dh/ima-evm-utils
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use defined xattr types

Browse Source 
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
This commit is contained in:
Dmitry Kasatkin 2014-06-24 15:40:58 +03:00
parent c5a2992bc8
commit 9bc24ee556
2 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/evmctl.c
View File

@ -626,7 +626,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
static int sign_evm(const char *file, const char *key) static int sign_evm(const char *file, const char *key)
{ {
unsigned char hash[20]; unsigned char hash[20];
unsigned char sig[1024] = "\x03"; unsigned char sig[1024];
int len, err; int len, err;
len = calc_evm_hash(file, hash); len = calc_evm_hash(file, hash);
@ -638,6 +638,7 @@ static int sign_evm(const char *file, const char *key)
return len; return len;
if (xattr) { if (xattr) {
sig[0] = EVM_IMA_XATTR_DIGSIG;
err = lsetxattr(file, "security.evm", sig, len + 1, 0); err = lsetxattr(file, "security.evm", sig, len + 1, 0);
if (err < 0) { if (err < 0) {
log_err("setxattr failed: %s\n", file); log_err("setxattr failed: %s\n", file);
@ -650,9 +651,10 @@ static int sign_evm(const char *file, const char *key)
static int hash_ima(const char *file) static int hash_ima(const char *file)
{ {
unsigned char hash[65] = "\x01"; /* MAX hash size + 1 */ unsigned char hash[65]; /* MAX hash size + 1 */
int len, err; int len, err;
hash[0] = IMA_XATTR_DIGEST;
len = ima_calc_hash(file, hash + 1); len = ima_calc_hash(file, hash + 1);
if (len <= 1) if (len <= 1)
return len; return len;
@ -690,7 +692,7 @@ static int cmd_hash_ima(struct command *cmd)
static int sign_ima(const char *file, const char *key) static int sign_ima(const char *file, const char *key)
{ {
unsigned char hash[64]; unsigned char hash[64];
unsigned char sig[1024] = "\x03"; unsigned char sig[1024];
int len, err; int len, err;
len = ima_calc_hash(file, hash); len = ima_calc_hash(file, hash);
@ -703,6 +705,7 @@ static int sign_ima(const char *file, const char *key)
/* add header */ /* add header */
len++; len++;
sig[0] = EVM_IMA_XATTR_DIGSIG;
if (sigfile) if (sigfile)
bin2file(file, "sig", sig, len); bin2file(file, "sig", sig, len);
@ -1151,7 +1154,7 @@ out:
static int hmac_evm(const char *file, const char *key) static int hmac_evm(const char *file, const char *key)
{ {
unsigned char hash[20]; unsigned char hash[20];
unsigned char sig[1024] = "\x02"; unsigned char sig[1024];
int len, err; int len, err;
len = calc_evm_hmac(file, key, hash); len = calc_evm_hmac(file, key, hash);
@ -1163,6 +1166,7 @@ static int hmac_evm(const char *file, const char *key)
memcpy(sig + 1, hash, len); memcpy(sig + 1, hash, len);
if (xattr) { if (xattr) {
sig[0] = EVM_XATTR_HMAC;
err = lsetxattr(file, "security.evm", sig, len + 1, 0); err = lsetxattr(file, "security.evm", sig, len + 1, 0);
if (err < 0) { if (err < 0) {
log_err("setxattr failed: %s\n", file); log_err("setxattr failed: %s\n", file);

7
src/imaevm.h
View File

@ -84,6 +84,13 @@
#define __packed __attribute__((packed)) #define __packed __attribute__((packed))
enum evm_ima_xattr_type {
IMA_XATTR_DIGEST = 0x01,
EVM_XATTR_HMAC,
EVM_IMA_XATTR_DIGSIG,
IMA_XATTR_DIGEST_NG,
};
struct h_misc { struct h_misc {
unsigned long ino; unsigned long ino;
uint32_t generation; uint32_t generation;