Re: [PATCH v6 2/5] ima: define a new template field named 'd-ngv2' and templates

[Stefan Berger]

On 3/21/22 15:48, Mimi Zohar wrote:
> On Mon, 2022-03-21 at 08:53 -0400, Stefan Berger wrote:

> > > +
> > > +/*
> > > + * This function writes the digest of an event (without size limit),
> > > + * prefixed with both the hash type and algorithm.
> > > + */
> > > +int ima_eventdigest_ngv2_init(struct ima_event_data *event_data,
> > > +			      struct ima_field_data *field_data)
> > > +{
> > > +	u8 *cur_digest = NULL, hash_algo = HASH_ALGO_SHA1;
> > > +	u32 cur_digestsize = 0;
> > > +	u8 digest_type = 0;
> >
> > What does '0' mean? I think this should definitely be an enum or at
> > least #define.
>
> The first element of the array is "ima".  Should I define two macros
> similar to kernel_read_file_id and kernel_read_file_str for just two
> strings?

I would introduce an enum like enum hash_algo: 
https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/hash_info.h#L38

And an array like hash_algo_name: 
https://elixir.bootlin.com/linux/latest/source/crypto/hash_info.c#L12


> thanks,
>
> Mimi