| Message ID | 20201027191106.2447401-1-ebiggers@kernel.org (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | fs-verity: rename fsverity_signed_digest to fsverity_formatted_digest | expand |
On Tue, 27 Oct 2020 at 19:13, Eric Biggers <ebiggers@kernel.org> wrote: > > From: Eric Biggers <ebiggers@google.com> > > The name "struct fsverity_signed_digest" is causing confusion because it > isn't actually a signed digest, but rather it's the way that the digest > is formatted in order to be signed. Rename it to > "struct fsverity_formatted_digest" to prevent this confusion. > > Also update the struct's comment to clarify that it's specific to the > built-in signature verification support and isn't a requirement for all > fs-verity users. > > I'll be renaming this struct in fsverity-utils too. > > Signed-off-by: Eric Biggers <ebiggers@google.com> > --- > Documentation/filesystems/fsverity.rst | 2 +- > fs/verity/fsverity_private.h | 17 ++++++++++++----- > fs/verity/signature.c | 2 +- > 3 files changed, 14 insertions(+), 7 deletions(-) Acked-by: Luca Boccassi <luca.boccassi@microsoft.com>
On Tue, Oct 27, 2020 at 12:11:06PM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@google.com> > > The name "struct fsverity_signed_digest" is causing confusion because it > isn't actually a signed digest, but rather it's the way that the digest > is formatted in order to be signed. Rename it to > "struct fsverity_formatted_digest" to prevent this confusion. > > Also update the struct's comment to clarify that it's specific to the > built-in signature verification support and isn't a requirement for all > fs-verity users. > > I'll be renaming this struct in fsverity-utils too. > > Signed-off-by: Eric Biggers <ebiggers@google.com> Applied to fscrypt.git#fsverity for 5.11. - Eric
On Fri, Nov 13, 2020 at 10:41:13AM -0800, Eric Biggers wrote: > On Tue, Oct 27, 2020 at 12:11:06PM -0700, Eric Biggers wrote: > > From: Eric Biggers <ebiggers@google.com> > > > > The name "struct fsverity_signed_digest" is causing confusion because it > > isn't actually a signed digest, but rather it's the way that the digest > > is formatted in order to be signed. Rename it to > > "struct fsverity_formatted_digest" to prevent this confusion. > > > > Also update the struct's comment to clarify that it's specific to the > > built-in signature verification support and isn't a requirement for all > > fs-verity users. > > > > I'll be renaming this struct in fsverity-utils too. > > > > Signed-off-by: Eric Biggers <ebiggers@google.com> > > Applied to fscrypt.git#fsverity for 5.11. > > - Eric Actually, I decided to resend this as part of the series https://lkml.kernel.org/linux-fscrypt/20201113211918.71883-1-ebiggers@kernel.org. - Eric
diff --git a/Documentation/filesystems/fsverity.rst b/Documentation/filesystems/fsverity.rst index 895e9711ed88..421b75498d49 100644 --- a/Documentation/filesystems/fsverity.rst +++ b/Documentation/filesystems/fsverity.rst @@ -372,7 +372,7 @@ kernel. Specifically, it adds support for: File measurements must be signed in the following format, which is similar to the structure used by `FS_IOC_MEASURE_VERITY`_:: - struct fsverity_signed_digest { + struct fsverity_formatted_digest { char magic[8]; /* must be "FSVerity" */ __le16 digest_algorithm; __le16 digest_size; diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h index e96d99d5145e..75f8e18b44a5 100644 --- a/fs/verity/fsverity_private.h +++ b/fs/verity/fsverity_private.h @@ -101,12 +101,19 @@ struct fsverity_descriptor { sizeof(struct fsverity_descriptor)) /* - * Format in which verity file measurements are signed. This is the same as - * 'struct fsverity_digest', except here some magic bytes are prepended to - * provide some context about what is being signed in case the same key is used - * for non-fsverity purposes, and here the fields have fixed endianness. + * Format in which verity file measurements are signed in built-in signatures. + * This is the same as 'struct fsverity_digest', except here some magic bytes + * are prepended to provide some context about what is being signed in case the + * same key is used for non-fsverity purposes, and here the fields have fixed + * endianness. + * + * This struct is specific to the built-in signature verification support, which + * is optional. fs-verity users may also verify signatures in userspace, in + * which case userspace is responsible for deciding on what bytes are signed. + * This struct may still be used, but it doesn't have to be. For example, + * userspace could instead use a string like "sha256:$digest_as_hex_string". */ -struct fsverity_signed_digest { +struct fsverity_formatted_digest { char magic[8]; /* must be "FSVerity" */ __le16 digest_algorithm; __le16 digest_size; diff --git a/fs/verity/signature.c b/fs/verity/signature.c index b14ed96387ec..26c76fedd78b 100644 --- a/fs/verity/signature.c +++ b/fs/verity/signature.c @@ -44,7 +44,7 @@ int fsverity_verify_signature(const struct fsverity_info *vi, const struct inode *inode = vi->inode; const struct fsverity_hash_alg *hash_alg = vi->tree_params.hash_alg; const u32 sig_size = le32_to_cpu(desc->sig_size); - struct fsverity_signed_digest *d; + struct fsverity_formatted_digest *d; int err; if (sig_size == 0) {