dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-28 06:33:36 +02:00
Code Releases Activity

ima-evm-utils: Replace calc_keyid_v2 with calc_pkeyid_v2

Browse Source 
Finish conversion of calc keyid v2 to EVP_PKEY API. After sign_hash_v2()
is switched to EVP_PKEY API (in previous commit), older RSA-specific
calc_keyid_v2() does not needed anymore and can be replaced with
calc_pkeyid_v2().

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Vitaly Chikunov 2019-07-03 18:50:12 +03:00 committed by Mimi Zohar
parent 07e623b608
commit 13d4521dbf
3 changed files with 5 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/evmctl.c
View File

@ -934,7 +934,7 @@ static int cmd_import(struct command *cmd)
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
return 1; return 1;
} }
calc_pkeyid_v2((uint32_t *)keyid, name, pkey); calc_keyid_v2((uint32_t *)keyid, name, pkey);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
} else { } else {
RSA *key = read_pub_key(inkey, params.x509); RSA *key = read_pub_key(inkey, params.x509);

3
src/imaevm.h
View File

@ -219,8 +219,7 @@ RSA *read_pub_key(const char *keyfile, int x509);
EVP_PKEY *read_pub_pkey(const char *keyfile, int x509); EVP_PKEY *read_pub_pkey(const char *keyfile, int x509);
void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len); void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len);
void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key); void calc_keyid_v2(uint32_t *keyid, char *str, EVP_PKEY *pkey);
void calc_pkeyid_v2(uint32_t *keyid, char *str, EVP_PKEY *pkey);
int key2bin(RSA *key, unsigned char *pub); int key2bin(RSA *key, unsigned char *pub);
int sign_hash(const char *algo, const unsigned char *hash, int size, const char *keyfile, const char *keypass, unsigned char *sig); int sign_hash(const char *algo, const unsigned char *hash, int size, const char *keyfile, const char *keypass, unsigned char *sig);

28
src/libimaevm.c
View File

@ -495,7 +495,7 @@ void init_public_keys(const char *keyfiles)
continue; continue;
} }
calc_pkeyid_v2(&entry->keyid, entry->name, entry->key); calc_keyid_v2(&entry->keyid, entry->name, entry->key);
sprintf(entry->name, "%x", __be32_to_cpup(&entry->keyid)); sprintf(entry->name, "%x", __be32_to_cpup(&entry->keyid));
log_info("key %d: %s %s\n", i++, entry->name, keyfile); log_info("key %d: %s %s\n", i++, entry->name, keyfile);
entry->next = public_keys; entry->next = public_keys;
@ -741,32 +741,10 @@ void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len
log_info("keyid-v1: %s\n", str); log_info("keyid-v1: %s\n", str);
} }
void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key)
{
uint8_t sha1[SHA_DIGEST_LENGTH];
unsigned char *pkey = NULL;
int len;
len = i2d_RSAPublicKey(key, &pkey);
SHA1(pkey, len, sha1);
/* sha1[12 - 19] is exactly keyid from gpg file */
memcpy(keyid, sha1 + 16, 4);
log_debug("keyid: ");
log_debug_dump(keyid, 4);
sprintf(str, "%x", __be32_to_cpup(keyid));
if (params.verbose > LOG_INFO)
log_info("keyid: %s\n", str);
free(pkey);
}
/* /*
* Calculate keyid of the public_key part of EVP_PKEY * Calculate keyid of the public_key part of EVP_PKEY
*/ */
void calc_pkeyid_v2(uint32_t *keyid, char *str, EVP_PKEY *pkey) void calc_keyid_v2(uint32_t *keyid, char *str, EVP_PKEY *pkey)
{ {
X509_PUBKEY *pk = NULL; X509_PUBKEY *pk = NULL;
const unsigned char *public_key = NULL; const unsigned char *public_key = NULL;
@ -971,7 +949,7 @@ int sign_hash_v2(const char *algo, const unsigned char *hash, int size, const ch
hdr->hash_algo = get_hash_algo(algo); hdr->hash_algo = get_hash_algo(algo);
calc_pkeyid_v2(&hdr->keyid, name, pkey); calc_keyid_v2(&hdr->keyid, name, pkey);
st = "EVP_PKEY_CTX_new"; st = "EVP_PKEY_CTX_new";
if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL))) if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL)))