Menu
▾
▴
linux-ima-devel — Discussion list for problems or development.
This list is closed, nobody may subscribe to it.
| 2007 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(1) |
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2013 |
Jan
|
Feb
|
Mar
(7) |
Apr
|
May
(7) |
Jun
(7) |
Jul
(26) |
Aug
|
Sep
(7) |
Oct
(1) |
Nov
(35) |
Dec
(18) |
| 2014 |
Jan
(1) |
Feb
(2) |
Mar
(3) |
Apr
|
May
(16) |
Jun
(35) |
Jul
(103) |
Aug
(45) |
Sep
(226) |
Oct
(200) |
Nov
(66) |
Dec
(42) |
| 2015 |
Jan
(47) |
Feb
(3) |
Mar
(6) |
Apr
(14) |
May
(38) |
Jun
(10) |
Jul
(10) |
Aug
(15) |
Sep
(23) |
Oct
(78) |
Nov
(56) |
Dec
(70) |
| 2016 |
Jan
(9) |
Feb
(8) |
Mar
(15) |
Apr
(18) |
May
(78) |
Jun
(39) |
Jul
(3) |
Aug
(136) |
Sep
(134) |
Oct
(19) |
Nov
(48) |
Dec
(30) |
| 2017 |
Jan
(33) |
Feb
(35) |
Mar
(100) |
Apr
(87) |
May
(169) |
Jun
(119) |
Jul
(165) |
Aug
(241) |
Sep
(128) |
Oct
(42) |
Nov
|
Dec
|
|
From: Dmitry K. <dmi...@gm...> - 2013-07-15 10:31:17
|
Right.
Will handle patches today...
- Dmitry
On Fri, Jul 12, 2013 at 9:52 PM, Vivek Goyal <vg...@re...> wrote:
> Now evmctl supports different hash algorithms and sha512 will produce
> 64 byte digest. verify_ima() still allocates only 20bytes to store hash.
> This does not work with larger hashes.
>
> Signed-off-by: Vivek Goyal <vg...@re...>
> ---
> src/evmctl.c | 12 ++++++------
> 1 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/src/evmctl.c b/src/evmctl.c
> index d0f75ac..eda468b 100644
> --- a/src/evmctl.c
> +++ b/src/evmctl.c
> @@ -1213,13 +1213,13 @@ static int cmd_verify_evm(struct command *cmd)
>
> static int verify_ima(const char *file, const char *key)
> {
> - unsigned char hash[20];
> + unsigned char hash[64];
> unsigned char sig[1024];
> - int len;
> + int len, hashlen;
>
> - len = calc_hash(file, hash);
> - if (len <= 1)
> - return len;
> + hashlen = calc_hash(file, hash);
> + if (hashlen <= 1)
> + return hashlen;
>
> if (xattr) {
> len = getxattr(file, "security.ima", sig, sizeof(sig));
> @@ -1242,7 +1242,7 @@ static int verify_ima(const char *file, const char *key)
> return -1;
> }
>
> - return verify_hash(hash, sizeof(hash), sig + 1, len - 1, key);
> + return verify_hash(hash, hashlen, sig + 1, len - 1, key);
> }
>
> static int cmd_verify_ima(struct command *cmd)
> --
> 1.7.7.6
>
|
|
From: Vivek G. <vg...@re...> - 2013-07-12 18:52:24
|
Currently we assume signature version is v1 until and unless -x is
specified on kernel command line. Given the fact that signature version
information is available in signature itself, it is much better to get
it from there and not require user to pass -x during verification phase.
If user passed -x on command line, then honor it.
Now one can do following.
evmctl ima_sign -x /tmp/data.txt
evmctl ima_verify /tmp/data.txt
Signed-off-by: Vivek Goyal <vg...@re...>
---
src/evmctl.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index 03a81ae..ca467c5 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -255,6 +255,7 @@ static int sigfile;
static int modsig;
static char *uuid_str;
static int x509;
+static bool user_sig_type = false;
static char *keyfile;
typedef int (*sign_hash_fn_t)(const char *algo, const unsigned char *hash, int size, const char *keyfile, unsigned char *sig);
@@ -1304,6 +1305,14 @@ static int verify_ima(const char *file, const char *key)
if (hashlen <= 1)
return hashlen;
+ /* Get signature type from sig header if user did not enforce it */
+ if (!user_sig_type) {
+ if (sig[1] == DIGSIG_VERSION_1)
+ verify_hash = verify_hash_v1;
+ else if (sig[1] == DIGSIG_VERSION_2)
+ verify_hash = verify_hash_v2;
+ }
+
return verify_hash(hash, hashlen, sig + 1, len - 1, key);
}
@@ -1716,6 +1725,7 @@ int main(int argc, char *argv[])
x509 = 1;
sign_hash = sign_hash_v2;
verify_hash = verify_hash_v2;
+ user_sig_type = true;
break;
case 'k':
keyfile = optarg;
--
1.7.7.6
|
|
From: Vivek G. <vg...@re...> - 2013-07-12 18:52:23
|
hdr->hash for signature version 1 contains the info about what hash
algorithm has been used for signing the file. Currently we always set
hdr->hash to DIGEST_ALGO_SHA1. But one can sign file using SHA256 using
option "-a sha256". In that case we should put right hash algo info
in signature header. Fix it.
