diff options
Diffstat (limited to 'patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch')
-rw-r--r-- | patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch new file mode 100644 index 000000000..488dfa822 --- /dev/null +++ b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch @@ -0,0 +1,133 @@ +From: Steffen Trumtrar <s.trumtrar@pengutronix.de> +Date: Tue, 8 Mar 2016 13:46:14 +0100 +Subject: [PATCH] evmctl: add parameter -e to set evm hash algo + +The paramter -a sets the hash algorithm only for IMA. To not break +anything, add a new parameter -e to be able to change the hash for +EVM, too. + +Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de> +--- + src/evmctl.c | 27 +++++++++++++++++++++++---- + src/imaevm.h | 1 + + src/libimaevm.c | 1 + + 3 files changed, 25 insertions(+), 4 deletions(-) + +diff --git a/src/evmctl.c b/src/evmctl.c +index b0f3b6362528..5d664005e915 100644 +--- a/src/evmctl.c ++++ b/src/evmctl.c +@@ -336,6 +336,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) + #else + pctx = EVP_MD_CTX_new(); + #endif ++ const EVP_MD *md; + + if (lstat(file, &st)) { + log_err("Failed to stat: %s\n", file); +@@ -379,7 +380,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash) + return -1; + } + +- err = EVP_DigestInit(pctx, EVP_sha1()); ++ md = EVP_get_digestbyname(params.evm_hash_algo); ++ if (!md) { ++ log_err("EVP_get_digestbyname() failed\n"); ++ return 1; ++ } ++ ++ err = EVP_DigestInit(pctx, md); + if (!err) { + log_err("EVP_DigestInit() failed\n"); + return 1; +@@ -503,7 +510,7 @@ static int sign_evm(const char *file, const char *key) + if (len <= 1) + return len; + +- len = sign_hash("sha1", hash, len, key, NULL, sig + 1); ++ len = sign_hash(params.evm_hash_algo, hash, len, key, NULL, sig + 1); + if (len <= 1) + return len; + +@@ -992,6 +999,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h + #else + pctx = HMAC_CTX_new(); + #endif ++ const EVP_MD *md; + + key = file2bin(keyfile, NULL, &keylen); + if (!key) { +@@ -1038,7 +1046,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h + goto out; + } + +- err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), EVP_sha1(), NULL); ++ md = EVP_get_digestbyname(params.evm_hash_algo); ++ if (!md) { ++ log_err("EVP_get_digestbyname() failed\n"); ++ return 1; ++ } ++ ++ err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), md, NULL); + if (err) { + log_err("HMAC_Init() failed\n"); + goto out; +@@ -1635,6 +1649,7 @@ static void usage(void) + printf( + "\n" + " -a, --hashalgo sha1 (default), sha224, sha256, sha384, sha512\n" ++ " -e, --evmhashalgo sha1 (default), sha224, sha256, sha384, sha512\n" + " -s, --imasig make IMA signature\n" + " -d, --imahash make IMA hash\n" + " -f, --sigfile store IMA signature in .sig file instead of xattr\n" +@@ -1691,6 +1706,7 @@ static struct option opts[] = { + {"imasig", 0, 0, 's'}, + {"imahash", 0, 0, 'd'}, + {"hashalgo", 1, 0, 'a'}, ++ {"evmhashalgo", 1, 0, 'e'}, + {"pass", 2, 0, 'p'}, + {"sigfile", 0, 0, 'f'}, + {"uuid", 2, 0, 'u'}, +@@ -1758,7 +1774,7 @@ int main(int argc, char *argv[]) + g_argc = argc; + + while (1) { +- c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind); ++ c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind); + if (c == -1) + break; + +@@ -1784,6 +1800,9 @@ int main(int argc, char *argv[]) + case 'a': + params.hash_algo = optarg; + break; ++ case 'e': ++ params.evm_hash_algo = optarg; ++ break; + case 'p': + if (optarg) + params.keypass = optarg; +diff --git a/src/imaevm.h b/src/imaevm.h +index 1bafaad0f4ab..ed92e4d8981d 100644 +--- a/src/imaevm.h ++++ b/src/imaevm.h +@@ -179,6 +179,7 @@ struct libevm_params { + int verbose; + int x509; + const char *hash_algo; ++ const char *evm_hash_algo; + const char *keyfile; + const char *keypass; + }; +diff --git a/src/libimaevm.c b/src/libimaevm.c +index b6c328801708..4c093a038b72 100644 +--- a/src/libimaevm.c ++++ b/src/libimaevm.c +@@ -129,6 +129,7 @@ struct libevm_params params = { + .verbose = LOG_INFO - 1, + .x509 = 1, + .hash_algo = "sha1", ++ .evm_hash_algo = "sha1", + }; + + static void __attribute__ ((constructor)) libinit(void); |