dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-28 14:43:37 +02:00
Code Releases Activity

Move key file selection to later phase

Browse Source 
Following patch reads signature version from header and based
on that key file needs to be selected.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
This commit is contained in:
Vivek Goyal 2013-07-17 16:28:02 +03:00 committed by Dmitry Kasatkin
parent 0df73005a3
commit d9678295b9
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/evmctl.c
View File

@ -1261,12 +1261,13 @@ static int get_hash_algo_from_sig(unsigned char *sig)
return -1;
}
static int verify_ima(const char *file, const char *key)
static int verify_ima(const char *file)
{
unsigned char hash[64];
unsigned char sig[1024];
int len, hashlen;
int sig_hash_algo;
char *key;
if (xattr) {
len = getxattr(file, "security.ima", sig, sizeof(sig));
@ -1305,12 +1306,17 @@ static int verify_ima(const char *file, const char *key)
if (hashlen <= 1)
return hashlen;
/* Determine what key to use for verification*/
key = keyfile ? : x509 ?
"/etc/keys/x509_evm.der" :
"/etc/keys/pubkey_evm.pem";
return verify_hash(hash, hashlen, sig + 1, len - 1, key);
}
static int cmd_verify_ima(struct command *cmd)
{
char *key, *file = g_argv[optind++];
char *file = g_argv[optind++];
if (!file) {
log_err("Parameters missing\n");
@ -1318,11 +1324,7 @@ static int cmd_verify_ima(struct command *cmd)
return -1;
}
key = keyfile ? : x509 ?
"/etc/keys/x509_evm.der" :
"/etc/keys/pubkey_evm.pem";
return verify_ima(file, key);
return verify_ima(file);
}
static int cmd_import(struct command *cmd)