dh/ima-evm-utils
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move signature version checking to verify_hash()

Browse Source 
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
This commit is contained in:
Dmitry Kasatkin 2014-01-24 14:48:02 +02:00
parent 906861a308
commit 3299fba40d
2 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/libevm.c
View File

@ -460,6 +460,19 @@ int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int sig
{ {
char *key; char *key;
/* Get signature type from sig header if user did not enforce it */
if (!params.user_sig_type) {
if (sig[0] == DIGSIG_VERSION_1) {
params.verify_hash = verify_hash_v1;
/* Read pubkey from RSA key */
params.x509 = 0;
} else if (sig[0] == DIGSIG_VERSION_2) {
params.verify_hash = verify_hash_v2;
/* Read pubkey from x509 cert */
params.x509 = 1;
}
}
/* Determine what key to use for verification*/ /* Determine what key to use for verification*/
key = params.keyfile ? : params.x509 ? key = params.keyfile ? : params.x509 ?
"/etc/keys/x509_evm.der" : "/etc/keys/x509_evm.der" :
@ -493,16 +506,5 @@ int ima_verify_signature(const char *file, unsigned char *sig, int siglen)
if (hashlen <= 1) if (hashlen <= 1)
return hashlen; return hashlen;
/* Get signature type from sig header if user did not enforce it */
if (!params.user_sig_type) {
if (sig[1] == DIGSIG_VERSION_1)
params.verify_hash = verify_hash_v1;
else if (sig[1] == DIGSIG_VERSION_2) {
params.verify_hash = verify_hash_v2;
/* Read pubkey from x509 cert */
params.x509 = 1;
}
}
return verify_hash(hash, hashlen, sig + 1, siglen - 1); return verify_hash(hash, hashlen, sig + 1, siglen - 1);
} }

1
src/libevm.h
View File

@ -152,6 +152,7 @@ RSA *read_pub_key(const char *keyfile);
int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int siglen, const char *keyfile); int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int siglen, const char *keyfile);
int verify_hash_v2(const unsigned char *hash, int size, unsigned char *sig, int siglen, const char *keyfile); int verify_hash_v2(const unsigned char *hash, int size, unsigned char *sig, int siglen, const char *keyfile);
int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen);
int ima_verify_signature(const char *file, unsigned char *sig, int siglen); int ima_verify_signature(const char *file, unsigned char *sig, int siglen);
#endif #endif