A function to retrieve hash algo used in digital signature. Signed-off-by: Vivek Goyal <vgoyal@xxxxxxxxxx> --- security/integrity/digsig.c | 26 ++++++++++++++++++++++++++ security/integrity/integrity.h | 6 ++++++ 2 files changed, 32 insertions(+) diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c index f1259bd..e0319d8 100644 --- a/security/integrity/digsig.c +++ b/security/integrity/digsig.c @@ -16,6 +16,8 @@ #include <linux/rbtree.h> #include <linux/key-type.h> #include <linux/digsig.h> +#include <crypto/hash.h> +#include <crypto/public_key.h> #include "integrity.h" @@ -27,6 +29,30 @@ static const char *keyring_name[INTEGRITY_KEYRING_MAX] = { "_ima", }; +enum pkey_hash_algo integrity_digsig_get_hash_algo(char *sig) +{ + uint8_t hash_algo; + + if (sig[0] == 1) { + hash_algo = ((struct signature_hdr *)sig)->hash; + switch (hash_algo) { + case 0: + return PKEY_HASH_SHA1; + case 1: + return PKEY_HASH_SHA256; + default: + return -ENOPKG; + } + } else if (sig[0] == 2 ) { + hash_algo = ((struct signature_v2_hdr *)sig)->hash_algo; + if (hash_algo >= PKEY_HASH__LAST) + return -ENOPKG; + return hash_algo; + } + + return -EBADMSG; +} + /* Get size of digital signature */ int integrity_get_digsig_size(char *sig) { diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 130eb3b..003c54e 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -105,8 +105,14 @@ int integrity_digsig_verify_keyring(struct key *keyring, const char *sig, int siglen, const char *digest, int digestlen); extern int integrity_get_digsig_size(char *sig); +extern enum pkey_hash_algo integrity_digsig_get_hash_algo(char *sig); #else +static inline enum pkey_hash_algo integrity_digsig_get_hash_algo(char *sig) +{ + return -EOPNOTSUPP; +} + static inline int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, const char *digest, int digestlen) -- 1.8.3.1 _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel