Re: [Linux-ima-devel] [PATCH] evmctl: Fix signature verification code for V2 digital signature

[Dmitry K. <dmi...@gm...>]

Hello Vivek,

I was on vacation. Just returned.
Will verify tomorrow.

- Dmitry


On Tue, Jun 25, 2013 at 6:09 AM, Vivek Goyal <vg...@re...> wrote:
> For V2 of digital signature we store signature at hdr->sig and not at
> hdr->sig + 2. That's the property of V1 of signature.
>
> Fix the verification code otherwise it fails with following message.
>
> RSA_public_decrypt() failed: -1
> error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
> error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
>
> Signed-off-by: Vivek Goyal <vg...@re...>
> ---
>  src/evmctl.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> Index: ima-evm-utils/src/evmctl.c
> ===================================================================
> --- ima-evm-utils.orig/src/evmctl.c     2013-06-24 23:03:32.631000000 -0400
> +++ ima-evm-utils/src/evmctl.c  2013-06-24 23:03:47.124000000 -0400
> @@ -1141,7 +1141,7 @@ static int verify_hash_v2(const unsigned
>         if (!key)
>                 return 1;
>
> -       err = RSA_public_decrypt(siglen - sizeof(*hdr) - 2, sig + sizeof(*hdr) + 2, out, key, RSA_PKCS1_PADDING);
> +       err = RSA_public_decrypt(siglen - sizeof(*hdr), sig + sizeof(*hdr), out, key, RSA_PKCS1_PADDING);
>         RSA_free(key);
>         if (err < 0) {
>                 log_err("RSA_public_decrypt() failed: %d\n", err);