summaryrefslogtreecommitdiffstats
path: root/security/integrity/integrity.h
diff options
context:
space:
mode:
authorDmitry Kasatkin <d.kasatkin@samsung.com>2013-04-25 10:44:04 +0300
committerMimi Zohar <zohar@linux.vnet.ibm.com>2013-10-25 17:16:59 -0400
commitd3634d0f426bdeb433cb288bdbb0a5e16cf3dbbf (patch)
tree2197b45ddbdfcc81ecdc6b5acaa9292eead795b7 /security/integrity/integrity.h
parentc7c8bb237fdbff932b5e431aebee5ce862ea07d1 (diff)
downloadlinux-d3634d0f426bdeb433cb288bdbb0a5e16cf3dbbf.tar.gz
linux-d3634d0f426bdeb433cb288bdbb0a5e16cf3dbbf.tar.bz2
linux-d3634d0f426bdeb433cb288bdbb0a5e16cf3dbbf.zip
ima: read and use signature hash algorithm
All files on the filesystem, currently, are hashed using the same hash algorithm. In preparation for files from different packages being signed using different hash algorithms, this patch adds support for reading the signature hash algorithm from the 'security.ima' extended attribute and calculates the appropriate file data hash based on it. Changelog: - fix scripts Lindent and checkpatch msgs - Mimi - fix md5 support for older version, which occupied 20 bytes in the xattr, not the expected 16 bytes. Fix the comparison to compare only the first 16 bytes. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/integrity.h')
-rw-r--r--security/integrity/integrity.h11
1 files changed, 11 insertions, 0 deletions
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 0b02ea868e30..ea2318983d97 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -70,6 +70,17 @@ struct ima_digest_data {
u8 digest[IMA_MAX_DIGEST_SIZE];
} __packed;
+/*
+ * signature format v2 - for using with asymmetric keys
+ */
+struct signature_v2_hdr {
+ uint8_t version; /* signature format version */
+ uint8_t hash_algo; /* Digest algorithm [enum pkey_hash_algo] */
+ uint32_t keyid; /* IMA key identifier - not X509/PGP specific */
+ uint16_t sig_size; /* signature size */
+ uint8_t sig[0]; /* signature payload */
+} __packed;
+
/* integrity data associated with an inode */
struct integrity_iint_cache {
struct rb_node rb_node; /* rooted in integrity_iint_tree */