Signed-off-by: Vivek Goyal <vg...@re...>
---
src/evmctl.c | 23 ++++++++++++++++++++---
1 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index eda468b..0b79077 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -476,9 +476,20 @@ static RSA *read_priv_key(const char *keyfile)
return key;
}
-static int sign_hash_v1(const char *algo, const unsigned char *hash, int size, const char *keyfile, unsigned char *sig)
+int get_hash_algo_v1(const char *algo)
{
- int err, len;
+
+ if (!strcmp(algo, "sha1"))
+ return DIGEST_ALGO_SHA1;
+ else if (!strcmp(algo, "sha256"))
+ return DIGEST_ALGO_SHA256;
+
+ return -1;
+}
+
+static int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, const char *keyfile, unsigned char *sig)
+{
+ int err, len, hashalgo_idx;
SHA_CTX ctx;
unsigned char pub[1024];
RSA *key;
@@ -498,7 +509,13 @@ static int sign_hash_v1(const char *algo, const unsigned char *hash, int size, c
hdr->version = 1;
hdr->timestamp = time(NULL);
hdr->algo = PUBKEY_ALGO_RSA;
- hdr->hash = DIGEST_ALGO_SHA1;
+ hashalgo_idx = get_hash_algo_v1(hashalgo);
+ if (hashalgo_idx < 0) {
+ log_err("Signature version 1 does not support hash algo %s\n",
+ hashalgo);
+ return -1;
+ }
+ hdr->hash = (uint8_t) hashalgo_idx;
len = key2bin(key, pub);
calc_keyid_v1(hdr->keyid, name, pub, len);
--
1.7.7.6
|
|
From: Vivek G. <vg...@re...> - 2013-07-12 18:52:23
|
Using macros for fixed values looks cleaner. Also I am planning to use
version field in more places in next patch. So use macros intead of
numbers like 1 and 2.
Signed-off-by: Vivek Goyal <vg...@re...>
---
src/evmctl.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index 08b2b81..03a81ae 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -90,6 +90,9 @@
#define FS_IOC32_GETFLAGS _IOR('f', 1, int)
#define FS_IOC32_SETFLAGS _IOW('f', 2, int)
+#define DIGSIG_VERSION_1 1
+#define DIGSIG_VERSION_2 2
+
struct h_misc {
unsigned long ino;
uint32_t generation;
@@ -508,7 +511,7 @@ static int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int siz
return -1;
/* now create a new hash */
- hdr->version = 1;
+ hdr->version = (uint8_t) DIGSIG_VERSION_1;
hdr->timestamp = time(NULL);
hdr->algo = PUBKEY_ALGO_RSA;
hashalgo_idx = get_hash_algo_v1(hashalgo);
@@ -578,7 +581,7 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash, int size, c
if (!key)
return -1;
- hdr->version = 2;
+ hdr->version = (uint8_t) DIGSIG_VERSION_2;
hdr->hash_algo = get_hash_algo(algo);
calc_keyid_v2(&hdr->keyid, name, key);
--
1.7.7.6
|
|
From: Vivek G. <vg...@re...> - 2013-07-12 18:52:22
|
If one signs a file using hash algo -sha256 then one needs to specify
signature during verification also otherwise evmctl using default sha1
for calculating hash and signature verification fails. One needs to
specify -a sha256 on command line even during signature verification
phase to make sure file is signed right.
I think that's completely unnecessary. A user is not always supposed
to know what algorithm was used to generate signature. User is only
concered with whether this signature is valid or not.
So retrieve hash algorithm info from signature and use that.
Signed-off-by: Vivek Goyal <vg...@re...>
---
src/evmctl.c | 47 ++++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 42 insertions(+), 5 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index 0b79077..0682462 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -244,7 +244,7 @@ static int xattr = 1;
static int sigdump;
static int digest;
static int digsig;
-static char *hash_algo = "sha1";
+static const char *hash_algo = "sha1";
static char *keypass;
static int sigfile;
static int modsig;
@@ -1228,15 +1228,39 @@ static int cmd_verify_evm(struct command *cmd)
return verify_evm(file, key);
}
+static uint8_t get_hash_algo_from_sig(unsigned char *sig)
+{
+ uint8_t hashalgo;
+
+ if (sig[0] == 1) {
+ hashalgo = ((struct signature_hdr *)sig)->hash;
+
+ if (hashalgo >= DIGEST_ALGO_MAX)
+ return -1;
+
+ switch (hashalgo) {
+ case DIGEST_ALGO_SHA1:
+ return PKEY_HASH_SHA1;
+ case DIGEST_ALGO_SHA256:
+ return PKEY_HASH_SHA256;
+ default:
+ return -1;
+ }
+ } else if (sig[0] == 2) {
+ hashalgo = ((struct signature_v2_hdr *)sig)->hash_algo;
+ if (hashalgo >= PKEY_HASH__LAST)
+ return -1;
+ return hashalgo;
+ } else
+ return -1;
+}
+
static int verify_ima(const char *file, const char *key)
{
unsigned char hash[64];
unsigned char sig[1024];
int len, hashlen;
-
- hashlen = calc_hash(file, hash);
- if (hashlen <= 1)
- return hashlen;
+ int sig_hash_algo;
if (xattr) {
len = getxattr(file, "security.ima", sig, sizeof(sig));
@@ -1259,6 +1283,19 @@ static int verify_ima(const char *file, const char *key)
return -1;
}
+ sig_hash_algo = get_hash_algo_from_sig(sig + 1);
+ if (sig_hash_algo < 0) {
+ log_err("Invalid signature\n");
+ return -1;
+ }
+
+ /* Use hash algorithm as retrieved from signature */
+ hash_algo = pkey_hash_algo[sig_hash_algo];
+
+ hashlen = calc_hash(file, hash);
+ if (hashlen <= 1)
+ return hashlen;
+
return verify_hash(hash, hashlen, sig + 1, len - 1, key);
}
--
1.7.7.6
|
|
From: Vivek G. <vg...@re...> - 2013-07-12 18:52:21
|
After applying previous patch, we will always get hash algo info from
signature and if user specified one on command line, that will be overridden.
This is like breaking old behavior. So keep track whether user specified
hash algo on command line or not. If user did not specify one then get
hash algo info from signature otherwise use the one user provided.
