evm: replace HMAC version with attribute mask
authorDmitry Kasatkin <d.kasatkin@samsung.com>
Fri, 28 Mar 2014 12:31:04 +0000 (14:31 +0200)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 12 Jun 2014 21:58:06 +0000 (17:58 -0400)
commitd3b33679481d52ef02311119d4342a9a1f3d84db
tree5e23d255b52239a4d478dc8b56e49871a4b732c4
parent060bdebfb0b82751be89c0ce4b6e2c88606a354b
evm: replace HMAC version with attribute mask

Using HMAC version limits the posibility to arbitrarily add new
attributes such as SMACK64EXEC to the hmac calculation.

This patch replaces hmac version with attribute mask.
Desired attributes can be enabled with configuration parameter.
It allows to build kernels which works with previously labeled
filesystems.

Currently supported attribute is 'fsuuid' which is equivalent of
the former version 2.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
security/integrity/evm/Kconfig
security/integrity/evm/evm.h
security/integrity/evm/evm_crypto.c
security/integrity/evm/evm_main.c