Menu
▾
▴
linux-ima-user — Q&A for users of IMA
This list is closed, nobody may subscribe to it.
| 2007 |
Jan
|
Feb
(10) |
Mar
(26) |
Apr
(8) |
May
(3) |
Jun
|
Jul
(26) |
Aug
(10) |
Sep
|
Oct
|
Nov
(2) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
|
Feb
(13) |
Mar
(4) |
Apr
(3) |
May
(5) |
Jun
|
Jul
(7) |
Aug
(8) |
Sep
(5) |
Oct
(16) |
Nov
|
Dec
(6) |
| 2009 |
Jan
(2) |
Feb
|
Mar
(3) |
Apr
|
May
|
Jun
(19) |
Jul
(4) |
Aug
|
Sep
(13) |
Oct
(10) |
Nov
(12) |
Dec
(2) |
| 2010 |
Jan
|
Feb
(2) |
Mar
(17) |
Apr
(28) |
May
|
Jun
(17) |
Jul
(11) |
Aug
(12) |
Sep
(2) |
Oct
|
Nov
|
Dec
(1) |
| 2011 |
Jan
|
Feb
|
Mar
(20) |
Apr
(10) |
May
(1) |
Jun
|
Jul
|
Aug
(15) |
Sep
(14) |
Oct
(2) |
Nov
|
Dec
|
| 2012 |
Jan
(1) |
Feb
(53) |
Mar
(15) |
Apr
(4) |
May
(2) |
Jun
(13) |
Jul
|
Aug
|
Sep
(12) |
Oct
|
Nov
|
Dec
(6) |
| 2013 |
Jan
(7) |
Feb
(8) |
Mar
(4) |
Apr
(5) |
May
|
Jun
|
Jul
|
Aug
(5) |
Sep
(6) |
Oct
|
Nov
(5) |
Dec
(8) |
| 2014 |
Jan
(17) |
Feb
(24) |
Mar
(8) |
Apr
(7) |
May
(18) |
Jun
(15) |
Jul
(5) |
Aug
(2) |
Sep
(49) |
Oct
(28) |
Nov
(7) |
Dec
(30) |
| 2015 |
Jan
(40) |
Feb
|
Mar
(9) |
Apr
(2) |
May
(9) |
Jun
(31) |
Jul
(33) |
Aug
(5) |
Sep
(20) |
Oct
|
Nov
(3) |
Dec
(12) |
| 2016 |
Jan
(14) |
Feb
(29) |
Mar
(10) |
Apr
(4) |
May
(4) |
Jun
|
Jul
(5) |
Aug
(19) |
Sep
(21) |
Oct
(2) |
Nov
(36) |
Dec
(30) |
| 2017 |
Jan
(101) |
Feb
(12) |
Mar
(7) |
Apr
(2) |
May
(29) |
Jun
(22) |
Jul
(7) |
Aug
(93) |
Sep
(27) |
Oct
(39) |
Nov
|
Dec
|
|
From: Mimi Z. <zo...@li...> - 2014-10-21 14:51:37
|
On Tue, 2014-10-21 at 12:00 +0300, Dmitry Kasatkin wrote: > Hi, > > It is actually very difficult to see the "diff", because patch removes > file and add new file.. > > You better do it in 2 steps... > > 1) rename dh_md5sums to dh_checksums > 2) do changes. > > Then it will be very clear what are your changes.. As the dh_md5sums is being called manually from numerous packages, the next posting will define dh_checksums, but will not remove dh_md5sums. Mimi |
|
From: Dmitry K. <d.k...@sa...> - 2014-10-21 09:01:18
|
Hi,
It is actually very difficult to see the "diff", because patch removes
file and add new file..
You better do it in 2 steps...
1) rename dh_md5sums to dh_checksums
2) do changes.
Then it will be very clear what are your changes..
- Dmitry
On 20/10/14 15:57, Mimi Zohar wrote:
> The new dh_checksums debhelper extends the existing dh_md5sums to
> support larger file digests (eg. sha256, sha512). The resulting
> checksums are stored in an algorithm specific filename
> DEBIAN/<algo sums>.
>
> This patch defines a new option "--algo=" to specify the hash
> algorithm. For backwards compatability, the default hash
> algorithm is md5.
>
> Changelog v1:
> - Based on the mailing list discussion, replace the existing dh_md5sums
> script with a single debhelper script that supports larger hashes.
> ---
> dh | 2 +-
> dh_checksums | 118 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
> dh_md5sums | 100 ---------------------------------------------
> man/po4a/po4a.cfg | 2 +-
> 4 files changed, 120 insertions(+), 102 deletions(-)
> create mode 100755 dh_checksums
> delete mode 100755 dh_md5sums
>
> diff --git a/dh b/dh
> index 4f80f75..127f3d5 100755
> --- a/dh
> +++ b/dh
> @@ -408,7 +408,7 @@ if (! getpackages("arch")) {
> my @b=qw{
> dh_installdeb
> dh_gencontrol
> - dh_md5sums
> + dh_checksums
> dh_builddeb
> };
> $sequences{clean} = [qw{
> diff --git a/dh_checksums b/dh_checksums
> new file mode 100755
> index 0000000..408e192
> --- /dev/null
> +++ b/dh_checksums
> @@ -0,0 +1,118 @@
> +#!/usr/bin/perl -w
> +
> +=head1 NAME
> +
> +dh_checksums - generate the DEBIAN/<algo sums> file
> +
> +=cut
> +
> +use strict;
> +use Cwd;
> +use Debian::Debhelper::Dh_Lib;
> +
> +=head1 SYNOPSIS
> +
> +B<dh_checksums> [S<I<debhelper options>>] [B<-x>] [B<-X>I<item>] [B<--include-conffiles>] [B<--alg=>I<algorithm>]
> +
> +=head1 DESCRIPTION
> +
> +B<dh_checksums> is a debhelper program that is responsible for generating
> +a checksums file, which lists the hashes of each file in the package.
> +These files are used by the B<debsums> package.
> +
> +All files in F<DEBIAN/> are omitted from the F<checksums> file, as are all
> +conffiles (unless you use the B<--include-conffiles> switch).
> +
> +The checksums file is installed with proper permissions and ownerships.
> +
> +=head1 OPTIONS
> +
> +=over 4
> +
> +=item B<-x>, B<--include-conffiles>
> +
> +Include conffiles in the checksums list. Note that this information is
> +redundant since it is included elsewhere in Debian packages.
> +
> +=item B<-X>I<item>, B<--exclude=>I<item>
> +
> +Exclude files that contain I<item> anywhere in their filename from
> +being listed in the checksums file.
> +
> +=item B<--alg=>I<algorithm>
> +
> +Used to override the default hash algorithm (md5). The current set
> +of valid hash algorithms are: b<md5>, b<sha256>, b<sha512>
> +
> +=back
> +
> +=cut
> +
> +init(options => {
> + "x" => \$dh{INCLUDE_CONFFILES}, # is -x for some unknown historical reason..
> + "include-conffiles" => \$dh{INCLUDE_CONFFILES},
> + "alg=s" => \$dh{ALG},
> +});
> +
> +if (defined $dh{ALG}) {
> + my @algorithms = <md5 sha256 sha512>;
> + use List::MoreUtils 'any';
> + $dh{ALG}="sha256" unless any { /$dh{ALG}/ } @algorithms;
> +} else {
> + $dh{ALG}="md5";
> +}
> +my $HASHCMD = $dh{ALG}."sum";
> +my $hashsums = $dh{ALG}."sums";
> +
> +foreach my $package (@{$dh{DOPACKAGES}}) {
> + next if is_udeb($package);
> +
> + my $tmp=tmpdir($package);
> +
> + if (! -d "$tmp/DEBIAN") {
> + doit("install","-d","$tmp/DEBIAN");
> + }
> +
> + # Check if we should exclude conffiles.
> + my $exclude="";
> + if (! $dh{INCLUDE_CONFFILES} && -r "$tmp/DEBIAN/conffiles") {
> + # Generate exclude regexp.
> + open (CONFF,"$tmp/DEBIAN/conffiles");
> + while (<CONFF>) {
> + chomp;
> + s/^\///;
> + $exclude.="! -path \"./$_\" ";
> + }
> + close CONFF;
> + }
> +
> + # See if we should exclude other files.
> + if (defined($dh{EXCLUDE_FIND}) && $dh{EXCLUDE_FIND} ne '') {
> + $exclude.="! \\( $dh{EXCLUDE_FIND} \\) ";
> + }
> +
> + my $find="find . -type f $exclude ! -regex './DEBIAN/.*' -printf '%P\\0'";
> + complex_doit("(cd $tmp >/dev/null ; $find | LC_ALL=C sort -z | xargs -r0 $HASHCMD > DEBIAN/$hashsums) >/dev/null");
> + # If the file's empty, no reason to waste inodes on it.
> + if (-z "$tmp/DEBIAN/$hashsums") {
> + doit("rm","-f","$tmp/DEBIAN/$hashsums");
> + }
> + else {
> + doit("chmod",644,"$tmp/DEBIAN/$hashsums");
> + doit("chown","0:0","$tmp/DEBIAN/$hashsums");
> + }
> +}
> +
> +=head1 SEE ALSO
> +
> +L<debhelper(7)>
> +
> +This program is a part of debhelper.
> +
> +=head1 AUTHOR
> +
> +Joey Hess <jo...@de...>
> +
> +(Modified by Mimi Zohar <zo...@li...> to support other digests)
> +
> +=cut
> diff --git a/dh_md5sums b/dh_md5sums
> deleted file mode 100755
> index 4a1264b..0000000
> --- a/dh_md5sums
> +++ /dev/null
> @@ -1,100 +0,0 @@
> -#!/usr/bin/perl -w
> -
> -=head1 NAME
> -
> -dh_md5sums - generate DEBIAN/md5sums file
> -
> -=cut
> -
> -use strict;
> -use Cwd;
> -use Debian::Debhelper::Dh_Lib;
> -
> -=head1 SYNOPSIS
> -
> -B<dh_md5sums> [S<I<debhelper options>>] [B<-x>] [B<-X>I<item>] [B<--include-conffiles>]
> -
> -=head1 DESCRIPTION
> -
> -B<dh_md5sums> is a debhelper program that is responsible for generating
> -a F<DEBIAN/md5sums> file, which lists the md5sums of each file in the package.
> -These files are used by the B<debsums> package.
> -
> -All files in F<DEBIAN/> are omitted from the F<md5sums> file, as are all
> -conffiles (unless you use the B<--include-conffiles> switch).
> -
> -The md5sums file is installed with proper permissions and ownerships.
> -
> -=head1 OPTIONS
> -
> -=over 4
> -
> -=item B<-x>, B<--include-conffiles>
> -
> -Include conffiles in the md5sums list. Note that this information is
> -redundant since it is included elsewhere in Debian packages.
> -
> -=item B<-X>I<item>, B<--exclude=>I<item>
> -
> -Exclude files that contain I<item> anywhere in their filename from
> -being listed in the md5sums file.
> -
> -=back
> -
> -=cut
> -
> -init(options => {
> - "x" => \$dh{INCLUDE_CONFFILES}, # is -x for some unknown historical reason..
> - "include-conffiles" => \$dh{INCLUDE_CONFFILES},
> -});
> -
> -foreach my $package (@{$dh{DOPACKAGES}}) {
> - next if is_udeb($package);
> -
> - my $tmp=tmpdir($package);
> -
> - if (! -d "$tmp/DEBIAN") {
> - doit("install","-d","$tmp/DEBIAN");
> - }
> -
> - # Check if we should exclude conffiles.
> - my $exclude="";
> - if (! $dh{INCLUDE_CONFFILES} && -r "$tmp/DEBIAN/conffiles") {
> - # Generate exclude regexp.
> - open (CONFF,"$tmp/DEBIAN/conffiles");
> - while (<CONFF>) {
> - chomp;
> - s/^\///;
> - $exclude.="! -path \"./$_\" ";
> - }
> - close CONFF;
> - }
> -
> - # See if we should exclude other files.
> - if (defined($dh{EXCLUDE_FIND}) && $dh{EXCLUDE_FIND} ne '') {
> - $exclude.="! \\( $dh{EXCLUDE_FIND} \\) ";
> - }
> -
> - my $find="find . -type f $exclude ! -regex './DEBIAN/.*' -printf '%P\\0'";
> - complex_doit("(cd $tmp >/dev/null ; $find | LC_ALL=C sort -z | xargs -r0 md5sum > DEBIAN/md5sums) >/dev/null");
> - # If the file's empty, no reason to waste inodes on it.
> - if (-z "$tmp/DEBIAN/md5sums") {
> - doit("rm","-f","$tmp/DEBIAN/md5sums");
> - }
> - else {
> - doit("chmod",644,"$tmp/DEBIAN/md5sums");
> - doit("chown","0:0","$tmp/DEBIAN/md5sums");
> - }
> -}
> -
> -=head1 SEE ALSO
> -
> -L<debhelper(7)>
> -
> -This program is a part of debhelper.
> -
> -=head1 AUTHOR
> -
> -Joey Hess <jo...@de...>
> -
> -=cut
> diff --git a/man/po4a/po4a.cfg b/man/po4a/po4a.cfg
> index 311762f..b89ca37 100644
> --- a/man/po4a/po4a.cfg
> +++ b/man/po4a/po4a.cfg
> @@ -13,6 +13,7 @@
> [type: pod] dh_auto_test $lang:man/$lang/dh_auto_test.pod add_fr:man/po4a/add.fr add_es:man/po4a/add3.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
> [type: pod] dh_bugfiles $lang:man/$lang/dh_bugfiles.pod add_fr:man/po4a/add.fr add_es:man/po4a/add3.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
> [type: pod] dh_builddeb $lang:man/$lang/dh_builddeb.pod add_fr:man/po4a/add.fr add_es:man/po4a/add1.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
> +[type: pod] dh_checksums $lang:man/$lang/dh_checksums.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
> [type: pod] dh_clean $lang:man/$lang/dh_clean.pod add_fr:man/po4a/add.fr add_es:man/po4a/add1.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
> [type: pod] dh_compress $lang:man/$lang/dh_compress.pod add_fr:man/po4a/add.fr add_es:man/po4a/add1.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
> [type: pod] dh_desktop $lang:man/$lang/dh_desktop.pod add_fr:man/po4a/add.fr add_es:man/po4a/add1.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
> @@ -49,7 +50,6 @@
> [type: pod] dh_lintian $lang:man/$lang/dh_lintian.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
> [type: pod] dh_listpackages $lang:man/$lang/dh_listpackages.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
> [type: pod] dh_makeshlibs $lang:man/$lang/dh_makeshlibs.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
> -[type: pod] dh_md5sums $lang:man/$lang/dh_md5sums.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
> [type: pod] dh_movefiles $lang:man/$lang/dh_movefiles.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
> [type: pod] dh_perl $lang:man/$lang/dh_perl.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
> [type: pod] dh_prep $lang:man/$lang/dh_prep.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
|
|
From: Fionnuala G. <fi...@li...> - 2014-10-20 15:53:03
|
>> - /* get file signatures from header */
>> - if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
>> + /* sign executable files */
>> + if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH) && signFiles) {
>> + digest = rpmtdNextString(&digests);
>> + sig = signFile(algo, digest, diglen, key);
>
> Hi,
>
> 'sig' here is exactly signature for the file digest.
>
> Please see my following question...
>
>
>> + if (!sig) {
>> + rpmlog(RPMLOG_ERR, _("signFile failed\n"));
>> + goto exit;
>> + }
>> + }
>> + /* or get file signatures from header */
>> + else if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
>> sig = rpmtdNextString(&sigs);
>
> How "sig" is selected from among several sigs?
> How does it correspond to a file? Order is known?
Hi,
The file signature list corresponds to the order of the file list, so
sig is the file signature for the file fpath.
Yes, the file list has an order. In build/files.c:genCpioListAndHeader
the file list sorted using qsort, and then a file digest list is
generated. The file signature list is generated from the file digest
list in lib/rpmsignfiles.c:signFiles.
Thanks,
Fin
>
>
> Thanks,
> Dmitry
|
|
From: Dmitry K. <d.k...@sa...> - 2014-10-20 14:05:33
|
On 07/10/14 23:19, fi...@li... wrote:
> From: Fionnuala Gunter <fi...@li...>
>
> It will take some time for distros to adopt the file signing process and
> distribute packages with file signatures, so this patch extends the rpm
> installer to support inline file signing. This patch adds a new option,
> signfiles, to the rpm installer.
>
> rpm -ivh [--signfiles [--fskpath <file signing key>]] PACKAGE_FILE ...
