Hi Vitaly,
When I run the tests, all ima_hash tests pass.
But most of sign_verify tests fail.
I am not sure if I am missing anything in the test setup. Please let me
know.
In the file sign_verify.test, I commented out all the tests except the
following:
sign_verify rsa1024 sha1 0x0301 --rsa
The text file sha1.txt created by the test is signed fine. But the
signature verification fails.
Please see the log at the end of the mail for more detail.
evmctl fails to decode the key file when using the public key
"test-rsa1024.pub"
evmctl -v ima_verify --key test-rsa1024.pub --xattr-user --rsa sha1.txt
>>> Failed to d2i_X509_fp key file: test-rsa1024.pub
But if I pass the certificate file, the file is decoded fine, but
signature verification fails.
evmctl -v ima_verify --key test-rsa1024.cer --xattr-user --rsa sha1.txt
>>> key 1: d33cbeb0 test-rsa1024.cer
Test log
--------
evmctl is ../src/evmctl
openssl is /usr/bin/openssl
xxd is /usr/bin/xxd
getfattr is /usr/bin/getfattr
- openssl dgst -sha1 sha1.txt
- openssl dgst -sha1 -sign test-rsa1024.key -hex sha1.txt
+ evmctl -v ima_sign --rsa --sigfile --hashalgo sha1 --key
test-rsa1024.key --xattr-user sha1.txt
hash(sha1): da39a3ee5e6b4b0d3255bfef95601890afd80709
sighash: 52d14dacbdb7e7b4195f302357f2324aba026af5
evm/ima signature-v1: 146 bytes
Writing to sha1.txt.sig
030130ca735e0000502a83d5a17c171e01040034d161431091513a700f0f9c92c43aee09b59e48a66123afcc4fc8ca6ab9993aa61df9a5d3e38fdaed2e091c6c24b85a3418c1229417d4f3aedb230fd018e7658a6b785de56d3f8e5c029601d77b303f9100b547b5db4adf7e53877874d807811d47eac9ecefcebe6bd5ef49e345671ac87b5fb27e51ea8565dd19a4b93a4a80
+ evmctl -v ima_verify --key test-rsa1024.pub --xattr-user --rsa sha1.txt
evmctl ima_verify failed with (1)
Failed to d2i_X509_fp key file: test-rsa1024.pub
openssl: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
openssl: error:0D07803A:asn1 encoding
routines:asn1_item_embed_d2i:nested asn1 error
hash-v1: da39a3ee5e6b4b0d3255bfef95601890afd80709
thanks,
-lakshmi
