Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp626125pxb; Wed, 27 Jan 2021 17:13:00 -0800 (PST) X-Google-Smtp-Source: ABdhPJz0d07ERkDA7PjbRp+QWJARqxDFqjBRWgXFQWqbjXYSM9iffE3+J9qLoMT39zGJ9HozzMvU X-Received: by 2002:a17:907:175c:: with SMTP id lf28mr8937367ejc.110.1611796380504; Wed, 27 Jan 2021 17:13:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611796380; cv=none; d=google.com; s=arc-20160816; b=WPaZRZFQqnGlq3xGZZb2Jz3UTxZA7JETaGfyIvKOzNR+vaDJIw1xlaDQ9jwhuCCG+d hkenI1vPLNaPbzrp7JnyojJTCVOJNiXdnOKIgAfWEbh2Pq2WEKciGzE6ckr8Bc5XV3ON y8oqZT8F9byr3r7Acwmb342PD/WB4hFBZWfTIOi1v2aqxh9kbuK1GBiOTTq++ty80+gg 1q/dVdEC4k9xb3b9h7JA1ZFl8ryHCHd/940rnSP2KOIjLdFDBSQL9v1hJQ/pI/u/loGe VdsQ8721y7NudOhhugL827Mnc2iIohwOL9NqPRayj+MeJRoOi4sXjqpBD3vK4Rg2RA2Z bvWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=paYDAb7LmZ4xHcBEaGBrzzP51gJFQWT7wMl+7XgvZ2g=; b=npoZuHLeE2P4u+ry+BbYKYGp+aNjQ9aUQl3geAUCwRHKW0wg9xOdgK1TAub1nkrwtJ 761QYh0ZDc4vv4QUmS5hNXHDE5BuS0+x7BFP03T+Zix8+DttX7ZoGhvp2Fbbqmd2/sh3 rtredg2w/vhI96pl1jLzNvyoZSMb760GHFIm4ck2qLwL5jGARK9NGpv+3Og934rAxLmo ggZnQHOeJSE232K25iCBOJ9DPjvw1JVukH+AA36b1t/m7cI0s2xtmrBKHA5BiwaeVjP0 gNHB8b+0gCTma5vBbIZ+/uSQ4gT+yox0xsRqH4SMCBiUHyyahFiUBqPPE+s4CsQ3C0V4 1c4w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pCUSbfI7; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i3si1944744edj.120.2021.01.27.17.12.33; Wed, 27 Jan 2021 17:13:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pCUSbfI7; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231389AbhA1BM2 (ORCPT + 99 others); Wed, 27 Jan 2021 20:12:28 -0500 Received: from mail.kernel.org ([198.145.29.99]:35442 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231439AbhA1BGu (ORCPT ); Wed, 27 Jan 2021 20:06:50 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 1C69C64DD1; Thu, 28 Jan 2021 01:04:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1611795857; bh=9u+pX6tITQPni/ZTAGHNlkfJc+eKK2wzAvA+xh2TVPU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=pCUSbfI7WRD+4txA2pHo3Xrw3oZG+pmpeTwBWaNcegbi36zxBW/ML2+IuDHKMbzHn AVTlavn5uNudzkPHCEf7hOhLjZyJxaX0VqC+vmh0Ax9J0E99UlNwAjDmZT8rxkmXhe W9tkHXGPTWxNhLRsIOiZ63gbCL00Xe4L0F4ttBQWkxnoSOup3VE3LxSDWVoxdaf48/ fISbEA7jX+sAUC3svQE6GrupalDXRGVf9ICYNTaONC8eARwMjBA04hUG0OmSmVNpkL mLuVd2lKIw2s/GnYIUz1aajlGgJohdw5ia9o9MmXIjfeSLBbSbO5d/RUmc6QsOUv8/ bhT8EDe+EENaw== Date: Wed, 27 Jan 2021 17:04:15 -0800 From: Jaegeuk Kim To: Eric Biggers Cc: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-api@vger.kernel.org, Theodore Ts'o , Victor Hsieh Subject: Re: [PATCH 2/6] fs-verity: don't pass whole descriptor to fsverity_verify_signature() Message-ID: References: <20210115181819.34732-1-ebiggers@kernel.org> <20210115181819.34732-3-ebiggers@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210115181819.34732-3-ebiggers@kernel.org> Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On 01/15, Eric Biggers wrote: > From: Eric Biggers > > Now that fsverity_get_descriptor() validates the sig_size field, > fsverity_verify_signature() doesn't need to do it. > > Just change the prototype of fsverity_verify_signature() to take the > signature directly rather than take a fsverity_descriptor. > > Signed-off-by: Eric Biggers Reviewed-by: Jaegeuk Kim > --- > fs/verity/fsverity_private.h | 6 ++---- > fs/verity/open.c | 3 ++- > fs/verity/signature.c | 20 ++++++-------------- > 3 