xref: /kernel/linux/linux-6.6/security/integrity/ima/ima_appraise.c

71  * Return 1 to appraise or hash
187 		/* return default hash algo */
222 	/* return default hash algo */
239  * calc_file_id_hash - calculate the hash of the ima_file_id struct data
241  * @algo: hash algorithm [enum hash_algo]
243  * @hash: (out) pointer to the hash
246  * indirectly signing the hash of the ima_file_id structure data.
255 			     struct ima_digest_data *hash)
264 	memcpy(file_id.hash, digest, hash_digest_size[algo]);
266 	hash->algo = algo;
267 	hash->length = hash_digest_size[algo];
269 	return ima_calc_buffer_hash(&file_id, sizeof(file_id) - unused, hash);
275  * Verify whether the hash or signature matches the file contents.
283 	struct ima_max_digest_data hash;
310 			 * xattr length may be longer. md5 hash in previous
319 			*cause = "invalid-hash";
383 				       iint->ima_hash->digest, &hash.hdr);
392 					     xattr_len, hash.digest,
393 					     hash.hdr.length);
441  * Add the hash of the blacklisted binary to the measurement list, based
444  * Returns -EPERM if the hash is blacklisted.
466 					   "blacklisted-hash", NONE,
476  * Assuming success, compare the xattr hash with the collected measurement.
509 			cause = "missing-hash";
604  * ima_update_xattr - update 'security.ima' hash value
611 	/* do not collect and update hash for digital signatures */
693  * validate_hash_algo() - Block setxattr with unsupported hash algorithms
698  * The xattr value is mapped to its hash algorithm, and this algorithm
711 	const char *errmsg = "unavailable-hash-algorithm";
724 		 * We use a different audit message when the hash algorithm
728 		errmsg = "denied-hash-algorithm";

Indexes created Thu Nov 07 10:32:03 CST 2024