| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220127184614.2837938-3-roberto.sassu@huawei.com>
Date: Thu, 27 Jan 2022 19:46:11 +0100
From: Roberto Sassu <roberto.sassu@...wei.com>
To: <linux-integrity@...r.kernel.org>
CC: <zohar@...ux.ibm.com>, <ebiggers@...nel.org>,
<stefanb@...ux.ibm.com>, <linux-fscrypt@...r.kernel.org>,
<linux-kernel@...r.kernel.org>,
Roberto Sassu <roberto.sassu@...wei.com>
Subject: [RFC][PATCH v3a 07/11] fsverity: Introduce fsverity_get_signature()
Get the signature of an fsverity-protected file.
Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
---
fs/verity/measure.c | 38 ++++++++++++++++++++++++++++++++++++++
include/linux/fsverity.h | 7 +++++++
2 files changed, 45 insertions(+)
diff --git a/fs/verity/measure.c b/fs/verity/measure.c
index 7afe4274ecb0..679e2ddae62c 100644
--- a/fs/verity/measure.c
+++ b/fs/verity/measure.c
@@ -142,3 +142,41 @@ ssize_t fsverity_get_formatted_digest(struct inode *inode,
return sizeof(*d) + hash_alg->digest_size;
}
+
+/**
+ * fsverity_get_signature() - get a verity file's signature
+ * @inode: inode to get signature of
+ * @signature: (out) pointer to the signature
+ *
+ * Return the file signature of an fsverity-protected file.
+ *
+ * Return: written bytes on success, -errno on failure
+ */
+ssize_t fsverity_get_signature(struct inode *inode, u8 **signature)
+{
+ const struct fsverity_info *vi;
+ struct fsverity_descriptor *desc;
+ size_t desc_size;
+ int err, signature_size;
+
+ vi = fsverity_get_info(inode);
+ if (!vi)
+ return -ENODATA; /* not a verity file */
+
+ err = fsverity_get_descriptor(inode, &desc, &desc_size);
+ if (err)
+ return err;
+
+ signature_size = le32_to_cpu(desc->sig_size);
+
+ *signature = kmemdup(desc->signature, signature_size, GFP_KERNEL);
+
+ kfree(desc);
+
+ if (!*signature)
+ return -ENOMEM;
+
+ pr_debug("file signature %*phN\n", signature_size, *signature);
+
+ return signature_size;
+}
diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
index 17ae313ed8f4..5ad7921f3589 100644
--- a/include/linux/fsverity.h
+++ b/include/linux/fsverity.h
@@ -147,6 +147,7 @@ int fsverity_get_digest(struct inode *inode,
ssize_t fsverity_get_formatted_digest(struct inode *inode,
u8 formatted_digest[FS_VERITY_MAX_FMT_DIGEST_SIZE],
enum hash_algo *alg);
+ssize_t fsverity_get_signature(struct inode *inode, u8 **signature);
/* open.c */
@@ -200,6 +201,12 @@ static inline ssize_t fsverity_get_formatted_digest(struct inode *inode,
return -EOPNOTSUPP;
}
+static inline ssize_t fsverity_get_signature(struct inode *inode,
+ u8 **signature)
+{
+ return -EOPNOTSUPP;
+}
+
/* open.c */
static inline int fsverity_file_open(struct inode *inode, struct file *filp)
--
2.32.0
Powered by blists - more mailing lists