Signed-off-by: Vivek Goyal <vg...@re...>
---
src/evmctl.c | 20 +++++++++++++-------
1 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index 0682462..08b2b81 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -36,6 +36,7 @@
#include <stdio.h>
#include <stdint.h>
#include <string.h>
+#include <stdbool.h>
#include <attr/xattr.h>
#include <getopt.h>
#include <signal.h>
@@ -245,6 +246,7 @@ static int sigdump;
static int digest;
static int digsig;
static const char *hash_algo = "sha1";
+static bool user_hash_algo = false;
static char *keypass;
static int sigfile;
static int modsig;
@@ -1283,14 +1285,17 @@ static int verify_ima(const char *file, const char *key)
return -1;
}
- sig_hash_algo = get_hash_algo_from_sig(sig + 1);
- if (sig_hash_algo < 0) {
- log_err("Invalid signature\n");
- return -1;
- }
+ /* If user specified an hash algo on command line, let it override */
+ if (!user_hash_algo) {
+ sig_hash_algo = get_hash_algo_from_sig(sig + 1);
+ if (sig_hash_algo < 0) {
+ log_err("Invalid signature\n");
+ return -1;
+ }
- /* Use hash algorithm as retrieved from signature */
- hash_algo = pkey_hash_algo[sig_hash_algo];
+ /* Use hash algorithm as retrieved from signature */
+ hash_algo = pkey_hash_algo[sig_hash_algo];
+ }
hashlen = calc_hash(file, hash);
if (hashlen <= 1)
@@ -1688,6 +1693,7 @@ int main(int argc, char *argv[])
break;
case 'a':
hash_algo = optarg;
+ user_hash_algo = true;
break;
case 'p':
keypass = optarg;
--
1.7.7.6
|
|
From: Vivek G. <vg...@re...> - 2013-07-12 18:52:21
|
Hi Dmitry,
This is the series of miscellaneous fixes to evmctl. I think these fixes
make life little easier for the user and get rid of some of the confusion.
These also allow dealing with detached signatures easily.
Can you please have a look.
Thanks
Vivek
Vivek Goyal (7):
evmctl: Fix hash array size in verify_ima()
evmctl: Put right hash algo info in signature digital signature
version 1 header
ima_verify(): Get hash algorithm info from signature
ima_verify(): Let user specified hash algo take precedence
evmctl: Use macros for signature versions
ima_verify(): Get signatuer version from header
evmctl: Save full security.ima attribute to a file
src/evmctl.c | 104 +++++++++++++++++++++++++++++++++++++++++++++++++---------
1 files changed, 88 insertions(+), 16 deletions(-)
--
1.7.7.6
|
|
From: Vivek G. <vg...@re...> - 2013-07-12 18:52:21
|
Right now if -f option is passed in, we only save the actual signature to
a file and not the full security.ima attribute.
I think it makes more sense to save full security.ima attribute so that
it can act as detached signatures and one can install signature later.
That is signing can take place on build server and detached signatures
can be generated and these signatures can be installed later on target.
One can use following steps.
# Generate detached signatures
evmctl ima_sign -f -x -a sha256 /tmp/data.txt
# Install signature on target
hexdump -v -e '1/1 "%02x"' /tmp/data.txt.sig > /tmp/data.txt.sig.hex
printf "# file: /tmp/data.txt\nsecurity.ima=0x" | cat - /tmp/data.txt.sig.hex | setfattr --restore -
# Verify signature
evmctl ima_verify /tmp/data.txt
Signed-off-by: Vivek Goyal <vg...@re...>
---
src/evmctl.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index ca467c5..bf87113 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1043,7 +1043,7 @@ static int sign_ima(const char *file, const char *key)
}
if (sigfile)
- bin2file(file, "sig", sig + 1, len - 1);
+ bin2file(file, "sig", sig, len);
if (xattr) {
err = setxattr(file, "security.ima", sig, len, 0);
@@ -1279,8 +1279,7 @@ static int verify_ima(const char *file, const char *key)
if (sigfile) {
void *tmp;
tmp = file2bin(file, "sig", &len);
- sig[0] = 0x03;
- memcpy(sig+1, tmp, len++);
+ memcpy(sig, tmp, len);
free(tmp);
}
--
1.7.7.6
|
|
From: Vivek G. <vg...@re...> - 2013-07-12 18:52:21
|
Now evmctl supports different hash algorithms and sha512 will produce
64 byte digest. verify_ima() still allocates only 20bytes to store hash.
This does not work with larger hashes.
Signed-off-by: Vivek Goyal <vg...@re...>
---
src/evmctl.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index d0f75ac..eda468b 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1213,13 +1213,13 @@ static int cmd_verify_evm(struct command *cmd)
static int verify_ima(const char *file, const char *key)
{
- unsigned char hash[20];
+ unsigned char hash[64];
unsigned char sig[1024];
- int len;
+ int len, hashlen;
- len = calc_hash(file, hash);
- if (len <= 1)
- return len;
+ hashlen = calc_hash(file, hash);
+ if (hashlen <= 1)
+ return hashlen;
if (xattr) {
len = getxattr(file, "security.ima", sig, sizeof(sig));
@@ -1242,7 +1242,7 @@ static int verify_ima(const char *file, const char *key)
return -1;
}
- return verify_hash(hash, sizeof(hash), sig + 1, len - 1, key);
+ return verify_hash(hash, hashlen, sig + 1, len - 1, key);
}
static int cmd_verify_ima(struct command *cmd)
--
1.7.7.6
|
|
From: Vivek G. <vg...@re...> - 2013-07-10 20:57:33
|
Oops, sent it to dmitry's old email address.
Vivek
----- Forwarded message from Vivek Goyal <vg...@re...> -----
Date: Wed, 10 Jul 2013 16:31:24 -0400
From: Vivek Goyal <vg...@re...>
To: "Kasatkin, Dmitry" <dmi...@in...>
Cc: lin...@li...
Subject: [PATCH] evmctl: Fix hash array size in verify_ima()
User-Agent: Mutt/1.5.21 (2010-09-15)
Message-ID: <201...@re...>
Now evmctl supports different hash algorithms and sha512 will produce
64 byte digest. verify_ima() still allocates only 20bytes to store hash.
This does not work with larger hashes.
