Commit 6214e186 authored by Roberto Sassu's avatar Roberto Sassu Committed by Zheng Zengkai
Browse files

ima: Allow choice of file hash algorithm for measurement and audit 



hulk inclusion
category: feature
feature: IMA Digest Lists extension
bugzilla: 46797

-------------------------------------------------

IMA reads the hash algorithm from security.ima, if exists, so that a
signature can be verified with the correct file digest.

This patch moves ima_read_xattr() and ima_get_hash_algo() to ima_main.c, so
that the file digest in the measurement list or in the audit logs can be
compared with a reference value calculated with a specific hash algorithm.

In addition, this patch also allows the usage of security.ima with type
EVM_IMA_XATTR_DIGSIG and signature length zero, so that the xattr can be
used just to specify the hash algorithm.

Signed-off-by: default avatarRoberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: default avatarTianxing Zhang <zhangtianxing3@huawei.com>
Reviewed-by: default avatarJason Yan <yanaijie@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 437b9486
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment