ima: Define ima-modsig template

Define new "d-modsig" template field which holds the digest that is expected to match the one contained in the modsig, and also new "modsig" template field which holds the appended file signature. Add a new "ima-modsig" defined template descriptor with the new fields as well as the ones from the "ima-sig" descriptor. Change ima_store_measurement() to accept a struct modsig * argument so that it can be passed along to the templates via struct ima_event_data. Suggested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
author: Thiago Jung Bauermann <bauerman@linux.ibm.com> 2019-06-28 05:19:32 +0300
committer: Mimi Zohar <zohar@linux.ibm.com> 2019-08-06 01:40:25 +0300
commit: 3878d505aa718bcc7b1eb4089ab9b9fb27dee957 (patch)
tree: 94bf31dc35114d22a2c87906106074cdcb4bd021 /security/integrity/ima/ima_modsig.c
parent: 15588227e086ec662d59df144e48af82e3e592f1 (diff)
download: linux-3878d505aa718bcc7b1eb4089ab9b9fb27dee957.tar.xz
1 files changed, 19 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/ima_modsig.c
index 257387ce3b70..c412e31d1714 100644
--- a/security/integrity/ima/ima_modsig.c
+++ b/security/integrity/ima/ima_modsig.c
@@ -138,6 +138,25 @@ int ima_modsig_verify(struct key *keyring, const struct modsig *modsig)
 					VERIFYING_MODULE_SIGNATURE, NULL, NULL);
 }
 
+int ima_get_modsig_digest(const struct modsig *modsig, enum hash_algo *algo,
+			  const u8 **digest, u32 *digest_size)
+{
+	*algo = modsig->hash_algo;
+	*digest = modsig->digest;
+	*digest_size = modsig->digest_size;
+
+	return 0;
+}
+
+int ima_get_raw_modsig(const struct modsig *modsig, const void **data,
+		       u32 *data_len)
+{
+	*data = &modsig->raw_pkcs7;
+	*data_len = modsig->raw_pkcs7_len;
+
+	return 0;
+}
+
 void ima_free_modsig(struct modsig *modsig)
 {
 	if (!modsig)
author	Thiago Jung Bauermann <bauerman@linux.ibm.com>	2019-06-28 05:19:32 +0300
committer	Mimi Zohar <zohar@linux.ibm.com>	2019-08-06 01:40:25 +0300
commit	3878d505aa718bcc7b1eb4089ab9b9fb27dee957 (patch)
tree	94bf31dc35114d22a2c87906106074cdcb4bd021 /security/integrity/ima/ima_modsig.c
parent	15588227e086ec662d59df144e48af82e3e592f1 (diff)
download	linux-3878d505aa718bcc7b1eb4089ab9b9fb27dee957.tar.xz