Signed-off-by: Vivek Goyal <vg...@re...>
---
src/evmctl.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
Index: ima-evm-utils/src/evmctl.c
===================================================================
--- ima-evm-utils.orig/src/evmctl.c 2013-07-10 16:09:28.295186620 -0400
+++ ima-evm-utils/src/evmctl.c 2013-07-10 16:10:07.471634450 -0400
@@ -1213,13 +1213,13 @@ static int cmd_verify_evm(struct command
static int verify_ima(const char *file, const char *key)
{
- unsigned char hash[20];
+ unsigned char hash[64];
unsigned char sig[1024];
- int len;
+ int len, hashlen;
- len = calc_hash(file, hash);
- if (len <= 1)
- return len;
+ hashlen = calc_hash(file, hash);
+ if (hashlen <= 1)
+ return hashlen;
if (xattr) {
len = getxattr(file, "security.ima", sig, sizeof(sig));
@@ -1242,7 +1242,7 @@ static int verify_ima(const char *file,
return -1;
}
- return verify_hash(hash, sizeof(hash), sig + 1, len - 1, key);
+ return verify_hash(hash, hashlen, sig + 1, len - 1, key);
}
static int cmd_verify_ima(struct command *cmd)
----- End forwarded message -----
|
|
From: Vivek G. <vg...@re...> - 2013-07-10 20:31:34
|
Now evmctl supports different hash algorithms and sha512 will produce
64 byte digest. verify_ima() still allocates only 20bytes to store hash.
This does not work with larger hashes.
Signed-off-by: Vivek Goyal <vg...@re...>
---
src/evmctl.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
Index: ima-evm-utils/src/evmctl.c
===================================================================
--- ima-evm-utils.orig/src/evmctl.c 2013-07-10 16:09:28.295186620 -0400
+++ ima-evm-utils/src/evmctl.c 2013-07-10 16:10:07.471634450 -0400
@@ -1213,13 +1213,13 @@ static int cmd_verify_evm(struct command
static int verify_ima(const char *file, const char *key)
{
- unsigned char hash[20];
+ unsigned char hash[64];
unsigned char sig[1024];
- int len;
+ int len, hashlen;
- len = calc_hash(file, hash);
- if (len <= 1)
- return len;
+ hashlen = calc_hash(file, hash);
+ if (hashlen <= 1)
+ return hashlen;
if (xattr) {
len = getxattr(file, "security.ima", sig, sizeof(sig));
@@ -1242,7 +1242,7 @@ static int verify_ima(const char *file,
return -1;
}
- return verify_hash(hash, sizeof(hash), sig + 1, len - 1, key);
+ return verify_hash(hash, hashlen, sig + 1, len - 1, key);
}
static int cmd_verify_ima(struct command *cmd)
|
|
From: Vivek G. <vg...@re...> - 2013-07-10 19:57:19
|
On Wed, Jul 10, 2013 at 04:58:57PM +0100, Dmitry Kasatkin wrote: > Hello, > > Done and committed. > Also one more back is fixed when verifying signature from .sig files. > Thanks Dmitry. Also looked at other fix for verifying signature from a file. I was wondering that why don't we dump whole of security.ima attribute when sigfile is specified and we just dump the signature. If we dump the whole security.ima xattr, then that would act like a detached signature and can be used to install later using setfattr. We can use this functionality to sign a file at build time and install signature at rpm installation time. That way verify_ima does not have to assume that it is a digital signature Anyway, signautre format is specific to ima and no other tool can understand it. So creating a detached signature which contains whole of the security.ima xattr makes sense to me. What do you think? Thanks Vivek |
|
From: Dmitry K. <dmi...@gm...> - 2013-07-10 15:59:04
|
Hello,
Done and committed.
Also one more back is fixed when verifying signature from .sig files.
Thanks.
Dmitry
On Wed, Jul 10, 2013 at 3:21 PM, Dmitry Kasatkin
<dmi...@gm...> wrote:
> On Tue, Jul 9, 2013 at 6:40 PM, Vivek Goyal <vg...@re...> wrote:
>> On Sun, Jun 30, 2013 at 09:36:08PM +0300, Dmitry Kasatkin wrote:
>>> Hello Vivek,
>>>
>>> I was on vacation. Just returned.
>>> Will verify tomorrow.
>>>
>>
>> Hi Dmitry,
>>
>> Did you get a chance to have a look at this patch. Can you please apply
>> it.
>>
> On Tue, Jul 9, 2013 at 6:40 PM, Vivek Goyal <vg...@re...> wrote:
>
> Hi Vivek,
>
> Sorry for delay. I had certain family related event which put me out of order.
> I am back now...
>
> - Dmitry
>
>> Thanks
>> Vivek
>>
>>> - Dmitry
>>>
>>>
>>> On Tue, Jun 25, 2013 at 6:09 AM, Vivek Goyal <vg...@re...> wrote:
>>> > For V2 of digital signature we store signature at hdr->sig and not at
>>> > hdr->sig + 2. That's the property of V1 of signature.
>>> >
>>> > Fix the verification code otherwise it fails with following message.
>>> >
>>> > RSA_public_decrypt() failed: -1
>>> > error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
>>> > error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
>>> >
>>> > Signed-off-by: Vivek Goyal <vg...@re...>
>>> > ---
>>> > src/evmctl.c | 2 +-
>>> > 1 file changed, 1 insertion(+), 1 deletion(-)
>>> >
>>> > Index: ima-evm-utils/src/evmctl.c
>>> > ===================================================================
>>> > --- ima-evm-utils.orig/src/evmctl.c 2013-06-24 23:03:32.631000000 -0400
>>> > +++ ima-evm-utils/src/evmctl.c 2013-06-24 23:03:47.124000000 -0400
>>> > @@ -1141,7 +1141,7 @@ static int verify_hash_v2(const unsigned
>>> > if (!key)
>>> > return 1;
>>> >
>>> > - err = RSA_public_decrypt(siglen - sizeof(*hdr) - 2, sig + sizeof(*hdr) + 2, out, key, RSA_PKCS1_PADDING);
>>> > + err = RSA_public_decrypt(siglen - sizeof(*hdr), sig + sizeof(*hdr), out, key, RSA_PKCS1_PADDING);
>>> > RSA_free(key);
>>> > if (err < 0) {
>>> > log_err("RSA_public_decrypt() failed: %d\n", err);
|
|
From: Dmitry K. <dmi...@gm...> - 2013-07-10 14:21:45
|
On Tue, Jul 9, 2013 at 6:40 PM, Vivek Goyal <vg...@re...> wrote:
> On Sun, Jun 30, 2013 at 09:36:08PM +0300, Dmitry Kasatkin wrote:
>> Hello Vivek,
>>
>> I was on vacation. Just returned.
