ima: platform-independent hash value

For remote attestion it is important for the ima measurement values to be platform-independent. Therefore integer fields to be hashed must be converted to canonical format. Link: http://lkml.kernel.org/r/1480554346-29071-11-git-send-email-zohar@linux.vnet.ibm.com Signed-off-by: Andreas Steffen <andreas.steffen@strongswan.org> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> Cc: Josh Sklar <sklar@linux.vnet.ibm.com> Cc: Dave Young <dyoung@redhat.com> Cc: Vivek Goyal <vgoyal@redhat.com> Cc: Baoquan He <bhe@redhat.com> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Stewart Smith <stewart@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Andreas Steffen <andreas.steffen@strongswan.org> 2016-12-19 19:23:00 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2016-12-20 12:48:46 -0500
commit: 98e1d55d033eed2a474924c94fc2051ab20de402 (patch)
tree: 64b94932516d90ef67653c8dc5a1dbebd9a679bb
parent: d68a6fe9fccfd00589c61df672b449d66ba3183f (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index 38f2ed830dd6..802d5d20f36f 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -477,11 +477,13 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
                u8 buffer[IMA_EVENT_NAME_LEN_MAX + 1] = { 0 };
                u8 *data_to_hash = field_data[i].data;
                u32 datalen = field_data[i].len;
+                u32 datalen_to_hash =
+                    !ima_canonical_fmt ? datalen : cpu_to_le32(datalen);
                if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {
                        rc = crypto_shash_update(shash,
-                                                (const u8 *) &field_data[i].len,
+                                                (const u8 *) &datalen_to_hash,
-                                                sizeof(field_data[i].len));
+                                                sizeof(datalen_to_hash));
                        if (rc)
                                break;
                } else if (strcmp(td->fields[i]->field_id, "n") == 0) {
author	Andreas Steffen <andreas.steffen@strongswan.org>	2016-12-19 19:23:00 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2016-12-20 12:48:46 -0500
commit	98e1d55d033eed2a474924c94fc2051ab20de402 (patch)
tree	64b94932516d90ef67653c8dc5a1dbebd9a679bb
parent	d68a6fe9fccfd00589c61df672b449d66ba3183f (diff)