diff options
| author | David Howells <dhowells@redhat.com> | 2016-03-03 16:49:27 -0500 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2016-03-03 16:49:27 -0500 |
| commit | 4e8ae72a75aae285ec5b93518b9680da198afd0d (patch) | |
| tree | f15537d13bcec9140d092fb950d4c04d3f347c2e /security | |
| parent | d43de6c780a84def056afaf4fb3e66bdaa1efc00 (diff) | |
X.509: Make algo identifiers text instead of enum
Make the identifier public key and digest algorithm fields text instead of
enum.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/digsig_asymmetric.c | 7 | ||||
| -rw-r--r-- | security/integrity/integrity.h | 2 |
2 files changed, 5 insertions, 4 deletions
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c index 69a92e6db23d..80052ed8d467 100644 --- a/security/integrity/digsig_asymmetric.c +++ b/security/integrity/digsig_asymmetric.c | |||
| @@ -16,6 +16,7 @@ | |||
| 16 | #include <linux/ratelimit.h> | 16 | #include <linux/ratelimit.h> |
| 17 | #include <linux/key-type.h> | 17 | #include <linux/key-type.h> |
| 18 | #include <crypto/public_key.h> | 18 | #include <crypto/public_key.h> |
| 19 | #include <crypto/hash_info.h> | ||
| 19 | #include <keys/asymmetric-type.h> | 20 | #include <keys/asymmetric-type.h> |
| 20 | #include <keys/system_keyring.h> | 21 | #include <keys/system_keyring.h> |
| 21 | 22 | ||
| @@ -94,7 +95,7 @@ int asymmetric_verify(struct key *keyring, const char *sig, | |||
| 94 | if (siglen != __be16_to_cpu(hdr->sig_size)) | 95 | if (siglen != __be16_to_cpu(hdr->sig_size)) |
| 95 | return -EBADMSG; | 96 | return -EBADMSG; |
| 96 | 97 | ||
| 97 | if (hdr->hash_algo >= PKEY_HASH__LAST) | 98 | if (hdr->hash_algo >= HASH_ALGO__LAST) |
| 98 | return -ENOPKG; | 99 | return -ENOPKG; |
| 99 | 100 | ||
| 100 | key = request_asymmetric_key(keyring, __be32_to_cpu(hdr->keyid)); | 101 | key = request_asymmetric_key(keyring, __be32_to_cpu(hdr->keyid)); |
| @@ -103,8 +104,8 @@ int asymmetric_verify(struct key *keyring, const char *sig, | |||
| 103 | 104 | ||
| 104 | memset(&pks, 0, sizeof(pks)); | 105 | memset(&pks, 0, sizeof(pks)); |
| 105 | 106 | ||
| 106 | pks.pkey_algo = PKEY_ALGO_RSA; | 107 | pks.pkey_algo = "rsa"; |
| 107 | pks.pkey_hash_algo = hdr->hash_algo; | 108 | pks.hash_algo = hash_algo_name[hdr->hash_algo]; |
| 108 | pks.digest = (u8 *)data; | 109 | pks.digest = (u8 *)data; |
| 109 | pks.digest_size = datalen; | 110 | pks.digest_size = datalen; |
| 110 | pks.s = hdr->sig; | 111 | pks.s = hdr->sig; |
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 5efe2ecc538d..c7708d9a1b41 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h | |||
| @@ -94,7 +94,7 @@ struct ima_digest_data { | |||
| 94 | struct signature_v2_hdr { | 94 | struct signature_v2_hdr { |
| 95 | uint8_t type; /* xattr type */ | 95 | uint8_t type; /* xattr type */ |
| 96 | uint8_t version; /* signature format version */ | 96 | uint8_t version; /* signature format version */ |
| 97 | uint8_t hash_algo; /* Digest algorithm [enum pkey_hash_algo] */ | 97 | uint8_t hash_algo; /* Digest algorithm [enum hash_algo] */ |
| 98 | uint32_t keyid; /* IMA key identifier - not X509/PGP specific */ | 98 | uint32_t keyid; /* IMA key identifier - not X509/PGP specific */ |
| 99 | uint16_t sig_size; /* signature size */ | 99 | uint16_t sig_size; /* signature size */ |
| 100 | uint8_t sig[0]; /* signature payload */ | 100 | uint8_t sig[0]; /* signature payload */ |