>
> Signed-off-by: Fionnuala Gunter <fi...@li...>
> ---
> doc/rpm.8 | 28 +++++++++++++++++++---------
> lib/fsm.c | 50 +++++++++++++++++++++++++++++++++++++++++++++-----
> lib/poptI.c | 7 +++++++
> lib/rpmcli.h | 2 ++
> lib/rpminstall.c | 10 +++++++++-
> lib/rpmts.c | 15 +++++++++++++++
> lib/rpmts.h | 15 +++++++++++++++
> lib/rpmts_internal.h | 2 ++
> 8 files changed, 114 insertions(+), 15 deletions(-)
>
> diff --git a/doc/rpm.8 b/doc/rpm.8
> index e583009..4079f71 100644
> --- a/doc/rpm.8
> +++ b/doc/rpm.8
> @@ -84,15 +84,14 @@ rpm \- RPM Package Manager
>
>
> [\fB--allfiles\fR] [\fB--badreloc\fR] [\fB--excludepath \fIOLDPATH\fB\fR]
> - [\fB--excludedocs\fR] [\fB--force\fR] [\fB-h,--hash\fR]
> - [\fB--ignoresize\fR] [\fB--ignorearch\fR] [\fB--ignoreos\fR]
> - [\fB--includedocs\fR] [\fB--justdb\fR] [\fB--nocollections\fR]
> - [\fB--nodeps\fR] [\fB--nodigest\fR] [\fB--nosignature\fR]
> - [\fB--noorder\fR] [\fB--noscripts\fR] [\fB--notriggers\fR]
> - [\fB--oldpackage\fR] [\fB--percent\fR] [\fB--prefix \fINEWPATH\fB\fR]
> - [\fB--relocate \fIOLDPATH\fB=\fINEWPATH\fB\fR]
> - [\fB--replacefiles\fR] [\fB--replacepkgs\fR]
> - [\fB--test\fR]
> + [\fB--excludedocs\fR] [\fB--force\fR] [\fB--fskpath \fIKEY\fB\fR]
> + [\fB-h,--hash\fR] [\fB--ignoresize\fR] [\fB--ignorearch\fR]
> + [\fB--ignoreos\fR] [\fB--includedocs\fR] [\fB--justdb\fR]
> + [\fB--nocollections\fR] [\fB--nodeps\fR] [\fB--nodigest\fR]
> + [\fB--nosignature\fR] [\fB--noorder\fR] [\fB--noscripts\fR]
> + [\fB--notriggers\fR] [\fB--oldpackage\fR] [\fB--percent\fR]
> + [\fB--prefix \fINEWPATH\fB\fR] [\fB--relocate \fIOLDPATH\fB=\fINEWPATH\fB\fR]
> + [\fB--replacefiles\fR] [\fB--replacepkgs\fR] [\fB--signfiles] [\fB--test\fR]
>
> .SH "DESCRIPTION"
> .PP
> @@ -232,6 +231,9 @@ Don't install files whose name begins with
> Don't install any files which are marked as documentation
> (which includes man pages and texinfo documents).
> .TP
> +\fB--fskpath \fIKEY\fB\fR
> +Used with \fB--signfiles\fR, use file signing key \fIKEY\fR.
> +.TP
> \fB--force\fR
> Same as using
> \fB--replacepkgs\fR,
> @@ -362,6 +364,13 @@ already installed, packages.
> Install the packages even if some of them are already installed
> on this system.
> .TP
> +\fB--signfiles\fR
> +Sign package files. The macro \fB%_binary_filedigest_algorithm\fR must be set
> +before building the package, and the macro must be set to a supported algorithm:
> +2, 8, 9, or 10, which represent SHA1, SHA256, SHA384, and SHA512, respectively.
> +The file signing key (RSA private key) can be configured on the command line
> +with \fB--fskpath\fR or the macro \fB%_file_signing_key\fR.
> +.TP
> \fB--test\fR
> Do not install the package, simply check for and report
> potential conflicts.
> @@ -875,4 +884,5 @@ what's available.
> Marc Ewing <ma...@re...>
> Jeff Johnson <jb...@re...>
> Erik Troan <ew...@re...>
> +Fionnuala Gunter <fi...@li...>
> .fi
> diff --git a/lib/fsm.c b/lib/fsm.c
> index dbeeaab..05ea230 100644
> --- a/lib/fsm.c
> +++ b/lib/fsm.c
> @@ -21,6 +21,7 @@
> #include "lib/rpmplugins.h" /* rpm plugins hooks */
> #include "lib/rpmug.h"
> #include "lib/rpmlib.h"
> +#include "lib/rpmsignfiles.h" /* getDigestAlgo, getDigestLength, signFile */
>
> #include "debug.h"
>
> @@ -825,8 +826,13 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
> const char *suffix;
> char *fpath = NULL;
> Header h = rpmteHeader(te);
> - struct rpmtd_s sigs;
> - char *sig = NULL;
> + struct rpmtd_s digests, sigs;
> + int signFiles = rpmtsSignFiles(ts);
> + const char *key;
> + const char *algo;
> + const char *digest;
> + const char *sig;
> + int diglen = 0;
>
> if (fi == NULL) {
> rc = RPMERR_BAD_MAGIC;
> @@ -838,7 +844,30 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
> goto exit;
> }
>
> - headerGet(h, RPMTAG_FILESIGNATURES, &sigs, HEADERGET_MINMEM);
> + if (signFiles) {
> + algo = getDigestAlgo(h);
> + if (!algo) {
> + rc = RPMRC_FAIL;
> + goto exit;
> + }
> +
> + diglen = getDigestLength(h);
> + if (diglen < 0) {
> + rc = RPMRC_FAIL;
> + goto exit;
> + }
> +
> + key = rpmExpand("%{_file_signing_key}", NULL);
> + if (rstreq(key, "")) {
> + rc = RPMRC_FAIL;
> + fprintf(stderr, _("You must set \"$$_file_signing_key\" in your macro file or on the command line with --fskpath\n"));
> + rpmlog(RPMLOG_ERR, _("no file signing key provided\n"));
> + }
> +
> + headerGet(h, RPMTAG_FILEDIGESTS, &digests, HEADERGET_MINMEM);
> + } else {
> + headerGet(h, RPMTAG_FILESIGNATURES, &sigs, HEADERGET_MINMEM);
> + }
>
> /* transaction id used for temporary path suffix while installing */
> rasprintf(&tid, ";%08x", (unsigned)rpmtsGetTid(ts));
> @@ -964,12 +993,22 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
> if (rc)
> *failedFile = xstrdup(fpath);
>
> - /* get file signatures from header */
> - if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
> + /* sign executable files */
> + if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH) && signFiles) {
> + digest = rpmtdNextString(&digests);
> + sig = signFile(algo, digest, diglen, key);
Hi,
'sig' here is exactly signature for the file digest.
Please see my following question...
> + if (!sig) {
> + rpmlog(RPMLOG_ERR, _("signFile failed\n"));
> + goto exit;
> + }
> + }
> + /* or get file signatures from header */
> + else if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
> sig = rpmtdNextString(&sigs);
How "sig" is selected from among several sigs?
How does it correspond to a file? Order is known?
Thanks,
Dmitry
> } else {
> sig = NULL;
> rpmtdNextString(&sigs);
> + rpmtdNextString(&digests);
> }
>
> /* Run fsm file post hook for all plugins */
> @@ -984,6 +1023,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
> exit:
>
> /* No need to bother with close errors on read */
> + rpmtdFreeData(&digests);
> rpmtdFreeData(&sigs);
> headerFree(h);
> rpmfiArchiveClose(fi);
> diff --git a/lib/poptI.c b/lib/poptI.c
> index e21cde1..699c8cd 100644
> --- a/lib/poptI.c
> +++ b/lib/poptI.c
> @@ -16,8 +16,10 @@ struct rpmInstallArguments_s rpmIArgs = {
> 0, /* numRelocations */
> 0, /* noDeps */
> 0, /* incldocs */
> + 0, /* signFiles */
> NULL, /* relocations */
> NULL, /* prefix */
> + NULL, /* fileSigningKey */
> };
>
> #define POPT_RELOCATE -1021
> @@ -146,6 +148,9 @@ struct poptOption rpmInstallPoptTable[] = {
> (INSTALL_UPGRADE|INSTALL_FRESHEN|INSTALL_INSTALL),
> N_("upgrade package(s) if already installed"),
> N_("<packagefile>+") },
> + { "fskpath", '\0', POPT_ARG_STRING, &rpmIArgs.fileSigningKey, 0,
> + N_("use file signing key <key>"),
> + N_("<key>") },
> { "hash", 'h', POPT_BIT_SET, &rpmIArgs.installInterfaceFlags, INSTALL_HASH,
> N_("print hash marks as package installs (good with -v)"), NULL},
> { "ignorearch", '\0', POPT_BIT_SET,
> @@ -243,6 +248,8 @@ struct poptOption rpmInstallPoptTable[] = {
> { "replacepkgs", '\0', POPT_BIT_SET,
> &rpmIArgs.probFilter, RPMPROB_FILTER_REPLACEPKG,
> N_("reinstall if the package is already present"), NULL},
> + { "signfiles", '\0', POPT_ARG_NONE, &rpmIArgs.signFiles, 0,
> + N_("sign package files"), NULL},
> { "test", '\0', POPT_BIT_SET, &rpmIArgs.transFlags, RPMTRANS_FLAG_TEST,
> N_("don't install, but tell if it would work or not"), NULL},
> { "upgrade", 'U', POPT_BIT_SET,
> diff --git a/lib/rpmcli.h b/lib/rpmcli.h
> index 48e8250..ff89171 100644
> --- a/lib/rpmcli.h
> +++ b/lib/rpmcli.h
> @@ -339,8 +339,10 @@ struct rpmInstallArguments_s {
> int numRelocations;
> int noDeps;
> int incldocs;
> + int signFiles;
> rpmRelocation * relocations;
> char * prefix;
> + char * fileSigningKey;
> };
>
> /** \ingroup rpmcli
> diff --git a/lib/rpminstall.c b/lib/rpminstall.c
> index 2e7da7d..d98d506 100644
> --- a/lib/rpminstall.c
> +++ b/lib/rpminstall.c
> @@ -11,6 +11,7 @@
> #include <rpm/rpmds.h>
> #include <rpm/rpmts.h>
> #include <rpm/rpmlog.h>
> +#include <rpm/rpmmacro.h>
> #include <rpm/rpmfileutil.h>
>
> #include "lib/rpmgi.h"
> @@ -417,7 +418,14 @@ int rpmInstall(rpmts ts, struct rpmInstallArguments_s * ia, ARGV_t fileArgv)
>
> relocations = ia->relocations;
>
> - setNotifyFlag(ia, ts);
> + setNotifyFlag(ia, ts);
> +
> + rpmtsSetSignFiles(ts, ia->signFiles);
> +
> + if (ia->fileSigningKey) {
> + addMacro(NULL, "_file_signing_key", NULL, ia->fileSigningKey,
> + RMIL_GLOBAL);
> + }
>
> if ((eiu->relocations = relocations) != NULL) {
> while (eiu->relocations->oldPath)
> diff --git a/lib/rpmts.c b/lib/rpmts.c
> index a3b4ed2..6d9eb30 100644
> --- a/lib/rpmts.c
> +++ b/lib/rpmts.c
> @@ -897,6 +897,21 @@ int rpmtsSetNotifyCallback(rpmts ts,
> return 0;
> }
>
> +int rpmtsSignFiles(rpmts ts)
> +{
> + return ts ? ts->signFiles : NULL;
> +}
> +
> +int rpmtsSetSignFiles(rpmts ts, int signFiles)
> +{
> + if (ts == NULL) {
> + return -1;
> + }
> +
> + ts->signFiles = signFiles;
> + return 0;
> +}
> +
> tsMembers rpmtsMembers(rpmts ts)
> {
> return (ts != NULL) ? ts->members : NULL;
> diff --git a/lib/rpmts.h b/lib/rpmts.h
> index 5231c80..5f45972 100644
> --- a/lib/rpmts.h
> +++ b/lib/rpmts.h
> @@ -393,6 +393,21 @@ const char * rpmtsRootDir(rpmts ts);
> */
> int rpmtsSetRootDir(rpmts ts, const char * rootDir);
>
> +/**
> + * Get transaction sign files flag
> + * @param ts transaction set
> + * @return non-zero if package files need to be signed
> + */
> +int rpmtsSignFiles(rpmts ts);
> +
> +/**
> + * Set transaction sign files flag
> + * @param ts transaction set
> + * @param signFiles new sign files flag
> + * @return 0 on success, -1 on error
> + */
> +int rpmtsSetSignFiles(rpmts ts, int signFiles);
> +
> /** \ingroup rpmts
> * Get transaction script file handle, i.e. stdout/stderr on scriptlet execution
> * @param ts transaction set
> diff --git a/lib/rpmts_internal.h b/lib/rpmts_internal.h
> index 0caa7cb..a196932 100644
> --- a/lib/rpmts_internal.h
> +++ b/lib/rpmts_internal.h
> @@ -68,6 +68,8 @@ struct rpmts_s {
> rpmPlugins plugins; /*!< Transaction plugins */
>
> int nrefs; /*!< Reference count. */
> +
> + int signFiles; /*!< Sign package files. */
> };
>
> #ifdef __cplusplus
|
|
From: Mimi Z. <zo...@li...> - 2014-10-20 12:57:52
|
This script extracts the checksums file named DEBIAN/<algo sums>
from the deb package, appends the file signature using the
ima-evm-utils package, and inserts the modified checksums file
containing the signatures in the package.
(The public key used to sign files should be stored safely.)
Changelog v1:
- Use the checksums stored in the algorithm specific file
(eg. DEBIAN/sha256sums, DEBIAN/sha512sums).
---
examples/ima-signhashes.sh | 87 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 87 insertions(+)
create mode 100755 examples/ima-signhashes.sh
diff --git a/examples/ima-signhashes.sh b/examples/ima-signhashes.sh
new file mode 100755
index 0000000..3faf2e0
--- /dev/null
+++ b/examples/ima-signhashes.sh
@@ -0,0 +1,87 @@
+#!/bin/bash
+#
+# ima-signhashes.sh - replace the checksums file in the .deb package with
+# a version containing the file signatures. The file signatures provide
+# file authenticity and provenance. As part of the package install process,
+# the file signatures are stored as extended attributes associated with
+# the file. IMA-appraisal, if enabled, will appraise file integrity based
+# on these file signatures.
+#
+# Mimi Zohar <zo...@li...>
+
+# format: <debian package pathname> <private key pathname>
+
+set -e
+DEBPACKAGE="${1}"
+PRIVKEY="$2"
+tmpdir="${DEBPACKAGE}.tmp"
+
+if [ $# -ne 2 ]; then
+ echo "$0: <debian package pathname> <private key pathname>"
+ exit -1
+fi
+
+if [ ! -f "${DEBPACKAGE}" ]; then
+ echo ".deb package not found: ${DEBPACKAGE}"
+ exit -1
+fi
+
+if [ ! -f "${PRIVKEY}" ]; then
+ echo "Private key not found: ${PRIVKEY}"
+ exit -1
+fi
+
+# extract files from the .deb archive into a temporary directory
+if [ -d "${tmpdir}" ]; then
+ rm -rf "${tmpdir}"
+ if [ $? -ne 0 ]; then
+ echo "Deleting directory failed: ${tmpdir}"
+ exit -1
+ fi
+fi
+mkdir -p "${tmpdir/DEBIAN}"
+if [ $? -ne 0 ]; then
+ echo "Creating directory failed: ${tmpdir}/DEBIAN"
+ exit -1
+fi
+
+cd $tmpdir
+ar -x "../$DEBPACKAGE"
+#ls -lat
+
+# untar the control file in the DEBIAN subdirectory
+if [ ! -f ./control.tar.gz ]; then
+ echo ".deb package missing 'control.tar.gz' file"
+ exit -1
+fi
+mkdir -p DEBIAN
+cd DEBIAN
+tar -xvzf ../control.tar.gz
+if [ -f ./sha256sums ]; then
+ # Replace sha256sums with one containing file signatures
+ cat ./sha256sums | evmctl sign_hash -a sha256 --key "${PRIVKEY}" > sha256sums.sig
+ if [ $? == 0 ]; then
+ cp ./sha256sums.sig ./sha256sums
+ rm ./sha256sums.sig
+ cat sha256sums
+ fi
+elif [ -f ./sha512sums ]; then
+ # Replace sha256sums with one containing file signatures
+ cat ./sha512sums | evmctl sign_hash -a sha512 --key "${PRIVKEY}" > sha512sums.sig
+ if [ $? == 0 ]; then
+ cp ./sha512sums.sig ./sha512sums
+ rm ./sha512sums.sig
+ fi
+else
+ echo "'control.tar.gz' missing check sums file"
+ ls -lat
+ exit -1
+fi
+
+
+# create the control tar containing the new sha256sums with the signatures
+tar -cvzf ../control.tar.gz ./*
+
+# replace the existing compressed tar file in the .deb package
+cd ..
+ar -r "../$DEBPACKAGE" control.tar.gz
--
1.8.1.4
|
|
From: Mimi Z. <zo...@li...> - 2014-10-20 12:57:51
|
The new dh_checksums debhelper extends the existing dh_md5sums to
support larger file digests (eg. sha256, sha512). The resulting
checksums are stored in an algorithm specific filename
DEBIAN/<algo sums>.
This patch defines a new option "--algo=" to specify the hash
algorithm. For backwards compatability, the default hash
algorithm is md5.
Changelog v1:
- Based on the mailing list discussion, replace the existing dh_md5sums
script with a single debhelper script that supports larger hashes.
---
dh | 2 +-
dh_checksums | 118 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
dh_md5sums | 100 ---------------------------------------------
man/po4a/po4a.cfg | 2 +-
4 files changed, 120 insertions(+), 102 deletions(-)
create mode 100755 dh_checksums
delete mode 100755 dh_md5sums
diff --git a/dh b/dh
index 4f80f75..127f3d5 100755
--- a/dh
+++ b/dh
@@ -408,7 +408,7 @@ if (! getpackages("arch")) {
my @b=qw{
dh_installdeb
dh_gencontrol
- dh_md5sums
+ dh_checksums
dh_builddeb
};
$sequences{clean} = [qw{
diff --git a/dh_checksums b/dh_checksums
new file mode 100755
index 0000000..408e192
--- /dev/null
+++ b/dh_checksums
@@ -0,0 +1,118 @@
+#!/usr/bin/perl -w
+
+=head1 NAME
+
+dh_checksums - generate the DEBIAN/<algo sums> file
+
+=cut
+
+use strict;
+use Cwd;
+use Debian::Debhelper::Dh_Lib;
+
+=head1 SYNOPSIS
+
+B<dh_checksums> [S<I<debhelper options>>] [B<-x>] [B<-X>I<item>] [B<--include-conffiles>] [B<--alg=>I<algorithm>]
+
+=head1 DESCRIPTION
+
+B<dh_checksums> is a debhelper program that is responsible for generating
+a checksums file, which lists the hashes of each file in the package.
