Menu
▾
▴
[Linux-ima-user] Endianness-dependent IMA field array hash
|
From: Andreas S. <and...@st...> - 2014-04-30 07:01:34
|
Hi Mimi,
I'm currently updating strongSwan's remote attestation capability
to include the new IMA-NG hash formats. While inspecting the IMA
source code I noticed that the hash of the template data computed
by im_calc_field_array_hash_tfm() in ima_crypto.c depends on the
endianness of the host platform:
rc = crypto_shash_update(&desc.shash,
(const u8 *) &field_data[i].len,
sizeof(field_data[i].len));
Since the attestation server reconstructs the template data hash
from the SHA-1/SHA-256 file hash and absolute file name stored in
the reference database I would be much happier if the 32 bit
unsigned integer stored in field_data[i].len would be converted into
platform-independent network order before these four bytes are
included in the template hash. With the current code the attestation
server must know the endianness of each of its clients in order to
generate the correct hash value.
Since the IMA-NG code has already been released with the 3.13 kernel
I don't know if it is possible to include my proposed change.
It would make life really much easier!
Best regards
Andreas
======================================================================
Andreas Steffen and...@st...
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
|
