1 files changed, 133 insertions, 0 deletions

diff --git a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
new file mode 100644
index 000000000..488dfa822
--- /dev/null
+++ b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
@@ -0,0 +1,133 @@
+From: Steffen Trumtrar <s.trumtrar@pengutronix.de>
+Date: Tue, 8 Mar 2016 13:46:14 +0100
+Subject: [PATCH] evmctl: add parameter -e to set evm hash algo
+
+The paramter -a sets the hash algorithm only for IMA. To not break
+anything, add a new parameter -e to be able to change the hash for
+EVM, too.
+
+Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
+---
+ src/evmctl.c    | 27 +++++++++++++++++++++++----
+ src/imaevm.h    |  1 +
+ src/libimaevm.c |  1 +
+ 3 files changed, 25 insertions(+), 4 deletions(-)
+
+diff --git a/src/evmctl.c b/src/evmctl.c
+index b0f3b6362528..5d664005e915 100644
+--- a/src/evmctl.c
++++ b/src/evmctl.c
+@@ -336,6 +336,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+ #else
+ 	pctx = EVP_MD_CTX_new();
+ #endif
++	const EVP_MD *md;
+ 
+ 	if (lstat(file, &st)) {
+ 		log_err("Failed to stat: %s\n", file);
+@@ -379,7 +380,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+ 		return -1;
+ 	}
+ 
+-	err = EVP_DigestInit(pctx, EVP_sha1());
++	md = EVP_get_digestbyname(params.evm_hash_algo);
++	if (!md) {
++		log_err("EVP_get_digestbyname() failed\n");
++		return 1;
++	}
++
++	err = EVP_DigestInit(pctx, md);
+ 	if (!err) {
+ 		log_err("EVP_DigestInit() failed\n");
+ 		return 1;
+@@ -503,7 +510,7 @@ static int sign_evm(const char *file, const char *key)
+ 	if (len <= 1)
+ 		return len;
+ 
+-	len = sign_hash("sha1", hash, len, key, NULL, sig + 1);
++	len = sign_hash(params.evm_hash_algo, hash, len, key, NULL, sig + 1);
+ 	if (len <= 1)
+ 		return len;
+ 
+@@ -992,6 +999,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+ #else
+ 	pctx = HMAC_CTX_new();
+ #endif
++	const EVP_MD *md;
+ 
+ 	key = file2bin(keyfile, NULL, &keylen);
+ 	if (!key) {
+@@ -1038,7 +1046,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+ 		goto out;
+ 	}
+ 
+-	err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), EVP_sha1(), NULL);
++	md = EVP_get_digestbyname(params.evm_hash_algo);
++	if (!md) {
++		log_err("EVP_get_digestbyname() failed\n");
++		return 1;
++	}
++
++	err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), md, NULL);
+ 	if (err) {
+ 		log_err("HMAC_Init() failed\n");
+ 		goto out;
+@@ -1635,6 +1649,7 @@ static void usage(void)
+ 	printf(
+ 		"\n"
+ 		"  -a, --hashalgo     sha1 (default), sha224, sha256, sha384, sha512\n"
++		"  -e, --evmhashalgo  sha1 (default), sha224, sha256, sha384, sha512\n"
+ 		"  -s, --imasig       make IMA signature\n"
+ 		"  -d, --imahash      make IMA hash\n"
+ 		"  -f, --sigfile      store IMA signature in .sig file instead of xattr\n"
+@@ -1691,6 +1706,7 @@ static struct option opts[] = {
+ 	{"imasig", 0, 0, 's'},
+ 	{"imahash", 0, 0, 'd'},
+ 	{"hashalgo", 1, 0, 'a'},
++	{"evmhashalgo", 1, 0, 'e'},
+ 	{"pass", 2, 0, 'p'},
+ 	{"sigfile", 0, 0, 'f'},
+ 	{"uuid", 2, 0, 'u'},
+@@ -1758,7 +1774,7 @@ int main(int argc, char *argv[])
+ 	g_argc = argc;
+ 
+ 	while (1) {
+-		c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind);
++		c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind);
+ 		if (c == -1)
+ 			break;
+ 
+@@ -1784,6 +1800,9 @@ int main(int argc, char *argv[])
+ 		case 'a':
+ 			params.hash_algo = optarg;
+ 			break;
++		case 'e':
++			params.evm_hash_algo = optarg;
++			break;
+ 		case 'p':
+ 			if (optarg)
+ 				params.keypass = optarg;
+diff --git a/src/imaevm.h b/src/imaevm.h
+index 1bafaad0f4ab..ed92e4d8981d 100644
+--- a/src/imaevm.h
++++ b/src/imaevm.h
+@@ -179,6 +179,7 @@ struct libevm_params {
+ 	int verbose;
+ 	int x509;
+ 	const char *hash_algo;
++	const char *evm_hash_algo;
+ 	const char *keyfile;
+ 	const char *keypass;
+ };
+diff --git a/src/libimaevm.c b/src/libimaevm.c
+index b6c328801708..4c093a038b72 100644
+--- a/src/libimaevm.c
++++ b/src/libimaevm.c
+@@ -129,6 +129,7 @@ struct libevm_params params = {
+ 	.verbose = LOG_INFO - 1,
+ 	.x509 = 1,
+ 	.hash_algo = "sha1",
++	.evm_hash_algo = "sha1",
+ };
+ 
+ static void __attribute__ ((constructor)) libinit(void);