Adding David Howells@Redhat
Hi David,
On 11/20/19 4:53 PM, Mimi Zohar wrote:
I would very much like for a regression test to be included in this
patch set, but it isn't a requirement, as long as everything needed
for verifying a signature is included in the key measurement.
/*
* Cryptographic data for the public-key subtype of
* the asymmetric key type.
*
* Note that this may include private part of the key as well
* as the public part.
*/
struct public_key {
void *key;
u32 keylen;
enum OID algo;
void *params;
u32 paramlen;
bool key_is_private;
const char *id_type;
const char *pkey_algo;
};
From the "struct key" the public_key is being retrieved like this:
struct public_key *pk = key->payload.data[asym_crypto];
The buffer being measured currently includes the data pointed to by
"key" only (in struct public_key).
The function that verifies signature using public key takes public_key
and public_key_signature as input:
/*
* Verify a signature using a public key.
*/
int public_key_verify_signature(const struct public_key *pkey,
const struct public_key_signature *sig)
Just wanted to confirm:
For verifying "struct public_key_signature" would it be sufficient if I
include all the fields in "struct public_key" structure?
thanks,
-lakshmi
