diff options
| author | Dmitry Kasatkin <d.kasatkin@samsung.com> | 2013-04-25 03:43:56 -0400 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2013-10-25 17:16:58 -0400 |
| commit | c7c8bb237fdbff932b5e431aebee5ce862ea07d1 (patch) | |
| tree | 4cdbc7c250dd4418b47ab45dd1108848b50f8cff /crypto | |
| parent | 3fe78ca2fb1d61ea598e63fcbf38aec76b36b3a8 (diff) | |
ima: provide support for arbitrary hash algorithms
In preparation of supporting more hash algorithms with larger hash sizes
needed for signature verification, this patch replaces the 20 byte sized
digest, with a more flexible structure. The new structure includes the
hash algorithm, digest size, and digest.
Changelog:
- recalculate filedata hash for the measurement list, if the signature
hash digest size is greater than 20 bytes.
- use generic HASH_ALGO_
- make ima_calc_file_hash static
- scripts lindent and checkpatch fixes
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/asymmetric_keys/x509_parser.h | 2 | ||||
| -rw-r--r-- | crypto/asymmetric_keys/x509_public_key.c | 3 |
2 files changed, 2 insertions, 3 deletions
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h index 04c81bd0f3f2..87d9cc26f630 100644 --- a/crypto/asymmetric_keys/x509_parser.h +++ b/crypto/asymmetric_keys/x509_parser.h | |||
| @@ -21,8 +21,6 @@ struct x509_certificate { | |||
| 21 | char *authority; /* Authority key fingerprint as hex */ | 21 | char *authority; /* Authority key fingerprint as hex */ |
| 22 | struct tm valid_from; | 22 | struct tm valid_from; |
| 23 | struct tm valid_to; | 23 | struct tm valid_to; |
| 24 | enum pkey_algo pkey_algo : 8; /* Public key algorithm */ | ||
| 25 | enum hash_algo sig_hash_algo : 8; /* Signature hash algorithm */ | ||
| 26 | const void *tbs; /* Signed data */ | 24 | const void *tbs; /* Signed data */ |
| 27 | unsigned tbs_size; /* Size of signed data */ | 25 | unsigned tbs_size; /* Size of signed data */ |
| 28 | unsigned raw_sig_size; /* Size of sigature */ | 26 | unsigned raw_sig_size; /* Size of sigature */ |
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index 0a6bfad54916..f83300b6e8c1 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c | |||
| @@ -213,7 +213,8 @@ static int x509_key_preparse(struct key_preparsed_payload *prep) | |||
| 213 | cert->valid_to.tm_year + 1900, cert->valid_to.tm_mon + 1, | 213 | cert->valid_to.tm_year + 1900, cert->valid_to.tm_mon + 1, |
| 214 | cert->valid_to.tm_mday, cert->valid_to.tm_hour, | 214 | cert->valid_to.tm_mday, cert->valid_to.tm_hour, |
| 215 | cert->valid_to.tm_min, cert->valid_to.tm_sec); | 215 | cert->valid_to.tm_min, cert->valid_to.tm_sec); |
| 216 | pr_devel("Cert Signature: %s\n", | 216 | pr_devel("Cert Signature: %s + %s\n", |
| 217 | pkey_algo_name[cert->sig.pkey_algo], | ||
| 217 | hash_algo_name[cert->sig.pkey_hash_algo]); | 218 | hash_algo_name[cert->sig.pkey_hash_algo]); |
| 218 | 219 | ||
| 219 | if (!cert->fingerprint) { | 220 | if (!cert->fingerprint) { |