Re: [PATCH 2/2] ima-evm-utils: try to load digest by its alias

From: Vitaly Chikunov <vt@altlinux.org>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
	linux-integrity@vger.kernel.org
Subject: Re: [PATCH 2/2] ima-evm-utils: try to load digest by its alias
Date: Thu, 4 Apr 2019 00:04:35 +0300	[thread overview]
Message-ID: <20190403210435.duptffqlwp6vo66m@altlinux.org> (raw)
In-Reply-To: <1554324064.3839.20.camel@linux.ibm.com>

Mimi,

On Wed, Apr 03, 2019 at 04:41:04PM -0400, Mimi Zohar wrote:
> On Sat, 2019-03-23 at 04:41 +0300, Vitaly Chikunov wrote:
> > Primary names of the algorithms are different for OpenSSL and Kernel.
> > Allow to use both of them.
> 
> Can we add a line here explaining the two names?  Perhaps something
> like, "GOST R 34.11-2012 is the Russian national standard based on the
> Streebog set of hash functions." 

Ok. But, "GOST R 34.11-2012" is not mentioned, and there is other
standards with Streebog, such as RFC 6986, ISO/IEC 10118-3:2018, GOST
34.11-2018.

Point of this patch is that Kernel calls this hash function by it's
proper name "StreebogX", but older version of OpenSSL reference it by
acronym "md_gost12_X". (While newer should support Streebog name too.)
And we try to be user friendly and allow to use both names.

> 
> > 
> > Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> 
> Reviewed-by:  Mimi Zohar <zohar@linux.ibm.com>
> 
> > ---
> >  src/libimaevm.c | 12 ++++++++++++
> >  1 file changed, 12 insertions(+)
> > 
> > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > index bc7be1e..6783110 100644
> > --- a/src/libimaevm.c
> > +++ b/src/libimaevm.c
> > @@ -61,6 +61,7 @@
> >  #include "imaevm.h"
> >  #include "hash_info.h"
> > 
> > +/* Names that are primary for OpenSSL. */
> >  const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
> >  	[PKEY_HASH_MD4]		= "md4",
> >  	[PKEY_HASH_MD5]		= "md5",
> > @@ -70,6 +71,12 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
> >  	[PKEY_HASH_SHA384]	= "sha384",
> >  	[PKEY_HASH_SHA512]	= "sha512",
> >  	[PKEY_HASH_SHA224]	= "sha224",
> > +	[PKEY_HASH_STREEBOG_256] = "md_gost12_256",
> > +	[PKEY_HASH_STREEBOG_512] = "md_gost12_512",
> > +};
> > +
> > +/* Names that are primary for the kernel. */
> > +const char *const pkey_hash_algo_kern[PKEY_HASH__LAST] = {
> >  	[PKEY_HASH_STREEBOG_256] = "streebog256",
> >  	[PKEY_HASH_STREEBOG_512] = "streebog512",
> >  };
> > @@ -551,6 +558,11 @@ int get_hash_algo(const char *algo)
> >  		    !strcmp(algo, pkey_hash_algo[i]))
> >  			return i;
> > 
> > +	for (i = 0; i < PKEY_HASH__LAST; i++)
> > +		if (pkey_hash_algo_kern[i] &&
> > +		    !strcmp(algo, pkey_hash_algo_kern[i]))
> > +			return i;
> > +
> >  	/* iterate over algorithms provided by kernel-headers */
> >  	for (i = 0; i < HASH_ALGO__LAST; i++)
> >  		if (hash_algo_name[i] &&