|
 |
28355f7 |
From 2a0642407dd227d24e646c170d8afd47ab917899 Mon Sep 17 00:00:00 2001
|
|
|
28355f7 |
From: Ondrej Mosnacek <omosnace@redhat.com>
|
|
|
28355f7 |
Date: Mon, 16 Jul 2018 15:17:29 +0200
|
|
|
28355f7 |
Subject: [PATCH] kcapi-hasher: Add missing -d option to fipshmac
|
|
|
28355f7 |
|
|
|
28355f7 |
---
|
|
|
28355f7 |
apps/kcapi-hasher.c | 61 ++++++++++++++++++++++++++++-------------------------
|
|
|
28355f7 |
1 file changed, 32 insertions(+), 29 deletions(-)
|
|
|
28355f7 |
|
|
|
28355f7 |
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
|
|
|
28355f7 |
index 6782dbc..2fc3ddc 100644
|
|
|
28355f7 |
--- a/apps/kcapi-hasher.c
|
|
|
28355f7 |
+++ b/apps/kcapi-hasher.c
|
|
|
28355f7 |
@@ -71,7 +71,7 @@ struct hash_name {
|
|
|
28355f7 |
};
|
|
|
28355f7 |
|
|
|
28355f7 |
struct hash_key {
|
|
|
28355f7 |
- const char *subdir;
|
|
|
28355f7 |
+ const char *checkdir;
|
|
|
28355f7 |
const uint8_t *data;
|
|
|
28355f7 |
uint32_t len;
|
|
|
28355f7 |
};
|
|
|
28355f7 |
@@ -108,12 +108,20 @@ static const char hmaccalc_hmackey[] = "FIPS-FTW-RHT2009";
|
|
|
28355f7 |
static const struct hash_key KEY_FIPSCHECK = {
|
|
|
28355f7 |
.data = (const uint8_t *)fipscheck_hmackey,
|
|
|
28355f7 |
.len = sizeof(fipscheck_hmackey) - 1,
|
|
|
28355f7 |
- .subdir = "fipscheck",
|
|
|
28355f7 |
+#ifdef CHECK_DIR
|
|
|
28355f7 |
+ .checkdir = CHECK_DIR"/fipscheck",
|
|
|
28355f7 |
+#else
|
|
|
28355f7 |
+ .checkdir = NULL,
|
|
|
28355f7 |
+#endif
|
|
|
28355f7 |
};
|
|
|
28355f7 |
static const struct hash_key KEY_HMACCALC = {
|
|
|
28355f7 |
.data = (const uint8_t *)hmaccalc_hmackey,
|
|
|
28355f7 |
.len = sizeof(hmaccalc_hmackey) - 1,
|
|
|
28355f7 |
- .subdir = "hmaccalc",
|
|
|
28355f7 |
+#ifdef CHECK_DIR
|
|
|
28355f7 |
+ .checkdir = CHECK_DIR"/hmaccalc",
|
|
|
28355f7 |
+#else
|
|
|
28355f7 |
+ .checkdir = NULL,
|
|
|
28355f7 |
+#endif
|
|
|
28355f7 |
};
|
|
|
28355f7 |
|
|
|
28355f7 |
static void usage(char *name, int fipscheck)
|
|
|
28355f7 |
@@ -142,7 +150,8 @@ static void usage(char *name, int fipscheck)
|
|
|
28355f7 |
fprintf(stderr, "\t-k --key-file FILE\tUse HMAC key from given file\n");
|
|
|
28355f7 |
fprintf(stderr, "\t-K --key KEY\t\tUse KEY as the HMAC key\n");
|
|
|
28355f7 |
fprintf(stderr, "\t --tag\t\tCreate a BSD-style checksum\n");
|
|
|
28355f7 |
- fprintf(stderr, "\t-b, -d, -P\t\tCompatibility hmaccalc options; ignored\n");
|
|
|
28355f7 |
+ fprintf(stderr, "\t-d\t\t\tCheck directory for fipshmac; otherwise ignored\n");
|
|
|
28355f7 |
+ fprintf(stderr, "\t-b, -P\t\t\tCompatibility hmaccalc options; ignored\n");
|
|
|
28355f7 |
fprintf(stderr, "\t --help\t\tPrint this help text\n");
|
|
|
28355f7 |
fprintf(stderr, "\t-v --version\t\tShow version\n");
|
|
|
28355f7 |
}
|
|
|
28355f7 |
@@ -368,7 +377,7 @@ static char *paste(char *dst, const char *src, size_t size)
|
|
|
28355f7 |
* return: NULL when malloc failed, a pointer that the caller must free
|
|
|
28355f7 |
* otherwise.
