From patchwork Wed Jul 8 06:07:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "tianjia.zhang" X-Patchwork-Id: 11650681 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C93B113B6 for ; Wed, 8 Jul 2020 06:07:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BB1D620786 for ; Wed, 8 Jul 2020 06:07:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729741AbgGHGHn (ORCPT ); Wed, 8 Jul 2020 02:07:43 -0400 Received: from out30-45.freemail.mail.aliyun.com ([115.124.30.45]:53487 "EHLO out30-45.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729754AbgGHGHn (ORCPT ); Wed, 8 Jul 2020 02:07:43 -0400 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R101e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04357;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=4;SR=0;TI=SMTPD_---0U256rZN_1594188458; Received: from localhost(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0U256rZN_1594188458) by smtp.aliyun-inc.com(127.0.0.1); Wed, 08 Jul 2020 14:07:39 +0800 From: Tianjia Zhang To: zohar@linux.ibm.com, vt@altlinux.org, linux-integrity@vger.kernel.org Cc: tianjia.zhang@linux.alibaba.com Subject: [PATCH ima-evm-utils 1/3] ima-evm-utils: Fix mismatched type checking Date: Wed, 8 Jul 2020 14:07:36 +0800 Message-Id: <20200708060738.43558-1-tianjia.zhang@linux.alibaba.com> X-Mailer: git-send-email 2.17.1 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Even if imaevm_get_hash_algo() returns an error value of -1, it is forced to be converted to uint8_t type here, resulting in this error not being checked by the if condition. This patch fixes this error. Signed-off-by: Tianjia Zhang --- src/libimaevm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libimaevm.c b/src/libimaevm.c index e6947d7..a9419ee 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -922,7 +922,7 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash, hdr->version = (uint8_t) DIGSIG_VERSION_2; hdr->hash_algo = imaevm_get_hash_algo(algo); - if (hdr->hash_algo == -1) { + if (hdr->hash_algo == (uint8_t)-1) { log_err("sign_hash_v2: hash algo is unknown: %s\n", algo); return -1; } From patchwork Wed Jul 8 06:07:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "tianjia.zhang" X-Patchwork-Id: 11650679 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id ABA7613B6 for ; Wed, 8 Jul 2020 06:07:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9D1F720786 for ; Wed, 8 Jul 2020 06:07:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729757AbgGHGHm (ORCPT ); Wed, 8 Jul 2020 02:07:42 -0400 Received: from out30-44.freemail.mail.aliyun.com ([115.124.30.44]:60160 "EHLO out30-44.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729741AbgGHGHm (ORCPT ); Wed, 8 Jul 2020 02:07:42 -0400 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R831e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e07484;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=4;SR=0;TI=SMTPD_---0U25CVmN_1594188459; Received: from localhost(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0U25CVmN_1594188459) by smtp.aliyun-inc.com(127.0.0.1); Wed, 08 Jul 2020 14:07:39 +0800 From: Tianjia Zhang To: zohar@linux.ibm.com, vt@altlinux.org, linux-integrity@vger.kernel.org Cc: tianjia.zhang@linux.alibaba.com Subject: [PATCH ima-evm-utils 2/3] ima-evm-utils: beautify the code to make it more readable Date: Wed, 8 Jul 2020 14:07:37 +0800 Message-Id: <20200708060738.43558-2-tianjia.zhang@linux.alibaba.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200708060738.43558-1-tianjia.zhang@linux.alibaba.com> References: <20200708060738.43558-1-tianjia.zhang@linux.alibaba.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Use enum type instead of hard-coded numbers to improve code readability. Signed-off-by: Tianjia Zhang --- src/libimaevm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/libimaevm.c b/src/libimaevm.c index a9419ee..8f2ebcf 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -579,7 +579,7 @@ static int get_hash_algo_from_sig(unsigned char *sig) { uint8_t hashalgo; - if (sig[0] == 1) { + if (sig[0] == DIGSIG_VERSION_1) { hashalgo = ((struct signature_hdr *)sig)->hash; if (hashalgo >= DIGEST_ALGO_MAX) @@ -593,7 +593,7 @@ static int get_hash_algo_from_sig(unsigned char *sig) default: return -1; } - } else if (sig[0] == 2) { + } else if (sig[0] == DIGSIG_VERSION_2) { hashalgo = ((struct signature_v2_hdr *)sig)->hash_algo; if (hashalgo >= PKEY_HASH__LAST) return -1; @@ -625,7 +625,7 @@ int ima_verify_signature(const char *file, unsigned char *sig, int siglen, unsigned char hash[MAX_DIGEST_SIZE]; int hashlen, sig_hash_algo; - if (sig[0] != 0x03) { + if (sig[0] != EVM_IMA_XATTR_DIGSIG) { log_err("xattr ima has no signature\n"); return -1; } From patchwork Wed Jul 8 06:07:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "tianjia.zhang" X-Patchwork-Id: 11650683 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2E8BB14DD for ; Wed, 8 Jul 2020 06:07:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 203EC2078A for ; Wed, 8 Jul 2020 06:07:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729754AbgGHGHn (ORCPT ); Wed, 8 Jul 2020 02:07:43 -0400 Received: from out30-43.freemail.mail.aliyun.com ([115.124.30.43]:35434 "EHLO out30-43.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729756AbgGHGHn (ORCPT ); Wed, 8 Jul 2020 02:07:43 -0400 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R161e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e01419;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=4;SR=0;TI=SMTPD_---0U25gnGF_1594188460; Received: from localhost(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0U25gnGF_1594188460) by smtp.aliyun-inc.com(127.0.0.1); Wed, 08 Jul 2020 14:07:40 +0800 From: Tianjia Zhang To: zohar@linux.ibm.com, vt@altlinux.org, linux-integrity@vger.kernel.org Cc: tianjia.zhang@linux.alibaba.com Subject: [PATCH ima-evm-utils 3/3] ima-evm-utils: ima_sign supports sm3 algorithm Date: Wed, 8 Jul 2020 14:07:38 +0800 Message-Id: <20200708060738.43558-3-tianjia.zhang@linux.alibaba.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200708060738.43558-1-tianjia.zhang@linux.alibaba.com> References: <20200708060738.43558-1-tianjia.zhang@linux.alibaba.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org imaevm sign and verify support sm3 hash algorithm. Signed-off-by: Tianjia Zhang --- src/libimaevm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libimaevm.c b/src/libimaevm.c index 8f2ebcf..9c61e64 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -71,6 +71,7 @@ static const char *const pkey_hash_algo[PKEY_HASH__LAST] = { [PKEY_HASH_SHA384] = "sha384", [PKEY_HASH_SHA512] = "sha512", [PKEY_HASH_SHA224] = "sha224", + [PKEY_HASH_SM3_256] = "sm3", [PKEY_HASH_STREEBOG_256] = "md_gost12_256", [PKEY_HASH_STREEBOG_512] = "md_gost12_512", };