This series of patches adds sigv3 support for IMA and EVM for all currently supported key types (RSA, ECDSA, ECRDSA, SM2). evmctl gets a --v3 option for creating the sigv3 signatures and also a --v2 option for creating the old sigv2 signatures. --v2 is still the default.
Some test cases are duplicated to test with --v3. Regards, Stefan Stefan Berger (8): Implement imaevm_create_sigv3 for creating V3 signatures Implement support for IMA signatures V3 signing scheme Implement support for EVM signatures V3 signing scheme Support v3 IMA and EVM file signatures with --v3 option. Use imaevm_create_sigv3 for fsverity signature creation tests: Add new --v3 option to sign_verify tests Allow verification of EVM_XATTR_PORTABLE_DIGSIG with sigv3 Allow hashing for sigv3 on EVM_XATTR_PORTABLE_DIGSIG README | 6 +- src/evmctl.c | 170 ++++++++++++++++++++++++++++------------- src/imaevm.h | 7 ++ src/libimaevm.c | 69 ++++++++++++++++- tests/sign_verify.test | 31 ++++++-- 5 files changed, 221 insertions(+), 62 deletions(-) -- 2.53.0
