6c01a5e3ec
Resolves: CVE-2022-3500 Resolves: rhbz#2138167 - agent fails IMA attestation when one scripts is executed quickly after the other Resolves: rhbz#2140670 - Segmentation fault in /usr/share/keylime/create_mb_refstate script Resolves: rhbz#142009 - Registrar may crash during EK validation when require_ek_cert is enabled
68 lines
5.9 KiB
Diff
68 lines
5.9 KiB
Diff
From 1f9ee7437f5b712a892c6d13ac8d75e128c1a16f Mon Sep 17 00:00:00 2001
|
|
From: Stefan Berger <stefanb@linux.ibm.com>
|
|
Date: Tue, 22 Nov 2022 10:56:43 -0500
|
|
Subject: [PATCH] tests: Switch to sha256 hashes for signatures
|
|
|
|
Resolves: https://github.com/keylime/keylime/issues/1202
|
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
---
|
|
test/test_ima_ast.py | 4 ++--
|
|
test/test_ima_verification.py | 12 ++++++------
|
|
2 files changed, 8 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/test/test_ima_ast.py b/test/test_ima_ast.py
|
|
index cd54f95f9..e7d3841a7 100644
|
|
--- a/test/test_ima_ast.py
|
|
+++ b/test/test_ima_ast.py
|
|
@@ -14,11 +14,11 @@
|
|
VALID_ENTRIES = {
|
|
"ima-sig-rsa": (
|
|
ast.ImaSig,
|
|
- "10 50873c47693cf9458e87eb4a02dd4f594f7a0c0f ima-sig sha1:1350320e5f7f51553bac8aa403489a1b135bc101 /usr/bin/dd 030202f3452d23010084c2a6cf7de1aeefa119220df0da265a7c44d34380f0d97002e7c778d09cfcf88c018e6595df3ee70eda926851f159332f852e7981a8fca1bc5e959958d06d234a0896861f13cc60da825905c8ed234df26c1deecfa816d5aa9bfb11b905e2814084a86b588be60423afada8dd0dd5a143774c6d890b64195ac42fb47ef5a9a00f0d6c80711d8e0c2b843ec38c02f60fd46bc46c7b4c329ad2dbb1b7625293703f9c739dc4c2bf0769126a2f3cb2cd031d1881cd0af64bf20fd474a993b48620f103a5c14999a2f17d60721bcc019a896b4138a688a59f50cb6cd94a4cfe3b8052e82dec025fef4feabb08c7ce412e3de850f903797e293ec27c329f57fd84e0",
|
|
+ "10 1e70a3e1af66f42826ad63b761b4cb9c4df195e1 ima-sig sha256:d33d5d13792292e202dbf69a6f1b07bc8a02f01424db8489ba7bb7d43c0290ef /usr/bin/dd 030204f3452d2301009dd340c852f37e35748363586939d4199b6684be27e7c1236ca1528f708372ed9cd52a0d991f66448790f5616ed5bd7f9bbd22193b1e3e54f6bf29a1497945a34d1b418b24f4cbeaef897bf3cebca27065ebb8761b46bc2662fe76f141245b9186a5ac8493c7f4976cf0d6dfc085c3e503e3f771bc3ccb121230db76fd8aba4f45f060ad64ab3afd99b4e52824b9eba12e93e46f9dcb2fa01d9cef89f298a0da02a82a4fb56924afd3e3c277a1302d99f770d488449df2d43eb5b174a0a528827e6877b965c2f0b7c89cf1aa26a7417a892df4c2294e2872d62748b72ea04ecb0689b5d792e615a9bf9d56f6e0f298560bf9441df0a22729c5f23389f028c25f",
|
|
),
|
|
"ima-sig-ec": (
|
|
ast.ImaSig,
|
|
- "10 06e804489a77ddab51b9ef27e17053c0e5d503bd ima-sig sha1:1cb84b12db45d7da8de58ba6744187db84082f0e /usr/bin/zmore 030202531f402500483046022100bff9c02dc7b270c83cc94bfec10eecd42831de2cdcb04f024369a14623bc3a91022100cc4d015ae932fb98d6846645ed7d1bb1afd4621ec9089bc087126f191886dd31",
|
|
+ "10 5d4d5141ccd5066d50dc3f21d79ba02fedc24256 ima-sig sha256:b8ae0b8dd04a5935cd8165aa2260cd11b658bd71629bdb52256a675a1f73907b /usr/bin/zmore 030204531f402500483046022100fe24678d21083ead47660e1a2d553a592d777c478d1b0466de6ed484b54956b3022100cad3adb37f277bbb03544d6107751b4cd4f2289d8353fa36257400a99334d5c3",
|
|
),
|
|
"ima-sig-missing": (
|
|
ast.ImaSig,
|
|
diff --git a/test/test_ima_verification.py b/test/test_ima_verification.py
