Skip to content

Commit

Permalink
---
Browse files Browse the repository at this point in the history 
yaml
---
r: 264481
b: refs/heads/master
c: 6be5cc5
h: refs/heads/master
i:
  264479: db9f3de
v: v3
  • Loading branch information
Dmitry Kasatkin authored and Mimi Zohar committed Jul 18, 2011
1 parent 7192e12 commit 083f41e
Show file tree
Hide file tree
Showing 5 changed files with 25 additions and 10 deletions.
2 changes: 1 addition & 1 deletion [refs]
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
refs/heads/master: 66dbc325afcef909043c30e90930a36823fc734c
refs/heads/master: 6be5cc5246f807fd8ede9f5f1bb2826f2c598658
1 change: 1 addition & 0 deletions trunk/include/linux/integrity.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ enum integrity_status {
INTEGRITY_UNKNOWN,
};

/* List of EVM protected security xattrs */
#ifdef CONFIG_INTEGRITY
extern int integrity_inode_alloc(struct inode *inode);
extern void integrity_inode_free(struct inode *inode);
Expand Down
11 changes: 7 additions & 4 deletions trunk/security/integrity/evm/evm_crypto.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,14 +141,17 @@ int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name,
const char *xattr_value, size_t xattr_value_len)
{
struct inode *inode = dentry->d_inode;
u8 hmac[SHA1_DIGEST_SIZE];
struct evm_ima_xattr_data xattr_data;
int rc = 0;

rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
xattr_value_len, hmac);
if (rc == 0)
xattr_value_len, xattr_data.digest);
if (rc == 0) {
xattr_data.type = EVM_XATTR_HMAC;
rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_EVM,
hmac, SHA1_DIGEST_SIZE, 0);
&xattr_data,
sizeof(xattr_data), 0);
}
else if (rc == -ENODATA)
rc = inode->i_op->removexattr(dentry, XATTR_NAME_EVM);
return rc;
Expand Down
10 changes: 5 additions & 5 deletions trunk/security/integrity/evm/evm_main.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,20 +51,20 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
size_t xattr_value_len,
struct integrity_iint_cache *iint)
{
char hmac_val[SHA1_DIGEST_SIZE];
struct evm_ima_xattr_data xattr_data;
int rc;

if (iint->hmac_status != INTEGRITY_UNKNOWN)
return iint->hmac_status;

memset(hmac_val, 0, sizeof hmac_val);
rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
xattr_value_len, hmac_val);
xattr_value_len, xattr_data.digest);
if (rc < 0)
return INTEGRITY_UNKNOWN;

rc = vfs_xattr_cmp(dentry, XATTR_NAME_EVM, hmac_val, sizeof hmac_val,
GFP_NOFS);
xattr_data.type = EVM_XATTR_HMAC;
rc = vfs_xattr_cmp(dentry, XATTR_NAME_EVM, (u8 *)&xattr_data,
sizeof xattr_data, GFP_NOFS);
if (rc < 0)
goto err_out;
iint->hmac_status = INTEGRITY_PASS;
Expand Down
11 changes: 11 additions & 0 deletions trunk/security/integrity/integrity.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,17 @@
/* iint cache flags */
#define IMA_MEASURED 0x01

enum evm_ima_xattr_type {
IMA_XATTR_DIGEST = 0x01,
EVM_XATTR_HMAC,
EVM_IMA_XATTR_DIGSIG,
};

struct evm_ima_xattr_data {
u8 type;
u8 digest[SHA1_DIGEST_SIZE];
} __attribute__((packed));

/* integrity data associated with an inode */
struct integrity_iint_cache {
struct rb_node rb_node; /* rooted in integrity_iint_tree */
Expand Down

0 comments on commit 083f41e

Please sign in to comment.