bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-18 06:44:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

ima: Define asymmetric_verify_v3() to verify IMA sigv3 signatures

Browse Source 
Define asymmetric_verify_v3() to calculate the hash of the struct
ima_file_id, before calling asymmetric_verify() to verify the
signature.

Move and update the existing calc_file_id_hash() function with a
simpler, self contained version.  In addition to the existing hash
data and hash data length arguments, also pass the hash algorithm.

Suggested-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Mimi Zohar
2026-03-10 19:42:07 -04:00
parent 7a60fe48af
commit dccfbafb1f
5 changed files with 90 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
security/integrity/digsig.c
View File

@@ -59,7 +59,7 @@ static struct key *integrity_keyring_from_id(const unsigned int id)
}
int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
const char *digest, int digestlen)
const char *digest, int digestlen, u8 algo)
{
struct key *keyring;
@@ -76,9 +76,11 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
return digsig_verify(keyring, sig + 1, siglen - 1, digest,
digestlen);
case 2: /* regular file data hash based signature */
case 3: /* struct ima_file_id data based signature */
return asymmetric_verify(keyring, sig, siglen, digest,
digestlen);
digestlen);
case 3: /* struct ima_file_id data based signature */
return asymmetric_verify_v3(keyring, sig, siglen, digest,
digestlen, algo);
}
return -EOPNOTSUPP;