fs-verity: don't pass whole descriptor to fsverity_verify_signature()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Now that fsverity_get_descriptor() validates the sig_size field,
fsverity_verify_signature() doesn't need to do it.

Just change the prototype of fsverity_verify_signature() to take the
signature directly rather than take a fsverity_descriptor.

Link: https://lore.kernel.org/r/20210115181819.34732-3-ebiggers@kernel.org
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Reviewed-by: Amy Parker <enbyamy@gmail.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>

Eric Biggers 5 years ago fab634c4 c2c82611

+10 -19

3 changed files

expand all

verity

fsverity_private.h

open.c

signature.c

+2 -4

fs/verity/fsverity_private.h

··· 140 140 141 141 #ifdef CONFIG_FS_VERITY_BUILTIN_SIGNATURES 142 142 int fsverity_verify_signature(const struct fsverity_info *vi, 143 - const struct fsverity_descriptor *desc, 144 - size_t desc_size); 143 + const u8 *signature, size_t sig_size); 145 144 146 145 int __init fsverity_init_signature(void); 147 146 #else /* !CONFIG_FS_VERITY_BUILTIN_SIGNATURES */ 148 147 static inline int 149 148 fsverity_verify_signature(const struct fsverity_info *vi, 150 - const struct fsverity_descriptor *desc, 151 - size_t desc_size) 149 + const u8 *signature, size_t sig_size) 152 150 { 153 151 return 0; 154 152 }

+2 -1

fs/verity/open.c

··· 181 181 vi->tree_params.hash_alg->name, 182 182 vi->tree_params.digest_size, vi->file_digest); 183 183 184 - err = fsverity_verify_signature(vi, desc, desc_size); 184 + err = fsverity_verify_signature(vi, desc->signature, 185 + le32_to_cpu(desc->sig_size)); 185 186 out: 186 187 if (err) { 187 188 fsverity_free_info(vi);

+6 -14

fs/verity/signature.c

··· 29 29 /** 30 30 * fsverity_verify_signature() - check a verity file's signature 31 31 * @vi: the file's fsverity_info 32 - * @desc: the file's fsverity_descriptor 33 - * @desc_size: size of @desc 32 + * @signature: the file's built-in signature 33 + * @sig_size: size of signature in bytes, or 0 if no signature 34 34 * 35 - * If the file's fs-verity descriptor includes a signature of the file digest, 36 - * verify it against the certificates in the fs-verity keyring. 35 + * If the file includes a signature of its fs-verity file digest, verify it 36 + * against the certificates in the fs-verity keyring. 37 37 * 38 38 * Return: 0 on success (signature valid or not required); -errno on failure 39 39 */ 40 40 int fsverity_verify_signature(const struct fsverity_info *vi, 41 - const struct fsverity_descriptor *desc, 42 - size_t desc_size) 41 + const u8 *signature, size_t sig_size) 43 42 { 44 43 const struct inode *inode = vi->inode; 45 44 const struct fsverity_hash_alg *hash_alg = vi->tree_params.hash_alg; 46 - const u32 sig_size = le32_to_cpu(desc->sig_size); 47 45 struct fsverity_formatted_digest *d; 48 46 int err; 49 47 ··· 54 56 return 0; 55 57 } 56 58 57 - if (sig_size > desc_size - sizeof(*desc)) { 58 - fsverity_err(inode, "Signature overflows verity descriptor"); 59 - return -EBADMSG; 60 - } 61 - 62 59 d = kzalloc(sizeof(*d) + hash_alg->digest_size, GFP_KERNEL); 63 60 if (!d) 64 61 return -ENOMEM; ··· 63 70 memcpy(d->digest, vi->file_digest, hash_alg->digest_size); 64 71 65 72 err = verify_pkcs7_signature(d, sizeof(*d) + hash_alg->digest_size, 66 - desc->signature, sig_size, 67 - fsverity_keyring, 73 + signature, sig_size, fsverity_keyring, 68 74 VERIFYING_UNSPECIFIED_SIGNATURE, 69 75 NULL, NULL); 70 76 kfree(d);