Gitiles
Code Review Sign In
LeafOS / LeafOS-Devices / android_kernel_realme_mt6785 / b1aaab22e263d0cca1effe319b7d2bf895444219^! / . / security
commitb1aaab22e263d0cca1effe319b7d2bf895444219[log] [tgz]
authorDmitry Kasatkin <d.kasatkin@samsung.com>Thu Oct 10 16:12:03 2013 +0900
committerMimi Zohar <zohar@linux.vnet.ibm.com>Fri Oct 25 17:16:59 2013 -0400
treea46f2285bd884e784d967e4132f71cd2f09565da
parentd3634d0f426bdeb433cb288bdbb0a5e16cf3dbbf [diff]
ima: pass full xattr with the signature

For possibility to use xattr type for new signature formats,
pass full xattr to the signature verification function.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 198e609..b4af4eb 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c

@@ -44,9 +44,10 @@
 		}
 	}
 
-	switch (sig[0]) {
+	switch (sig[1]) {
 	case 1:
-		return digsig_verify(keyring[id], sig, siglen,
+		/* v1 API expect signature without xattr type */
+		return digsig_verify(keyring[id], sig + 1, siglen - 1,
 				     digest, digestlen);
 	case 2:
 		return asymmetric_verify(keyring[id], sig, siglen,

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index af9b685..336b3dd 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c

@@ -123,7 +123,7 @@
 		goto out;
 	}
 
-	xattr_len = rc - 1;
+	xattr_len = rc;
 
 	/* check value type */
 	switch (xattr_data->type) {
@@ -143,7 +143,7 @@
 		if (rc)
 			break;
 		rc = integrity_digsig_verify(INTEGRITY_KEYRING_EVM,
-					xattr_data->digest, xattr_len,
+					(const char *)xattr_data, xattr_len,
 					calc.digest, sizeof(calc.digest));
 		if (!rc) {
 			/* we probably want to replace rsa with hmac here */

diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 00708a3..e1865a6 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c

@@ -205,7 +205,7 @@
 	case EVM_IMA_XATTR_DIGSIG:
 		iint->flags |= IMA_DIGSIG;
 		rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA,
-					     xattr_value->digest, rc - 1,
+					     (const char *)xattr_value, rc,
 					     iint->ima_hash.digest,
 					     iint->ima_hash.length);
 		if (rc == -EOPNOTSUPP) {

diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index ea23189..aead6b2 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h

@@ -74,6 +74,7 @@
  * signature format v2 - for using with asymmetric keys
  */
 struct signature_v2_hdr {
+	uint8_t type;		/* xattr type */
 	uint8_t version;	/* signature format version */
 	uint8_t	hash_algo;	/* Digest algorithm [enum pkey_hash_algo] */
 	uint32_t keyid;		/* IMA key identifier - not X509/PGP specific */