files changed, 10 insertions(+), 19 deletions(-) > > diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h > index 6c9caccc06021..a7920434bae50 100644 > --- a/fs/verity/fsverity_private.h > +++ b/fs/verity/fsverity_private.h > @@ -140,15 +140,13 @@ void __init fsverity_exit_info_cache(void); > > #ifdef CONFIG_FS_VERITY_BUILTIN_SIGNATURES > int fsverity_verify_signature(const struct fsverity_info *vi, > - const struct fsverity_descriptor *desc, > - size_t desc_size); > + const u8 *signature, size_t sig_size); > > int __init fsverity_init_signature(void); > #else /* !CONFIG_FS_VERITY_BUILTIN_SIGNATURES */ > static inline int > fsverity_verify_signature(const struct fsverity_info *vi, > - const struct fsverity_descriptor *desc, > - size_t desc_size) > + const u8 *signature, size_t sig_size) > { > return 0; > } > diff --git a/fs/verity/open.c b/fs/verity/open.c > index a987bb785e9b0..60ff8af7219fe 100644 > --- a/fs/verity/open.c > +++ b/fs/verity/open.c > @@ -181,7 +181,8 @@ struct fsverity_info *fsverity_create_info(const struct inode *inode, > vi->tree_params.hash_alg->name, > vi->tree_params.digest_size, vi->file_digest); > > - err = fsverity_verify_signature(vi, desc, desc_size); > + err = fsverity_verify_signature(vi, desc->signature, > + le32_to_cpu(desc->sig_size)); > out: > if (err) { > fsverity_free_info(vi); > diff --git a/fs/verity/signature.c b/fs/verity/signature.c > index 012468eda2a78..143a530a80088 100644 > --- a/fs/verity/signature.c > +++ b/fs/verity/signature.c > @@ -29,21 +29,19 @@ static struct key *fsverity_keyring; > /** > * fsverity_verify_signature() - check a verity file's signature > * @vi: the file's fsverity_info > - * @desc: the file's fsverity_descriptor > - * @desc_size: size of @desc > + * @signature: the file's built-in signature > + * @sig_size: size of signature in bytes, or 0 if no signature > * > - * If the file's fs-verity descriptor includes a signature of the file digest, > - * verify it against the certificates in the fs-verity keyring. > + * If the file includes a signature of its fs-verity file digest, verify it > + * against the certificates in the fs-verity keyring. > * > * Return: 0 on success (signature valid or not required); -errno on failure > */ > int fsverity_verify_signature(const struct fsverity_info *vi, > - const struct fsverity_descriptor *desc, > - size_t desc_size) > + const u8 *signature, size_t sig_size) > { > const struct inode *inode = vi->inode; > const struct fsverity_hash_alg *hash_alg = vi->tree_params.hash_alg; > - const u32 sig_size = le32_to_cpu(desc->sig_size); > struct fsverity_formatted_digest *d; > int err; > > @@ -56,11 +54,6 @@ int fsverity_verify_signature(const struct fsverity_info *vi, > return 0; > } > > - if (sig_size > desc_size - sizeof(*desc)) { > - fsverity_err(inode, "Signature overflows verity descriptor"); > - return -EBADMSG; > - } > - > d = kzalloc(sizeof(*d) + hash_alg->digest_size, GFP_KERNEL); > if (!d) > return -ENOMEM; > @@ -70,8 +63,7 @@ int fsverity_verify_signature(const struct fsverity_info *vi, > memcpy(d->digest, vi->file_digest, hash_alg->digest_size); > > err = verify_pkcs7_signature(d, sizeof(*d) + hash_alg->digest_size, > - desc->signature, sig_size, > - fsverity_keyring, > + signature, sig_size, fsverity_keyring, > VERIFYING_UNSPECIFIED_SIGNATURE, > NULL, NULL); > kfree(d); > -- > 2.30.0