From: Mimi Zohar <zohar@kernel.org>
To: Vitaly Chikunov <vt@altlinux.org>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org
Subject: Re: [PATCH] ima-evm-utils: Allow EVM verify to determine hash algo
Date: Tue, 30 Jul 2019 10:20:16 -0400 [thread overview]
Message-ID: <1564496416.4189.79.camel@kernel.org> (raw)
In-Reply-To: <20190729061807.3278-1-vt@altlinux.org>
On Mon, 2019-07-29 at 09:18 +0300, Vitaly Chikunov wrote:
> Previously for EVM verify you should specify `--hashalgo' option while
> for IMA ima_verify you didn't.
>
> Allow EVM verify to determine hash algo from signature.
Vitaly, EVM signatures were originally included with an image, but on
first use were replaced with an EVM hmac. Only once the EVM portable
and immutable signature support was upstreamed, which is relatively
recently, there was a need to support other hash algorithms.
Thank you for taking the time to really clean up ima-evm-utils. It's
needed some attention for a while now.
> Also, this makes two previously static functions to become exportable
> and renamed:
>
> get_hash_algo_from_sig -> imaevm_hash_algo_from_sig
> get_hash_algo_by_id -> imaevm_hash_algo_by_id
>
> This is needed because EVM hash is calculated (in calc_evm_hash) outside
> of library.
>
> imaevm_hash_algo_by_id() will now return NULL if algo is not found.
>
> Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Thanks!
Mimi
prev parent reply other threads:[~2019-07-30 14:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-29 6:18 [PATCH] ima-evm-utils: Allow EVM verify to determine hash algo Vitaly Chikunov
2019-07-30 14:20 ` Mimi Zohar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1564496416.4189.79.camel@kernel.org \
--to=zohar@kernel.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=vt@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).