+These files are used by the B<debsums> package.
+
+All files in F<DEBIAN/> are omitted from the F<checksums> file, as are all
+conffiles (unless you use the B<--include-conffiles> switch).
+
+The checksums file is installed with proper permissions and ownerships.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-x>, B<--include-conffiles>
+
+Include conffiles in the checksums list. Note that this information is
+redundant since it is included elsewhere in Debian packages.
+
+=item B<-X>I<item>, B<--exclude=>I<item>
+
+Exclude files that contain I<item> anywhere in their filename from
+being listed in the checksums file.
+
+=item B<--alg=>I<algorithm>
+
+Used to override the default hash algorithm (md5). The current set
+of valid hash algorithms are: b<md5>, b<sha256>, b<sha512>
+
+=back
+
+=cut
+
+init(options => {
+ "x" => \$dh{INCLUDE_CONFFILES}, # is -x for some unknown historical reason..
+ "include-conffiles" => \$dh{INCLUDE_CONFFILES},
+ "alg=s" => \$dh{ALG},
+});
+
+if (defined $dh{ALG}) {
+ my @algorithms = <md5 sha256 sha512>;
+ use List::MoreUtils 'any';
+ $dh{ALG}="sha256" unless any { /$dh{ALG}/ } @algorithms;
+} else {
+ $dh{ALG}="md5";
+}
+my $HASHCMD = $dh{ALG}."sum";
+my $hashsums = $dh{ALG}."sums";
+
+foreach my $package (@{$dh{DOPACKAGES}}) {
+ next if is_udeb($package);
+
+ my $tmp=tmpdir($package);
+
+ if (! -d "$tmp/DEBIAN") {
+ doit("install","-d","$tmp/DEBIAN");
+ }
+
+ # Check if we should exclude conffiles.
+ my $exclude="";
+ if (! $dh{INCLUDE_CONFFILES} && -r "$tmp/DEBIAN/conffiles") {
+ # Generate exclude regexp.
+ open (CONFF,"$tmp/DEBIAN/conffiles");
+ while (<CONFF>) {
+ chomp;
+ s/^\///;
+ $exclude.="! -path \"./$_\" ";
+ }
+ close CONFF;
+ }
+
+ # See if we should exclude other files.
+ if (defined($dh{EXCLUDE_FIND}) && $dh{EXCLUDE_FIND} ne '') {
+ $exclude.="! \\( $dh{EXCLUDE_FIND} \\) ";
+ }
+
+ my $find="find . -type f $exclude ! -regex './DEBIAN/.*' -printf '%P\\0'";
+ complex_doit("(cd $tmp >/dev/null ; $find | LC_ALL=C sort -z | xargs -r0 $HASHCMD > DEBIAN/$hashsums) >/dev/null");
+ # If the file's empty, no reason to waste inodes on it.
+ if (-z "$tmp/DEBIAN/$hashsums") {
+ doit("rm","-f","$tmp/DEBIAN/$hashsums");
+ }
+ else {
+ doit("chmod",644,"$tmp/DEBIAN/$hashsums");
+ doit("chown","0:0","$tmp/DEBIAN/$hashsums");
+ }
+}
+
+=head1 SEE ALSO
+
+L<debhelper(7)>
+
+This program is a part of debhelper.
+
+=head1 AUTHOR
+
+Joey Hess <jo...@de...>
+
+(Modified by Mimi Zohar <zo...@li...> to support other digests)
+
+=cut
diff --git a/dh_md5sums b/dh_md5sums
deleted file mode 100755
index 4a1264b..0000000
--- a/dh_md5sums
+++ /dev/null
@@ -1,100 +0,0 @@
-#!/usr/bin/perl -w
-
-=head1 NAME
-
-dh_md5sums - generate DEBIAN/md5sums file
-
-=cut
-
-use strict;
-use Cwd;
-use Debian::Debhelper::Dh_Lib;
-
-=head1 SYNOPSIS
-
-B<dh_md5sums> [S<I<debhelper options>>] [B<-x>] [B<-X>I<item>] [B<--include-conffiles>]
-
-=head1 DESCRIPTION
-
-B<dh_md5sums> is a debhelper program that is responsible for generating
-a F<DEBIAN/md5sums> file, which lists the md5sums of each file in the package.
-These files are used by the B<debsums> package.
-
-All files in F<DEBIAN/> are omitted from the F<md5sums> file, as are all
-conffiles (unless you use the B<--include-conffiles> switch).
-
-The md5sums file is installed with proper permissions and ownerships.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-x>, B<--include-conffiles>
-
-Include conffiles in the md5sums list. Note that this information is
-redundant since it is included elsewhere in Debian packages.
-
-=item B<-X>I<item>, B<--exclude=>I<item>
-
-Exclude files that contain I<item> anywhere in their filename from
-being listed in the md5sums file.
-
-=back
-
-=cut
-
-init(options => {
- "x" => \$dh{INCLUDE_CONFFILES}, # is -x for some unknown historical reason..
- "include-conffiles" => \$dh{INCLUDE_CONFFILES},
-});
-
-foreach my $package (@{$dh{DOPACKAGES}}) {
- next if is_udeb($package);
-
- my $tmp=tmpdir($package);
-
- if (! -d "$tmp/DEBIAN") {
- doit("install","-d","$tmp/DEBIAN");
- }
-
- # Check if we should exclude conffiles.
- my $exclude="";
- if (! $dh{INCLUDE_CONFFILES} && -r "$tmp/DEBIAN/conffiles") {
- # Generate exclude regexp.
- open (CONFF,"$tmp/DEBIAN/conffiles");
- while (<CONFF>) {
- chomp;
- s/^\///;
- $exclude.="! -path \"./$_\" ";
- }
- close CONFF;
- }
-
- # See if we should exclude other files.
- if (defined($dh{EXCLUDE_FIND}) && $dh{EXCLUDE_FIND} ne '') {
- $exclude.="! \\( $dh{EXCLUDE_FIND} \\) ";
- }
-
- my $find="find . -type f $exclude ! -regex './DEBIAN/.*' -printf '%P\\0'";
- complex_doit("(cd $tmp >/dev/null ; $find | LC_ALL=C sort -z | xargs -r0 md5sum > DEBIAN/md5sums) >/dev/null");
- # If the file's empty, no reason to waste inodes on it.
- if (-z "$tmp/DEBIAN/md5sums") {
- doit("rm","-f","$tmp/DEBIAN/md5sums");
- }
- else {
- doit("chmod",644,"$tmp/DEBIAN/md5sums");
- doit("chown","0:0","$tmp/DEBIAN/md5sums");
- }
-}
-
-=head1 SEE ALSO
-
-L<debhelper(7)>
-
-This program is a part of debhelper.
-
-=head1 AUTHOR
-
-Joey Hess <jo...@de...>
-
-=cut
diff --git a/man/po4a/po4a.cfg b/man/po4a/po4a.cfg
index 311762f..b89ca37 100644
--- a/man/po4a/po4a.cfg
+++ b/man/po4a/po4a.cfg
@@ -13,6 +13,7 @@
[type: pod] dh_auto_test $lang:man/$lang/dh_auto_test.pod add_fr:man/po4a/add.fr add_es:man/po4a/add3.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
[type: pod] dh_bugfiles $lang:man/$lang/dh_bugfiles.pod add_fr:man/po4a/add.fr add_es:man/po4a/add3.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
[type: pod] dh_builddeb $lang:man/$lang/dh_builddeb.pod add_fr:man/po4a/add.fr add_es:man/po4a/add1.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
+[type: pod] dh_checksums $lang:man/$lang/dh_checksums.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
[type: pod] dh_clean $lang:man/$lang/dh_clean.pod add_fr:man/po4a/add.fr add_es:man/po4a/add1.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
[type: pod] dh_compress $lang:man/$lang/dh_compress.pod add_fr:man/po4a/add.fr add_es:man/po4a/add1.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
[type: pod] dh_desktop $lang:man/$lang/dh_desktop.pod add_fr:man/po4a/add.fr add_es:man/po4a/add1.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
@@ -49,7 +50,6 @@
[type: pod] dh_lintian $lang:man/$lang/dh_lintian.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
[type: pod] dh_listpackages $lang:man/$lang/dh_listpackages.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
[type: pod] dh_makeshlibs $lang:man/$lang/dh_makeshlibs.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
-[type: pod] dh_md5sums $lang:man/$lang/dh_md5sums.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
[type: pod] dh_movefiles $lang:man/$lang/dh_movefiles.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
[type: pod] dh_perl $lang:man/$lang/dh_perl.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
[type: pod] dh_prep $lang:man/$lang/dh_prep.pod add_fr:man/po4a/add.fr add_es:man/po4a/add2.es add_de:man/po4a/add.de add_pt:man/po4a/add.pt
--
1.8.1.4
|
|
From: Mimi Z. <zo...@li...> - 2014-10-20 12:57:50
|
This patch defines a debhelper dh_installfile-sigs and autoscript
postinst-file-sigs to install the ELF file and script signatures
stored in the checksums file named DEBIAN/<algo sums>.
Changelog v1:
- Fix postinst script error msg, replacing 'grep' with 'case' statement.
---
autoscripts/postinst-file-sigs | 30 +++++++++++++++++++++++++++
dh | 1 +
dh_installfile-sigs | 46 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 77 insertions(+)
create mode 100644 autoscripts/postinst-file-sigs
create mode 100755 dh_installfile-sigs
diff --git a/autoscripts/postinst-file-sigs b/autoscripts/postinst-file-sigs
new file mode 100644
index 0000000..f0efbfe
--- /dev/null
+++ b/autoscripts/postinst-file-sigs
@@ -0,0 +1,30 @@
+file=$(dpkg-query --control-path #PACKAGE# sha256sums)
+if [ ! -e "${file}" ]; then
+ file=$(dpkg-query --control-path #PACKAGE# sha512sums)
+fi
+
+if [ "$1" = "configure" ]; then
+ if [ -e "${file}" ]; then
+ while read -r line; do
+ sig=$(echo "${line}" | awk '{print $3}')
+ if [ ! -n "$sig" ]; then
+ continue;
+
+ fn=$(echo "${line}" | awk '{print $2}')
+ if [ ! -e "${fn}" ]; then
+ continue;
+ fi
+
+ case "$(file --brief $fn)" in
+ *script*)
+ setfattr -n 'security.ima' -v 0x$sig ${fn}
+ ;;
+ *ELF*)
+ setfattr -n 'security.ima' -v 0x$sig ${fn}
+ ;;
+ esac
+ done < "${file}"
+ fi
+fi
+
+exit 0;
diff --git a/dh b/dh
index f3bd321..4f80f75 100755
--- a/dh
+++ b/dh
@@ -373,6 +373,7 @@ my @i = qw{
dh_installifupdown
dh_installinfo
dh_installinit
+ dh_installfile-sigs
dh_installmenu
dh_installmime
dh_installmodules
diff --git a/dh_installfile-sigs b/dh_installfile-sigs
new file mode 100755
index 0000000..8a8888b
--- /dev/null
+++ b/dh_installfile-sigs
@@ -0,0 +1,46 @@
+#!/usr/bin/perl -w
+
+=head1 NAME
+
+dh_installfile-sigs - install file signatures in the DEBIAN/<algo sums> file as xattrs
+
+=cut
+
+use strict;
+use Cwd;
+use Debian::Debhelper::Dh_Lib;
+
+=head1 SYNOPSIS
+
+B<dh_installfile-sigs>
+
+=head1 DESCRIPTION
+
+B<dh_installfile-sigs> is a debhelper program that is responsible for automatically
+generating the F<postinst> commands needed to install file signatures contained in
+the checksums file F<DEBIAN/algo sums>. These commands are inserted into the maintainer
+scripts by L<dh_installdeb(1)>.
+
+=cut
+
+init();
+
+foreach my $package (@{$dh{DOPACKAGES}}) {
+
+ if (! $dh{NOSCRIPTS}) {
+ autoscript($package,"postinst","postinst-file-sigs","s!#PACKAGE#!$package!g");
+ }
+}
+
+
+=head1 SEE ALSO
+
+L<debhelper(7)>
+
+This program is a part of debhelper.
+
+=head1 AUTHOR
+
+Mimi Zohar <zo...@li...>
+
+=cut
--
1.8.1.4
|
|
From: Mimi Z. <zo...@li...> - 2014-10-20 12:57:47
|
File signatures are used to enforce local file integrity and to provide file provenance. IMA-appraisal with digital signature support, which enforces local file integrity based on file signatures, was upstreamed in Linux-3.7. The "ima-sig" measurement list template, which includes file signatures in the measurement list, was upstreamed in Linux-3.13. This patch set adds debhelper support for adding file signatures to .deb packages and for installing those signatures as 'security.ima' extended attributes at package install time. The existing md5sums file contains the file hash and name for each file included in the package, making it the most logical place for storing file signatures. This patch set extends the dh_md5sums debhelper to support additional, larger digests and renames the debhelper to dh_checksums. Depending on the relationship of the build and signing server, the signatures could either be included in the checksums files during the package build process or post build. Included in this patch set is a sample script that opens the package, extracts the checksums file, includes the file signatures, and inserts the modified checksums file with the file signatures in the deb package. To install the file signatures as 'security.ima' extended attributes, this patch set defines the dh_installfile-sigs debhelper and the postinst-file-sigs autoscript. Although the checksums file should contain signatures for all files, the autoscript currently installs only the signatures for ELF files and scripts, making them "immutable" on systems with IMA-appraisal enabled and configured in enforcing mode. Changelog v1: - Extend dh_md5sums debhelper to support larger digests, renaming it to dh_checksums. Mimi Zohar (3): Define a new debhelper dh_installfile-sigs and postinst autoscript Replace dh_md5sums debhelper with dh_checksums Include sample script named ima-signhashes.sh autoscripts/postinst-file-sigs | 30 +++++++++++ dh | 3 +- dh_checksums | 118 +++++++++++++++++++++++++++++++++++++++++ dh_installfile-sigs | 46 ++++++++++++++++ dh_md5sums | 100 ---------------------------------- examples/ima-signhashes.sh | 87 ++++++++++++++++++++++++++++++ man/po4a/po4a.cfg | 2 +- 7 files changed, 284 insertions(+), 102 deletions(-) create mode 100644 autoscripts/postinst-file-sigs create mode 100755 dh_checksums create mode 100755 dh_installfile-sigs delete mode 100755 dh_md5sums create mode 100755 examples/ima-signhashes.sh -- 1.8.1.4 |
|
From: Mimi Z. <zo...@li...> - 2014-10-13 17:48:21
|
On Tue, 2014-10-07 at 15:19 -0500, fi...@li... wrote: > From: Fionnuala Gunter <fi...@li...> > > The Linux kernel's ima-appraisal module verifies file signatures. The problem > with verifying digital signatures of files is how the files are signed in the > first place. In our current prototype, we sign all files after system > installation, but this doesn't handle ongoing updates. We propose that Linux > distributors sign all files as part of the normal package signing. RPM already > maintains hashes of all files in the rpm package, and this can be extended to > add file signatures. > > This patch set extends the rpm signing tool to include file signatures in > packages, and extends the rpm install tool to install file signatures. Splitting up the patches like this looks a lot better! thanks, Mimi > Changelog v2: > -support for inline signing of files > -command line option for file signing key > -included missing file > -fixed type in rpmDigestAlgo > > Changelog v3: > -split up patch > > Fionnuala Gunter (4): > Add file signature to fsm_file_post parameter list > Sign package files and include signatures in package header > Label ima xattr when signed files are installed > Sign package files during installation > > configure.ac | 8 ++ > doc/rpm.8 | 28 +++-- > doc/rpmsign.8 | 22 +++- > lib/Makefile.am | 3 +- > lib/fsm.c | 68 ++++++++++- > lib/poptI.c | 7 ++ > lib/rpmcli.h | 2 + > lib/rpminstall.c | 10 +- > lib/rpmplugin.h | 3 +- > lib/rpmplugins.c | 5 +- > lib/rpmplugins.h | 4 +- > lib/rpmsignfiles.c | 130 +++++++++++++++++++++ > lib/rpmsignfiles.h | 45 ++++++++ > lib/rpmtag.h | 1 + > lib/rpmts.c | 15 +++ > lib/rpmts.h | 15 +++ > lib/rpmts_internal.h | 2 + > macros.in | 1 + > plugins/Makefile.am | 4 + > plugins/ima.c | 83 ++++++++++++++ > rpmpopt.in | 1 + > rpmsign.c | 14 ++- > sign/rpmgensig.c | 319 +++++++++++++++++++++++++++++++++++++++++++++++---- > sign/rpmsign.h | 7 +- > 24 files changed, 750 insertions(+), 47 deletions(-) > create mode 100644 lib/rpmsignfiles.c > create mode 100644 lib/rpmsignfiles.h > create mode 100644 plugins/ima.c > |
|
From: Dmitry K. <dmi...@gm...> - 2014-10-10 13:14:24
|
Hi Fin, I will get some time now so I will review patches by Tuesday... Thanks, Dmitry On 7 October 2014 23:19, <fi...@li...> wrote: > From: Fionnuala Gunter <fi...@li...> > > The Linux kernel's ima-appraisal module verifies file signatures. The problem > with verifying digital signatures of files is how the files are signed in the > first place. In our current prototype, we sign all files after system > installation, but this doesn't handle ongoing updates. We propose that Linux > distributors sign all files as part of the normal package signing. RPM already > maintains hashes of all files in the rpm package, and this can be extended to > add file signatures. > > This patch set extends the rpm signing tool to include file signatures in > packages, and extends the rpm install tool to install file signatures. > > Changelog v2: > -support for inline signing of files > -command line option for file signing key > -included missing file > -fixed type in rpmDigestAlgo > > Changelog v3: > -split up patch > > Fionnuala Gunter (4): > Add file signature to fsm_file_post parameter list > Sign package files and include signatures in package header > Label ima xattr when signed files are installed > Sign package files during installation > > configure.ac | 8 ++ > doc/rpm.8 | 28 +++-- > doc/rpmsign.8 | 22 +++- > lib/Makefile.am | 3 +- > lib/fsm.c | 68 ++++++++++- > lib/poptI.c | 7 ++ > lib/rpmcli.h | 2 + > lib/rpminstall.c | 10 +- > lib/rpmplugin.h | 3 +- > lib/rpmplugins.c | 5 +- > lib/rpmplugins.h | 4 +- > lib/rpmsignfiles.c | 130 +++++++++++++++++++++ > lib/rpmsignfiles.h | 45 ++++++++ > lib/rpmtag.h | 1 + > lib/rpmts.c | 15 +++ > lib/rpmts.h | 15 +++ > lib/rpmts_internal.h | 2 + > macros.in | 1 + > plugins/Makefile.am | 4 + > plugins/ima.c | 83 ++++++++++++++ > rpmpopt.in | 1 + > rpmsign.c | 14 ++- > sign/rpmgensig.c | 319 +++++++++++++++++++++++++++++++++++++++++++++++---- > sign/rpmsign.h | 7 +- > 24 files changed, 750 insertions(+), 47 deletions(-) > create mode 100644 lib/rpmsignfiles.c > create mode 100644 lib/rpmsignfiles.h > create mode 100644 plugins/ima.c > > -- > 1.9.3 > > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user -- Thanks, Dmitry |
|
From: <fi...@li...> - 2014-10-07 20:20:23
|
From: Fionnuala Gunter <fi...@li...>
This patch creates a new rpm-plugin for IMA and extends the rpm installer.
