static int digsig;
static char *keypass;
static int sigfile;
+static int x509 = 1;
static int modsig;
static char *uuid_str = "+";
static char *search_type;
inkey = g_argv[optind++];
if (!inkey) {
- inkey = params.x509 ? "/etc/keys/x509_evm.der" :
+ inkey = x509 ? "/etc/keys/x509_evm.der" :
"/etc/keys/pubkey_evm.pem";
} else
ring = g_argv[optind++];
else
id = atoi(ring);
- key = read_pub_key(inkey);
+ key = read_pub_key(inkey, x509);
if (!key)
return 1;
- if (params.x509) {
+ if (x509) {
pub = file2bin(inkey, NULL, &len);
if (!pub)
goto out;
log_info("Importing public key %s from file %s into keyring %d\n", name, inkey, id);
- id = add_key(params.x509 ? "asymmetric" : "user", params.x509 ? NULL : name, pub, len, id);
+ id = add_key(x509 ? "asymmetric" : "user", x509 ? NULL : name, pub, len, id);
if (id < 0) {
log_err("add_key failed\n");
err = id;
log_info("keyid: %d\n", id);
printf("%d\n", id);
}
- if (params.x509)
+ if (x509)
free(pub);
out:
RSA_free(key);
uuid_str = optarg ?: "+";
break;
case '1':
- params.x509 = 0;
+ x509 = 0;
break;
case 'k':
params.keyfile = optarg;
}
}
- if (params.x509)
+ if (x509)
sign_hash = sign_hash_v2;
else
sign_hash = sign_hash_v1;
struct libevm_params params = {
.verbose = LOG_INFO - 1,
.hash_algo = "sha1",
- .x509 = 1,
};
void do_dump(FILE *fp, const void *ptr, int len, bool cr)
return mdlen;
}
-RSA *read_pub_key(const char *keyfile)
+RSA *read_pub_key(const char *keyfile, int x509)
{
FILE *fp;
RSA *key = NULL;
return NULL;
}
- if (params.x509) {
+ if (x509) {
crt = d2i_X509_fp(fp, NULL);
if (!crt) {
log_err("d2i_X509_fp() failed\n");
log_info("hash: ");
log_dump(hash, size);
- key = read_pub_key(keyfile);
+ key = read_pub_key(keyfile, 0);
if (!key)
return 1;
log_info("hash: ");
log_dump(hash, size);
- key = read_pub_key(keyfile);
+ key = read_pub_key(keyfile, 1);
if (!key)
return 1;
int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen)
{
char *key;
+ int x509;
/* Get signature type from sig header */
if (sig[0] == DIGSIG_VERSION_1) {
params.verify_hash = verify_hash_v1;
/* Read pubkey from RSA key */
- params.x509 = 0;
+ x509 = 0;
} else if (sig[0] == DIGSIG_VERSION_2) {
params.verify_hash = verify_hash_v2;
/* Read pubkey from x509 cert */
- params.x509 = 1;
+ x509 = 1;
} else
return -1;
/* Determine what key to use for verification*/
- key = params.keyfile ? : params.x509 ?
+ key = params.keyfile ? : x509 ?
"/etc/keys/x509_evm.der" :
"/etc/keys/pubkey_evm.pem";
struct libevm_params {
int verbose;
const char *hash_algo;
- int x509;
char *keyfile;
verify_hash_fn_t verify_hash;
};
int get_filesize(const char *filename);
int ima_calc_hash(const char *file, uint8_t *hash);
int get_hash_algo(const char *algo);
-RSA *read_pub_key(const char *keyfile);
+RSA *read_pub_key(const char *keyfile, int x509);
int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int siglen);
int ima_verify_signature(const char *file, unsigned char *sig, int siglen);