Linux-FSCrypt Archive on lore.kernel.org
 help / color / Atom feed
From: Jes Sorensen <jes.sorensen@gmail.com>
To: linux-fscrypt@vger.kernel.org
Cc: kernel-team@fb.com, Jes Sorensen <jsorensen@fb.com>
Subject: [PATCH 7/7] cmd_sign: fsverity_cmd_sign() into two functions
Date: Mon, 10 Feb 2020 19:00:37 -0500
Message-ID: <20200211000037.189180-8-Jes.Sorensen@gmail.com> (raw)
In-Reply-To: <20200211000037.189180-1-Jes.Sorensen@gmail.com>

From: Jes Sorensen <jsorensen@fb.com>

This splits cmd_sign() into a gen_digest() and a sign_digest()
function, and fixes fsverity.c to use them appropriately.
---
 cmd_sign.c | 50 +++++++++++++++++++++++++++++++++-----------------
 fsverity.c |  8 ++++++--
 fsverity.h | 13 ++++++++-----
 3 files changed, 47 insertions(+), 24 deletions(-)

diff --git a/cmd_sign.c b/cmd_sign.c
index a0bd168..ba68243 100644
--- a/cmd_sign.c
+++ b/cmd_sign.c
@@ -481,12 +481,11 @@ out:
 	return ok;
 }
 
-/* Sign a file for fs-verity by computing its measurement, then signing it. */
-int fsverity_cmd_sign(char *filename, const struct fsverity_hash_alg *hash_alg,
-		      u32 block_size, u8 *salt, u32 salt_size,
-		      const char *keyfile, const char *certfile,
-		      struct fsverity_signed_digest **retdigest,
-		      u8 **sig, u32 *sig_size)
+/* Generate the fsverity digest computing its measurement. */
+int fsverity_cmd_gen_digest(char *filename,
+			    const struct fsverity_hash_alg *hash_alg,
+			    u32 block_size, u8 *salt, u32 salt_size,
+			    struct fsverity_signed_digest **retdigest)
 {
 	struct fsverity_signed_digest *digest = NULL;
 	int status;
@@ -499,13 +498,6 @@ int fsverity_cmd_sign(char *filename, const struct fsverity_hash_alg *hash_alg,
 	if (block_size == 0)
 		block_size = fsverity_get_default_block_size();
 
-	if (keyfile == NULL) {
-		status = -EINVAL;
-		goto out;
-	}
-	if (certfile == NULL)
-		certfile = keyfile;
-
 	digest = xzalloc(sizeof(*digest) + hash_alg->digest_size);
 	memcpy(digest->magic, "FSVerity", 8);
 	digest->digest_algorithm = cpu_to_le16(hash_alg - fsverity_hash_algs);
@@ -515,10 +507,6 @@ int fsverity_cmd_sign(char *filename, const struct fsverity_hash_alg *hash_alg,
 				      salt, salt_size, digest->digest))
 		goto out_err;
 
-	if (!sign_data(digest, sizeof(*digest) + hash_alg->digest_size,
-		       keyfile, certfile, hash_alg, sig, sig_size))
-		goto out_err;
-
 	*retdigest = digest;
 	status = 0;
 out:
@@ -529,3 +517,31 @@ out_err:
 	goto out;
 
 }
+
+/* Sign a pre-generated fsverity_signed_digest structure */
+int fsverity_cmd_sign_digest(struct fsverity_signed_digest *digest,
+			     const struct fsverity_hash_alg *hash_alg,
+			     const char *keyfile, const char *certfile,
+			     u8 **sig, u32 *sig_size)
+{
+	int status;
+
+	if (keyfile == NULL) {
+		status = -EINVAL;
+		goto out;
+	}
+	if (certfile == NULL)
+		certfile = keyfile;
+
+	if (!sign_data(digest, sizeof(*digest) + hash_alg->digest_size,
+		       keyfile, certfile, hash_alg, sig, sig_size))
+		goto out_err;
+
+	status = 0;
+ out:
+	return status;
+
+ out_err:
+	status = 1;
+	goto out;
+}
diff --git a/fsverity.c b/fsverity.c
index 45bf0cc..3fcafcb 100644
--- a/fsverity.c
+++ b/fsverity.c
@@ -188,8 +188,12 @@ int wrap_cmd_sign(const struct fsverity_command *cmd, int argc, char *argv[])
 	if (argc != 2)
 		goto out_usage;
 
