ima_template.c - OpenGrok cross reference for /linux/security/integrity/ima/ima

Deleted Added

sdiffudifftextold (3b5d1afd..)new (c9fecf50..)

ima_template.c (3b5d1afd1f13bcab85eaa28223ad396694f929e3)	ima_template.c (c9fecf505a3421752a598227f8ef895e97966c4b)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Copyright (C) 2013 Politecnico di Torino, Italy	1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Copyright (C) 2013 Politecnico di Torino, Italy
4 * TORSEC group -- http://security.polito.it	4 * TORSEC group -- https://security.polito.it
5 * 6 * Author: Roberto Sassu <roberto.sassu@polito.it> 7 * 8 * File: ima_template.c 9 * Helpers to manage template descriptors. 10 / 11 12#include <linux/rculist.h> --- 283 unchanged lines hidden* (view full) --- 296 return template_desc; 297} 298 299static int ima_restore_template_data(struct ima_template_desc template_desc, 300 void template_data, 301 int template_data_size, 302 struct ima_template_entry **entry) 303{	5 * 6 * Author: Roberto Sassu <roberto.sassu@polito.it> 7 * 8 * File: ima_template.c 9 * Helpers to manage template descriptors. 10 / 11 12#include <linux/rculist.h> --- 283 unchanged lines hidden* (view full) --- 296 return template_desc; 297} 298 299static int ima_restore_template_data(struct ima_template_desc template_desc, 300 void template_data, 301 int template_data_size, 302 struct ima_template_entry **entry) 303{
304 struct tpm_digest *digests;
305 int ret = 0; 306 int i; 307 308 entry = kzalloc(struct_size(entry, template_data, 309 template_desc->num_fields), GFP_NOFS); 310 if (!*entry) 311 return -ENOMEM; 312	304 int ret = 0; 305 int i; 306 307 entry = kzalloc(struct_size(entry, template_data, 308 template_desc->num_fields), GFP_NOFS); 309 if (!*entry) 310 return -ENOMEM; 311
313 digests = kcalloc(NR_BANKS(ima_tpm_chip) + ima_extra_slots, 314 sizeof(digests), GFP_NOFS); 315 if (!digests) { 316 kfree(entry); 317 return -ENOMEM; 318 } 319 320 (*entry)->digests = digests; 321
322 ret = ima_parse_buf(template_data, template_data + template_data_size, 323 NULL, template_desc->num_fields, 324 (*entry)->template_data, NULL, NULL, 325 ENFORCE_FIELDS \| ENFORCE_BUFEND, "template data"); 326 if (ret < 0) {	312 ret = ima_parse_buf(template_data, template_data + template_data_size, 313 NULL, template_desc->num_fields, 314 (*entry)->template_data, NULL, NULL, 315 ENFORCE_FIELDS \| ENFORCE_BUFEND, "template data"); 316 if (ret < 0) {
327 kfree((*entry)->digests);
328 kfree(entry); 329 return ret; 330 } 331 332 (entry)->template_desc = template_desc; 333 for (i = 0; i < template_desc->num_fields; i++) { 334 struct ima_field_data field_data = &(entry)->template_data[i]; 335 u8 data = field_data->data; --- 16 unchanged lines hidden* (view full) --- 352 353 return ret; 354} 355 356/* Restore the serialized binary measurement list without extending PCRs. / 357int ima_restore_measurement_list(loff_t size, void buf) 358{ 359 char template_name[MAX_TEMPLATE_NAME_LEN];	317 kfree(entry); 318 return ret; 319 } 320 321 (entry)->template_desc = template_desc; 322 for (i = 0; i < template_desc->num_fields; i++) { 323 struct ima_field_data field_data = &(entry)->template_data[i]; 324 u8 data = field_data->data; --- 16 unchanged lines hidden* (view full) --- 341 342 return ret; 343} 344 345/* Restore the serialized binary measurement list without extending PCRs. / 346int ima_restore_measurement_list(loff_t size, void buf) 347{ 348 char template_name[MAX_TEMPLATE_NAME_LEN];
