| Message ID | 20210115181819.34732-3-ebiggers@kernel.org |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | fs-verity: add an ioctl to read verity metadata | expand |
On 01/15, Eric Biggers wrote: > From: Eric Biggers <ebiggers@google.com> > > Now that fsverity_get_descriptor() validates the sig_size field, > fsverity_verify_signature() doesn't need to do it. > > Just change the prototype of fsverity_verify_signature() to take the > signature directly rather than take a fsverity_descriptor. > > Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org> > --- > fs/verity/fsverity_private.h | 6 ++---- > fs/verity/open.c | 3 ++- > fs/verity/signature.c | 20 ++++++-------------- > 3 files changed, 10 insertions(+), 19 deletions(-) > > diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h > index 6c9caccc06021..a7920434bae50 100644 > --- a/fs/verity/fsverity_private.h > +++ b/fs/verity/fsverity_private.h > @@ -140,15 +140,13 @@ void __init fsverity_exit_info_cache(void); > > #ifdef CONFIG_FS_VERITY_BUILTIN_SIGNATURES > int fsverity_verify_signature(const struct fsverity_info *vi, > - const struct fsverity_descriptor *desc, > - size_t desc_size); > + const u8 *signature, size_t sig_size); > > int __init fsverity_init_signature(void); > #else /* !CONFIG_FS_VERITY_BUILTIN_SIGNATURES */ > static inline int > fsverity_verify_signature(const struct fsverity_info *vi, > - const struct fsverity_descriptor *desc, > - size_t desc_size) > + const u8 *signature, size_t sig_size) > { > return 0; > } > diff --git a/fs/verity/open.c b/fs/verity/open.c > index a987bb785e9b0..60ff8af7219fe 100644 > --- a/fs/verity/open.c > +++ b/fs/verity/open.c > @@ -181,7 +181,8 @@ struct fsverity_info *fsverity_create_info(const struct inode *inode, > vi->tree_params.hash_alg->name, > vi->tree_params.digest_size, vi->file_digest); > > - err = fsverity_verify_signature(vi, desc, desc_size); > + err = fsverity_verify_signature(vi, desc->signature, > + le32_to_cpu(desc->sig_size)); > out: > if (err) { > fsverity_free_info(vi); > diff --git a/fs/verity/signature.c b/fs/verity/signature.c > index 012468eda2a78..143a530a80088 100644 > --- a/fs/verity/signature.c > +++ b/fs/verity/signature.c > @@ -29,21 +29,19 @@ static struct key *fsverity_keyring; > /** > * fsverity_verify_signature() - check a verity file's signature > * @vi: the file's fsverity_info > - * @desc: the file's fsverity_descriptor > - * @desc_size: size of @desc > + * @signature: the file's built-in signature > + * @sig_size: size of signature in bytes, or 0 if no signature > * > - * If the file's fs-verity descriptor includes a signature of the file digest, > - * verify it against the certificates in the fs-verity keyring. > + * If the file includes a signature of its fs-verity file digest, verify it > + * against the certificates in the fs-verity keyring. > * > * Return: 0 on success (signature valid or not required); -errno on failure > */ > int fsverity_verify_signature(const struct fsverity_info *vi, > - const struct fsverity_descriptor *desc, > - size_t desc_size) > + const u8 *signature, size_t sig_size) > { > const struct inode *inode = vi->inode; > const struct fsverity_hash_alg *hash_alg = vi->tree_params.hash_alg; > - const u32 sig_size = le32_to_cpu(desc->sig_size); > struct fsverity_formatted_digest *d; > int err; > > @@ -56,11 +54,6 @@ int fsverity_verify_signature(const struct fsverity_info *vi, > return 0; > } > > - if (sig_size > desc_size - sizeof(*desc)) { > - fsverity_err(inode, "Signature overflows verity descriptor"); > - return -EBADMSG; > - } > - > d = kzalloc(sizeof(*d) + hash_alg->digest_size, GFP_KERNEL); > if (!d) > return -ENOMEM; > @@ -70,8 +63,7 @@ int fsverity_verify_signature(const struct fsverity_info *vi, > memcpy(d->digest, vi->file_digest, hash_alg->digest_size); > > err = verify_pkcs7_signature(d, sizeof(*d) + hash_alg->digest_size, > - desc->signature, sig_size, > - fsverity_keyring, > + signature, sig_size, fsverity_keyring, > VERIFYING_UNSPECIFIED_SIGNATURE, > NULL, NULL); > kfree(d); > -- > 2.30.0
