diff --git a/src/evmctl.c b/src/evmctl.c index abcc4f8..278894f 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -71,6 +71,7 @@ static int digest; static int digsig; static char *keypass; static int sigfile; +static int x509 = 1; static int modsig; static char *uuid_str = "+"; static char *search_type; @@ -860,7 +861,7 @@ static int cmd_import(struct command *cmd) inkey = g_argv[optind++]; if (!inkey) { - inkey = params.x509 ? "/etc/keys/x509_evm.der" : + inkey = x509 ? "/etc/keys/x509_evm.der" : "/etc/keys/pubkey_evm.pem"; } else ring = g_argv[optind++]; @@ -870,11 +871,11 @@ static int cmd_import(struct command *cmd) else id = atoi(ring); - key = read_pub_key(inkey); + key = read_pub_key(inkey, x509); if (!key) return 1; - if (params.x509) { + if (x509) { pub = file2bin(inkey, NULL, &len); if (!pub) goto out; @@ -886,7 +887,7 @@ static int cmd_import(struct command *cmd) log_info("Importing public key %s from file %s into keyring %d\n", name, inkey, id); - id = add_key(params.x509 ? "asymmetric" : "user", params.x509 ? NULL : name, pub, len, id); + id = add_key(x509 ? "asymmetric" : "user", x509 ? NULL : name, pub, len, id); if (id < 0) { log_err("add_key failed\n"); err = id; @@ -894,7 +895,7 @@ static int cmd_import(struct command *cmd) log_info("keyid: %d\n", id); printf("%d\n", id); } - if (params.x509) + if (x509) free(pub); out: RSA_free(key); @@ -1606,7 +1607,7 @@ int main(int argc, char *argv[]) uuid_str = optarg ?: "+"; break; case '1': - params.x509 = 0; + x509 = 0; break; case 'k': params.keyfile = optarg; @@ -1625,7 +1626,7 @@ int main(int argc, char *argv[]) } } - if (params.x509) + if (x509) sign_hash = sign_hash_v2; else sign_hash = sign_hash_v1; diff --git a/src/libevm.c b/src/libevm.c index abf6abb..4d0af50 100644 --- a/src/libevm.c +++ b/src/libevm.c @@ -99,7 +99,6 @@ const struct RSA_ASN1_template RSA_ASN1_templates[PKEY_HASH__LAST] = { struct libevm_params params = { .verbose = LOG_INFO - 1, .hash_algo = "sha1", - .x509 = 1, }; void do_dump(FILE *fp, const void *ptr, int len, bool cr) @@ -291,7 +290,7 @@ int ima_calc_hash(const char *file, uint8_t *hash) return mdlen; } -RSA *read_pub_key(const char *keyfile) +RSA *read_pub_key(const char *keyfile, int x509) { FILE *fp; RSA *key = NULL; @@ -304,7 +303,7 @@ RSA *read_pub_key(const char *keyfile) return NULL; } - if (params.x509) { + if (x509) { crt = d2i_X509_fp(fp, NULL); if (!crt) { log_err("d2i_X509_fp() failed\n"); @@ -344,7 +343,7 @@ int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int log_info("hash: "); log_dump(hash, size); - key = read_pub_key(keyfile); + key = read_pub_key(keyfile, 0); if (!key) return 1; @@ -386,7 +385,7 @@ int verify_hash_v2(const unsigned char *hash, int size, unsigned char *sig, int log_info("hash: "); log_dump(hash, size); - key = read_pub_key(keyfile); + key = read_pub_key(keyfile, 1); if (!key) return 1; @@ -460,21 +459,22 @@ static int get_hash_algo_from_sig(unsigned char *sig) int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen) { char *key; + int x509; /* Get signature type from sig header */ if (sig[0] == DIGSIG_VERSION_1) { params.verify_hash = verify_hash_v1; /* Read pubkey from RSA key */ - params.x509 = 0; + x509 = 0; } else if (sig[0] == DIGSIG_VERSION_2) { params.verify_hash = verify_hash_v2; /* Read pubkey from x509 cert */ - params.x509 = 1; + x509 = 1; } else return -1; /* Determine what key to use for verification*/ - key = params.keyfile ? : params.x509 ? + key = params.keyfile ? : x509 ? "/etc/keys/x509_evm.der" : "/etc/keys/pubkey_evm.pem"; diff --git a/src/libevm.h b/src/libevm.h index 1481e9b..4cbf826 100644 --- a/src/libevm.h +++ b/src/libevm.h @@ -128,7 +128,6 @@ typedef int (*verify_hash_fn_t)(const unsigned char *hash, int size, unsigned ch struct libevm_params { int verbose; const char *hash_algo; - int x509; char *keyfile; verify_hash_fn_t verify_hash; }; @@ -146,7 +145,7 @@ void dump(const void *ptr, int len); int get_filesize(const char *filename); int ima_calc_hash(const char *file, uint8_t *hash); int get_hash_algo(const char *algo); -RSA *read_pub_key(const char *keyfile); +RSA *read_pub_key(const char *keyfile, int x509); int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen); int ima_verify_signature(const char *file, unsigned char *sig, int siglen);