dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-27 22:32:31 +02:00
Code Releases Activity

Use EVM v2 HMAC format by default

Browse Source 
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
This commit is contained in:
Dmitry Kasatkin 2014-01-24 15:06:49 +02:00
parent 317fa60467
commit 86d8772653
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README
View File

@ -14,9 +14,9 @@ Key and signature formats
EVM support (v2) in latest version of the kernel adds the file system UUID to
the HMAC calculation. It is controlled by the CONFIG_EVM_HMAC_VERSION and
version 2 is enabled by default. To include the UUID to the signature calculation,
it is necessary to provide '--uuid' or '-u' parameter to the 'sign' command.
UUID can be provided on command line in form of '-uUUID' or '--uuid=UUID'.
version 2 is enabled by default. In this version default UUID is included by
default. Custom value can be supplied via '--uuid=UUID' or '-uUUID' parameter
to the 'sign' command. To use old format HMAC format use '-' as a parameter.
Latest kernel got IMA/EVM support for using X509 certificates and asymmetric key
support for verifying digital signatures. This version uses x509 format by default.
@ -121,7 +121,7 @@ Default private key: /etc/keys/privkey_evm.pem
Default X509 certificate: /etc/keys/x509_evm.der
Signing for using old RSA format is done using '-1' or '--rsa' parameter.
Signing for using new the EVM HMAC format is done using '-u' or '--uuid' parameter.
Signing for using old EVM HMAC format is done using '-u-' or '--uuid=-' parameter.
Sign file with EVM signature and use hash value for IMA - common case

8
src/evmctl.c
View File

@ -72,7 +72,7 @@ static int digsig;
static char *keypass;
static int sigfile;
static int modsig;
static char *uuid_str;
static char *uuid_str = "+";
static char *search_type;
static int recursive;
static dev_t fs_dev;
@ -434,7 +434,7 @@ static int get_uuid(struct stat *st, char *uuid)
FILE *fp;
size_t len;
if (uuid_str[0] != '-')
if (uuid_str[0] != '+')
return pack_uuid(uuid_str, uuid);
dev = st->st_dev;
@ -540,7 +540,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
return 1;
}
if (uuid_str) {
if (*uuid_str != '-') {
err = get_uuid(&st, uuid);
if (err)
return -1;
@ -1604,7 +1604,7 @@ int main(int argc, char *argv[])
xattr = 0;
break;
case 'u':
uuid_str = optarg ?: "-";
uuid_str = optarg ?: "+";
break;
case '1':
params.x509 = 0;