Move hash verification to separate function

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
2014-01-24 14:42:22 +02:00 · 2014-01-24 14:42:22 +02:00 · 906861a308
commit 906861a308
parent 6aabda5b65
1 changed files with 13 additions and 7 deletions
--- a/src/libevm.c
+++ b/src/libevm.c
@ -456,11 +456,22 @@ static int get_hash_algo_from_sig(unsigned char *sig)
 		return -1;
 }

+int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen)
+{
+	char *key;
+
+	/* Determine what key to use for verification*/
+	key = params.keyfile ? : params.x509 ?
+			"/etc/keys/x509_evm.der" :
+			"/etc/keys/pubkey_evm.pem";
+
+	return params.verify_hash(hash, size, sig, siglen, key);
+}
+
 int ima_verify_signature(const char *file, unsigned char *sig, int siglen)
 {
 	unsigned char hash[64];
 	int hashlen, sig_hash_algo;
-	char *key;

 	if (sig[0] != 0x03) {
 		log_err("security.ima has no signature\n");
@ -493,10 +504,5 @@ int ima_verify_signature(const char *file, unsigned char *sig, int siglen)
 		}
 	}

-	/* Determine what key to use for verification*/
-	key = params.keyfile ? : params.x509 ?
-			"/etc/keys/x509_evm.der" :
-			"/etc/keys/pubkey_evm.pem";
-
-	return params.verify_hash(hash, hashlen, sig + 1, siglen - 1, key);
+	return verify_hash(hash, hashlen, sig + 1, siglen - 1);
 }