360 unsigned char zero[TPM_DIGEST_SIZE] = { 0 };
361 362 struct ima_kexec_hdr khdr = buf; 363 struct ima_field_data hdr[HDR__LAST] = { 364 [HDR_PCR] = {.len = sizeof(u32)}, 365 [HDR_DIGEST] = {.len = TPM_DIGEST_SIZE}, 366 }; 367 368 void bufp = buf + sizeof(khdr); --- 83 unchanged lines hidden* (view full) --- 452 453 ret = ima_restore_template_data(template_desc, 454 hdr[HDR_TEMPLATE_DATA].data, 455 hdr[HDR_TEMPLATE_DATA].len, 456 &entry); 457 if (ret < 0) 458 break; 459	349 350 struct ima_kexec_hdr khdr = buf; 351 struct ima_field_data hdr[HDR__LAST] = { 352 [HDR_PCR] = {.len = sizeof(u32)}, 353 [HDR_DIGEST] = {.len = TPM_DIGEST_SIZE}, 354 }; 355 356 void bufp = buf + sizeof(khdr); --- 83 unchanged lines hidden* (view full) --- 440 441 ret = ima_restore_template_data(template_desc, 442 hdr[HDR_TEMPLATE_DATA].data, 443 hdr[HDR_TEMPLATE_DATA].len, 444 &entry); 445 if (ret < 0) 446 break; 447
460 if (memcmp(hdr[HDR_DIGEST].data, zero, sizeof(zero))) { 461 ret = ima_calc_field_array_hash( 462 &entry->template_data[0], 463 entry); 464 if (ret < 0) { 465 pr_err("cannot calculate template digest\n"); 466 ret = -EINVAL; 467 break; 468 } 469 } 470	448 memcpy(entry->digest, hdr[HDR_DIGEST].data, 449 hdr[HDR_DIGEST].len);
471 entry->pcr = !ima_canonical_fmt ? (hdr[HDR_PCR].data) : 472 le32_to_cpu((hdr[HDR_PCR].data)); 473 ret = ima_restore_measurement_entry(entry); 474 if (ret < 0) 475 break; 476 477 } 478 return ret; 479}	450 entry->pcr = !ima_canonical_fmt ? (hdr[HDR_PCR].data) : 451 le32_to_cpu((hdr[HDR_PCR].data)); 452 ret = ima_restore_measurement_entry(entry); 453 if (ret < 0) 454 break; 455 456 } 457 return ret; 458}

ima_template.c (3b5d1afd1f13bcab85eaa28223ad396694f929e3)	ima_template.c (c9fecf505a3421752a598227f8ef895e97966c4b)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Copyright (C) 2013 Politecnico di Torino, Italy	1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Copyright (C) 2013 Politecnico di Torino, Italy
4 * TORSEC group -- http://security.polito.it	4 * TORSEC group -- https://security.polito.it
5 * 6 * Author: Roberto Sassu <roberto.sassu@polito.it> 7 * 8 * File: ima_template.c 9 * Helpers to manage template descriptors. 10 / 11 12#include <linux/rculist.h> --- 283 unchanged lines hidden* (view full) --- 296 return template_desc; 297} 298 299static int ima_restore_template_data(struct ima_template_desc template_desc, 300 void template_data, 301 int template_data_size, 302 struct ima_template_entry **entry) 303{	5 * 6 * Author: Roberto Sassu <roberto.sassu@polito.it> 7 * 8 * File: ima_template.c 9 * Helpers to manage template descriptors. 10 / 11 12#include <linux/rculist.h> --- 283 unchanged lines hidden* (view full) --- 296 return template_desc; 297} 298 299static int ima_restore_template_data(struct ima_template_desc template_desc, 300 void template_data, 301 int template_data_size, 302 struct ima_template_entry **entry) 303{
304 struct tpm_digest *digests;
305 int ret = 0; 306 int i; 307 308 entry = kzalloc(struct_size(entry, template_data, 309 template_desc->num_fields), GFP_NOFS); 310 if (!*entry) 311 return -ENOMEM; 312	304 int ret = 0; 305 int i; 306 307 entry = kzalloc(struct_size(entry, template_data, 308 template_desc->num_fields), GFP_NOFS); 309 if (!*entry) 310 return -ENOMEM; 311
