From: Hongbo Li <herberth...@tencent.com>
This patch adds support for ima verification for rsa with
pss encoding.
And a patch for ima-evm-utils will be sent later.
Signed-off-by: Hongbo Li <herberth...@tencent.com>
---
security/integrity/digsig_asymmetric.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/security/integrity/digsig_asymmetric.c
b/security/integrity/digsig_asymmetric.c
index 183f452..ef7a51a 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -85,6 +85,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
struct public_key_signature pks;
struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
const struct public_key *pk;
+ struct public_key_signature *cert_sig;
struct key *key;
int ret;
@@ -110,7 +111,11 @@ int asymmetric_verify(struct key *keyring, const char *sig,
pk = asymmetric_key_public_key(key);
pks.pkey_algo = pk->pkey_algo;
if (!strcmp(pk->pkey_algo, "rsa")) {
- pks.encoding = "pkcs1";
+ cert_sig = key->payload.data[asym_auth];
+ if (cert_sig)
+ pks.encoding = cert_sig->encoding;
+ else
+ pks.encoding = "pkcs1";
} else if (!strncmp(pk->pkey_algo, "ecdsa-", 6)) {
/* edcsa-nist-p192 etc. */
pks.encoding = "x962";
--
1.8.3.1