|
|
|
28355f7 |
*/
|
|
|
28355f7 |
-static char *get_hmac_file(const char *filename, const char *subdir)
|
|
|
28355f7 |
+static char *get_hmac_file(const char *filename, const char *checkdir)
|
|
|
28355f7 |
{
|
|
|
28355f7 |
size_t i, filelen, pathlen, namelen, basenamestart = 0;
|
|
|
28355f7 |
size_t prefixlen = strlen(CHECK_PREFIX);
|
|
|
28355f7 |
@@ -386,12 +395,7 @@ static char *get_hmac_file(const char *filename, const char *subdir)
|
|
|
28355f7 |
}
|
|
|
28355f7 |
|
|
|
28355f7 |
namelen = filelen - basenamestart;
|
|
|
28355f7 |
-#ifdef CHECK_DIR
|
|
|
28355f7 |
- pathlen = strlen(CHECK_DIR"/") + strlen(subdir) + 1;
|
|
|
28355f7 |
-#else
|
|
|
28355f7 |
- (void)subdir; // avoid parameter unused warning
|
|
|
28355f7 |
- pathlen = basenamestart;
|
|
|
28355f7 |
-#endif
|
|
|
28355f7 |
+ pathlen = checkdir ? strlen(checkdir) + 1 : basenamestart;
|
|
|
28355f7 |
|
|
|
28355f7 |
checkfile = malloc(pathlen + namelen + prefixlen + 1 /* "." */ +
|
|
|
28355f7 |
suffixlen + 1 /* null character */);
|
|
|
28355f7 |
@@ -399,14 +403,12 @@ static char *get_hmac_file(const char *filename, const char *subdir)
|
|
|
28355f7 |
return NULL;
|
|
|
28355f7 |
|
|
|
28355f7 |
cursor = checkfile;
|
|
|
28355f7 |
-#ifdef CHECK_DIR
|
|
|
28355f7 |
- cursor = paste(cursor, CHECK_DIR"/", strlen(CHECK_DIR"/"));
|
|
|
28355f7 |
- cursor = paste(cursor, subdir, strlen(subdir));
|
|
|
28355f7 |
- cursor = paste(cursor, "/", 1);
|
|
|
28355f7 |
-#else
|
|
|
28355f7 |
- if (pathlen > 0)
|
|
|
28355f7 |
+ if (checkdir) {
|
|
|
28355f7 |
+ cursor = paste(cursor, checkdir, strlen(checkdir));
|
|
|
28355f7 |
+ cursor = paste(cursor, "/", 1);
|
|
|
28355f7 |
+ } else if (pathlen > 0)
|
|
|
28355f7 |
cursor = paste(cursor, filename, pathlen);
|
|
|
28355f7 |
-#endif
|
|
|
28355f7 |
+
|
|
|
28355f7 |
cursor = paste(cursor, CHECK_PREFIX, prefixlen);
|
|
|
28355f7 |
cursor = paste(cursor, filename + basenamestart, namelen);
|
|
|
28355f7 |
cursor = paste(cursor, "."CHECK_SUFFIX, 1 + suffixlen);
|
|
|
28355f7 |
@@ -417,7 +419,7 @@ static char *get_hmac_file(const char *filename, const char *subdir)
|
|
|
28355f7 |
|
|
|
28355f7 |
static int hash_files(const struct hash_params *params,
|
|
|
28355f7 |
char *filenames[], uint32_t files,
|
|
|
28355f7 |
- int fipshmac, int just_print)
|
|
|
28355f7 |
+ int fipshmac, const char *checkdir, int just_print)
|
|
|
28355f7 |
{
|
|
|
28355f7 |
struct kcapi_handle *handle;
|
|
|
28355f7 |
const char *hashname = params->name.kcapiname;
|
|
|
28355f7 |
@@ -446,9 +448,7 @@ static int hash_files(const struct hash_params *params,
|
|
|
28355f7 |
const char *filename = filenames[i];
|
|
|
28355f7 |
|
|
|
28355f7 |
if (fipshmac) {
|
|
|
28355f7 |
- char *outfile = get_hmac_file(filenames[i],
|
|
|
28355f7 |
- params->key.subdir);
|
|
|
28355f7 |
-
|
|
|
28355f7 |
+ char *outfile = get_hmac_file(filenames[i], checkdir);
|
|
|
28355f7 |
if (!outfile) {
|
|
|
28355f7 |
fprintf(stderr,
|
|
|
28355f7 |
"Cannot create HMAC file name\n");
