ima: provide support for arbitrary hash algorithms

In preparation of supporting more hash algorithms with larger hash sizes
needed for signature verification, this patch replaces the 20 byte sized
digest, with a more flexible structure.  The new structure includes the
hash algorithm, digest size, and digest.

Changelog:
- recalculate filedata hash for the measurement list, if the signature
  hash digest size is greater than 20 bytes.
- use generic HASH_ALGO_
- make ima_calc_file_hash static
- scripts lindent and checkpatch fixes

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

1 files changed, 12 insertions, 3 deletions

diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index f86731649f54..0b02ea868e30 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -59,20 +59,29 @@ enum evm_ima_xattr_type {
 struct evm_ima_xattr_data {
         u8 type;
         u8 digest[SHA1_DIGEST_SIZE];
-}  __attribute__((packed));
+} __packed;
+
+#define IMA_MAX_DIGEST_SIZE     64
+
+struct ima_digest_data {
+        u8 algo;
+        u8 length;
+        u8 type;
+        u8 digest[IMA_MAX_DIGEST_SIZE];
+} __packed;
 
 /* integrity data associated with an inode */
 struct integrity_iint_cache {
-        struct rb_node rb_node; /* rooted in integrity_iint_tree */
+        struct rb_node rb_node; /* rooted in integrity_iint_tree */
         struct inode *inode;    /* back pointer to inode in question */
         u64 version;            /* track inode changes */
         unsigned long flags;
-        struct evm_ima_xattr_data ima_xattr;
         enum integrity_status ima_file_status:4;
         enum integrity_status ima_mmap_status:4;
         enum integrity_status ima_bprm_status:4;
         enum integrity_status ima_module_status:4;
         enum integrity_status evm_status:4;
+        struct ima_digest_data ima_hash;
 };
 
 /* rbtree tree calls to lookup, insert, delete