When a package with signed files is installed, the file signatures are
extracted from the package header, and passed to the IMA plugin. The IMA
plugin labels the security.ima xattr with the file signature.
Signed-off-by: Fionnuala Gunter <fi...@li...>
---
lib/fsm.c | 23 ++++++++++++++-
macros.in | 1 +
plugins/Makefile.am | 4 +++
plugins/ima.c | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 110 insertions(+), 1 deletion(-)
create mode 100644 plugins/ima.c
diff --git a/lib/fsm.c b/lib/fsm.c
index e7c2a3b..dbeeaab 100644
--- a/lib/fsm.c
+++ b/lib/fsm.c
@@ -20,6 +20,7 @@
#include "lib/rpmte_internal.h" /* XXX rpmfs */
#include "lib/rpmplugins.h" /* rpm plugins hooks */
#include "lib/rpmug.h"
+#include "lib/rpmlib.h"
#include "debug.h"
@@ -823,12 +824,22 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
char *tid = NULL;
const char *suffix;
char *fpath = NULL;
+ Header h = rpmteHeader(te);
+ struct rpmtd_s sigs;
+ char *sig = NULL;
if (fi == NULL) {
rc = RPMERR_BAD_MAGIC;
goto exit;
}
+ if (h == NULL) {
+ rc = RPMRC_FAIL;
+ goto exit;
+ }
+
+ headerGet(h, RPMTAG_FILESIGNATURES, &sigs, HEADERGET_MINMEM);
+
/* transaction id used for temporary path suffix while installing */
rasprintf(&tid, ";%08x", (unsigned)rpmtsGetTid(ts));
@@ -953,9 +964,17 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
if (rc)
*failedFile = xstrdup(fpath);
+ /* get file signatures from header */
+ if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
+ sig = rpmtdNextString(&sigs);
+ } else {
+ sig = NULL;
+ rpmtdNextString(&sigs);
+ }
+
/* Run fsm file post hook for all plugins */
rpmpluginsCallFsmFilePost(plugins, fi, fpath,
- sb.st_mode, action, NULL, rc);
+ sb.st_mode, action, sig, rc);
fpath = _free(fpath);
}
@@ -965,6 +984,8 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
exit:
/* No need to bother with close errors on read */
+ rpmtdFreeData(&sigs);
+ headerFree(h);
rpmfiArchiveClose(fi);
rpmfiFree(fi);
Fclose(payload);
diff --git a/macros.in b/macros.in
index 1647104..0b62991 100644
--- a/macros.in
+++ b/macros.in
@@ -1043,6 +1043,7 @@ done \
%__transaction_systemd_inhibit %{__plugindir}/systemd_inhibit.so
%__transaction_selinux %{__plugindir}/selinux.so
%__transaction_syslog %{__plugindir}/syslog.so
+%__transaction_ima %{__plugindir}/ima.so
#------------------------------------------------------------------------------
# Macros for further automated spec %setup and patch application
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 53b2450..18f6170 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -31,3 +31,7 @@ endif
syslog_la_SOURCES = syslog.c
syslog_la_LIBADD = $(top_builddir)/lib/librpm.la $(top_builddir)/rpmio/librpmio.la
plugins_LTLIBRARIES += syslog.la
+
+ima_la_sources = ima.c
+ima_la_LIBADD = $(top_builddir)/lib/librpm.la $(top_builddir)/rpmio/librpmio.la
+plugins_LTLIBRARIES += ima.la
diff --git a/plugins/ima.c b/plugins/ima.c
new file mode 100644
index 0000000..6b739db
--- /dev/null
+++ b/plugins/ima.c
@@ -0,0 +1,83 @@
+/**
+ * Copyright (C) 2014 IBM Corporation
+ *
+ * Author: Fionnuala Gunter <fi...@li...>
+ */
+#include <syslog.h>
+
+#include <sys/types.h>
+#include <sys/xattr.h>
+#include <rpm/rpmts.h>
+#include <rpm/rpmlog.h>
+#include <lib/rpmplugin.h>
+#include <errno.h>
+#include <ctype.h>
+
+#include "debug.h"
+
+#define XATTR_NAME_IMA "security.ima"
+
+static int hex_to_bin(char ch)
+{
+ if ((ch >= '0') && (ch <= '9'))
+ return ch - '0';
+ ch = tolower(ch);
+ if ((ch >= 'a') && (ch <= 'f'))
+ return ch - 'a' + 10;
+ return -1;
+}
+
+static int hex2bin(char *dst, const char *src, size_t count)
+{
+ int hi, lo;
+
+ while (count--) {
+ if (*src == ' ')
+ src++;
+
+ hi = hex_to_bin(*src++);
+ lo = hex_to_bin(*src++);
+
+ if ((hi < 0) || (lo < 0))
+ return -1;
+
+ *dst++ = (hi << 4) | lo;
+ }
+ return 0;
+}
+
+static rpmRC ima_init(rpmPlugin plugin, rpmts ts)
+{
+ return RPMRC_OK;
+}
+
+static void ima_cleanup(rpmPlugin plugin)
+{
+}
+
+static rpmRC ima_fsm_file_post(rpmPlugin plugin, rpmfi fi, const char *path,
+ mode_t file_mode, rpmFsmOp op, const char *sig,
+ int res)
+{
+ rpmRC rc = RPMRC_OK;
+ if (sig == NULL) {
+ return rc;
+ }
+
+ int siglen = strlen(sig) + 1;
+ char bin[siglen/2];
+ hex2bin(bin, sig, siglen);
+ rc = lsetxattr(path, XATTR_NAME_IMA, bin, siglen/2, 0);
+
+ if (rpmIsDebug())
+ rpmlog(RPMLOG_DEBUG, "lsetxattr: (%s) %s\n",
+ path, (rc < 0 ? strerror(errno) : ""));
+
+ return rc;
+}
+
+struct rpmPluginHooks_s ima_hooks = {
+ .init = ima_init,
+ .cleanup = ima_cleanup,
+ .fsm_file_post = ima_fsm_file_post,
+};
--
1.9.3
|
|
From: <fi...@li...> - 2014-10-07 20:20:23
|
From: Fionnuala Gunter <fi...@li...>
It will take some time for distros to adopt the file signing process and
distribute packages with file signatures, so this patch extends the rpm
installer to support inline file signing. This patch adds a new option,
signfiles, to the rpm installer.
rpm -ivh [--signfiles [--fskpath <file signing key>]] PACKAGE_FILE ...
Signed-off-by: Fionnuala Gunter <fi...@li...>
---
doc/rpm.8 | 28 +++++++++++++++++++---------
lib/fsm.c | 50 +++++++++++++++++++++++++++++++++++++++++++++-----
lib/poptI.c | 7 +++++++
lib/rpmcli.h | 2 ++
lib/rpminstall.c | 10 +++++++++-
lib/rpmts.c | 15 +++++++++++++++
lib/rpmts.h | 15 +++++++++++++++
lib/rpmts_internal.h | 2 ++
8 files changed, 114 insertions(+), 15 deletions(-)
diff --git a/doc/rpm.8 b/doc/rpm.8
index e583009..4079f71 100644
--- a/doc/rpm.8
+++ b/doc/rpm.8
@@ -84,15 +84,14 @@ rpm \- RPM Package Manager
[\fB--allfiles\fR] [\fB--badreloc\fR] [\fB--excludepath \fIOLDPATH\fB\fR]
- [\fB--excludedocs\fR] [\fB--force\fR] [\fB-h,--hash\fR]
- [\fB--ignoresize\fR] [\fB--ignorearch\fR] [\fB--ignoreos\fR]
- [\fB--includedocs\fR] [\fB--justdb\fR] [\fB--nocollections\fR]
- [\fB--nodeps\fR] [\fB--nodigest\fR] [\fB--nosignature\fR]
- [\fB--noorder\fR] [\fB--noscripts\fR] [\fB--notriggers\fR]
- [\fB--oldpackage\fR] [\fB--percent\fR] [\fB--prefix \fINEWPATH\fB\fR]
- [\fB--relocate \fIOLDPATH\fB=\fINEWPATH\fB\fR]
- [\fB--replacefiles\fR] [\fB--replacepkgs\fR]
- [\fB--test\fR]
+ [\fB--excludedocs\fR] [\fB--force\fR] [\fB--fskpath \fIKEY\fB\fR]
+ [\fB-h,--hash\fR] [\fB--ignoresize\fR] [\fB--ignorearch\fR]
+ [\fB--ignoreos\fR] [\fB--includedocs\fR] [\fB--justdb\fR]
+ [\fB--nocollections\fR] [\fB--nodeps\fR] [\fB--nodigest\fR]
+ [\fB--nosignature\fR] [\fB--noorder\fR] [\fB--noscripts\fR]
+ [\fB--notriggers\fR] [\fB--oldpackage\fR] [\fB--percent\fR]
+ [\fB--prefix \fINEWPATH\fB\fR] [\fB--relocate \fIOLDPATH\fB=\fINEWPATH\fB\fR]
+ [\fB--replacefiles\fR] [\fB--replacepkgs\fR] [\fB--signfiles] [\fB--test\fR]
.SH "DESCRIPTION"
.PP
@@ -232,6 +231,9 @@ Don't install files whose name begins with
Don't install any files which are marked as documentation
(which includes man pages and texinfo documents).
.TP
+\fB--fskpath \fIKEY\fB\fR
+Used with \fB--signfiles\fR, use file signing key \fIKEY\fR.
+.TP
\fB--force\fR
Same as using
\fB--replacepkgs\fR,
@@ -362,6 +364,13 @@ already installed, packages.
Install the packages even if some of them are already installed
on this system.
.TP
+\fB--signfiles\fR
+Sign package files. The macro \fB%_binary_filedigest_algorithm\fR must be set
+before building the package, and the macro must be set to a supported algorithm:
+2, 8, 9, or 10, which represent SHA1, SHA256, SHA384, and SHA512, respectively.
+The file signing key (RSA private key) can be configured on the command line
+with \fB--fskpath\fR or the macro \fB%_file_signing_key\fR.
+.TP
\fB--test\fR
Do not install the package, simply check for and report
potential conflicts.
@@ -875,4 +884,5 @@ what's available.
Marc Ewing <ma...@re...>
Jeff Johnson <jb...@re...>
Erik Troan <ew...@re...>
+Fionnuala Gunter <fi...@li...>
.fi
diff --git a/lib/fsm.c b/lib/fsm.c
index dbeeaab..05ea230 100644
--- a/lib/fsm.c
+++ b/lib/fsm.c
@@ -21,6 +21,7 @@
#include "lib/rpmplugins.h" /* rpm plugins hooks */
#include "lib/rpmug.h"
#include "lib/rpmlib.h"
+#include "lib/rpmsignfiles.h" /* getDigestAlgo, getDigestLength, signFile */
#include "debug.h"
@@ -825,8 +826,13 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
const char *suffix;
char *fpath = NULL;
Header h = rpmteHeader(te);
- struct rpmtd_s sigs;
- char *sig = NULL;
+ struct rpmtd_s digests, sigs;
+ int signFiles = rpmtsSignFiles(ts);
+ const char *key;
+ const char *algo;
+ const char *digest;
+ const char *sig;
+ int diglen = 0;
if (fi == NULL) {
rc = RPMERR_BAD_MAGIC;
@@ -838,7 +844,30 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
goto exit;
}
- headerGet(h, RPMTAG_FILESIGNATURES, &sigs, HEADERGET_MINMEM);
+ if (signFiles) {
+ algo = getDigestAlgo(h);
+ if (!algo) {
+ rc = RPMRC_FAIL;
+ goto exit;
+ }
+
+ diglen = getDigestLength(h);
+ if (diglen < 0) {
+ rc = RPMRC_FAIL;
+ goto exit;
+ }
+
+ key = rpmExpand("%{_file_signing_key}", NULL);
+ if (rstreq(key, "")) {
+ rc = RPMRC_FAIL;
+ fprintf(stderr, _("You must set \"$$_file_signing_key\" in your macro file or on the command line with --fskpath\n"));
+ rpmlog(RPMLOG_ERR, _("no file signing key provided\n"));
+ }
+
+ headerGet(h, RPMTAG_FILEDIGESTS, &digests, HEADERGET_MINMEM);
+ } else {
+ headerGet(h, RPMTAG_FILESIGNATURES, &sigs, HEADERGET_MINMEM);
+ }
/* transaction id used for temporary path suffix while installing */
rasprintf(&tid, ";%08x", (unsigned)rpmtsGetTid(ts));
@@ -964,12 +993,22 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
if (rc)
*failedFile = xstrdup(fpath);
- /* get file signatures from header */
- if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
+ /* sign executable files */
+ if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH) && signFiles) {
+ digest = rpmtdNextString(&digests);
+ sig = signFile(algo, digest, diglen, key);
+ if (!sig) {
+ rpmlog(RPMLOG_ERR, _("signFile failed\n"));
+ goto exit;
+ }
+ }
+ /* or get file signatures from header */
+ else if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
sig = rpmtdNextString(&sigs);
} else {
sig = NULL;
rpmtdNextString(&sigs);
+ rpmtdNextString(&digests);
}
/* Run fsm file post hook for all plugins */
@@ -984,6 +1023,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
exit:
/* No need to bother with close errors on read */
+ rpmtdFreeData(&digests);
rpmtdFreeData(&sigs);
headerFree(h);
rpmfiArchiveClose(fi);
diff --git a/lib/poptI.c b/lib/poptI.c
index e21cde1..699c8cd 100644
--- a/lib/poptI.c
+++ b/lib/poptI.c
@@ -16,8 +16,10 @@ struct rpmInstallArguments_s rpmIArgs = {
0, /* numRelocations */
0, /* noDeps */
0, /* incldocs */
+ 0, /* signFiles */
NULL, /* relocations */
NULL, /* prefix */
+ NULL, /* fileSigningKey */
};
#define POPT_RELOCATE -1021
@@ -146,6 +148,9 @@ struct poptOption rpmInstallPoptTable[] = {
(INSTALL_UPGRADE|INSTALL_FRESHEN|INSTALL_INSTALL),
N_("upgrade package(s) if already installed"),
N_("<packagefile>+") },
+ { "fskpath", '\0', POPT_ARG_STRING, &rpmIArgs.fileSigningKey, 0,
+ N_("use file signing key <key>"),
+ N_("<key>") },
{ "hash", 'h', POPT_BIT_SET, &rpmIArgs.installInterfaceFlags, INSTALL_HASH,
N_("print hash marks as package installs (good with -v)"), NULL},
{ "ignorearch", '\0', POPT_BIT_SET,
@@ -243,6 +248,8 @@ struct poptOption rpmInstallPoptTable[] = {
{ "replacepkgs", '\0', POPT_BIT_SET,
&rpmIArgs.probFilter, RPMPROB_FILTER_REPLACEPKG,
N_("reinstall if the package is already present"), NULL},
+ { "signfiles", '\0', POPT_ARG_NONE, &rpmIArgs.signFiles, 0,
+ N_("sign package files"), NULL},
{ "test", '\0', POPT_BIT_SET, &rpmIArgs.transFlags, RPMTRANS_FLAG_TEST,
N_("don't install, but tell if it would work or not"), NULL},
{ "upgrade", 'U', POPT_BIT_SET,
diff --git a/lib/rpmcli.h b/lib/rpmcli.h
index 48e8250..ff89171 100644
--- a/lib/rpmcli.h
+++ b/lib/rpmcli.h
@@ -339,8 +339,10 @@ struct rpmInstallArguments_s {
int numRelocations;
int noDeps;
int incldocs;
+ int signFiles;
rpmRelocation * relocations;
char * prefix;
+ char * fileSigningKey;
};
/** \ingroup rpmcli
diff --git a/lib/rpminstall.c b/lib/rpminstall.c
index 2e7da7d..d98d506 100644
--- a/lib/rpminstall.c
+++ b/lib/rpminstall.c
@@ -11,6 +11,7 @@
#include <rpm/rpmds.h>
#include <rpm/rpmts.h>
#include <rpm/rpmlog.h>
+#include <rpm/rpmmacro.h>
#include <rpm/rpmfileutil.h>
#include "lib/rpmgi.h"
@@ -417,7 +418,14 @@ int rpmInstall(rpmts ts, struct rpmInstallArguments_s * ia, ARGV_t fileArgv)
relocations = ia->relocations;
- setNotifyFlag(ia, ts);
+ setNotifyFlag(ia, ts);
+
+ rpmtsSetSignFiles(ts, ia->signFiles);
+
+ if (ia->fileSigningKey) {
+ addMacro(NULL, "_file_signing_key", NULL, ia->fileSigningKey,
+ RMIL_GLOBAL);
+ }
if ((eiu->relocations = relocations) != NULL) {
while (eiu->relocations->oldPath)
diff --git a/lib/rpmts.c b/lib/rpmts.c
index a3b4ed2..6d9eb30 100644
--- a/lib/rpmts.c
+++ b/lib/rpmts.c
@@ -897,6 +897,21 @@ int rpmtsSetNotifyCallback(rpmts ts,
return 0;
}
+int rpmtsSignFiles(rpmts ts)
+{
+ return ts ? ts->signFiles : NULL;
+}
+
+int rpmtsSetSignFiles(rpmts ts, int signFiles)
+{
+ if (ts == NULL) {
+ return -1;
+ }
+
+ ts->signFiles = signFiles;
+ return 0;
+}
+
tsMembers rpmtsMembers(rpmts ts)
{
return (ts != NULL) ? ts->members : NULL;
diff --git a/lib/rpmts.h b/lib/rpmts.h
index 5231c80..5f45972 100644
--- a/lib/rpmts.h
+++ b/lib/rpmts.h
@@ -393,6 +393,21 @@ const char * rpmtsRootDir(rpmts ts);
*/
int rpmtsSetRootDir(rpmts ts, const char * rootDir);
+/**
+ * Get transaction sign files flag
+ * @param ts transaction set
+ * @return non-zero if package files need to be signed
+ */
+int rpmtsSignFiles(rpmts ts);
+
+/**
+ * Set transaction sign files flag
+ * @param ts transaction set
+ * @param signFiles new sign files flag
+ * @return 0 on success, -1 on error
+ */
+int rpmtsSetSignFiles(rpmts ts, int signFiles);
+
/** \ingroup rpmts
* Get transaction script file handle, i.e. stdout/stderr on scriptlet execution
* @param ts transaction set
diff --git a/lib/rpmts_internal.h b/lib/rpmts_internal.h
index 0caa7cb..a196932 100644
--- a/lib/rpmts_internal.h
+++ b/lib/rpmts_internal.h
@@ -68,6 +68,8 @@ struct rpmts_s {
rpmPlugins plugins; /*!< Transaction plugins */
int nrefs; /*!< Reference count. */
+
+ int signFiles; /*!< Sign package files. */
};
#ifdef __cplusplus
--
1.9.3
|
|
From: <fi...@li...> - 2014-10-07 20:20:19
|
From: Fionnuala Gunter <fi...@li...>
This patch extends the existing rpm signing tool to also sign package files
and include them in the package header. It defines a tag,
RPMTAG_FILESIGNATURES, an RPM macro %_file_signing_key, and new options
fskpath, and signfiles.