-	status = fsverity_cmd_sign(argv[0], hash_alg, block_size, salt, salt_size,
-				   keyfile, certfile, &digest, &sig, &sig_size);
+	status = fsverity_cmd_gen_digest(argv[0], hash_alg, block_size,
+					 salt, salt_size, &digest);
+	if (status)
+		goto out_usage;
+	status = fsverity_cmd_sign_digest(digest, hash_alg, keyfile, certfile,
+					  &sig, &sig_size);
 	if (status == -EINVAL)
 		goto out_usage;
 	if (status != 0)
diff --git a/fsverity.h b/fsverity.h
index bb2f337..695bdac 100644
--- a/fsverity.h
+++ b/fsverity.h
@@ -26,10 +26,13 @@ u32 fsverity_get_default_block_size(void);
 
 int fsverity_cmd_enable(char *filename, struct fsverity_enable_arg *arg);
 int fsverity_cmd_measure(char *filename, struct fsverity_digest *d);
-int fsverity_cmd_sign(char *filename, const struct fsverity_hash_alg *hash_alg,
-		      u32 block_size, u8 *salt, u32 salt_size,
-		      const char *keyfile, const char *certfile,
-		      struct fsverity_signed_digest **retdigest,
-		      u8 **sig, u32 *sig_size);
+int fsverity_cmd_gen_digest(char *filename,
+			    const struct fsverity_hash_alg *hash_alg,
+			    u32 block_size, u8 *salt, u32 salt_size,
+			    struct fsverity_signed_digest **retdigest);
+int fsverity_cmd_sign_digest(struct fsverity_signed_digest *digest,
+			     const struct fsverity_hash_alg *hash_alg,
+			     const char *keyfile, const char *certfile,
+			     u8 **sig, u32 *sig_size);
 
 #endif /* COMMANDS_H */
-- 
2.24.1


  parent reply index

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-11  0:00 [PATCH 0/7] Split fsverity-utils into a shared library Jes Sorensen
2020-02-11  0:00 ` [PATCH 1/7] Build basic " Jes Sorensen
2020-02-11  0:00 ` [PATCH 2/7] Restructure fsverity_cmd_sign for shared libraries Jes Sorensen
2020-02-11  0:00 ` [PATCH 3/7] Make fsverity_cmd_measure() a library function Jes Sorensen
2020-02-11  0:00 ` [PATCH 4/7] Make fsverity_cmd_enable a library call() Jes Sorensen
2020-02-11  0:00 ` [PATCH 5/7] Rename commands.h to fsverity.h Jes Sorensen
2020-02-11  0:00 ` [PATCH 6/7] Move cmdline helper functions to fsverity.c Jes Sorensen
2020-02-11  0:00 ` Jes Sorensen [this message]
2020-02-11 19:22 ` [PATCH 0/7] Split fsverity-utils into a shared library Eric Biggers
2020-02-11 22:09   ` Jes Sorensen
2020-02-11 23:14     ` Eric Biggers
2020-02-11 23:35       ` Jes Sorensen
2020-02-14 20:35         ` Eric Biggers
2020-02-19 23:49           ` Jes Sorensen
2020-07-30 17:52             ` Eric Biggers
2020-07-31 17:40               ` Jes Sorensen
2020-07-31 17:47                 ` Chris Mason
2020-07-31 19:14                   ` Eric Biggers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200211000037.189180-8-Jes.Sorensen@gmail.com \
    --to=jes.sorensen@gmail.com \
    --cc=jsorensen@fb.com \
    --cc=kernel-team@fb.com \
    --cc=linux-fscrypt@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-FSCrypt Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-fscrypt/0 linux-fscrypt/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-fscrypt linux-fscrypt/ https://lore.kernel.org/linux-fscrypt \
		linux-fscrypt@vger.kernel.org
	public-inbox-index linux-fscrypt

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-fscrypt


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git