ima: support arbitrary hash algorithms in ima_calc_buffer_hash

ima_calc_buffer_hash will be used with different hash algorithms. This patch provides support for arbitrary hash algorithms in ima_calc_buffer_hash. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
author: Dmitry Kasatkin <d.kasatkin@samsung.com> 2013-06-07 06:16:24 -0400
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2013-10-25 17:17:01 -0400
commit: ea593993d361748e795f5eb783a5fb5144fb2df9 (patch)
tree: 387915941a654ae6b23199d372c73afede8d19e1 /security/integrity/ima
parent: 723326b927b675daf4223fe31d7428eca68f194b (diff)
2 files changed, 25 insertions, 6 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 2cc5dcc6bdeb..bc1d1282a06f 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -18,6 +18,7 @@
 #include <linux/fs.h>
 #include <linux/xattr.h>
 #include <linux/evm.h>
+#include <crypto/hash_info.h>
 #include "ima.h"
 static const char *IMA_TEMPLATE_NAME = "ima";
@@ -54,6 +55,8 @@ int ima_store_template(struct ima_template_entry *entry,
        entry->template_len = sizeof(entry->template);
        if (!violation) {
+                /* this function uses default algo */
+                hash.hdr.algo = HASH_ALGO_SHA1;
                result = ima_calc_buffer_hash(&entry->template,
                                              entry->template_len, &hash.hdr);
                if (result < 0) {
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index e5d3ebf18436..e2be2524a372 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -139,23 +139,39 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
 /*
 * Calculate the hash of a given buffer
 */
-int ima_calc_buffer_hash(const void *buf, int len, struct ima_digest_data *hash)
+static int ima_calc_buffer_hash_tfm(const void *buf, int len,
+                                    struct ima_digest_data *hash,
+                                    struct crypto_shash *tfm)
 {
        struct {
                struct shash_desc shash;
-                char ctx[crypto_shash_descsize(ima_shash_tfm)];
+                char ctx[crypto_shash_descsize(tfm)];
        } desc;
-        desc.shash.tfm = ima_shash_tfm;
+        desc.shash.tfm = tfm;
        desc.shash.flags = 0;
-        /* this function uses default algo */
+        hash->length = crypto_shash_digestsize(tfm);
-        hash->algo = ima_hash_algo;
-        hash->length = crypto_shash_digestsize(ima_shash_tfm);
        return crypto_shash_digest(&desc.shash, buf, len, hash->digest);
 }
+int ima_calc_buffer_hash(const void *buf, int len, struct ima_digest_data *hash)
+{
+        struct crypto_shash *tfm;
+        int rc;
+        tfm = ima_alloc_tfm(hash->algo);
+        if (IS_ERR(tfm))
+                return PTR_ERR(tfm);
+        rc = ima_calc_buffer_hash_tfm(buf, len, hash, tfm);
+        ima_free_tfm(tfm);
+        return rc;
+}
 static void __init ima_pcrread(int idx, u8 *pcr)
 {
        if (!ima_used_chip)
author	Dmitry Kasatkin <d.kasatkin@samsung.com>	2013-06-07 06:16:24 -0400
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2013-10-25 17:17:01 -0400
commit	ea593993d361748e795f5eb783a5fb5144fb2df9 (patch)
tree	387915941a654ae6b23199d372c73afede8d19e1 /security/integrity/ima
parent	723326b927b675daf4223fe31d7428eca68f194b (diff)