Commit 64466462 authored by Mimi Zohar's avatar Mimi Zohar

ima: fix 'd-ng' comments and documentation

Initially the 'd-ng' template field did not prefix the digest with either
"md5" or "sha1" hash algorithms.  Prior to being upstreamed this changed,
but the comments and documentation were not updated.  Fix the comments
and documentation.

Fixes: 4d7aeee7 ("ima: define new template ima-ng and template fields d-ng and n-ng")
Reported-by: default avatarEric Biggers <ebiggers@kernel.org>
Reviewed-by: default avatarStefan Berger <stefanb@linux.ibm.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
parent 891163ad
...@@ -66,8 +66,7 @@ descriptors by adding their identifier to the format string ...@@ -66,8 +66,7 @@ descriptors by adding their identifier to the format string
calculated with the SHA1 or MD5 hash algorithm; calculated with the SHA1 or MD5 hash algorithm;
- 'n': the name of the event (i.e. the file name), with size up to 255 bytes; - 'n': the name of the event (i.e. the file name), with size up to 255 bytes;
- 'd-ng': the digest of the event, calculated with an arbitrary hash - 'd-ng': the digest of the event, calculated with an arbitrary hash
algorithm (field format: [<hash algo>:]digest, where the digest algorithm (field format: <hash algo>:digest);
prefix is shown only if the hash algorithm is not SHA1 or MD5);
- 'd-modsig': the digest of the event without the appended modsig; - 'd-modsig': the digest of the event without the appended modsig;
- 'n-ng': the name of the event, without size limitations; - 'n-ng': the name of the event, without size limitations;
- 'sig': the file signature, or the EVM portable signature if the file - 'sig': the file signature, or the EVM portable signature if the file
......
...@@ -271,9 +271,11 @@ static int ima_eventdigest_init_common(const u8 *digest, u32 digestsize, ...@@ -271,9 +271,11 @@ static int ima_eventdigest_init_common(const u8 *digest, u32 digestsize,
/* /*
* digest formats: * digest formats:
* - DATA_FMT_DIGEST: digest * - DATA_FMT_DIGEST: digest
* - DATA_FMT_DIGEST_WITH_ALGO: [<hash algo>] + ':' + '\0' + digest, * - DATA_FMT_DIGEST_WITH_ALGO: <hash algo> + ':' + '\0' + digest,
* where <hash algo> is provided if the hash algorithm is not *
* SHA1 or MD5 * where 'DATA_FMT_DIGEST' is the original digest format ('d')
* with a hash size limitation of 20 bytes,
* where <hash algo> is the hash_algo_name[] string.
*/ */
u8 buffer[CRYPTO_MAX_ALG_NAME + 2 + IMA_MAX_DIGEST_SIZE] = { 0 }; u8 buffer[CRYPTO_MAX_ALG_NAME + 2 + IMA_MAX_DIGEST_SIZE] = { 0 };
enum data_formats fmt = DATA_FMT_DIGEST; enum data_formats fmt = DATA_FMT_DIGEST;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment