RE: [PATCH 18/35] ima: Allow choice of file hash algorithm for measurement and audit

-----Original Message----- From: Guohanjun (Hanjun Guo) Sent: Tuesday, July 7, 2020 5:44 AM To: Roberto Sassu roberto.sassu@huawei.com; kernel@openeuler.org Cc: Silviu Vlasceanu Silviu.Vlasceanu@huawei.com Subject: Re: [PATCH 18/35] ima: Allow choice of file hash algorithm for measurement and audit

On 2020/7/6 23:41, Roberto Sassu wrote:

...

diff --git a/security/integrity/ima/ima_main.c

b/security/integrity/ima/ima_main.c

...

index c08dbc55e5f9..703f65dcedde 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -120,6 +120,57 @@ static void ima_rdwr_violation_check(struct file

*file,

...

		  "invalid_pcr", "open_writers");

}

+static enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data

*xattr_value,

...

• 			int xattr_len)
  

+{

• struct signature_v2_hdr *sig;
• enum hash_algo ret;
• if (!xattr_value || xattr_len < 2)

• /* return default hash algo */
  

• return ima_hash_algo;
  

• switch (xattr_value->type) {
• case EVM_IMA_XATTR_DIGSIG:

• sig = (typeof(sig))xattr_value;
  

• if (sig->version != 2 || xattr_len <= sizeof(*sig))
  

• 	return ima_hash_algo;
  

• return sig->hash_algo;
  

• break;
  

This break after return is not needed.

Correct, I just wanted to preserve the original code.

Thanks

Roberto

HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Li Jian, Shi Yanli

...

• case IMA_XATTR_DIGEST_NG:

• ret = xattr_value->digest[0];
  

• if (ret < HASH_ALGO__LAST)
  

• 	return ret;
  

• break;
  

• case IMA_XATTR_DIGEST:

• /* this is for backward compatibility */
  

• if (xattr_len == 21) {
  

• 	unsigned int zero = 0;
  

• 	if (!memcmp(&xattr_value->digest[16], &zero, 4))
  

• 		return HASH_ALGO_MD5;
  

• 	else
  

• 		return HASH_ALGO_SHA1;
  

• } else if (xattr_len == 17)
  

• 	return HASH_ALGO_MD5;
  

• break;
  

• }