-----Original Message----- From: Guohanjun (Hanjun Guo) Sent: Tuesday, July 7, 2020 5:44 AM To: Roberto Sassu <roberto.sassu@huawei.com>; kernel@openeuler.org Cc: Silviu Vlasceanu <Silviu.Vlasceanu@huawei.com> Subject: Re: [PATCH 18/35] ima: Allow choice of file hash algorithm for measurement and audit
On 2020/7/6 23:41, Roberto Sassu wrote:
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index c08dbc55e5f9..703f65dcedde 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -120,6 +120,57 @@ static void ima_rdwr_violation_check(struct file *file, "invalid_pcr", "open_writers"); }
+static enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, + int xattr_len) +{ + struct signature_v2_hdr *sig; + enum hash_algo ret; + + if (!xattr_value || xattr_len < 2) + /* return default hash algo */ + return ima_hash_algo; + + switch (xattr_value->type) { + case EVM_IMA_XATTR_DIGSIG: + sig = (typeof(sig))xattr_value; + if (sig->version != 2 || xattr_len <= sizeof(*sig)) + return ima_hash_algo; + return sig->hash_algo; + break;
This break after return is not needed.
Correct, I just wanted to preserve the original code. Thanks Roberto HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Li Jian, Shi Yanli
+ case IMA_XATTR_DIGEST_NG: + ret = xattr_value->digest[0]; + if (ret < HASH_ALGO__LAST) + return ret; + break; + case IMA_XATTR_DIGEST: + /* this is for backward compatibility */ + if (xattr_len == 21) { + unsigned int zero = 0; + if (!memcmp(&xattr_value->digest[16], &zero, 4)) + return HASH_ALGO_MD5; + else + return HASH_ALGO_SHA1; + } else if (xattr_len == 17) + return HASH_ALGO_MD5; + break; + }