mirror of
https://git.code.sf.net/p/linux-ima/ima-evm-utils
synced 2025-04-28 14:43:37 +02:00
Remove x509 library parameter
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
This commit is contained in:
Dmitry Kasatkin
parent
e92cbe4756
commit
fd7e949c29
15
src/evmctl.c
15
src/evmctl.c
@ -71,6 +71,7 @@ static int digest;
|
||||
static int digsig;
|
||||
static char *keypass;
|
||||
static int sigfile;
|
||||
static int x509 = 1;
|
||||
static int modsig;
|
||||
static char *uuid_str = "+";
|
||||
static char *search_type;
|
||||
@ -860,7 +861,7 @@ static int cmd_import(struct command *cmd)
|
||||
|
||||
inkey = g_argv[optind++];
|
||||
if (!inkey) {
|
||||
inkey = params.x509 ? "/etc/keys/x509_evm.der" :
|
||||
inkey = x509 ? "/etc/keys/x509_evm.der" :
|
||||
"/etc/keys/pubkey_evm.pem";
|
||||
} else
|
||||
ring = g_argv[optind++];
|
||||
@ -870,11 +871,11 @@ static int cmd_import(struct command *cmd)
|
||||
else
|
||||
id = atoi(ring);
|
||||
|
||||
key = read_pub_key(inkey);
|
||||
key = read_pub_key(inkey, x509);
|
||||
if (!key)
|
||||
return 1;
|
||||
|
||||
if (params.x509) {
|
||||
if (x509) {
|
||||
pub = file2bin(inkey, NULL, &len);
|
||||
if (!pub)
|
||||
goto out;
|
||||
@ -886,7 +887,7 @@ static int cmd_import(struct command *cmd)
|
||||
|
||||
log_info("Importing public key %s from file %s into keyring %d\n", name, inkey, id);
|
||||
|
||||
id = add_key(params.x509 ? "asymmetric" : "user", params.x509 ? NULL : name, pub, len, id);
|
||||
id = add_key(x509 ? "asymmetric" : "user", x509 ? NULL : name, pub, len, id);
|
||||
if (id < 0) {
|
||||
log_err("add_key failed\n");
|
||||
err = id;
|
||||
@ -894,7 +895,7 @@ static int cmd_import(struct command *cmd)
|
||||
log_info("keyid: %d\n", id);
|
||||
printf("%d\n", id);
|
||||
}
|
||||
if (params.x509)
|
||||
if (x509)
|
||||
free(pub);
|
||||
out:
|
||||
RSA_free(key);
|
||||
@ -1606,7 +1607,7 @@ int main(int argc, char *argv[])
|
||||
uuid_str = optarg ?: "+";
|
||||
break;
|
||||
case '1':
|
||||
params.x509 = 0;
|
||||
x509 = 0;
|
||||
break;
|
||||
case 'k':
|
||||
params.keyfile = optarg;
|
||||
@ -1625,7 +1626,7 @@ int main(int argc, char *argv[])
|
||||
}
|
||||
}
|
||||
|
||||
if (params.x509)
|
||||
if (x509)
|
||||
sign_hash = sign_hash_v2;
|
||||
else
|
||||
sign_hash = sign_hash_v1;
|
||||
|
||||
16
src/libevm.c
16
src/libevm.c
@ -99,7 +99,6 @@ const struct RSA_ASN1_template RSA_ASN1_templates[PKEY_HASH__LAST] = {
|
||||
struct libevm_params params = {
|
||||
.verbose = LOG_INFO - 1,
|
||||
.hash_algo = "sha1",
|
||||
.x509 = 1,
|
||||
};
|
||||
|
||||
void do_dump(FILE *fp, const void *ptr, int len, bool cr)
|
||||
@ -291,7 +290,7 @@ int ima_calc_hash(const char *file, uint8_t *hash)
|
||||
return mdlen;
|
||||
}
|
||||
|
||||
RSA *read_pub_key(const char *keyfile)
|
||||
RSA *read_pub_key(const char *keyfile, int x509)
|
||||
{
|
||||
FILE *fp;
|
||||
RSA *key = NULL;
|
||||
@ -304,7 +303,7 @@ RSA *read_pub_key(const char *keyfile)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (params.x509) {
|
||||
if (x509) {
|
||||
crt = d2i_X509_fp(fp, NULL);
|
||||
if (!crt) {
|
||||
log_err("d2i_X509_fp() failed\n");
|
||||
@ -344,7 +343,7 @@ int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int
|
||||
log_info("hash: ");
|
||||
log_dump(hash, size);
|
||||
|
||||
key = read_pub_key(keyfile);
|
||||
key = read_pub_key(keyfile, 0);
|
||||
if (!key)
|
||||
return 1;
|
||||
|
||||
@ -386,7 +385,7 @@ int verify_hash_v2(const unsigned char *hash, int size, unsigned char *sig, int
|
||||
log_info("hash: ");
|
||||
log_dump(hash, size);
|
||||
|
||||
key = read_pub_key(keyfile);
|
||||
key = read_pub_key(keyfile, 1);
|
||||
if (!key)
|
||||
return 1;
|
||||
|
||||
@ -460,21 +459,22 @@ static int get_hash_algo_from_sig(unsigned char *sig)
|
||||
int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen)
|
||||
{
|
||||
char *key;
|
||||
int x509;
|
||||
|
||||
/* Get signature type from sig header */
|
||||
if (sig[0] == DIGSIG_VERSION_1) {
|
||||
params.verify_hash = verify_hash_v1;
|
||||
/* Read pubkey from RSA key */
|
||||
params.x509 = 0;
|
||||
x509 = 0;
|
||||
} else if (sig[0] == DIGSIG_VERSION_2) {
|
||||
params.verify_hash = verify_hash_v2;
|
||||
/* Read pubkey from x509 cert */
|
||||
params.x509 = 1;
|
||||
x509 = 1;
|
||||
} else
|
||||
return -1;
|
||||
|
||||
/* Determine what key to use for verification*/
|
||||
key = params.keyfile ? : params.x509 ?
|
||||
key = params.keyfile ? : x509 ?
|
||||
"/etc/keys/x509_evm.der" :
|
||||
"/etc/keys/pubkey_evm.pem";
|
||||
|
||||
|
||||
@ -128,7 +128,6 @@ typedef int (*verify_hash_fn_t)(const unsigned char *hash, int size, unsigned ch
|
||||
struct libevm_params {
|
||||
int verbose;
|
||||
const char *hash_algo;
|
||||
int x509;
|
||||
char *keyfile;
|
||||
verify_hash_fn_t verify_hash;
|
||||
};
|
||||
@ -146,7 +145,7 @@ void dump(const void *ptr, int len);
|
||||
int get_filesize(const char *filename);
|
||||
int ima_calc_hash(const char *file, uint8_t *hash);
|
||||
int get_hash_algo(const char *algo);
|
||||
RSA *read_pub_key(const char *keyfile);
|
||||
RSA *read_pub_key(const char *keyfile, int x509);
|
||||
|
||||
int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen);
|
||||
int ima_verify_signature(const char *file, unsigned char *sig, int siglen);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user