313 digests = kcalloc(NR_BANKS(ima_tpm_chip) + ima_extra_slots, 314 sizeof(digests), GFP_NOFS); 315 if (!digests) { 316 kfree(entry); 317 return -ENOMEM; 318 } 319 320 (*entry)->digests = digests; 321
322 ret = ima_parse_buf(template_data, template_data + template_data_size, 323 NULL, template_desc->num_fields, 324 (*entry)->template_data, NULL, NULL, 325 ENFORCE_FIELDS \| ENFORCE_BUFEND, "template data"); 326 if (ret < 0) {	312 ret = ima_parse_buf(template_data, template_data + template_data_size, 313 NULL, template_desc->num_fields, 314 (*entry)->template_data, NULL, NULL, 315 ENFORCE_FIELDS \| ENFORCE_BUFEND, "template data"); 316 if (ret < 0) {
327 kfree((*entry)->digests);
328 kfree(entry); 329 return ret; 330 } 331 332 (entry)->template_desc = template_desc; 333 for (i = 0; i < template_desc->num_fields; i++) { 334 struct ima_field_data field_data = &(entry)->template_data[i]; 335 u8 data = field_data->data; --- 16 unchanged lines hidden* (view full) --- 352 353 return ret; 354} 355 356/* Restore the serialized binary measurement list without extending PCRs. / 357int ima_restore_measurement_list(loff_t size, void buf) 358{ 359 char template_name[MAX_TEMPLATE_NAME_LEN];	317 kfree(entry); 318 return ret; 319 } 320 321 (entry)->template_desc = template_desc; 322 for (i = 0; i < template_desc->num_fields; i++) { 323 struct ima_field_data field_data = &(entry)->template_data[i]; 324 u8 data = field_data->data; --- 16 unchanged lines hidden* (view full) --- 341 342 return ret; 343} 344 345/* Restore the serialized binary measurement list without extending PCRs. / 346int ima_restore_measurement_list(loff_t size, void buf) 347{ 348 char template_name[MAX_TEMPLATE_NAME_LEN];
360 unsigned char zero[TPM_DIGEST_SIZE] = { 0 };
361 362 struct ima_kexec_hdr khdr = buf; 363 struct ima_field_data hdr[HDR__LAST] = { 364 [HDR_PCR] = {.len = sizeof(u32)}, 365 [HDR_DIGEST] = {.len = TPM_DIGEST_SIZE}, 366 }; 367 368 void bufp = buf + sizeof(khdr); --- 83 unchanged lines hidden* (view full) --- 452 453 ret = ima_restore_template_data(template_desc, 454 hdr[HDR_TEMPLATE_DATA].data, 455 hdr[HDR_TEMPLATE_DATA].len, 456 &entry); 457 if (ret < 0) 458 break; 459	349 350 struct ima_kexec_hdr khdr = buf; 351 struct ima_field_data hdr[HDR__LAST] = { 352 [HDR_PCR] = {.len = sizeof(u32)}, 353 [HDR_DIGEST] = {.len = TPM_DIGEST_SIZE}, 354 }; 355 356 void bufp = buf + sizeof(khdr); --- 83 unchanged lines hidden* (view full) --- 440 441 ret = ima_restore_template_data(template_desc, 442 hdr[HDR_TEMPLATE_DATA].data, 443 hdr[HDR_TEMPLATE_DATA].len, 444 &entry); 445 if (ret < 0) 446 break; 447
460 if (memcmp(hdr[HDR_DIGEST].data, zero, sizeof(zero))) { 461 ret = ima_calc_field_array_hash( 462 &entry->template_data[0], 463 entry); 464 if (ret < 0) { 465 pr_err("cannot calculate template digest\n"); 466 ret = -EINVAL; 467 break; 468 } 469 } 470	448 memcpy(entry->digest, hdr[HDR_DIGEST].data, 449 hdr[HDR_DIGEST].len);
471 entry->pcr = !ima_canonical_fmt ? (hdr[HDR_PCR].data) : 472 le32_to_cpu((hdr[HDR_PCR].data)); 473 ret = ima_restore_measurement_entry(entry); 474 if (ret < 0) 475 break; 476 477 } 478 return ret; 479}	450 entry->pcr = !ima_canonical_fmt ? (hdr[HDR_PCR].data) : 451 le32_to_cpu((hdr[HDR_PCR].data)); 452 ret = ima_restore_measurement_entry(entry); 453 if (ret < 0) 454 break; 455 456 } 457 return ret; 458}