>> Will verify tomorrow.
>>
>
> Hi Dmitry,
>
> Did you get a chance to have a look at this patch. Can you please apply
> it.
>
On Tue, Jul 9, 2013 at 6:40 PM, Vivek Goyal <vg...@re...> wrote:
Hi Vivek,
Sorry for delay. I had certain family related event which put me out of order.
I am back now...
- Dmitry
> Thanks
> Vivek
>
>> - Dmitry
>>
>>
>> On Tue, Jun 25, 2013 at 6:09 AM, Vivek Goyal <vg...@re...> wrote:
>> > For V2 of digital signature we store signature at hdr->sig and not at
>> > hdr->sig + 2. That's the property of V1 of signature.
>> >
>> > Fix the verification code otherwise it fails with following message.
>> >
>> > RSA_public_decrypt() failed: -1
>> > error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
>> > error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
>> >
>> > Signed-off-by: Vivek Goyal <vg...@re...>
>> > ---
>> > src/evmctl.c | 2 +-
>> > 1 file changed, 1 insertion(+), 1 deletion(-)
>> >
>> > Index: ima-evm-utils/src/evmctl.c
>> > ===================================================================
>> > --- ima-evm-utils.orig/src/evmctl.c 2013-06-24 23:03:32.631000000 -0400
>> > +++ ima-evm-utils/src/evmctl.c 2013-06-24 23:03:47.124000000 -0400
>> > @@ -1141,7 +1141,7 @@ static int verify_hash_v2(const unsigned
>> > if (!key)
>> > return 1;
>> >
>> > - err = RSA_public_decrypt(siglen - sizeof(*hdr) - 2, sig + sizeof(*hdr) + 2, out, key, RSA_PKCS1_PADDING);
>> > + err = RSA_public_decrypt(siglen - sizeof(*hdr), sig + sizeof(*hdr), out, key, RSA_PKCS1_PADDING);
>> > RSA_free(key);
>> > if (err < 0) {
>> > log_err("RSA_public_decrypt() failed: %d\n", err);
|
|
From: Vivek G. <vg...@re...> - 2013-07-09 17:40:36
|
On Sun, Jun 30, 2013 at 09:36:08PM +0300, Dmitry Kasatkin wrote:
> Hello Vivek,
>
> I was on vacation. Just returned.
> Will verify tomorrow.
>
Hi Dmitry,
Did you get a chance to have a look at this patch. Can you please apply
it.
Thanks
Vivek
> - Dmitry
>
>
> On Tue, Jun 25, 2013 at 6:09 AM, Vivek Goyal <vg...@re...> wrote:
> > For V2 of digital signature we store signature at hdr->sig and not at
> > hdr->sig + 2. That's the property of V1 of signature.
> >
> > Fix the verification code otherwise it fails with following message.
> >
> > RSA_public_decrypt() failed: -1
> > error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
> > error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
> >
> > Signed-off-by: Vivek Goyal <vg...@re...>
> > ---
> > src/evmctl.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > Index: ima-evm-utils/src/evmctl.c
> > ===================================================================
> > --- ima-evm-utils.orig/src/evmctl.c 2013-06-24 23:03:32.631000000 -0400
> > +++ ima-evm-utils/src/evmctl.c 2013-06-24 23:03:47.124000000 -0400
> > @@ -1141,7 +1141,7 @@ static int verify_hash_v2(const unsigned
> > if (!key)
> > return 1;
> >
> > - err = RSA_public_decrypt(siglen - sizeof(*hdr) - 2, sig + sizeof(*hdr) + 2, out, key, RSA_PKCS1_PADDING);
> > + err = RSA_public_decrypt(siglen - sizeof(*hdr), sig + sizeof(*hdr), out, key, RSA_PKCS1_PADDING);
> > RSA_free(key);
> > if (err < 0) {
> > log_err("RSA_public_decrypt() failed: %d\n", err);
|
|
From: Dmitry K. <dmi...@gm...> - 2013-06-30 18:36:16
|
Hello Vivek,
I was on vacation. Just returned.
Will verify tomorrow.
- Dmitry
On Tue, Jun 25, 2013 at 6:09 AM, Vivek Goyal <vg...@re...> wrote:
> For V2 of digital signature we store signature at hdr->sig and not at
> hdr->sig + 2. That's the property of V1 of signature.
>
> Fix the verification code otherwise it fails with following message.
>
> RSA_public_decrypt() failed: -1
> error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
> error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
>
> Signed-off-by: Vivek Goyal <vg...@re...>
> ---
> src/evmctl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Index: ima-evm-utils/src/evmctl.c
> ===================================================================
> --- ima-evm-utils.orig/src/evmctl.c 2013-06-24 23:03:32.631000000 -0400
> +++ ima-evm-utils/src/evmctl.c 2013-06-24 23:03:47.124000000 -0400
> @@ -1141,7 +1141,7 @@ static int verify_hash_v2(const unsigned
> if (!key)
> return 1;
>
> - err = RSA_public_decrypt(siglen - sizeof(*hdr) - 2, sig + sizeof(*hdr) + 2, out, key, RSA_PKCS1_PADDING);
> + err = RSA_public_decrypt(siglen - sizeof(*hdr), sig + sizeof(*hdr), out, key, RSA_PKCS1_PADDING);
> RSA_free(key);
> if (err < 0) {
> log_err("RSA_public_decrypt() failed: %d\n", err);
|
|
From: Vivek G. <vg...@re...> - 2013-06-25 03:09:46
|
For V2 of digital signature we store signature at hdr->sig and not at
hdr->sig + 2. That's the property of V1 of signature.
Fix the verification code otherwise it fails with following message.
