bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-18 06:44:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

ima: Define and use a digest_size field in the ima_algo_desc structure

Browse Source 
Add the digest_size field to the ima_algo_desc structure to determine the
digest size from the correct source.

If the hash algorithm is among allocated PCR banks, take the value from the
TPM bank info (equal to the value from the crypto subsystem if the TPM
algorithm is supported by it; otherwise, not exceding the size of the
digest buffer in the tpm_digest structure, used by IMA).

If the hash algorithm is SHA1, use the predefined value. Lastly, if the
hash algorithm is the default one but not among the PCR banks, take the
digest size from the crypto subsystem (the default hash algorithm is
checked when parsing the ima_hash= command line option).

Finally, use the new information to correctly show the template digest in
ima_measurements_show() and ima_ascii_measurements_show().

Link: https://github.com/linux-integrity/linux/issues/14
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Roberto Sassu
2026-02-27 13:06:45 +01:00
committed by Mimi Zohar
parent 1984dc2c2f
commit a74d7197eb
3 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
security/integrity/ima/ima_fs.c
View File

@@ -132,16 +132,12 @@ int ima_measurements_show(struct seq_file *m, void *v)
char *template_name;
u32 pcr, namelen, template_data_len; /* temporary fields */
bool is_ima_template = false;
enum hash_algo algo;
int i, algo_idx;
algo_idx = ima_sha1_idx;
algo = HASH_ALGO_SHA1;
if (m->file != NULL) {
if (m->file != NULL)
algo_idx = (unsigned long)file_inode(m->file)->i_private;
algo = ima_algo_array[algo_idx].algo;
}
/* get entry */
e = qe->entry;
@@ -160,7 +156,8 @@ int ima_measurements_show(struct seq_file *m, void *v)
ima_putc(m, &pcr, sizeof(e->pcr));
/* 2nd: template digest */
ima_putc(m, e->digests[algo_idx].digest, hash_digest_size[algo]);
ima_putc(m, e->digests[algo_idx].digest,
ima_algo_array[algo_idx].digest_size);
/* 3rd: template name size */
namelen = !ima_canonical_fmt ? strlen(template_name) :
@@ -229,16 +226,12 @@ static int ima_ascii_measurements_show(struct seq_file *m, void *v)
struct ima_queue_entry *qe = v;
struct ima_template_entry *e;
char *template_name;
enum hash_algo algo;
int i, algo_idx;
algo_idx = ima_sha1_idx;
algo = HASH_ALGO_SHA1;
if (m->file != NULL) {
if (m->file != NULL)
algo_idx = (unsigned long)file_inode(m->file)->i_private;
algo = ima_algo_array[algo_idx].algo;
}
/* get entry */
e = qe->entry;
@@ -252,7 +245,8 @@ static int ima_ascii_measurements_show(struct seq_file *m, void *v)
seq_printf(m, "%2d ", e->pcr);
/* 2nd: template hash */
ima_print_digest(m, e->digests[algo_idx].digest, hash_digest_size[algo]);
ima_print_digest(m, e->digests[algo_idx].digest,
ima_algo_array[algo_idx].digest_size);
/* 3th: template name */
seq_printf(m, " %s", template_name);