On Tue, 2018-11-27 at 16:08 +0300, Vitaly Chikunov wrote: > > hash_info.h is now included in kernel-headers package. > > I think, first it should not be coincided with the new algo adding and > being follow-up patch (if any). > > > Anyone using the hash_algo enumeration defined in hash_info.h, will > > probably also want to use an associated algorithm name. It would make > > more sense to keep the hash_algo enumeration, hash_algo_name[], and > > perhaps the hash_digest_size[] together. Maybe using macros to keep > > them in sync (eg. kernel_read_file_id/kernel_read_file_str). > > On the first sight this sounds good, but... > > It sounds like it will require patching kernel's hash_info.h, so it will > be not possible to transfer smoothly on the new scheme without breaking > some compatibility (of the newer ima-evm-utils with older kernels). Also, > it is possible that ima-evm-utils is used on the older stable box (where some > reliable and stable build system run) which does not have such modification > and/or new algorithms in the kernel but willing to generate signatures. > > So, I think code duplication between projects is good in this case. The sooner the kernel's hash_info.h is updated, the better. For the time being, ima-evm-utils could define these definitions in a separate file that is/isn't included based on autotools/buildtime option. > > Some hash algorithms may be wished to be compatible with rsa pkcs1 > signature scheme, which is also defined in kernel in > crypto/rsa-pkcs1pad.c and in ima-evm-utils in src/libimaevm.c so code > duplication and adding algorithms in both sources will happen anyway. > > Thanks, There might be multiple problems, but fixing one is better than not fixing either. Mimi
