From: Hongbo Li <herberth...@tencent.com> This patch adds support for ima verification for rsa with pss encoding.
And a patch for ima-evm-utils will be sent later. Signed-off-by: Hongbo Li <herberth...@tencent.com> --- security/integrity/digsig_asymmetric.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c index 183f452..ef7a51a 100644 --- a/security/integrity/digsig_asymmetric.c +++ b/security/integrity/digsig_asymmetric.c @@ -85,6 +85,7 @@ int asymmetric_verify(struct key *keyring, const char *sig, struct public_key_signature pks; struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig; const struct public_key *pk; + struct public_key_signature *cert_sig; struct key *key; int ret; @@ -110,7 +111,11 @@ int asymmetric_verify(struct key *keyring, const char *sig, pk = asymmetric_key_public_key(key); pks.pkey_algo = pk->pkey_algo; if (!strcmp(pk->pkey_algo, "rsa")) { - pks.encoding = "pkcs1"; + cert_sig = key->payload.data[asym_auth]; + if (cert_sig) + pks.encoding = cert_sig->encoding; + else + pks.encoding = "pkcs1"; } else if (!strncmp(pk->pkey_algo, "ecdsa-", 6)) { /* edcsa-nist-p192 etc. */ pks.encoding = "x962"; -- 1.8.3.1