From: Hongbo Li <herberth...@tencent.com>

This patch adds support for ima verification for rsa with
pss encoding.

And a patch for ima-evm-utils will be sent later.

Signed-off-by: Hongbo Li <herberth...@tencent.com>
---
 security/integrity/digsig_asymmetric.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/security/integrity/digsig_asymmetric.c 
b/security/integrity/digsig_asymmetric.c
index 183f452..ef7a51a 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -85,6 +85,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
        struct public_key_signature pks;
        struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
        const struct public_key *pk;
+       struct public_key_signature *cert_sig;
        struct key *key;
        int ret;
 
@@ -110,7 +111,11 @@ int asymmetric_verify(struct key *keyring, const char *sig,
        pk = asymmetric_key_public_key(key);
        pks.pkey_algo = pk->pkey_algo;
        if (!strcmp(pk->pkey_algo, "rsa")) {
-               pks.encoding = "pkcs1";
+               cert_sig = key->payload.data[asym_auth];
+               if (cert_sig)
+                       pks.encoding = cert_sig->encoding;
+               else
+                       pks.encoding = "pkcs1";
        } else if (!strncmp(pk->pkey_algo, "ecdsa-", 6)) {
                /* edcsa-nist-p192 etc. */
                pks.encoding = "x962";
-- 
1.8.3.1

Reply via email to