rpm --addsign [--signfiles [--fskpath <file signing key>]] PACKAGE_FILE ...
The new option to rpmsign signs all the file digests included in the
package. When a package is signed with the new option, the file digests are
signed with libimaevm and the key %file_signing_key. The resulting
signatures are included in the package header as an RPMTAG_FILESIGNATURES
tag. Since the header is modified, the SHA1 and MD5 header digests are
recalculated and inserted in the signature header.
After including file signatures, the package is signed normally.
Signed-off-by: Fionnuala Gunter <fi...@li...>
---
configure.ac | 8 ++
doc/rpmsign.8 | 22 +++-
lib/Makefile.am | 3 +-
lib/rpmsignfiles.c | 130 ++++++++++++++++++++++
lib/rpmsignfiles.h | 45 ++++++++
lib/rpmtag.h | 1 +
rpmpopt.in | 1 +
rpmsign.c | 14 ++-
sign/rpmgensig.c | 319 ++++++++++++++++++++++++++++++++++++++++++++++++-----
sign/rpmsign.h | 7 +-
10 files changed, 520 insertions(+), 30 deletions(-)
create mode 100644 lib/rpmsignfiles.c
create mode 100644 lib/rpmsignfiles.h
diff --git a/configure.ac b/configure.ac
index cbb869f..21a6a95 100644
--- a/configure.ac
+++ b/configure.ac
@@ -658,6 +658,14 @@ AC_SUBST(WITH_SELINUX_LIB)
AC_SUBST(WITH_SEMANAGE_LIB)
AM_CONDITIONAL(SELINUX,[test "$with_selinux" = yes])
+# libimaevm
+with_iamevm=no
+AC_ARG_WITH(imaevm, [AS_HELP_STRING([--with-imaevm],[build with imaevm support])])
+if test "$with_imaevm" = yes ; then
+ AC_DEFINE(IMAEVM, 1, [Build with imaevm support?])
+ LIBS="$LIBS -limaevm"
+fi
+
# libcap
WITH_CAP_LIB=
AC_ARG_WITH(cap, [AS_HELP_STRING([--with-cap],[build with capability support])],
diff --git a/doc/rpmsign.8 b/doc/rpmsign.8
index 53f2d70..b19f172 100644
--- a/doc/rpmsign.8
+++ b/doc/rpmsign.8
@@ -2,11 +2,17 @@
.SH NAME
rpmsign \- RPM Package Signing
.SH SYNOPSIS
+.SS "SIGNING PACKAGES:"
+.PP
-\fBrpm\fR \fB--addsign|--resign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
+\fBrpm\fR \fB--addsign|--resign\fR [\fBrpmsign-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
\fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
+.SS "rpmsign-options"
+.PP
+ \fB--fskpath \fIKEY\fB\fR] [\fB--signfiles\fR]
+
.SH DESCRIPTION
.PP
Both of the \fB--addsign\fR and \fB--resign\fR
@@ -20,6 +26,19 @@ there is no difference in behavior currently.
.PP
Delete all signatures from each package \fIPACKAGE_FILE\fR given.
+.SS "SIGN OPTIONS"
+.PP
+.TP
+\fB--fskpath \fIKEY\fB\fR
+Used with \fB--signfiles\fR, use file signing key \fIKEY\fR.
+.TP
+\fB--signfiles\fR
+Sign package files. The macro \fB%_binary_filedigest_algorithm\fR must be set
+before building the package, and the macro must be set to a supported algorithm:
+2, 8, 9, or 10, which represent SHA1, SHA256, SHA384, and SHA512, respectively.
+The file signing key (RSA private key) can be configured on the command line
+with \fB--fskpath\fR or the macro \fB%_file_signing_key\fR.
+
.SS "USING GPG TO SIGN PACKAGES"
.PP
In order to sign packages using GPG, \fBrpm\fR
@@ -78,4 +97,5 @@ Marc Ewing <ma...@re...>
Jeff Johnson <jb...@re...>
Erik Troan <ew...@re...>
Panu Matilainen <pma...@re...>
+Fionnuala Gunter <fi...@li...>
.fi
diff --git a/lib/Makefile.am b/lib/Makefile.am
index a65eb80..f80a47a 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -38,7 +38,8 @@ librpm_la_SOURCES = \
verify.c rpmlock.c rpmlock.h misc.h relocation.c \
rpmscript.h rpmscript.c legacy.c \
rpmchroot.c rpmchroot.h \
- rpmplugins.c rpmplugins.h rpmplugin.h rpmug.c rpmug.h
+ rpmplugins.c rpmplugins.h rpmplugin.h rpmug.c rpmug.h \
+ rpmsignfiles.c rpmsignfiles.h
librpm_la_LDFLAGS = -version-info $(rpm_version_info)
diff --git a/lib/rpmsignfiles.c b/lib/rpmsignfiles.c
new file mode 100644
index 0000000..9c33103
--- /dev/null
+++ b/lib/rpmsignfiles.c
@@ -0,0 +1,130 @@
+/**
+ * Copyright (C) 2014 IBM Corporation
+ *
+ * Author: Fionnuala Gunter <fi...@li...>
+ */
+
+#include "system.h"
+#include "imaevm.h"
+
+#include <rpm/rpmlog.h> /* rpmlog */
+#include <rpm/rpmstring.h> /* rnibble */
+#include <rpm/rpmpgp.h> /* rpmDigestLength */
+#include "lib/header.h" /* HEADERGET_MINMEM */
+#include "lib/rpmtypes.h" /* rpmRC */
+
+#include "lib/rpmsignfiles.h"
+
+static char *rpmDigestAlgo(uint32_t dalgo)
+{
+ switch (dalgo) {
+ case 0:
+ case 1: return "md5";
+ case 2: return "sha1";
+ case 8: return "sha256";
+ case 9: return "sha384";
+ case 10: return "sha512";
+ default: return NULL;
+ }
+}
+
+char *getDigestAlgo(Header h)
+{
+ struct rpmtd_s digalgo;
+ uint32_t *dalgo;
+ char *algo;
+
+ headerGet(h, RPMTAG_FILEDIGESTALGO, &digalgo, HEADERGET_MINMEM);
+ dalgo = rpmtdGetUint32(&digalgo);
+ if (!dalgo) {
+ rpmlog(RPMLOG_ERR, _("rpmtdGetUint32 failed\n"));
+ return NULL;
+ }
+ algo = rpmDigestAlgo(*dalgo);
+ return algo;
+}
+
+int getDigestLength(Header h)
+{
+ struct rpmtd_s digalgo;
+ uint32_t *dalgo;
+ int diglen;
+
+ headerGet(h, RPMTAG_FILEDIGESTALGO, &digalgo, HEADERGET_MINMEM);
+ dalgo = rpmtdGetUint32(&digalgo);
+ if (!dalgo) {
+ rpmlog(RPMLOG_ERR, _("rpmtdGetUint32 failed\n"));
+ return -1;
+ }
+
+ diglen = rpmDigestLength(*dalgo);
+ return diglen;
+}
+
+char *signFile(const char *algo, const char *fdigest, int diglen, const char *key)
+{
+ char *fsignature;
+ unsigned char digest[BUFSIZ];
+ unsigned char signature[BUFSIZ];
+ int siglen;
+
+#ifndef IMAEVM
+ rpmlog(RPMLOG_ERR, _("missing libimaevm\n"));
+ return NULL;
+#endif
+
+ /* convert file digest hex to binary */
+ memset(digest, 0, BUFSIZ);
+ for (int i = 0; i < diglen; ++i, fdigest += 2)
+ digest[i] = (rnibble(fdigest[0]) << 4) | rnibble(fdigest[1]);
+
+ /* prepare file signature */
+ memset(signature, 0, BUFSIZ);
+ signature[0] = '\x03';
+
+ /* calculate file signature */
+ siglen = sign_hash(algo, digest, diglen, key, signature+1);
+ if (siglen < 0) {
+ rpmlog(RPMLOG_ERR, _("sign_hash failed\n"));
+ return NULL;
+ }
+
+ /* convert file signature binary to hex */
+ fsignature = pgpHexStr(signature, siglen+1);
+ return fsignature;
+}
+
+rpmRC signFiles(Header h, const char *key)
+{
+ struct rpmtd_s digests;
+ const char *algo;
+ const char *digest;
+ char *signature;
+ int diglen;
+
+ algo = getDigestAlgo(h);
+ if (!algo) {
+ rpmlog(RPMLOG_ERR, _("getDigestAlgo failed\n"));
+ return RPMRC_FAIL;
+ }
+
+ diglen = getDigestLength(h);
+ if (diglen < 0) {
+ rpmlog(RPMLOG_ERR, _("getDigestLength failed\n"));
+ return RPMRC_FAIL;
+ }
+
+ headerGet(h, RPMTAG_FILEDIGESTS, &digests, HEADERGET_MINMEM);
+ while ((digest = rpmtdNextString(&digests))) {
+ signature = signFile(algo, digest, diglen, key);
+ if (!signature) {
+ rpmlog(RPMLOG_ERR, _("signFile failed\n"));
+ return RPMRC_FAIL;
+ }
+ if (!headerPutString(h, RPMTAG_FILESIGNATURES, signature)) {
+ rpmlog(RPMLOG_ERR, _("headerPutString failed\n"));
+ return RPMRC_FAIL;
+ }
+ }
+ return RPMRC_OK;
+}
diff --git a/lib/rpmsignfiles.h b/lib/rpmsignfiles.h
new file mode 100644
index 0000000..05459f0
--- /dev/null
+++ b/lib/rpmsignfiles.h
@@ -0,0 +1,45 @@
+#ifndef H_RPMSIGNFILES
+#define H_RPMSIGNFILES
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Get file digest algorithm from header
+ * @param header package header
+ * @return file digest algorithm
+ */
+char *getDigestAlgo(Header h);
+
+/**
+ * Get file digest length from header
+ * @param header package header
+ * @return file digest length
+ */
+int getDigestLength(Header h);
+
+/**
+ * Sign a file digest with libimaevm
+ * @param algo file digest algorithm
+ * @param fdigest file digest hex
+ * @param diglen digest length
+ * @param key file signing key
+ * @return file signature hex
+ */
+char *signFile(const char *algo, const char *fdigest, int diglen,
+ const char *key);
+
+/**
+ * Sign file digests in header and store the signatures in header
+ * @param h package header
+ * @param key signing key
+ * @return RPMRC_OK on success
+ */
+rpmRC signFiles(Header h, const char *key);
+
+#ifdef _cplusplus
+}
+#endif
+
+#endif /* H_RPMSIGNFILES */
diff --git a/lib/rpmtag.h b/lib/rpmtag.h
index 58b2479..bd6a36a 100644
--- a/lib/rpmtag.h
+++ b/lib/rpmtag.h
@@ -329,6 +329,7 @@ typedef enum rpmTag_e {
RPMTAG_SUPPLEMENTNEVRS = 5060, /* s[] extension */
RPMTAG_ENHANCENEVRS = 5061, /* s[] extension */
RPMTAG_ENCODING = 5062, /* s */
+ RPMTAG_FILESIGNATURES = 5063, /* s[] */
RPMTAG_FIRSTFREE_TAG /*!< internal */
} rpmTag;
diff --git a/rpmpopt.in b/rpmpopt.in
index 036ab4e..df5e2ec 100644
--- a/rpmpopt.in
+++ b/rpmpopt.in
@@ -162,6 +162,7 @@ rpm alias --httpproxy --define '_httpproxy !#:+'
rpm exec --addsign rpmsign --addsign
rpm exec --delsign rpmsign --delsign
rpm exec --resign rpmsign --resign
+#rpm exec --signfiles rpmsign --signfiles
rpm exec --checksig rpmkeys --checksig
rpm exec -K rpmkeys --checksig
rpm exec --import rpmkeys --import
diff --git a/rpmsign.c b/rpmsign.c
index b8e5598..a2692b9 100644
--- a/rpmsign.c
+++ b/rpmsign.c
@@ -20,6 +20,9 @@ enum modes {
static int mode = 0;
+static int signfiles = 0;
+static char * fileSigningKey = NULL;
+
static struct poptOption signOptsTable[] = {
{ "addsign", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_ADDSIGN,
N_("sign package(s)"), NULL },
@@ -27,6 +30,11 @@ static struct poptOption signOptsTable[] = {
N_("sign package(s) (identical to --addsign)"), NULL },
{ "delsign", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_DELSIGN,
N_("delete package signatures"), NULL },
+ { "signfiles", '\0', POPT_ARG_NONE, &signfiles, 0,
+ N_("sign package(s) files"), NULL},
+ { "fskpath", '\0', POPT_ARG_STRING, &fileSigningKey, 0,
+ N_("use file signing key <key>"),
+ N_("<key>") },
POPT_TABLEEND
};
@@ -119,6 +127,10 @@ static int doSign(poptContext optCon)
goto exit;
}
+ if (fileSigningKey && signfiles) {
+ addMacro(NULL, "_file_signing_key", NULL, fileSigningKey, RMIL_GLOBAL);
+ }
+
/* XXX FIXME: eliminate obsolete getpass() usage */
passPhrase = getpass(_("Enter pass phrase: "));
passPhrase = (passPhrase != NULL) ? rstrdup(passPhrase) : NULL;
@@ -127,7 +139,7 @@ static int doSign(poptContext optCon)
fprintf(stderr, _("Pass phrase is good.\n"));
rc = 0;
while ((arg = poptGetArg(optCon)) != NULL) {
- rc += rpmPkgSign(arg, NULL, passPhrase);
+ rc += rpmPkgSign(arg, NULL, passPhrase, signfiles);
}
} else {
fprintf(stderr, _("Pass phrase check failed or gpg key expired\n"));
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
index 0bd14e3..f07c87e 100644
--- a/sign/rpmgensig.c
+++ b/sign/rpmgensig.c
@@ -1,4 +1,10 @@
-/** \ingroup rpmcli
+/**
+ * Copyright (C) 2014 IBM Corporation
+ *
+ * Author: Fionnuala Gunter <fi...@li...>
+ * added support for file signatures
+ *
+ * \ingroup rpmcli
* \file lib/rpmchecksig.c
* Verify the signature of a package.