On Fri, Jan 15, 2021 at 10:22 AM Eric Biggers <ebiggers@kernel.org> wrote: > > From: Eric Biggers <ebiggers@google.com> > > Now that fsverity_get_descriptor() validates the sig_size field, > fsverity_verify_signature() doesn't need to do it. > > Just change the prototype of fsverity_verify_signature() to take the > signature directly rather than take a fsverity_descriptor. > > Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Amy Parker <enbyamy@gmail.com>
diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h index 6c9caccc06021..a7920434bae50 100644 --- a/fs/verity/fsverity_private.h +++ b/fs/verity/fsverity_private.h @@ -140,15 +140,13 @@ void __init fsverity_exit_info_cache(void); #ifdef CONFIG_FS_VERITY_BUILTIN_SIGNATURES int fsverity_verify_signature(const struct fsverity_info *vi, - const struct fsverity_descriptor *desc, - size_t desc_size); + const u8 *signature, size_t sig_size); int __init fsverity_init_signature(void); #else /* !CONFIG_FS_VERITY_BUILTIN_SIGNATURES */ static inline int fsverity_verify_signature(const struct fsverity_info *vi, - const struct fsverity_descriptor *desc, - size_t desc_size) + const u8 *signature, size_t sig_size) { return 0; } diff --git a/fs/verity/open.c b/fs/verity/open.c index a987bb785e9b0..60ff8af7219fe 100644 --- a/fs/verity/open.c +++ b/fs/verity/open.c @@ -181,7 +181,8 @@ struct fsverity_info *fsverity_create_info(const struct inode *inode, vi->tree_params.hash_alg->name, vi->tree_params.digest_size, vi->file_digest); - err = fsverity_verify_signature(vi, desc, desc_size); + err = fsverity_verify_signature(vi, desc->signature, + le32_to_cpu(desc->sig_size)); out: if (err) { fsverity_free_info(vi); diff --git a/fs/verity/signature.c b/fs/verity/signature.c index 012468eda2a78..143a530a80088 100644 --- a/fs/verity/signature.c +++ b/fs/verity/signature.c @@ -29,21 +29,19 @@ static struct key *fsverity_keyring; /** * fsverity_verify_signature() - check a verity file's signature * @vi: the file's fsverity_info - * @desc: the file's fsverity_descriptor - * @desc_size: size of @desc + * @signature: the file's built-in signature + * @sig_size: size of signature in bytes, or 0 if no signature * - * If the file's fs-verity descriptor includes a signature of the file digest, - * verify it against the certificates in the fs-verity keyring. + * If the file includes a signature of its fs-verity file digest, verify it + * against the certificates in the fs-verity keyring. * * Return: 0 on success (signature valid or not required); -errno on failure */ int fsverity_verify_signature(const struct fsverity_info *vi, - const struct fsverity_descriptor *desc, - size_t desc_size) + const u8 *signature, size_t sig_size) { const struct inode *inode = vi->inode; const struct fsverity_hash_alg *hash_alg = vi->tree_params.hash_alg; - const u32 sig_size = le32_to_cpu(desc->sig_size); struct fsverity_formatted_digest *d; int err; @@ -56,11 +54,6 @@ int fsverity_verify_signature(const struct fsverity_info *vi, return 0; } - if (sig_size > desc_size - sizeof(*desc)) { - fsverity_err(inode, "Signature overflows verity descriptor"); - return -EBADMSG; - } - d = kzalloc(sizeof(*d) + hash_alg->digest_size, GFP_KERNEL); if (!d) return -ENOMEM; @@ -70,8 +63,7 @@ int fsverity_verify_signature(const struct fsverity_info *vi, memcpy(d->digest, vi->file_digest, hash_alg->digest_size); err = verify_pkcs7_signature(d, sizeof(*d) + hash_alg->digest_size, - desc->signature, sig_size, - fsverity_keyring, + signature, sig_size, fsverity_keyring, VERIFYING_UNSPECIFIED_SIGNATURE, NULL, NULL); kfree(d);