diff mbox series

[v5,04/11] ima-evm-utils: Start converting calc keyid v2 to EVP_PKEY API

Message ID 20190618135623.6861-5-vt@altlinux.org (mailing list archive)
State New, archived
Headers show
Series ima-evm-utils: Convert sign v2 from RSA to EVP_PKEY API | expand

Commit Message

Vitaly Chikunov June 18, 2019, 1:56 p.m. UTC 
Introduce calc_pkeyid_v2() to replace calc_keyid_v2() when we switch to
EVP_PKEY from RSA keys.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
---
 src/imaevm.h    |  1 +
 src/libimaevm.c | 30 ++++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)

Comments

Mimi Zohar June 19, 2019, 11:56 a.m. UTC | #1 
On Tue, 2019-06-18 at 16:56 +0300, Vitaly Chikunov wrote:
> Introduce calc_pkeyid_v2() to replace calc_keyid_v2() when we switch to
> EVP_PKEY from RSA keys.
> 
> Signed-off-by: Vitaly Chikunov <vt@altlinux.org>

Nice, but instead of making this an entirely separate patch, I would
squash "5/11 ima-evm-utils: Convert cmd_import to use EVP_PKEY API"
with this patch.

In general, patches should contain both the new function and a caller
of the new function.  For example, the previous patches defined
function wrappers.  Both the new function and the caller of the new
function were included in one patch.

Mimi
diff mbox series

Patch

diff --git a/src/imaevm.h b/src/imaevm.h
index 6d5eabd..48d2663 100644
--- a/src/imaevm.h
+++ b/src/imaevm.h
@@ -220,6 +220,7 @@  EVP_PKEY *read_pub_pkey(const char *keyfile, int x509);
 
 void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len);
 void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key);
+void calc_pkeyid_v2(uint32_t *keyid, char *str, EVP_PKEY *pkey);
 int key2bin(RSA *key, unsigned char *pub);
 
 int sign_hash(const char *algo, const unsigned char *hash, int size, const char *keyfile, const char *keypass, unsigned char *sig);
diff --git a/src/libimaevm.c b/src/libimaevm.c
index 23fa804..707b2e9 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -753,6 +753,36 @@  void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key)
 	free(pkey);
 }
 
+/*
+ * Calculate keyid of the public_key part of EVP_PKEY
+ */
+void calc_pkeyid_v2(uint32_t *keyid, char *str, EVP_PKEY *pkey)
+{
+	X509_PUBKEY *pk = NULL;
+	const unsigned char *public_key = NULL;
+	int len;
+
+	/* This is more generic than i2d_PublicKey() */
+	if (X509_PUBKEY_set(&pk, pkey) &&
+	    X509_PUBKEY_get0_param(NULL, &public_key, &len, NULL, pk)) {
+		uint8_t sha1[SHA_DIGEST_LENGTH];
+
+		SHA1(public_key, len, sha1);
+		/* sha1[12 - 19] is exactly keyid from gpg file */
+		memcpy(keyid, sha1 + 16, 4);
+	} else
+		*keyid = 0;
+
+	log_debug("keyid: ");
+	log_debug_dump(keyid, 4);
+	sprintf(str, "%x", __be32_to_cpup(keyid));
+
+	if (params.verbose > LOG_INFO)
+		log_info("keyid: %s\n", str);
+
+	X509_PUBKEY_free(pk);
+}
+
 static EVP_PKEY *read_priv_pkey(const char *keyfile, const char *keypass)
 {
 	FILE *fp;