*/
@@ -8,17 +14,23 @@
#include <errno.h>
#include <sys/wait.h>
#include <popt.h>
+#include <imaevm.h>
+#include <ctype.h>
#include <rpm/rpmlib.h> /* RPMSIGTAG & related */
#include <rpm/rpmmacro.h>
#include <rpm/rpmpgp.h>
#include <rpm/rpmsign.h>
-#include <rpm/rpmfileutil.h> /* rpmMkTemp() */
+#include <rpm/rpmfileutil.h> /* rpmMkTemp() */
#include <rpm/rpmlog.h>
#include <rpm/rpmstring.h>
#include "lib/rpmlead.h"
#include "lib/signature.h"
+#include "lib/header.h"
+#include "lib/cpio.h" /* rpmcpioOpen, rpmcpioTell */
+#include "lib/rpmsignfiles.h" /* signFiles */
+#include "rpmio/rpmio_internal.h" /* fdInitDigest, fdFiniDigest */
#include "debug.h"
@@ -88,6 +100,10 @@ static int manageFile(FD_t *fdp, const char *fn, int flags)
/**
* Copy header+payload, calculating digest(s) on the fly.
+ * @param sfdp source file
+ * @param sfnp source path
+ * @param tfdp destination file
+ * @param tfnp destination path
*/
static int copyFile(FD_t *sfdp, const char *sfnp,
FD_t *tfdp, const char *tfnp)
@@ -121,8 +137,6 @@ static int copyFile(FD_t *sfdp, const char *sfnp,
rc = 0;
exit:
- if (*sfdp) (void) closeFile(sfdp);
- if (*tfdp) (void) closeFile(tfdp);
return rc;
}
@@ -458,14 +472,277 @@ static int replaceSignature(Header sigh, sigTarget sigt1, sigTarget sigt2,
return rc;
}
+static rpmRC generateSignature(char *SHA1, uint8_t *MD5, rpm_loff_t size,
+ rpm_loff_t payloadSize, FD_t fd)
+{
+ Header sig = NULL;
+ struct rpmtd_s td;
+ rpmTagVal sizetag;
+ rpmTagVal payloadtag;
+ rpm_tagtype_t typetag;
+ rpmRC rc = RPMRC_OK;
+ char *reservedSpace;
+ int spaceSize = 0;
+
+ /* Prepare signature */
+ sig = rpmNewSignature();
+
+ rpmtdReset(&td);
+ td.tag = RPMSIGTAG_SHA1;
+ td.count = 1;
+ td.type = RPM_STRING_TYPE;
+ td.data = SHA1;
+ headerPut(sig, &td, HEADERPUT_DEFAULT);
+
+ rpmtdReset(&td);
+ td.tag = RPMSIGTAG_MD5;
+ td.count = 16;
+ td.type = RPM_BIN_TYPE;
+ td.data = MD5;
+ headerPut(sig, &td, HEADERPUT_DEFAULT);
+
+ if (payloadSize < UINT32_MAX) {
+ sizetag = RPMSIGTAG_SIZE;
+ payloadtag = RPMSIGTAG_PAYLOADSIZE;
+ typetag = RPM_INT32_TYPE;
+ } else {
+ sizetag = RPMSIGTAG_LONGSIZE;
+ payloadtag = RPMSIGTAG_LONGARCHIVESIZE;
+ typetag = RPM_INT64_TYPE;
+ }
+
+ rpmtdReset(&td);
+ td.tag = payloadtag;
+ td.count = 1;
+ td.type = typetag;
+ td.data = &payloadSize;
+ headerPut(sig, &td, HEADERPUT_DEFAULT);
+
+ rpmtdReset(&td);
+ td.tag = sizetag;
+ td.count = 1;
+ td.type = typetag;
+ td.data = &size;
+ headerPut(sig, &td, HEADERPUT_DEFAULT);
+
+ spaceSize = rpmExpandNumeric("%{__gpg_reserved_space}");
+ if(spaceSize > 0) {
+ reservedSpace = xcalloc(spaceSize, sizeof(char));
+ rpmtdReset(&td);
+ td.tag = RPMSIGTAG_RESERVEDSPACE;
+ td.count = spaceSize;
+ td.type = RPM_BIN_TYPE;
+ td.data = reservedSpace;
+ headerPut(sig, &td, HEADERPUT_DEFAULT);
+ free(reservedSpace);
+ }
+
+ /* Reallocate the signature into one contiguous region. */
+ sig = headerReload(sig, RPMTAG_HEADERSIGNATURES);
+ if (sig == NULL) { /* XXX can't happen */
+ rpmlog(RPMLOG_ERR, _("Unable to reload signature header.\n"));
+ rc = RPMRC_FAIL;
+ goto exit;
+ }
+
+ /* Write the signature section into the package. */
+ if (rpmWriteSignature(fd, sig)) {
+ rc = RPMRC_FAIL;
+ goto exit;
+ }
+
+exit:
+ rpmFreeSignature(sig);
+ return rc;
+}
+
+static void unloadImmutableRegion(Header *hdrp, rpmTagVal tag, rpmtd utd)
+{
+ struct rpmtd_s copytd;
+ Header nh;
+ Header oh;
+ HeaderIterator hi;
+
+ if (headerGet(*hdrp, tag, utd, HEADERGET_DEFAULT)) {
+ nh = headerNew();
+ oh = headerCopyLoad(utd->data);
+ hi = headerInitIterator(oh);
+
+ while (headerNext(hi, ©td)) {
+ if (copytd.data)
+ headerPut(nh, ©td, HEADERPUT_DEFAULT);
+ rpmtdFreeData(©td);
+ }
+
+ headerFreeIterator(hi);
+ headerFree(oh);
+ rpmtdFreeData(utd);
+
+ *hdrp = headerLink(nh);
+ headerFree(nh);
+ }
+}
+
+/**
+ * Include file signatures in header
+ * @param fd
+ * @param rpm path to package
+ * @param sigp pointer to signature header
+ * @param hdrp pointer to header
+ * @param sigStart signature offset in rpm
+ * @param headerStart header offset in rpm
+ */
+static rpmRC includeFileSignatures(FD_t fd, const char *rpm,
+ Header *sigp, Header *hdrp,
+ off_t sigStart, off_t headerStart)
+{
+ FD_t ofd = NULL;
+ struct rpmtd_s td;
+ char *trpm = NULL;
+ const char *key;
+ char *SHA1 = NULL;
+ uint8_t *MD5 = NULL;
+ unsigned char buf[32*BUFSIZ];
+ size_t sha1len;
+ size_t md5len;
+ size_t headerSize;
+ off_t archiveSize;
+ rpmRC rc = RPMRC_OK;
+
+ unloadImmutableRegion(hdrp, RPMTAG_HEADERIMMUTABLE, &td);
+
+ key = rpmExpand("%{?_file_signing_key}", NULL);
+ if (rstreq(key, "")) {
+ rc = RPMRC_FAIL;
+ fprintf(stderr, _("You must set \"$$_file_signing_key\" in your macro file or on the command line with --fskpath\n"));
+ rpmlog(RPMLOG_ERR, _("no file signing key provided\n"));
+ goto exit;
+ }
+
+ rc = signFiles(*hdrp, key);
+ if (rc != RPMRC_OK) {
+ rpmlog(RPMLOG_ERR, _("signFiles failed\n"));
+ goto exit;
+ }
+
+ *hdrp = headerReload(*hdrp, RPMTAG_HEADERIMMUTABLE);
+ if (*hdrp == NULL) {
+ rc = RPMRC_FAIL;
+ rpmlog(RPMLOG_ERR, _("headerReload failed\n"));
+ goto exit;
+ }
+
+ ofd = rpmMkTempFile(NULL, &trpm);
+ if (ofd == NULL || Ferror(ofd)) {
+ rc = RPMRC_FAIL;
+ rpmlog(RPMLOG_ERR, _("rpmMkTemp failed\n"));
+ goto exit;
+ }
+
+ /* Copy archive to temp file */
+ if (copyFile(&fd, rpm, &ofd, trpm)) {
+ rc = RPMRC_FAIL;
+ rpmlog(RPMLOG_ERR, _("copyFile failed\n"));
+ goto exit;
+ }
+
+ if (Fseek(fd, headerStart, SEEK_SET) < 0) {
+ rc = RPMRC_FAIL;
+ rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
+ rpm, Fstrerror(fd));
+ goto exit;
+ }
+
+ /* Write header to rpm and recalculate SHA1 */
+ fdInitDigest(fd, PGPHASHALGO_SHA1, 0);
+ rc = headerWrite(fd, *hdrp, HEADER_MAGIC_YES);
+ if (rc != RPMRC_OK) {
+ rpmlog(RPMLOG_ERR, _("headerWrite failed\n"));
+ goto exit;
+ }
+ fdFiniDigest(fd, PGPHASHALGO_SHA1, (void **)&SHA1, &sha1len, 1);
+ headerSize = Ftell(fd) - headerStart;
+
+ /* Copy archive from temp file */
+ if (Fseek(ofd, 0, SEEK_SET) < 0) {
+ rc = RPMRC_FAIL;
+ rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
+ rpm, Fstrerror(fd));
+ goto exit;
+ }
+ if (copyFile(&ofd, trpm, &fd, rpm)) {
+ rc = RPMRC_FAIL;
+ rpmlog(RPMLOG_ERR, _("copyFile failed\n"));
+ goto exit;
+ }
+ unlink(trpm);
+
+ /* Recalculate MD5 digest of header+archive */
+ if (Fseek(fd, headerStart, SEEK_SET) < 0) {
+ rc = RPMRC_FAIL;
+ rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
+ rpm, Fstrerror(fd));
+ goto exit;
+ }
+ fdInitDigest(fd, PGPHASHALGO_MD5, 0);
+
+ while (Fread(buf, sizeof(buf[0]), sizeof(buf), fd) > 0)
+ ;
+ if (Ferror(fd)) {
+ rc = RPMRC_FAIL;
+ rpmlog(RPMLOG_ERR, _("Fread failed in file %s: %s\n"),
+ rpm, Fstrerror(fd));
+ goto exit;
+ }
+ fdFiniDigest(fd, PGPHASHALGO_MD5, (void **)&MD5, &md5len, 0);
+
+ if (Fseek(fd, sigStart, SEEK_SET) < 0) {
+ rc = RPMRC_FAIL;
+ rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
+ rpm, Fstrerror(fd));
+ goto exit;
+ }
+
+ /* Get payload size from signature tag */
+ archiveSize = headerGetNumber(*sigp, RPMSIGTAG_PAYLOADSIZE);
+ if (!archiveSize) {
+ archiveSize = headerGetNumber(*sigp, RPMSIGTAG_LONGARCHIVESIZE);
+ }
+
+ /* Replace old digests in signature */
+ rc = generateSignature(SHA1, MD5, headerSize, archiveSize, fd);
+ if (rc != RPMRC_OK) {
+ rpmlog(RPMLOG_ERR, _("insertDigests failed\n"));
+ goto exit;
+ }
+
+ if (Fseek(fd, sigStart, SEEK_SET) < 0) {
+ rc = RPMRC_FAIL;
+ rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
+ rpm, Fstrerror(fd));
+ goto exit;
+ }
+
+ rc = rpmReadSignature(fd, sigp, RPMSIGTYPE_HEADERSIG, NULL);
+ if (rc != RPMRC_OK) {
+ rpmlog(RPMLOG_ERR, _("rpmReadSignature failed\n"));
+ goto exit;
+ }
+
+exit:
+ return rc;
+}
+
/** \ingroup rpmcli
* Create/modify elements in signature header.
* @param rpm path to package
* @param deleting adding or deleting signature?
* @param passPhrase passPhrase (ignored when deleting)
+ * @param signfiles sign files if non-zero
* @return 0 on success, -1 on error
*/
-static int rpmSign(const char *rpm, int deleting, const char *passPhrase)
+static int rpmSign(const char *rpm, int deleting, const char *passPhrase,
+ int signfiles)
{
FD_t fd = NULL;
FD_t ofd = NULL;
@@ -516,25 +793,15 @@ static int rpmSign(const char *rpm, int deleting, const char *passPhrase)
goto exit;
}
- /* Dump the immutable region (if present). */
- if (headerGet(sigh, RPMTAG_HEADERSIGNATURES, &utd, HEADERGET_DEFAULT)) {
- struct rpmtd_s copytd;
- Header nh = headerNew();
- Header oh = headerCopyLoad(utd.data);
- HeaderIterator hi = headerInitIterator(oh);
- while (headerNext(hi, ©td)) {
- if (copytd.data)
- headerPut(nh, ©td, HEADERPUT_DEFAULT);
- rpmtdFreeData(©td);
+ if (signfiles) {
+ rc = includeFileSignatures(fd, rpm, &sigh, &h, sigStart, headerStart);
+ if (rc != RPMRC_OK) {
+ rpmlog(RPMLOG_ERR, _("includeFileSignatures failed\n"));
+ goto exit;
}
- headerFreeIterator(hi);
- headerFree(oh);
- rpmtdFreeData(&utd);
-
- headerFree(sigh);
- sigh = headerLink(nh);
- headerFree(nh);
}
+
+ unloadImmutableRegion(&sigh, RPMTAG_HEADERSIGNATURES, &utd);
origSigSize = headerSizeof(sigh, HEADER_MAGIC_YES);
if (deleting) { /* Nuke all the signature tags. */
@@ -566,6 +833,7 @@ static int rpmSign(const char *rpm, int deleting, const char *passPhrase)
/* Try to make new signature smaller to have size of original signature */
rpmtdReset(&utd);
+
if (headerGet(sigh, RPMSIGTAG_RESERVEDSPACE, &utd, HEADERGET_MINMEM)) {
int diff;
int count;
@@ -668,7 +936,8 @@ exit:
}
int rpmPkgSign(const char *path,
- const struct rpmSignArgs * args, const char *passPhrase)
+ const struct rpmSignArgs * args, const char *passPhrase,
+ int signfiles)
{
int rc;
@@ -684,7 +953,7 @@ int rpmPkgSign(const char *path,
}
}
- rc = rpmSign(path, 0, passPhrase);
+ rc = rpmSign(path, 0, passPhrase, signfiles);
if (args) {
if (args->hashalgo) {
@@ -700,5 +969,5 @@ int rpmPkgSign(const char *path,
int rpmPkgDelSign(const char *path)
{
- return rpmSign(path, 1, NULL);
+ return rpmSign(path, 1, NULL, 0);
}
diff --git a/sign/rpmsign.h b/sign/rpmsign.h
index 15b3e0f..0ec37c1 100644
--- a/sign/rpmsign.h
+++ b/sign/rpmsign.h
@@ -11,6 +11,8 @@ extern "C" {
struct rpmSignArgs {
char *keyid;
pgpHashAlgo hashalgo;
+ int signFiles;
+ const char *fileSigningKey;
/* ... what else? */
};
@@ -19,10 +21,11 @@ struct rpmSignArgs {
* @param path path to package
* @param args signing parameters (or NULL for defaults)
* @param passPhrase passphrase for the signing key
+ * @param signfiles sign files if non-zero
* @return 0 on success
*/
-int rpmPkgSign(const char *path,
- const struct rpmSignArgs * args, const char *passPhrase);
+int rpmPkgSign(const char *path, const struct rpmSignArgs * args,
+ const char *passPhrase, int signfiles);
/** \ingroup rpmsign
* Delete signature(s) from a package
--
1.9.3
|
|
From: <fi...@li...> - 2014-10-07 20:20:17
|
From: Fionnuala Gunter <fi...@li...>
The ima plugin instantiates fsm_file_post hook, but needs access to the
file's signature, so this patch adds a file signature parameter to the
fsm_file_post parameter list.
