time_t is actually long and is different on 32 and 64 bit architectures.
Format of the signatures should not depend on the architecture and should
be the same. Changed timestamp to uint32_t like in GPG.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
To enable module signature verification working on file systems
without extended attributes, or to be able to copy modules by methods,
which does not support extended attribute copying, it is necessary
to store signature in the file. This patch provides command line parameter
for storing signature in .sig file.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Directory integrity verification requires directory hash value
to be set to security.ima.
This patch provides directory hash calculation.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
For debugging purpose it is nice to have evm hmac calculation for
labeling filesystem using hmac.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
evmctl was using sha1 for evm hash calculation.
Using EVM API is easy to use other digest algorithms such as sha256.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
evmctl provides signing support for IMA/EVM.
Functionality includes signing of file content (IMA), file metadata (EVM),
importing public keys into kernel keyring.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