|
|
|
28355f7 |
@@ -712,11 +712,11 @@ static int fipscheck_self(const struct hash_params *params_bin,
|
|
|
28355f7 |
}
|
|
|
28355f7 |
|
|
|
28355f7 |
if (mode == SELFCHECK_PRINT_SELF) {
|
|
|
28355f7 |
- ret = hash_files(params_bin, names, 1, 0, 1);
|
|
|
28355f7 |
+ ret = hash_files(params_bin, names, 1, 0, NULL, 1);
|
|
|
28355f7 |
goto out;
|
|
|
28355f7 |
}
|
|
|
28355f7 |
|
|
|
28355f7 |
- checkfile = get_hmac_file(selfname, params_bin->key.subdir);
|
|
|
28355f7 |
+ checkfile = get_hmac_file(selfname, params_bin->key.checkdir);
|
|
|
28355f7 |
if (!checkfile) {
|
|
|
28355f7 |
ret = -ENOMEM;
|
|
|
28355f7 |
goto out;
|
|
|
28355f7 |
@@ -750,13 +750,13 @@ static int fipscheck_self(const struct hash_params *params_bin,
|
|
|
28355f7 |
strncpy(selfname, info.dli_fname, (sizeof(selfname) - 1));
|
|
|
28355f7 |
|
|
|
28355f7 |
if (mode == SELFCHECK_PRINT_LIB) {
|
|
|
28355f7 |
- ret = hash_files(params_lib, names, 1, 0, 1);
|
|
|
28355f7 |
+ ret = hash_files(params_lib, names, 1, 0, NULL, 1);
|
|
|
28355f7 |
goto out;
|
|
|
28355f7 |
}
|
|
|
28355f7 |
|
|
|
28355f7 |
if (checkfile)
|
|
|
28355f7 |
free(checkfile);
|
|
|
28355f7 |
- checkfile = get_hmac_file(selfname, params_lib->key.subdir);
|
|
|
28355f7 |
+ checkfile = get_hmac_file(selfname, params_lib->key.checkdir);
|
|
|
28355f7 |
if (!checkfile) {
|
|
|
28355f7 |
ret = -ENOMEM;
|
|
|
28355f7 |
goto out;
|
|
|
28355f7 |
@@ -799,6 +799,7 @@ int main(int argc, char *argv[])
|
|
|
28355f7 |
|
|
|
28355f7 |
char *checkfile = NULL;
|
|
|
28355f7 |
const char *targetfile = NULL;
|
|
|
28355f7 |
+ const char *checkdir = NULL;
|
|
|
28355f7 |
uint8_t *hmackey_alloc = NULL;
|
|
|
28355f7 |
uint8_t *hmackey_mmap = NULL;
|
|
|
28355f7 |
int opt_index = 0;
|
|
|
28355f7 |
@@ -1055,8 +1056,10 @@ int main(int argc, char *argv[])
|
|
|
28355f7 |
version(argv[0]);
|
|
|
28355f7 |
ret = 0;
|
|
|
28355f7 |
goto out;
|
|
|
28355f7 |
- case 'b':
|
|
|
28355f7 |
case 'd':
|
|
|
28355f7 |
+ checkdir = optarg;
|
|
|
28355f7 |
+ break;
|
|
|
28355f7 |
+ case 'b':
|
|
|
28355f7 |
case 'P':
|
|
|
28355f7 |
/* Compatibility options, just ignore */
|
|
|
28355f7 |
break;
|
|
|
28355f7 |
@@ -1110,7 +1113,7 @@ int main(int argc, char *argv[])
|
|
|
28355f7 |
targetfile = argv[optind];
|
|
|
28355f7 |
if (checkfile)
|
|
|
28355f7 |
free(checkfile);
|
|
|
28355f7 |
- checkfile = get_hmac_file(targetfile, params.key.subdir);
|
|
|
28355f7 |
+ checkfile = get_hmac_file(targetfile, params.key.checkdir);
|
|
|
28355f7 |
if (!checkfile) {
|
|
|
28355f7 |
ret = 1;
|
|
|
28355f7 |
goto out;
|
|
|
28355f7 |
@@ -1120,7 +1123,7 @@ int main(int argc, char *argv[])
|
|
|
28355f7 |
|
|
|
28355f7 |
if (!checkfile)
|
|
|
28355f7 |
ret = hash_files(¶ms, argv + optind, (argc - optind),
|
|
|
28355f7 |
- fipshmac, 0);
|
|
|
28355f7 |
+ fipshmac, checkdir, 0);
|
|
|
28355f7 |
else if (optind == argc)
|
|
|
28355f7 |
ret = process_checkfile(¶ms, checkfile, targetfile, loglevel);
|
|
|
28355f7 |
else {
|