RSA_public_decrypt() failed: -1
error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
Signed-off-by: Vivek Goyal <vg...@re...>
---
src/evmctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: ima-evm-utils/src/evmctl.c
===================================================================
--- ima-evm-utils.orig/src/evmctl.c 2013-06-24 23:03:32.631000000 -0400
+++ ima-evm-utils/src/evmctl.c 2013-06-24 23:03:47.124000000 -0400
@@ -1141,7 +1141,7 @@ static int verify_hash_v2(const unsigned
if (!key)
return 1;
- err = RSA_public_decrypt(siglen - sizeof(*hdr) - 2, sig + sizeof(*hdr) + 2, out, key, RSA_PKCS1_PADDING);
+ err = RSA_public_decrypt(siglen - sizeof(*hdr), sig + sizeof(*hdr), out, key, RSA_PKCS1_PADDING);
RSA_free(key);
if (err < 0) {
log_err("RSA_public_decrypt() failed: %d\n", err);
|
|
From: Dmitry K. <dmi...@gm...> - 2013-06-13 09:59:34
|
On Fri, May 31, 2013 at 5:04 PM, Vivek Goyal <vg...@re...> wrote: > On Fri, May 31, 2013 at 12:44:36PM +0300, Dmitry Kasatkin wrote: > > [..] >> > Few queries. >> > >> > - Is it intentional that for V2 we store the length in bytes and not bits. >> > >> > - Is there any documentation which explains gnupg signature format and it >> > requirements for storing length of signature. >> > >> >> Using bits was a very old legacy decision based on some very old code from >> digsig project or so. There is a function in the mpilib which reads bits... >> In fact it has nothing to do with gpg... >> >> >> > - Storing sizse in bits with-in 2 bytes means that signature can not exceed >> > the size of 32 bytes. I am not sure if that's good enough or not. >> > >> >> When measuring in bytes, 2 bytes it can hold up 64k. >> When measuring in nits, 2 bytes can 64k >> 3 - up to 8k. >> >> Right? > > Yes, I miscalculated. > >> >> Signature is under 1k now... >> >> > - What does gnupg compatible mean here? Can I take this sigunature and >> > pass as detached signature to gnupg utils and they can verify this >> > signature against a given file? >> >> It means nothing.. just ignore that comment. >> it is not possible.. signature header format is different... >> BUT RSA signature itself is a usual signature (RSA sign). >> >> What do you want to achieve? > > Remember for kexec on secureboot, I wanted to lock down executable in > memory. Initially I was locking down all signed executables in memory. > Mimi mentioned that it will not work with IMA as in those systems > all root binaries will be singed (i am assuming). So figure a way out > to put that info somewhere else. > > So as was previously suggested, I am tyring to add this info in > security.ima xattr. Just add another structure after digital signature. > After that relevant code in kernel can parse this structure and figure > out if file should be locked or not. > > Given the fact that I am putting this memlocking info after digital > signature, I need to know the size of digital signature to parse > this new structure. Also existing functions assume that whole of the > xattr contains signature data and that will not be the case if we > apped more info after signature. That's why I was trying to figure out > what's the convention for storing digital signature size and how to > parse them in kernel. > > I also wanted to some feedback on what you and Mimi think about adding > file locking info in security.ima. It is ok to append another structure > after digital signatures. If not, what would be a better way to achieve > the same. > Hello Vivek, Actually, we discussed exactly such approach of adding a flag in the signature header to indicate that locking is necessary. But this would require to include header to the signing process... - Dmitry > Thanks > Vivek |
|
From: Mimi Z. <zo...@li...> - 2013-06-07 22:57:09
|
On Fri, 2013-06-07 at 12:53 -0400, Vivek Goyal wrote: > On Fri, Jun 07, 2013 at 07:08:23PM +0300, Dmitry Kasatkin wrote: > > On Fri, Jun 7, 2013 at 6:49 PM, Vivek Goyal <vg...@re...> wrote: > > > On Thu, May 30, 2013 at 11:00:12PM -0400, Mimi Zohar wrote: > > >> > > >> On Thu, 2013-05-30 at 14:50 -0400, Vivek Goyal wrote: > > >> > Hi Dmitry, > > >> > > > >> > I have more queries about evmctl. This time hash algorithm used for digital > > >> > signing by evmctl. Will be great if you can help out. > > >> > > > >> > IIUC, following seems to be the case. > > >> > > > >> > - We always use SHA1 for v1 of digital signature. Even if one specifies > > >> > -a option, we ignore that for v1? > > >> > > > >> > - hash algo into is put in digital signature header. Looks like we put > > >> > this info differently for v1 and v2. For v1, we always seem to use > > >> > DIGEST_ALGO_SHA1 that is value 0. For V2, we seem to map algo to > > >> > enum pkey_hash_algo. That means even if we sign v2 header using sha1, > > >> > value will be 2. > > >> > > > >> > IOW, sha1 is mapped to different values in v1 and v2. v2 seems to > > >> > map to kernel defined hash algo enum while v1 does not. So if I decide > > >> > to parse signatures in kernel and extract hash algorithm in kernel, I > > >> > need to do it differently based on version of signature? > > >> > > >> Hi Vivek, we're working on an IMA patch set that supports larger hash > > >> digests. The ima-evm-utils package has already been updated to support > > >> these larger digests. Unfortunately, the change isn't isolated to just > > >> signature verification, but requires major changes to the measurement > > >> list architecture. One version of the changes are in the > > >> #next-multiple-templates-experimental branch. > > > > > > Hi Mimi, > > > > > > When can we expect these changes to be available upstream? Is 3.11 a > > > realistic target? > > > > > > > Hi Vivek, > > > > What changes exactly? > > > > Are you talking about sugnature verification for arbitrary hash algos? > > Yes. I am interested in signing a file with -sha256. > > > > > It is ready. Mimi was busy with templates... > > But may be we can do it first and then continue with templates? > > That would be fine (if arbitrary hash algos is not depedndent on > template work). Without the template support, files would have to be hashed twice, once for the measurement list and again for appraisal. For this reason, I would prefer to upstream the larger digest size and variable length template support at the same time. thanks, Mimi |
|
From: Vivek G. <vg...@re...> - 2013-06-07 16:54:07
|
