| Message ID | 20210427193133.1718367-1-stefanb@linux.ibm.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | ima-evm-utils: Implement function to only create IMA signature | expand |
I will rebase this series of patches on Vitaly's keyid-related changes, which are good to have 'underneath'. Stefan On 4/27/21 3:31 PM, Stefan Berger wrote: > This series of patches implements imaevm_create_ima_signature, a function that > only creates an IMA v2 signature but does not write it into an xattr. This API > fullfills a requirement of rpm-ostree where a tool is being built to sign all > files from something similar to a tar byte stream, though where files are written > to temporary files for signing purpose but the signature itself should not be > written into the filesystem's xattr but simply returned via the API. > > Stefan > > v2: > - use imaevm_calc_hash to also cover hash calculations of links, > directories etc. > > Stefan Berger (3): > libimaevm: Implement imaevm_create_ima_signature > tests: Add program to create IMA signature with new API call > libimaevm: Have sign_hash_v2 call sign_hash_v2_pkey after reading key > file > > src/imaevm.h | 2 + > src/libimaevm.c | 148 ++++++++++++++++++++++++++++------- > tests/Makefile.am | 6 ++ > tests/create_ima_signature.c | 111 ++++++++++++++++++++++++++ > tests/sign_verify.test | 21 ++++- > 5 files changed, 257 insertions(+), 31 deletions(-) > create mode 100644 tests/create_ima_signature.c >
Hi Stefan, Vitaly, On Mon, 2021-05-10 at 09:55 -0400, Stefan Berger wrote: > I will rebase this series of patches on Vitaly's keyid-related changes, > which are good to have 'underneath'. Sorry for the delay in reviewing/commenting on your patch sets. Hopefully I'll be circling back around to ima-evm-utils later this week, after staging Roberto's EVM kernel patch set. Vitaly, I noticed that your patch set doesn't apply cleanly to next-testing. I haven't taken the time to figure out why yet. thanks, Mimi
This series of patches implements imaevm_create_ima_signature, a function that only creates an IMA v2 signature but does not write it into an xattr. This API fullfills a requirement of rpm-ostree where a tool is being built to sign all files from something similar to a tar byte stream, though where files are written to temporary files for signing purpose but the signature itself should not be written into the filesystem's xattr but simply returned via the API. Stefan v2: - use imaevm_calc_hash to also cover hash calculations of links, directories etc. Stefan Berger (3): libimaevm: Implement imaevm_create_ima_signature tests: Add program to create IMA signature with new API call libimaevm: Have sign_hash_v2 call sign_hash_v2_pkey after reading key file src/imaevm.h | 2 + src/libimaevm.c | 148 ++++++++++++++++++++++++++++------- tests/Makefile.am | 6 ++ tests/create_ima_signature.c | 111 ++++++++++++++++++++++++++ tests/sign_verify.test | 21 ++++- 5 files changed, 257 insertions(+), 31 deletions(-) create mode 100644 tests/create_ima_signature.c