|
|
index bdb929c9c..d2fc9ef16 100644
|
|
--- a/test/test_ima_verification.py
|
|
+++ b/test/test_ima_verification.py
|
|
@@ -27,8 +27,8 @@
|
|
"/lib/modules/5.4.48-openpower1/kernel/drivers/gpu/drm/drm_panel_orientation_quirks.ko": [
|
|
"cd026b58efdf66658685430ff526490d54a430a3f0066a35ac26a8acab66c55d"
|
|
],
|
|
- "/usr/bin/dd": ["1350320e5f7f51553bac8aa403489a1b135bc101"],
|
|
- "/usr/bin/zmore": ["1cb84b12db45d7da8de58ba6744187db84082f0e"],
|
|
+ "/usr/bin/dd": ["d33d5d13792292e202dbf69a6f1b07bc8a02f01424db8489ba7bb7d43c0290ef"],
|
|
+ "/usr/bin/zmore": ["b8ae0b8dd04a5935cd8165aa2260cd11b658bd71629bdb52256a675a1f73907b"],
|
|
"/usr/bin/zless": ["233ad3a8e77c63a7d9a56063ec2cad1eafa58850"],
|
|
},
|
|
"keyrings": {
|
|
@@ -50,8 +50,8 @@
|
|
"version": 1,
|
|
},
|
|
"hashes": {
|
|
- "/usr/bin/dd": ["1350320e5f7f51553bac8aa403489a1b135bc102"],
|
|
- "/usr/bin/zmore": ["1cb84b12db45d7da8de58ba6744187db84082f01"],
|
|
+ "/usr/bin/dd": ["bad05d13792292e202dbf69a6f1b07bc8a02f01424db8489ba7bb7d43c0290ef"],
|
|
+ "/usr/bin/zmore": ["bad00b8dd04a5935cd8165aa2260cd11b658bd71629bdb52256a675a1f73907b"],
|
|
},
|
|
}
|
|
|
|
@@ -73,8 +73,8 @@
|
|
# 1st signature: RSA
|
|
# 2nd signature: EC
|
|
SIGNATURES = (
|
|
- "10 50873c47693cf9458e87eb4a02dd4f594f7a0c0f ima-sig sha1:1350320e5f7f51553bac8aa403489a1b135bc101 /usr/bin/dd 030202f3452d23010084c2a6cf7de1aeefa119220df0da265a7c44d34380f0d97002e7c778d09cfcf88c018e6595df3ee70eda926851f159332f852e7981a8fca1bc5e959958d06d234a0896861f13cc60da825905c8ed234df26c1deecfa816d5aa9bfb11b905e2814084a86b588be60423afada8dd0dd5a143774c6d890b64195ac42fb47ef5a9a00f0d6c80711d8e0c2b843ec38c02f60fd46bc46c7b4c329ad2dbb1b7625293703f9c739dc4c2bf0769126a2f3cb2cd031d1881cd0af64bf20fd474a993b48620f103a5c14999a2f17d60721bcc019a896b4138a688a59f50cb6cd94a4cfe3b8052e82dec025fef4feabb08c7ce412e3de850f903797e293ec27c329f57fd84e0\n"
|
|
- "10 06e804489a77ddab51b9ef27e17053c0e5d503bd ima-sig sha1:1cb84b12db45d7da8de58ba6744187db84082f0e /usr/bin/zmore 030202531f402500483046022100bff9c02dc7b270c83cc94bfec10eecd42831de2cdcb04f024369a14623bc3a91022100cc4d015ae932fb98d6846645ed7d1bb1afd4621ec9089bc087126f191886dd31\n"
|
|
+ "10 1e70a3e1af66f42826ad63b761b4cb9c4df195e1 ima-sig sha256:d33d5d13792292e202dbf69a6f1b07bc8a02f01424db8489ba7bb7d43c0290ef /usr/bin/dd 030204f3452d2301009dd340c852f37e35748363586939d4199b6684be27e7c1236ca1528f708372ed9cd52a0d991f66448790f5616ed5bd7f9bbd22193b1e3e54f6bf29a1497945a34d1b418b24f4cbeaef897bf3cebca27065ebb8761b46bc2662fe76f141245b9186a5ac8493c7f4976cf0d6dfc085c3e503e3f771bc3ccb121230db76fd8aba4f45f060ad64ab3afd99b4e52824b9eba12e93e46f9dcb2fa01d9cef89f298a0da02a82a4fb56924afd3e3c277a1302d99f770d488449df2d43eb5b174a0a528827e6877b965c2f0b7c89cf1aa26a7417a892df4c2294e2872d62748b72ea04ecb0689b5d792e615a9bf9d56f6e0f298560bf9441df0a22729c5f23389f028c25f\n"
|
|
+ "10 5d4d5141ccd5066d50dc3f21d79ba02fedc24256 ima-sig sha256:b8ae0b8dd04a5935cd8165aa2260cd11b658bd71629bdb52256a675a1f73907b /usr/bin/zmore 030204531f402500483046022100fe24678d21083ead47660e1a2d553a592d777c478d1b0466de6ed484b54956b3022100cad3adb37f277bbb03544d6107751b4cd4f2289d8353fa36257400a99334d5c3\n"
|
|
)
|
|
|
|
COMBINED = MEASUREMENTS + SIGNATURES
|