I'm trying to document the ima-modsig template and then write aparser.
Can anyone help me complete it?
1 - What the implementation does today is interesting. Even betterwould
be what the implementation is permitted to do so that theparser will
handle future changes.
2 - My understanding so far:
ima-modsig is d-ng | n-ng | sig | d-modsig |modsig
where (both have a prepended uint32_t length)
d-modsig is d-ng, filedata hash, omitting the
appended modsig signature
modsig is pkcs7DER, appended signature
My immediate issue is that the d-modsig should be a length +
hashalgorithm + file data hash. However, the length in my sample log
issometimes zero, which I did not expect.
I.e., it it legal for an ima-modsig template to contain an emptyd-modsig
item?
Can the modsig item also be empty?
