dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-27 22:32:31 +02:00
Code Releases Activity

ima-evm-utils: Replace calc_keyid_v2 with calc_pkeyid_v2

Browse Source 
Finish conversion of calc keyid v2 to EVP_PKEY API. After sign_hash_v2()
is switched to EVP_PKEY API (in previous commit), older RSA-specific
calc_keyid_v2() does not needed anymore and can be replaced with
calc_pkeyid_v2().

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Vitaly Chikunov 2019-07-03 18:50:12 +03:00 committed by Mimi Zohar
parent 07e623b608
commit 13d4521dbf
3 changed files with 5 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/evmctl.c
View File

@ -934,7 +934,7 @@ static int cmd_import(struct command *cmd)
EVP_PKEY_free(pkey);
return 1;
}
calc_pkeyid_v2((uint32_t *)keyid, name, pkey);
calc_keyid_v2((uint32_t *)keyid, name, pkey);
EVP_PKEY_free(pkey);
} else {
RSA *key = read_pub_key(inkey, params.x509);

3
src/imaevm.h
View File

@ -219,8 +219,7 @@ RSA *read_pub_key(const char *keyfile, int x509);
EVP_PKEY *read_pub_pkey(const char *keyfile, int x509);
void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len);
void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key);
void calc_pkeyid_v2(uint32_t *keyid, char *str, EVP_PKEY *pkey);
void calc_keyid_v2(uint32_t *keyid, char *str, EVP_PKEY *pkey);
int key2bin(RSA *key, unsigned char *pub);
int sign_hash(const char *algo, const unsigned char *hash, int size, const char *keyfile, const char *keypass, unsigned char *sig);

28
src/libimaevm.c
View File

@ -495,7 +495,7 @@ void init_public_keys(const char *keyfiles)
continue;
}
calc_pkeyid_v2(&entry->keyid, entry->name, entry->key);
calc_keyid_v2(&entry->keyid, entry->name, entry->key);
sprintf(entry->name, "%x", __be32_to_cpup(&entry->keyid));
log_info("key %d: %s %s\n", i++, entry->name, keyfile);
entry->next = public_keys;
@ -741,32 +741,10 @@ void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len
log_info("keyid-v1: %s\n", str);
}
void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key)
{
uint8_t sha1[SHA_DIGEST_LENGTH];
unsigned char *pkey = NULL;
int len;
len = i2d_RSAPublicKey(key, &pkey);
SHA1(pkey, len, sha1);
/* sha1[12 - 19] is exactly keyid from gpg file */
memcpy(keyid, sha1 + 16, 4);
log_debug("keyid: ");
log_debug_dump(keyid, 4);
sprintf(str, "%x", __be32_to_cpup(keyid));
if (params.verbose > LOG_INFO)
log_info("keyid: %s\n", str);
free(pkey);
}
/*
* Calculate keyid of the public_key part of EVP_PKEY
*/
void calc_pkeyid_v2(uint32_t *keyid, char *str, EVP_PKEY *pkey)
void calc_keyid_v2(uint32_t *keyid, char *str, EVP_PKEY *pkey)
{
X509_PUBKEY *pk = NULL;
const unsigned char *public_key = NULL;
@ -971,7 +949,7 @@ int sign_hash_v2(const char *algo, const unsigned char *hash, int size, const ch
hdr->hash_algo = get_hash_algo(algo);
calc_pkeyid_v2(&hdr->keyid, name, pkey);
calc_keyid_v2(&hdr->keyid, name, pkey);
st = "EVP_PKEY_CTX_new";
if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL)))