Signed-off-by: Fionnuala Gunter <fi...@li...>
---
lib/fsm.c | 7 ++++---
lib/rpmplugin.h | 3 ++-
lib/rpmplugins.c | 5 +++--
lib/rpmplugins.h | 4 +++-
4 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/lib/fsm.c b/lib/fsm.c
index 7ae4747..e7c2a3b 100644
--- a/lib/fsm.c
+++ b/lib/fsm.c
@@ -449,7 +449,8 @@ static int fsmMkdirs(rpmfiles files, rpmfs fs, rpmPlugins plugins)
}
/* Run fsm file post hook for all plugins */
- rpmpluginsCallFsmFilePost(plugins, NULL, dn, mode, op, rc);
+ rpmpluginsCallFsmFilePost(plugins, NULL, dn, mode, op, NULL,
+ rc);
if (!rc) {
rpmlog(RPMLOG_DEBUG,
@@ -954,7 +955,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
/* Run fsm file post hook for all plugins */
rpmpluginsCallFsmFilePost(plugins, fi, fpath,
- sb.st_mode, action, rc);
+ sb.st_mode, action, NULL, rc);
fpath = _free(fpath);
}
@@ -1034,7 +1035,7 @@ int rpmPackageFilesRemove(rpmts ts, rpmte te, rpmfiles files,
/* Run fsm file post hook for all plugins */
rpmpluginsCallFsmFilePost(plugins, fi, fpath,
- sb.st_mode, action, rc);
+ sb.st_mode, action, NULL, rc);
/* XXX Failure to remove is not (yet) cause for failure. */
if (!strict_erasures) rc = 0;
diff --git a/lib/rpmplugin.h b/lib/rpmplugin.h
index fd81aec..f755378 100644
--- a/lib/rpmplugin.h
+++ b/lib/rpmplugin.h
@@ -55,7 +55,8 @@ typedef rpmRC (*plugin_fsm_file_pre_func)(rpmPlugin plugin, rpmfi fi,
rpmFsmOp op);
typedef rpmRC (*plugin_fsm_file_post_func)(rpmPlugin plugin, rpmfi fi,
const char* path, mode_t file_mode,
- rpmFsmOp op, int res);
+ rpmFsmOp op, const char *sig,
+ int res);
typedef rpmRC (*plugin_fsm_file_prepare_func)(rpmPlugin plugin, rpmfi fi,
const char* path,
const char *dest,
diff --git a/lib/rpmplugins.c b/lib/rpmplugins.c
index da04c73..bf856f2 100644
--- a/lib/rpmplugins.c
+++ b/lib/rpmplugins.c
@@ -349,7 +349,8 @@ rpmRC rpmpluginsCallFsmFilePre(rpmPlugins plugins, rpmfi fi, const char *path,
}
rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char *path,
- mode_t file_mode, rpmFsmOp op, int res)
+ mode_t file_mode, rpmFsmOp op, const char *sig,
+ int res)
{
plugin_fsm_file_post_func hookFunc;
int i;
@@ -358,7 +359,7 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char *path,
for (i = 0; i < plugins->count; i++) {
rpmPlugin plugin = plugins->plugins[i];
RPMPLUGINS_SET_HOOK_FUNC(fsm_file_post);
- if (hookFunc && hookFunc(plugin, fi, path, file_mode, op, res) == RPMRC_FAIL)
+ if (hookFunc && hookFunc(plugin, fi, path, file_mode, op, sig, res) == RPMRC_FAIL)
rc = RPMRC_FAIL;
}
diff --git a/lib/rpmplugins.h b/lib/rpmplugins.h
index ecfa68b..93ab7b9 100644
--- a/lib/rpmplugins.h
+++ b/lib/rpmplugins.h
@@ -144,12 +144,14 @@ rpmRC rpmpluginsCallFsmFilePre(rpmPlugins plugins, rpmfi fi, const char* path,
* @param path file object path
* @param file_mode file object mode
* @param op file operation + associated flags
+ * @param sig file signature
* @param res fsm result code
* @return RPMRC_OK on success, RPMRC_FAIL otherwise
*/
RPM_GNUC_INTERNAL
rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char* path,
- mode_t file_mode, rpmFsmOp op, int res);
+ mode_t file_mode, rpmFsmOp op, const char *sig,
+ int res);
/** \ingroup rpmplugins
* Call the fsm file prepare plugin hook. Called after setting
--
1.9.3
|
|
From: <fi...@li...> - 2014-10-07 20:20:16
|
From: Fionnuala Gunter <fi...@li...> The Linux kernel's ima-appraisal module verifies file signatures. The problem with verifying digital signatures of files is how the files are signed in the first place. In our current prototype, we sign all files after system installation, but this doesn't handle ongoing updates. We propose that Linux distributors sign all files as part of the normal package signing. RPM already maintains hashes of all files in the rpm package, and this can be extended to add file signatures. This patch set extends the rpm signing tool to include file signatures in packages, and extends the rpm install tool to install file signatures. Changelog v2: -support for inline signing of files -command line option for file signing key -included missing file -fixed type in rpmDigestAlgo Changelog v3: -split up patch Fionnuala Gunter (4): Add file signature to fsm_file_post parameter list Sign package files and include signatures in package header Label ima xattr when signed files are installed Sign package files during installation configure.ac | 8 ++ doc/rpm.8 | 28 +++-- doc/rpmsign.8 | 22 +++- lib/Makefile.am | 3 +- lib/fsm.c | 68 ++++++++++- lib/poptI.c | 7 ++ lib/rpmcli.h | 2 + lib/rpminstall.c | 10 +- lib/rpmplugin.h | 3 +- lib/rpmplugins.c | 5 +- lib/rpmplugins.h | 4 +- lib/rpmsignfiles.c | 130 +++++++++++++++++++++ lib/rpmsignfiles.h | 45 ++++++++ lib/rpmtag.h | 1 + lib/rpmts.c | 15 +++ lib/rpmts.h | 15 +++ lib/rpmts_internal.h | 2 + macros.in | 1 + plugins/Makefile.am | 4 + plugins/ima.c | 83 ++++++++++++++ rpmpopt.in | 1 + rpmsign.c | 14 ++- sign/rpmgensig.c | 319 +++++++++++++++++++++++++++++++++++++++++++++++---- sign/rpmsign.h | 7 +- 24 files changed, 750 insertions(+), 47 deletions(-) create mode 100644 lib/rpmsignfiles.c create mode 100644 lib/rpmsignfiles.h create mode 100644 plugins/ima.c -- 1.9.3 |
|
From: Dmitry K. <d.k...@sa...> - 2014-09-23 08:55:03
|
On 23/09/14 07:42, be...@co... wrote:
> From: Behan Webster <be...@co...>
>
> Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
> compliant equivalent. This patch allocates the appropriate amount of memory
> using a char array using the SHASH_DESC_ON_STACK macro.
>
> The new code can be compiled with both gcc and clang.
>
> Signed-off-by: Behan Webster <be...@co...>
> Reviewed-by: Mark Charlebois <cha...@gm...>
> Reviewed-by: Jan-Simon Möller <dl...@gm...>
> Acked-by: Herbert Xu <he...@go...>
> Cc: tg...@li...
Looks good. Thanks.
Acked-by: Dmitry Kasatkin <d.k...@sa...>
> ---
> security/integrity/ima/ima_crypto.c | 47 +++++++++++++++----------------------
> 1 file changed, 19 insertions(+), 28 deletions(-)
>
> diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
> index 0bd7328..e35f5d9 100644
> --- a/security/integrity/ima/ima_crypto.c
> +++ b/security/integrity/ima/ima_crypto.c
> @@ -380,17 +380,14 @@ static int ima_calc_file_hash_tfm(struct file *file,
> loff_t i_size, offset = 0;
> char *rbuf;
> int rc, read = 0;
> - struct {
> - struct shash_desc shash;
> - char ctx[crypto_shash_descsize(tfm)];
> - } desc;
> + SHASH_DESC_ON_STACK(shash, tfm);
>
> - desc.shash.tfm = tfm;
> - desc.shash.flags = 0;
> + shash->tfm = tfm;
> + shash->flags = 0;
>
> hash->length = crypto_shash_digestsize(tfm);
>
> - rc = crypto_shash_init(&desc.shash);
> + rc = crypto_shash_init(shash);
> if (rc != 0)
> return rc;
>
> @@ -420,7 +417,7 @@ static int ima_calc_file_hash_tfm(struct file *file,
> break;
> offset += rbuf_len;
>
> - rc = crypto_shash_update(&desc.shash, rbuf, rbuf_len);
> + rc = crypto_shash_update(shash, rbuf, rbuf_len);
> if (rc)
> break;
> }
> @@ -429,7 +426,7 @@ static int ima_calc_file_hash_tfm(struct file *file,
> kfree(rbuf);
> out:
> if (!rc)
> - rc = crypto_shash_final(&desc.shash, hash->digest);
> + rc = crypto_shash_final(shash, hash->digest);
> return rc;
> }
>
> @@ -487,18 +484,15 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
> struct ima_digest_data *hash,
> struct crypto_shash *tfm)
> {
> - struct {
> - struct shash_desc shash;
> - char ctx[crypto_shash_descsize(tfm)];
> - } desc;
> + SHASH_DESC_ON_STACK(shash, tfm);
> int rc, i;
>
> - desc.shash.tfm = tfm;
> - desc.shash.flags = 0;
> + shash->tfm = tfm;
> + shash->flags = 0;
>
> hash->length = crypto_shash_digestsize(tfm);
>
> - rc = crypto_shash_init(&desc.shash);
> + rc = crypto_shash_init(shash);
> if (rc != 0)
> return rc;
>
> @@ -508,7 +502,7 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
> u32 datalen = field_data[i].len;
>
> if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {
> - rc = crypto_shash_update(&desc.shash,
> + rc = crypto_shash_update(shash,
> (const u8 *) &field_data[i].len,
> sizeof(field_data[i].len));
> if (rc)
> @@ -518,13 +512,13 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
> data_to_hash = buffer;
> datalen = IMA_EVENT_NAME_LEN_MAX + 1;
> }
> - rc = crypto_shash_update(&desc.shash, data_to_hash, datalen);
> + rc = crypto_shash_update(shash, data_to_hash, datalen);
> if (rc)
> break;
> }
>
> if (!rc)
> - rc = crypto_shash_final(&desc.shash, hash->digest);
> + rc = crypto_shash_final(shash, hash->digest);
>
> return rc;
> }
> @@ -565,15 +559,12 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest,
> {
> u8 pcr_i[TPM_DIGEST_SIZE];
> int rc, i;
> - struct {
> - struct shash_desc shash;
> - char ctx[crypto_shash_descsize(tfm)];
> - } desc;
> + SHASH_DESC_ON_STACK(shash, tfm);
>
> - desc.shash.tfm = tfm;
> - desc.shash.flags = 0;
> + shash->tfm = tfm;
> + shash->flags = 0;
>
> - rc = crypto_shash_init(&desc.shash);
> + rc = crypto_shash_init(shash);
> if (rc != 0)
> return rc;
>
> @@ -581,10 +572,10 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest,
> for (i = TPM_PCR0; i < TPM_PCR8; i++) {
> ima_pcrread(i, pcr_i);
> /* now accumulate with current aggregate */
> - rc = crypto_shash_update(&desc.shash, pcr_i, TPM_DIGEST_SIZE);
> + rc = crypto_shash_update(shash, pcr_i, TPM_DIGEST_SIZE);
> }
> if (!rc)
> - crypto_shash_final(&desc.shash, digest);
> + crypto_shash_final(shash, digest);
> return rc;
> }
>
|
|
From: <be...@co...> - 2014-09-23 04:43:24
|
From: Jan-Simon Möller <dl...@gm...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Jan-Simon Möller <dl...@gm...>
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Acked-by: Herbert Xu <he...@go...>
Cc: pag...@fr...
---
crypto/testmgr.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index ac2b631..b959c0c 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1714,16 +1714,14 @@ static int alg_test_crc32c(const struct alg_test_desc *desc,
}
do {
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } sdesc;
+ SHASH_DESC_ON_STACK(shash, tfm);
+ u32 *ctx = (u32 *)shash_desc_ctx(shash);
- sdesc.shash.tfm = tfm;
- sdesc.shash.flags = 0;
+ shash->tfm = tfm;
+ shash->flags = 0;
- *(u32 *)sdesc.ctx = le32_to_cpu(420553207);
- err = crypto_shash_final(&sdesc.shash, (u8 *)&val);
+ *ctx = le32_to_cpu(420553207);
+ err = crypto_shash_final(shash, (u8 *)&val);
if (err) {
printk(KERN_ERR "alg: crc32c: Operation failed for "
"%s: %d\n", driver, err);
--
1.9.1
|
|
From: <be...@co...> - 2014-09-23 04:43:21
|
From: Behan Webster <be...@co...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Reviewed-by: Jan-Simon Möller <dl...@gm...>
Acked-by: Herbert Xu <he...@go...>
Cc: tg...@li...
---
security/integrity/ima/ima_crypto.c | 47 +++++++++++++++----------------------
1 file changed, 19 insertions(+), 28 deletions(-)
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index 0bd7328..e35f5d9 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -380,17 +380,14 @@ static int ima_calc_file_hash_tfm(struct file *file,
loff_t i_size, offset = 0;
char *rbuf;
int rc, read = 0;
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
+ shash->tfm = tfm;
+ shash->flags = 0;
hash->length = crypto_shash_digestsize(tfm);
- rc = crypto_shash_init(&desc.shash);
+ rc = crypto_shash_init(shash);
if (rc != 0)
return rc;
@@ -420,7 +417,7 @@ static int ima_calc_file_hash_tfm(struct file *file,
break;
offset += rbuf_len;
- rc = crypto_shash_update(&desc.shash, rbuf, rbuf_len);
+ rc = crypto_shash_update(shash, rbuf, rbuf_len);
if (rc)
break;
}
@@ -429,7 +426,7 @@ static int ima_calc_file_hash_tfm(struct file *file,
kfree(rbuf);
out:
if (!rc)
- rc = crypto_shash_final(&desc.shash, hash->digest);
+ rc = crypto_shash_final(shash, hash->digest);
return rc;
}
@@ -487,18 +484,15 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
struct ima_digest_data *hash,
struct crypto_shash *tfm)
{
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
int rc, i;
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
+ shash->tfm = tfm;
+ shash->flags = 0;
hash->length = crypto_shash_digestsize(tfm);
- rc = crypto_shash_init(&desc.shash);
+ rc = crypto_shash_init(shash);
if (rc != 0)
return rc;
@@ -508,7 +502,7 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
u32 datalen = field_data[i].len;
if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {
- rc = crypto_shash_update(&desc.shash,
+ rc = crypto_shash_update(shash,
(const u8 *) &field_data[i].len,
sizeof(field_data[i].len));
if (rc)
@@ -518,13 +512,13 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
data_to_hash = buffer;
datalen = IMA_EVENT_NAME_LEN_MAX + 1;
}
- rc = crypto_shash_update(&desc.shash, data_to_hash, datalen);
+ rc = crypto_shash_update(shash, data_to_hash, datalen);
if (rc)
break;
}
if (!rc)
- rc = crypto_shash_final(&desc.shash, hash->digest);
+ rc = crypto_shash_final(shash, hash->digest);
return rc;
}
@@ -565,15 +559,12 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest,
{
u8 pcr_i[TPM_DIGEST_SIZE];
int rc, i;
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
+ shash->tfm = tfm;
+ shash->flags = 0;
- rc = crypto_shash_init(&desc.shash);
+ rc = crypto_shash_init(shash);
if (rc != 0)
return rc;
@@ -581,10 +572,10 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest,
for (i = TPM_PCR0; i < TPM_PCR8; i++) {
ima_pcrread(i, pcr_i);
/* now accumulate with current aggregate */
- rc = crypto_shash_update(&desc.shash, pcr_i, TPM_DIGEST_SIZE);
+ rc = crypto_shash_update(shash, pcr_i, TPM_DIGEST_SIZE);
}
if (!rc)
- crypto_shash_final(&desc.shash, digest);
+ crypto_shash_final(shash, digest);
return rc;
}
--
1.9.1
|
|
From: <be...@co...> - 2014-09-23 04:43:19
|
From: Jan-Simon Möller <dl...@gm...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Jan-Simon Möller <dl...@gm...>
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Acked-by: Herbert Xu <he...@go...>
Cc: pag...@fr...
Cc: "David S. Miller" <da...@da...>
---
lib/libcrc32c.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/lib/libcrc32c.c b/lib/libcrc32c.c
index b3131f5..6a08ce7 100644
--- a/lib/libcrc32c.c
+++ b/lib/libcrc32c.c
@@ -41,20 +41,18 @@ static struct crypto_shash *tfm;
u32 crc32c(u32 crc, const void *address, unsigned int length)
{
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
+ u32 *ctx = (u32 *)shash_desc_ctx(shash);
int err;
- desc.shash.tfm = tfm;
- desc.shash.flags = 0;
- *(u32 *)desc.ctx = crc;
+ shash->tfm = tfm;
+ shash->flags = 0;
+ *ctx = crc;
- err = crypto_shash_update(&desc.shash, address, length);
+ err = crypto_shash_update(shash, address, length);
BUG_ON(err);
- return *(u32 *)desc.ctx;
+ return *ctx;
}
EXPORT_SYMBOL(crc32c);
--
1.9.1
|
|
From: <be...@co...> - 2014-09-23 04:43:16
|
From: Jan-Simon Möller <dl...@gm...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Jan-Simon Möller <dl...@gm...>
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Acked-by: Herbert Xu <he...@go...>
Cc: pag...@fr...