On Fri, Jun 07, 2013 at 07:08:23PM +0300, Dmitry Kasatkin wrote: > On Fri, Jun 7, 2013 at 6:49 PM, Vivek Goyal <vg...@re...> wrote: > > On Thu, May 30, 2013 at 11:00:12PM -0400, Mimi Zohar wrote: > >> > >> On Thu, 2013-05-30 at 14:50 -0400, Vivek Goyal wrote: > >> > Hi Dmitry, > >> > > >> > I have more queries about evmctl. This time hash algorithm used for digital > >> > signing by evmctl. Will be great if you can help out. > >> > > >> > IIUC, following seems to be the case. > >> > > >> > - We always use SHA1 for v1 of digital signature. Even if one specifies > >> > -a option, we ignore that for v1? > >> > > >> > - hash algo into is put in digital signature header. Looks like we put > >> > this info differently for v1 and v2. For v1, we always seem to use > >> > DIGEST_ALGO_SHA1 that is value 0. For V2, we seem to map algo to > >> > enum pkey_hash_algo. That means even if we sign v2 header using sha1, > >> > value will be 2. > >> > > >> > IOW, sha1 is mapped to different values in v1 and v2. v2 seems to > >> > map to kernel defined hash algo enum while v1 does not. So if I decide > >> > to parse signatures in kernel and extract hash algorithm in kernel, I > >> > need to do it differently based on version of signature? > >> > >> Hi Vivek, we're working on an IMA patch set that supports larger hash > >> digests. The ima-evm-utils package has already been updated to support > >> these larger digests. Unfortunately, the change isn't isolated to just > >> signature verification, but requires major changes to the measurement > >> list architecture. One version of the changes are in the > >> #next-multiple-templates-experimental branch. > > > > Hi Mimi, > > > > When can we expect these changes to be available upstream? Is 3.11 a > > realistic target? > > > > Hi Vivek, > > What changes exactly? > > Are you talking about sugnature verification for arbitrary hash algos? Yes. I am interested in signing a file with -sha256. > > It is ready. Mimi was busy with templates... > But may be we can do it first and then continue with templates? That would be fine (if arbitrary hash algos is not depedndent on template work). Thanks Vivek |
|
From: Dmitry K. <dmi...@gm...> - 2013-06-07 16:08:30
|
On Fri, Jun 7, 2013 at 6:49 PM, Vivek Goyal <vg...@re...> wrote: > On Thu, May 30, 2013 at 11:00:12PM -0400, Mimi Zohar wrote: >> >> On Thu, 2013-05-30 at 14:50 -0400, Vivek Goyal wrote: >> > Hi Dmitry, >> > >> > I have more queries about evmctl. This time hash algorithm used for digital >> > signing by evmctl. Will be great if you can help out. >> > >> > IIUC, following seems to be the case. >> > >> > - We always use SHA1 for v1 of digital signature. Even if one specifies >> > -a option, we ignore that for v1? >> > >> > - hash algo into is put in digital signature header. Looks like we put >> > this info differently for v1 and v2. For v1, we always seem to use >> > DIGEST_ALGO_SHA1 that is value 0. For V2, we seem to map algo to >> > enum pkey_hash_algo. That means even if we sign v2 header using sha1, >> > value will be 2. >> > >> > IOW, sha1 is mapped to different values in v1 and v2. v2 seems to >> > map to kernel defined hash algo enum while v1 does not. So if I decide >> > to parse signatures in kernel and extract hash algorithm in kernel, I >> > need to do it differently based on version of signature? >> >> Hi Vivek, we're working on an IMA patch set that supports larger hash >> digests. The ima-evm-utils package has already been updated to support >> these larger digests. Unfortunately, the change isn't isolated to just >> signature verification, but requires major changes to the measurement >> list architecture. One version of the changes are in the >> #next-multiple-templates-experimental branch. > > Hi Mimi, > > When can we expect these changes to be available upstream? Is 3.11 a > realistic target? > Hi Vivek, What changes exactly? Are you talking about sugnature verification for arbitrary hash algos? It is ready. Mimi was busy with templates... But may be we can do it first and then continue with templates? Mimi? Thanks > Thanks > Vivek |
|
From: Vivek G. <vg...@re...> - 2013-06-07 15:49:20
|
On Thu, May 30, 2013 at 11:00:12PM -0400, Mimi Zohar wrote: > > On Thu, 2013-05-30 at 14:50 -0400, Vivek Goyal wrote: > > Hi Dmitry, > > > > I have more queries about evmctl. This time hash algorithm used for digital > > signing by evmctl. Will be great if you can help out. > > > > IIUC, following seems to be the case. > > > > - We always use SHA1 for v1 of digital signature. Even if one specifies > > -a option, we ignore that for v1? > > > > - hash algo into is put in digital signature header. Looks like we put > > this info differently for v1 and v2. For v1, we always seem to use > > DIGEST_ALGO_SHA1 that is value 0. For V2, we seem to map algo to > > enum pkey_hash_algo. That means even if we sign v2 header using sha1, > > value will be 2. > > > > IOW, sha1 is mapped to different values in v1 and v2. v2 seems to > > map to kernel defined hash algo enum while v1 does not. So if I decide > > to parse signatures in kernel and extract hash algorithm in kernel, I > > need to do it differently based on version of signature? > > Hi Vivek, we're working on an IMA patch set that supports larger hash > digests. The ima-evm-utils package has already been updated to support > these larger digests. Unfortunately, the change isn't isolated to just > signature verification, but requires major changes to the measurement > list architecture. One version of the changes are in the > #next-multiple-templates-experimental branch. Hi Mimi, When can we expect these changes to be available upstream? Is 3.11 a realistic target? Thanks Vivek |
|
From: Vivek G. <vg...@re...> - 2013-05-31 14:19:37
|
