Thread (16 messages) 16 messages, 3 authors, 2021-05-06

Re: [PATCH v2 1/3] ima-evm-utils: Allow manual setting keyid for signing

From: Vitaly Chikunov <hidden>
Date: 2021-05-04 23:18:08 

Stefan,

On Tue, May 04, 2021 at 08:51:03AM -0400, Stefan Berger wrote:
quoted
@@ -932,8 +932,10 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash,
  		return -1;
  	}
-	calc_keyid_v2(&keyid, name, pkey);
-	hdr->keyid = keyid;
+	if (imaevm_params.keyid)
+		hdr->keyid = htonl(imaevm_params.keyid);

Nit: Since existing code uses __be32_to_cpup I would use __cpu_to_be32 here.
That __be32_to_cpup usage is highly dubious. Perhaps, it should be
converted to some user-space and standard functions like be32toh(3).

Even in the kernel you should use be32_to_cpup, not __be32_to_cpup.
The "__" prefix is for a reason.

Thanks,

quoted
+	else
+		calc_keyid_v2(&hdr->keyid, name, pkey);
  	st = "EVP_PKEY_CTX_new";
  	if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
diff --git a/tests/sign_verify.test b/tests/sign_verify.test
index 288e133..2c21812 100755
--- a/tests/sign_verify.test
+++ b/tests/sign_verify.test
@@ -359,6 +359,7 @@ sign_verify  rsa1024  sha256  0x0301 --rsa
  sign_verify  rsa1024  md5     0x030201:K:0080
  sign_verify  rsa1024  sha1    0x030202:K:0080
  sign_verify  rsa1024  sha224  0x030207:K:0080
+expect_pass check_sign TYPE=ima KEY=rsa1024 ALG=sha256 PREFIX=0x030204aabbccdd0080 OPTS=--keyid=aabbccdd
  sign_verify  rsa1024  sha256  0x030204:K:0080
    try_different_keys
    try_different_sigs

Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help