto.c
parent	a35c3fb6490cc1d3446e4781693408100113c4fb (diff)

diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 2fd178651467..872c6698067c 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c
@@ -155,7 +155,7 @@ static void __init ima_pcrread(int idx, u8 *pcr)
155	*/	155	*/
156	int __init ima_calc_boot_aggregate(char *digest)	156	int __init ima_calc_boot_aggregate(char *digest)
157	{	157	{
158	u8 pcr_i[IMA_DIGEST_SIZE];	158	u8 pcr_i[TPM_DIGEST_SIZE];
159	int rc, i;	159	int rc, i;
160	struct {	160	struct {
161	struct shash_desc shash;	161	struct shash_desc shash;
@@ -173,7 +173,7 @@ int __init ima_calc_boot_aggregate(char *digest)
173	for (i = TPM_PCR0; i < TPM_PCR8; i++) {	173	for (i = TPM_PCR0; i < TPM_PCR8; i++) {
174	ima_pcrread(i, pcr_i);	174	ima_pcrread(i, pcr_i);
175	/* now accumulate with current aggregate */	175	/* now accumulate with current aggregate */
176	rc = crypto_shash_update(&desc.shash, pcr_i, IMA_DIGEST_SIZE);	176	rc = crypto_shash_update(&desc.shash, pcr_i, TPM_DIGEST_SIZE);
177	}	177	}
178	if (!rc)	178	if (!rc)
179	crypto_shash_final(&desc.shash, digest);	179	crypto_shash_final(&desc.shash, digest);