On Fri, May 31, 2013 at 01:08:55PM +0300, Dmitry Kasatkin wrote: > Hello VIvek, > > On Thu, May 30, 2013 at 9:50 PM, Vivek Goyal <vg...@re...> wrote: > > Hi Dmitry, > > > > I have more queries about evmctl. This time hash algorithm used for digital > > signing by evmctl. Will be great if you can help out. > > > > IIUC, following seems to be the case. > > > > - We always use SHA1 for v1 of digital signature. Even if one specifies > > -a option, we ignore that for v1? > > > > As kernel signature verification did not support other than sha1 algos > in v1 we put sha1 in evmctl. > In fact evmctl should "complain" when doing signature if someone try > to use '-a' option with other than sha1. > We could update implementation for v2, but..... now we have v2 and > added support for multiple hash algorithms. > > > > - hash algo into is put in digital signature header. Looks like we put > > this info differently for v1 and v2. For v1, we always seem to use > > DIGEST_ALGO_SHA1 that is value 0. For V2, we seem to map algo to > > enum pkey_hash_algo. That means even if we sign v2 header using sha1, > > value will be 2. > > Yes... But header versions are different.... No confusion here... > > > > > IOW, sha1 is mapped to different values in v1 and v2. v2 seems to > > map to kernel defined hash algo enum while v1 does not. So if I decide > > to parse signatures in kernel and extract hash algorithm in kernel, I > > need to do it differently based on version of signature? > > Yes. it is different and v2 is using enums for asymmetric keys.. > > May be with your new functionality we should mandate using only new > signature format. > Old support should be depricated in the future... may be... May be. I don't know who uses v1 of signature. Right now I am writing some code so that user space can verify signature of a user buffer with the help of kernel. And user space can tell which keyring to search key in. I have extended keyctl() and I pass in info like keyring, user buffer, user buffer len, signautre buffer, signature len and signature type to kernel and then exported a call from integrity system which can verify the signature. I also modified the code to extract hash algo to use from signature and that's why I was looking at how hash algo is mentioned in different kind of signatures. I need above functiolatiy so that kexec process can verify signature of bzImage being loaded before it passes that bzImage to existing kernel for loading. I am still working on my kexec with secureboot patches and plan to do another posting for review in next few weeks. Many of the ideas are still raw and up for discussion. I am hoping that patches can atleast trigger the discussion and some consensus can be reached on how to do it. Thanks Vivek |
|
From: Vivek G. <vg...@re...> - 2013-05-31 14:04:12
|
On Fri, May 31, 2013 at 12:44:36PM +0300, Dmitry Kasatkin wrote: [..] > > Few queries. > > > > - Is it intentional that for V2 we store the length in bytes and not bits. > > > > - Is there any documentation which explains gnupg signature format and it > > requirements for storing length of signature. > > > > Using bits was a very old legacy decision based on some very old code from > digsig project or so. There is a function in the mpilib which reads bits... > In fact it has nothing to do with gpg... > > > > - Storing sizse in bits with-in 2 bytes means that signature can not exceed > > the size of 32 bytes. I am not sure if that's good enough or not. > > > > When measuring in bytes, 2 bytes it can hold up 64k. > When measuring in nits, 2 bytes can 64k >> 3 - up to 8k. > > Right? Yes, I miscalculated. > > Signature is under 1k now... > > > - What does gnupg compatible mean here? Can I take this sigunature and > > pass as detached signature to gnupg utils and they can verify this > > signature against a given file? > > It means nothing.. just ignore that comment. > it is not possible.. signature header format is different... > BUT RSA signature itself is a usual signature (RSA sign). > > What do you want to achieve? Remember for kexec on secureboot, I wanted to lock down executable in memory. Initially I was locking down all signed executables in memory. Mimi mentioned that it will not work with IMA as in those systems all root binaries will be singed (i am assuming). So figure a way out to put that info somewhere else. So as was previously suggested, I am tyring to add this info in security.ima xattr. Just add another structure after digital signature. After that relevant code in kernel can parse this structure and figure out if file should be locked or not. Given the fact that I am putting this memlocking info after digital signature, I need to know the size of digital signature to parse this new structure. Also existing functions assume that whole of the xattr contains signature data and that will not be the case if we apped more info after signature. That's why I was trying to figure out what's the convention for storing digital signature size and how to parse them in kernel. I also wanted to some feedback on what you and Mimi think about adding file locking info in security.ima. It is ok to append another structure after digital signatures. If not, what would be a better way to achieve the same. Thanks Vivek |
|
From: Dmitry K. <dmi...@gm...> - 2013-05-31 10:09:02
|
Hello VIvek, On Thu, May 30, 2013 at 9:50 PM, Vivek Goyal <vg...@re...> wrote: > Hi Dmitry, > > I have more queries about evmctl. This time hash algorithm used for digital > signing by evmctl. Will be great if you can help out. > > IIUC, following seems to be the case. > > - We always use SHA1 for v1 of digital signature. Even if one specifies > -a option, we ignore that for v1? > As kernel signature verification did not support other than sha1 algos in v1 we put sha1 in evmctl. In fact evmctl should "complain" when doing signature if someone try to use '-a' option with other than sha1. We could update implementation for v2, but..... now we have v2 and added support for multiple hash algorithms. > - hash algo into is put in digital signature header. Looks like we put > this info differently for v1 and v2. For v1, we always seem to use > DIGEST_ALGO_SHA1 that is value 0. For V2, we seem to map algo to > enum pkey_hash_algo. That means even if we sign v2 header using sha1, > value will be 2. Yes... But header versions are different.... No confusion here... > > IOW, sha1 is mapped to different values in v1 and v2. v2 seems to > map to kernel defined hash algo enum while v1 does not. So if I decide > to parse signatures in kernel and extract hash algorithm in kernel, I > need to do it differently based on version of signature? Yes. it is different and v2 is using enums for asymmetric keys.. May be with your new functionality we should mandate using only new signature format. Old support should be depricated in the future... may be... - Dmitry > > Thanks > Vivke > |
116 messages has been excluded from this view by a project administrator.
