From 3dc656bc6fe076e7d78950637301de26e76ac011 Mon Sep 17 00:00:00 2001
From: Dmitry Kasatkin <d.kasatkin@samsung.com>
Date: Fri, 17 Jan 2014 15:18:48 +0200
Subject: [PATCH] Implement recursive IMA signing

Recursive signing is needed when doing filesystem image signing.
Using script is very slow due to multiple forking and executing.
C-based implementation provides about 7 times performance improvements.
It is very significant when doing large image signing.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
---
 src/evmctl.c | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/src/evmctl.c b/src/evmctl.c
index 77f3e36..f6d000e 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1130,9 +1130,19 @@ static int get_file_type(const char *path, const char *search_type)
 	return dts;
 }
 
+static int sign_ima_file(const char *file)
+{
+	char *key;
+
+	key = keyfile ? : "/etc/keys/privkey_evm.pem";
+
+	return sign_ima(file, key);
+}
+
 static int cmd_sign_ima(struct command *cmd)
 {
-	char *key, *file = g_argv[optind++];
+	char *file = g_argv[optind++];
+	int err, dts = REG_MASK; /* only regular files by default */
 
 	if (!file) {
 		log_err("Parameters missing\n");
@@ -1140,10 +1150,18 @@ static int cmd_sign_ima(struct command *cmd)
 		return -1;
 	}
 
-	key = keyfile ? : "/etc/keys/privkey_evm.pem";
-
-	return sign_ima(file, key);
+	if (recursive) {
+		if (search_type) {
+			dts = get_file_type(file, search_type);
+			if (dts < 0)
+				return dts;
+		}
+		err = find(file, dts, sign_ima_file);
+	} else {
+		err = sign_ima_file(file);
+	}
 
+	return err;
 }
 
 static int sign_evm_path(const char *file)