---
crypto/hmac.c | 25 +++++++++++--------------
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 8d9544c..e392219 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -52,20 +52,17 @@ static int hmac_setkey(struct crypto_shash *parent,
struct hmac_ctx *ctx = align_ptr(opad + ss,
crypto_tfm_ctx_alignment());
struct crypto_shash *hash = ctx->hash;
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(hash)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, hash);
unsigned int i;
- desc.shash.tfm = hash;
- desc.shash.flags = crypto_shash_get_flags(parent) &
- CRYPTO_TFM_REQ_MAY_SLEEP;
+ shash->tfm = hash;
+ shash->flags = crypto_shash_get_flags(parent)
+ & CRYPTO_TFM_REQ_MAY_SLEEP;
if (keylen > bs) {
int err;
- err = crypto_shash_digest(&desc.shash, inkey, keylen, ipad);
+ err = crypto_shash_digest(shash, inkey, keylen, ipad);
if (err)
return err;
@@ -81,12 +78,12 @@ static int hmac_setkey(struct crypto_shash *parent,
opad[i] ^= 0x5c;
}
- return crypto_shash_init(&desc.shash) ?:
- crypto_shash_update(&desc.shash, ipad, bs) ?:
- crypto_shash_export(&desc.shash, ipad) ?:
- crypto_shash_init(&desc.shash) ?:
- crypto_shash_update(&desc.shash, opad, bs) ?:
- crypto_shash_export(&desc.shash, opad);
+ return crypto_shash_init(shash) ?:
+ crypto_shash_update(shash, ipad, bs) ?:
+ crypto_shash_export(shash, ipad) ?:
+ crypto_shash_init(shash) ?:
+ crypto_shash_update(shash, opad, bs) ?:
+ crypto_shash_export(shash, opad);
}
static int hmac_export(struct shash_desc *pdesc, void *out)
--
1.9.1
|
|
From: <be...@co...> - 2014-09-23 04:43:14
|
From: Jan-Simon Möller <dl...@gm...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Jan-Simon Möller <dl...@gm...>
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Acked-by: Herbert Xu <he...@go...>
Cc: pag...@fr...
Cc: gma...@gm...
Cc: "David S. Miller" <da...@da...>
---
drivers/md/dm-crypt.c | 34 ++++++++++++++--------------------
1 file changed, 14 insertions(+), 20 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index cd15e08..fc93b93 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -526,29 +526,26 @@ static int crypt_iv_lmk_one(struct crypt_config *cc, u8 *iv,
u8 *data)
{
struct iv_lmk_private *lmk = &cc->iv_gen_private.lmk;
- struct {
- struct shash_desc desc;
- char ctx[crypto_shash_descsize(lmk->hash_tfm)];
- } sdesc;
+ SHASH_DESC_ON_STACK(desc, lmk->hash_tfm);
struct md5_state md5state;
__le32 buf[4];
int i, r;
- sdesc.desc.tfm = lmk->hash_tfm;
- sdesc.desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+ desc->tfm = lmk->hash_tfm;
+ desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
- r = crypto_shash_init(&sdesc.desc);
+ r = crypto_shash_init(desc);
if (r)
return r;
if (lmk->seed) {
- r = crypto_shash_update(&sdesc.desc, lmk->seed, LMK_SEED_SIZE);
+ r = crypto_shash_update(desc, lmk->seed, LMK_SEED_SIZE);
if (r)
return r;
}
/* Sector is always 512B, block size 16, add data of blocks 1-31 */
- r = crypto_shash_update(&sdesc.desc, data + 16, 16 * 31);
+ r = crypto_shash_update(desc, data + 16, 16 * 31);
if (r)
return r;
@@ -557,12 +554,12 @@ static int crypt_iv_lmk_one(struct crypt_config *cc, u8 *iv,
buf[1] = cpu_to_le32((((u64)dmreq->iv_sector >> 32) & 0x00FFFFFF) | 0x80000000);
buf[2] = cpu_to_le32(4024);
buf[3] = 0;
- r = crypto_shash_update(&sdesc.desc, (u8 *)buf, sizeof(buf));
+ r = crypto_shash_update(desc, (u8 *)buf, sizeof(buf));
if (r)
return r;
/* No MD5 padding here */
- r = crypto_shash_export(&sdesc.desc, &md5state);
+ r = crypto_shash_export(desc, &md5state);
if (r)
return r;
@@ -679,10 +676,7 @@ static int crypt_iv_tcw_whitening(struct crypt_config *cc,
struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw;
u64 sector = cpu_to_le64((u64)dmreq->iv_sector);
u8 buf[TCW_WHITENING_SIZE];
- struct {
- struct shash_desc desc;
- char ctx[crypto_shash_descsize(tcw->crc32_tfm)];
- } sdesc;
+ SHASH_DESC_ON_STACK(desc, tcw->crc32_tfm);
int i, r;
/* xor whitening with sector number */
@@ -691,16 +685,16 @@ static int crypt_iv_tcw_whitening(struct crypt_config *cc,
crypto_xor(&buf[8], (u8 *)§or, 8);
/* calculate crc32 for every 32bit part and xor it */
- sdesc.desc.tfm = tcw->crc32_tfm;
- sdesc.desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+ desc->tfm = tcw->crc32_tfm;
+ desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
for (i = 0; i < 4; i++) {
- r = crypto_shash_init(&sdesc.desc);
+ r = crypto_shash_init(desc);
if (r)
goto out;
- r = crypto_shash_update(&sdesc.desc, &buf[i * 4], 4);
+ r = crypto_shash_update(desc, &buf[i * 4], 4);
if (r)
goto out;
- r = crypto_shash_final(&sdesc.desc, &buf[i * 4]);
+ r = crypto_shash_final(desc, &buf[i * 4]);
if (r)
goto out;
}
--
1.9.1
|
|
From: <be...@co...> - 2014-09-23 04:43:10
|
From: Behan Webster <be...@co...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Reviewed-by: Jan-Simon Möller <dl...@gm...>
Acked-by: Herbert Xu <he...@go...>
---
drivers/crypto/qat/qat_common/qat_algs.c | 31 ++++++++++++++-----------------
1 file changed, 14 insertions(+), 17 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index 59df488..9cabadd 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -152,10 +152,7 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
const uint8_t *auth_key,
unsigned int auth_keylen, uint8_t *auth_state)
{
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(ctx->hash_tfm)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, ctx->hash_tfm);
struct sha1_state sha1;
struct sha256_state sha256;
struct sha512_state sha512;
@@ -167,12 +164,12 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
__be64 *hash512_state_out;
int i, offset;
- desc.shash.tfm = ctx->hash_tfm;
- desc.shash.flags = 0x0;
+ shash->tfm = ctx->hash_tfm;
+ shash->flags = 0x0;
if (auth_keylen > block_size) {
char buff[SHA512_BLOCK_SIZE];
- int ret = crypto_shash_digest(&desc.shash, auth_key,
+ int ret = crypto_shash_digest(shash, auth_key,
auth_keylen, buff);
if (ret)
return ret;
@@ -195,10 +192,10 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
*opad_ptr ^= 0x5C;
}
- if (crypto_shash_init(&desc.shash))
+ if (crypto_shash_init(shash))
return -EFAULT;
- if (crypto_shash_update(&desc.shash, ipad, block_size))
+ if (crypto_shash_update(shash, ipad, block_size))
return -EFAULT;
hash_state_out = (__be32 *)hash->sha.state1;
@@ -206,19 +203,19 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
switch (ctx->qat_hash_alg) {
case ICP_QAT_HW_AUTH_ALGO_SHA1:
- if (crypto_shash_export(&desc.shash, &sha1))
+ if (crypto_shash_export(shash, &sha1))
return -EFAULT;
for (i = 0; i < digest_size >> 2; i++, hash_state_out++)
*hash_state_out = cpu_to_be32(*(sha1.state + i));
break;
case ICP_QAT_HW_AUTH_ALGO_SHA256:
- if (crypto_shash_export(&desc.shash, &sha256))
+ if (crypto_shash_export(shash, &sha256))
return -EFAULT;
for (i = 0; i < digest_size >> 2; i++, hash_state_out++)
*hash_state_out = cpu_to_be32(*(sha256.state + i));
break;
case ICP_QAT_HW_AUTH_ALGO_SHA512:
- if (crypto_shash_export(&desc.shash, &sha512))
+ if (crypto_shash_export(shash, &sha512))
return -EFAULT;
for (i = 0; i < digest_size >> 3; i++, hash512_state_out++)
*hash512_state_out = cpu_to_be64(*(sha512.state + i));
@@ -227,10 +224,10 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
return -EFAULT;
}
- if (crypto_shash_init(&desc.shash))
+ if (crypto_shash_init(shash))
return -EFAULT;
- if (crypto_shash_update(&desc.shash, opad, block_size))
+ if (crypto_shash_update(shash, opad, block_size))
return -EFAULT;
offset = round_up(qat_get_inter_state_size(ctx->qat_hash_alg), 8);
@@ -239,19 +236,19 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
switch (ctx->qat_hash_alg) {
case ICP_QAT_HW_AUTH_ALGO_SHA1:
- if (crypto_shash_export(&desc.shash, &sha1))
+ if (crypto_shash_export(shash, &sha1))
return -EFAULT;
for (i = 0; i < digest_size >> 2; i++, hash_state_out++)
*hash_state_out = cpu_to_be32(*(sha1.state + i));
break;
case ICP_QAT_HW_AUTH_ALGO_SHA256:
- if (crypto_shash_export(&desc.shash, &sha256))
+ if (crypto_shash_export(shash, &sha256))
return -EFAULT;
for (i = 0; i < digest_size >> 2; i++, hash_state_out++)
*hash_state_out = cpu_to_be32(*(sha256.state + i));
break;
case ICP_QAT_HW_AUTH_ALGO_SHA512:
- if (crypto_shash_export(&desc.shash, &sha512))
+ if (crypto_shash_export(shash, &sha512))
return -EFAULT;
for (i = 0; i < digest_size >> 3; i++, hash512_state_out++)
*hash512_state_out = cpu_to_be64(*(sha512.state + i));
--
1.9.1
|
|
From: <be...@co...> - 2014-09-23 04:43:09
|
From: Behan Webster <be...@co...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Reviewed-by: Jan-Simon Möller <dl...@gm...>
Acked-by: Herbert Xu <he...@go...>
---
drivers/crypto/omap-sham.c | 28 +++++++++++-----------------
1 file changed, 11 insertions(+), 17 deletions(-)
diff --git a/drivers/crypto/omap-sham.c b/drivers/crypto/omap-sham.c
index 710d863..24ef489 100644
--- a/drivers/crypto/omap-sham.c
+++ b/drivers/crypto/omap-sham.c
@@ -949,17 +949,14 @@ static int omap_sham_finish_hmac(struct ahash_request *req)
struct omap_sham_hmac_ctx *bctx = tctx->base;
int bs = crypto_shash_blocksize(bctx->shash);
int ds = crypto_shash_digestsize(bctx->shash);
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(bctx->shash)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, bctx->shash);
- desc.shash.tfm = bctx->shash;
- desc.shash.flags = 0; /* not CRYPTO_TFM_REQ_MAY_SLEEP */
+ shash->tfm = bctx->shash;
+ shash->flags = 0; /* not CRYPTO_TFM_REQ_MAY_SLEEP */
- return crypto_shash_init(&desc.shash) ?:
- crypto_shash_update(&desc.shash, bctx->opad, bs) ?:
- crypto_shash_finup(&desc.shash, req->result, ds, req->result);
+ return crypto_shash_init(shash) ?:
+ crypto_shash_update(shash, bctx->opad, bs) ?:
+ crypto_shash_finup(shash, req->result, ds, req->result);
}
static int omap_sham_finish(struct ahash_request *req)
@@ -1118,18 +1115,15 @@ static int omap_sham_update(struct ahash_request *req)
return omap_sham_enqueue(req, OP_UPDATE);
}
-static int omap_sham_shash_digest(struct crypto_shash *shash, u32 flags,
+static int omap_sham_shash_digest(struct crypto_shash *tfm, u32 flags,
const u8 *data, unsigned int len, u8 *out)
{
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(shash)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm);
- desc.shash.tfm = shash;
- desc.shash.flags = flags & CRYPTO_TFM_REQ_MAY_SLEEP;
+ shash->tfm = tfm;
+ shash->flags = flags & CRYPTO_TFM_REQ_MAY_SLEEP;
- return crypto_shash_digest(&desc.shash, data, len, out);
+ return crypto_shash_digest(shash, data, len, out);
}
static int omap_sham_final_shash(struct ahash_request *req)
--
1.9.1
|
|
From: <be...@co...> - 2014-09-23 04:43:04
|
From: Behan Webster <be...@co...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Reviewed-by: Jan-Simon Möller <dl...@gm...>
Acked-by: Herbert Xu <he...@go...>
---
drivers/crypto/n2_core.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/drivers/crypto/n2_core.c b/drivers/crypto/n2_core.c
index 7263c10..f8e3207 100644
--- a/drivers/crypto/n2_core.c
+++ b/drivers/crypto/n2_core.c
@@ -445,10 +445,7 @@ static int n2_hmac_async_setkey(struct crypto_ahash *tfm, const u8 *key,
struct n2_hmac_ctx *ctx = crypto_ahash_ctx(tfm);
struct crypto_shash *child_shash = ctx->child_shash;
struct crypto_ahash *fallback_tfm;
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(child_shash)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, child_shash);
int err, bs, ds;
fallback_tfm = ctx->base.fallback_tfm;
@@ -456,15 +453,15 @@ static int n2_hmac_async_setkey(struct crypto_ahash *tfm, const u8 *key,
if (err)
return err;
- desc.shash.tfm = child_shash;
- desc.shash.flags = crypto_ahash_get_flags(tfm) &
+ shash->tfm = child_shash;
+ shash->flags = crypto_ahash_get_flags(tfm) &
CRYPTO_TFM_REQ_MAY_SLEEP;
bs = crypto_shash_blocksize(child_shash);
ds = crypto_shash_digestsize(child_shash);
BUG_ON(ds > N2_HASH_KEY_MAX);
if (keylen > bs) {
- err = crypto_shash_digest(&desc.shash, key, keylen,
+ err = crypto_shash_digest(shash, key, keylen,
ctx->hash_key);
if (err)
return err;
--
1.9.1
|
|
From: <be...@co...> - 2014-09-23 04:43:02
|
From: Behan Webster <be...@co...>
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.
The new code can be compiled with both gcc and clang.
Signed-off-by: Behan Webster <be...@co...>
Reviewed-by: Mark Charlebois <cha...@gm...>
Reviewed-by: Jan-Simon Möller <dl...@gm...>
Acked-by: Herbert Xu <he...@go...>
---
drivers/crypto/mv_cesa.c | 41 ++++++++++++++++++-----------------------
1 file changed, 18 insertions(+), 23 deletions(-)
diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c
index 29d0ee5..032c72c 100644
--- a/drivers/crypto/mv_cesa.c
+++ b/drivers/crypto/mv_cesa.c
@@ -402,26 +402,23 @@ static int mv_hash_final_fallback(struct ahash_request *req)
{
const struct mv_tfm_hash_ctx *tfm_ctx = crypto_tfm_ctx(req->base.tfm);
struct mv_req_hash_ctx *req_ctx = ahash_request_ctx(req);
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(tfm_ctx->fallback)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, tfm_ctx->fallback);
int rc;
- desc.shash.tfm = tfm_ctx->fallback;
- desc.shash.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+ shash->tfm = tfm_ctx->fallback;
+ shash->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
if (unlikely(req_ctx->first_hash)) {
- crypto_shash_init(&desc.shash);
- crypto_shash_update(&desc.shash, req_ctx->buffer,
+ crypto_shash_init(shash);
+ crypto_shash_update(shash, req_ctx->buffer,
req_ctx->extra_bytes);
} else {
/* only SHA1 for now....
*/
- rc = mv_hash_import_sha1_ctx(req_ctx, &desc.shash);
+ rc = mv_hash_import_sha1_ctx(req_ctx, shash);
if (rc)
goto out;
}
- rc = crypto_shash_final(&desc.shash, req->result);
+ rc = crypto_shash_final(shash, req->result);
out:
return rc;
}
@@ -794,23 +791,21 @@ static int mv_hash_setkey(struct crypto_ahash *tfm, const u8 * key,
ss = crypto_shash_statesize(ctx->base_hash);
{
- struct {
- struct shash_desc shash;
- char ctx[crypto_shash_descsize(ctx->base_hash)];
- } desc;
+ SHASH_DESC_ON_STACK(shash, ctx->base_hash);
+
unsigned int i;
char ipad[ss];
char opad[ss];
- desc.shash.tfm = ctx->base_hash;
- desc.shash.flags = crypto_shash_get_flags(ctx->base_hash) &
+ shash->tfm = ctx->base_hash;
+ shash->flags = crypto_shash_get_flags(ctx->base_hash) &
CRYPTO_TFM_REQ_MAY_SLEEP;
if (keylen > bs) {
int err;
err =
- crypto_shash_digest(&desc.shash, key, keylen, ipad);
+ crypto_shash_digest(shash, key, keylen, ipad);
if (err)
return err;
@@ -826,12 +821,12 @@ static int mv_hash_setkey(struct crypto_ahash *tfm, const u8 * key,
opad[i] ^= 0x5c;
}
- rc = crypto_shash_init(&desc.shash) ? :
- crypto_shash_update(&desc.shash, ipad, bs) ? :
- crypto_shash_export(&desc.shash, ipad) ? :
- crypto_shash_init(&desc.shash) ? :
- crypto_shash_update(&desc.shash, opad, bs) ? :
- crypto_shash_export(&desc.shash, opad);
+ rc = crypto_shash_init(shash) ? :
+ crypto_shash_update(shash, ipad, bs) ? :
+ crypto_shash_export(shash, ipad) ? :
+ crypto_shash_init(shash) ? :
+ crypto_shash_update(shash, opad, bs) ? :
+ crypto_shash_export(shash, opad);
if (rc == 0)
mv_hash_init_ivs(ctx, ipad, opad);
--
1.9.1
|
32 messages has been excluded from this view by a project administrator.
