dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-28 14:43:37 +02:00
Code Releases Activity

Remove x509 library parameter

Browse Source 
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
This commit is contained in:
Dmitry Kasatkin 2014-01-24 15:37:54 +02:00
parent e92cbe4756
commit fd7e949c29
3 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/evmctl.c
View File

@ -71,6 +71,7 @@ static int digest;
static int digsig; static int digsig;
static char *keypass; static char *keypass;
static int sigfile; static int sigfile;
static int x509 = 1;
static int modsig; static int modsig;
static char *uuid_str = "+"; static char *uuid_str = "+";
static char *search_type; static char *search_type;
@ -860,7 +861,7 @@ static int cmd_import(struct command *cmd)
inkey = g_argv[optind++]; inkey = g_argv[optind++];
if (!inkey) { if (!inkey) {
inkey = params.x509 ? "/etc/keys/x509_evm.der" : inkey = x509 ? "/etc/keys/x509_evm.der" :
"/etc/keys/pubkey_evm.pem"; "/etc/keys/pubkey_evm.pem";
} else } else
ring = g_argv[optind++]; ring = g_argv[optind++];
@ -870,11 +871,11 @@ static int cmd_import(struct command *cmd)
else else
id = atoi(ring); id = atoi(ring);
key = read_pub_key(inkey); key = read_pub_key(inkey, x509);
if (!key) if (!key)
return 1; return 1;
if (params.x509) { if (x509) {
pub = file2bin(inkey, NULL, &len); pub = file2bin(inkey, NULL, &len);
if (!pub) if (!pub)
goto out; goto out;
@ -886,7 +887,7 @@ static int cmd_import(struct command *cmd)
log_info("Importing public key %s from file %s into keyring %d\n", name, inkey, id); log_info("Importing public key %s from file %s into keyring %d\n", name, inkey, id);
id = add_key(params.x509 ? "asymmetric" : "user", params.x509 ? NULL : name, pub, len, id); id = add_key(x509 ? "asymmetric" : "user", x509 ? NULL : name, pub, len, id);
if (id < 0) { if (id < 0) {
log_err("add_key failed\n"); log_err("add_key failed\n");
err = id; err = id;
@ -894,7 +895,7 @@ static int cmd_import(struct command *cmd)
log_info("keyid: %d\n", id); log_info("keyid: %d\n", id);
printf("%d\n", id); printf("%d\n", id);
} }
if (params.x509) if (x509)
free(pub); free(pub);
out: out:
RSA_free(key); RSA_free(key);
@ -1606,7 +1607,7 @@ int main(int argc, char *argv[])
uuid_str = optarg ?: "+"; uuid_str = optarg ?: "+";
break; break;
case '1': case '1':
params.x509 = 0; x509 = 0;
break; break;
case 'k': case 'k':
params.keyfile = optarg; params.keyfile = optarg;
@ -1625,7 +1626,7 @@ int main(int argc, char *argv[])
} }
} }
if (params.x509) if (x509)
sign_hash = sign_hash_v2; sign_hash = sign_hash_v2;
else else
sign_hash = sign_hash_v1; sign_hash = sign_hash_v1;

16
src/libevm.c
View File

@ -99,7 +99,6 @@ const struct RSA_ASN1_template RSA_ASN1_templates[PKEY_HASH__LAST] = {
struct libevm_params params = { struct libevm_params params = {
.verbose = LOG_INFO - 1, .verbose = LOG_INFO - 1,
.hash_algo = "sha1", .hash_algo = "sha1",
.x509 = 1,
}; };
void do_dump(FILE *fp, const void *ptr, int len, bool cr) void do_dump(FILE *fp, const void *ptr, int len, bool cr)
@ -291,7 +290,7 @@ int ima_calc_hash(const char *file, uint8_t *hash)
return mdlen; return mdlen;
} }
RSA *read_pub_key(const char *keyfile) RSA *read_pub_key(const char *keyfile, int x509)
{ {
FILE *fp; FILE *fp;
RSA *key = NULL; RSA *key = NULL;
@ -304,7 +303,7 @@ RSA *read_pub_key(const char *keyfile)
return NULL; return NULL;
} }
if (params.x509) { if (x509) {
crt = d2i_X509_fp(fp, NULL); crt = d2i_X509_fp(fp, NULL);
if (!crt) { if (!crt) {
log_err("d2i_X509_fp() failed\n"); log_err("d2i_X509_fp() failed\n");
@ -344,7 +343,7 @@ int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int
log_info("hash: "); log_info("hash: ");
log_dump(hash, size); log_dump(hash, size);
key = read_pub_key(keyfile); key = read_pub_key(keyfile, 0);
if (!key) if (!key)
return 1; return 1;
@ -386,7 +385,7 @@ int verify_hash_v2(const unsigned char *hash, int size, unsigned char *sig, int
log_info("hash: "); log_info("hash: ");
log_dump(hash, size); log_dump(hash, size);
key = read_pub_key(keyfile); key = read_pub_key(keyfile, 1);
if (!key) if (!key)
return 1; return 1;
@ -460,21 +459,22 @@ static int get_hash_algo_from_sig(unsigned char *sig)
int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen) int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen)
{ {
char *key; char *key;
int x509;
/* Get signature type from sig header */ /* Get signature type from sig header */
if (sig[0] == DIGSIG_VERSION_1) { if (sig[0] == DIGSIG_VERSION_1) {
params.verify_hash = verify_hash_v1; params.verify_hash = verify_hash_v1;
/* Read pubkey from RSA key */ /* Read pubkey from RSA key */
params.x509 = 0; x509 = 0;
} else if (sig[0] == DIGSIG_VERSION_2) { } else if (sig[0] == DIGSIG_VERSION_2) {
params.verify_hash = verify_hash_v2; params.verify_hash = verify_hash_v2;
/* Read pubkey from x509 cert */ /* Read pubkey from x509 cert */
params.x509 = 1; x509 = 1;
} else } else
return -1; return -1;
/* Determine what key to use for verification*/ /* Determine what key to use for verification*/
key = params.keyfile ? : params.x509 ? key = params.keyfile ? : x509 ?
"/etc/keys/x509_evm.der" : "/etc/keys/x509_evm.der" :
"/etc/keys/pubkey_evm.pem"; "/etc/keys/pubkey_evm.pem";

3
src/libevm.h
View File

@ -128,7 +128,6 @@ typedef int (*verify_hash_fn_t)(const unsigned char *hash, int size, unsigned ch
struct libevm_params { struct libevm_params {
int verbose; int verbose;
const char *hash_algo; const char *hash_algo;
int x509;
char *keyfile; char *keyfile;
verify_hash_fn_t verify_hash; verify_hash_fn_t verify_hash;
}; };
@ -146,7 +145,7 @@ void dump(const void *ptr, int len);
int get_filesize(const char *filename); int get_filesize(const char *filename);
int ima_calc_hash(const char *file, uint8_t *hash); int ima_calc_hash(const char *file, uint8_t *hash);
int get_hash_algo(const char *algo); int get_hash_algo(const char *algo);
RSA *read_pub_key(const char *keyfile); RSA *read_pub_key(const char *keyfile, int x509);
int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen); int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen);
int ima_verify_signature(const char *file, unsigned char *sig, int siglen); int ima_verify_signature(const char *file, unsigned char *sig, int siglen);