[RFC][PATCH 1/5] fsverity: Introduce fsverity_get_file_digest()

Roberto Sassu <roberto.sassu@xxxxxxxxxx> · Fri, 12 Nov 2021 13:44:07 +0100

Since the fsverity_info structure is defined internally in fsverity, expose
the fsverity file digest through the new function
fsverity_get_file_digest().

Given that an fsverity file is guaranteed to be immutable, also the
retrieved file digest is stable and won't change.

Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
---
 fs/verity/open.c         | 24 ++++++++++++++++++++++++
 include/linux/fsverity.h | 10 ++++++++++
 2 files changed, 34 insertions(+)

diff --git a/fs/verity/open.c b/fs/verity/open.c
index 92df87f5fa38..9127c77c6539 100644
--- a/fs/verity/open.c
+++ b/fs/verity/open.c
@@ -218,6 +218,30 @@ void fsverity_free_info(struct fsverity_info *vi)
 	kmem_cache_free(fsverity_info_cachep, vi);
 }
 
+/*
+ * Copy the file digest and associated algorithm taken from the passed
+ * fsverity_info structure to the locations supplied by the caller.
+ *
+ * Return: the digest size on success, a negative value on error
+ */
+ssize_t fsverity_get_file_digest(struct fsverity_info *info, u8 *buf,
+				 size_t bufsize, enum hash_algo *algo)
+{
+	enum hash_algo a;
+
+	a = match_string(hash_algo_name, HASH_ALGO__LAST,
+			 info->tree_params.hash_alg->name);
+	if (a < 0)
+		return a;
+
+	if (bufsize < hash_digest_size[a])
+		return -ERANGE;
+
+	*algo = a;
+	memcpy(buf, info->file_digest, hash_digest_size[*algo]);
+	return hash_digest_size[*algo];
+}
+
 static bool validate_fsverity_descriptor(struct inode *inode,
 					 const struct fsverity_descriptor *desc,
 					 size_t desc_size)
diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
index b568b3c7d095..877a7f609dd9 100644
--- a/include/linux/fsverity.h
+++ b/include/linux/fsverity.h
@@ -13,6 +13,7 @@
 
 #include <linux/fs.h>
 #include <uapi/linux/fsverity.h>
+#include <crypto/hash_info.h>
 
 /* Verity operations for filesystems */
 struct fsverity_operations {
@@ -137,6 +138,8 @@ int fsverity_ioctl_measure(struct file *filp, void __user *arg);
 int fsverity_file_open(struct inode *inode, struct file *filp);
 int fsverity_prepare_setattr(struct dentry *dentry, struct iattr *attr);
 void fsverity_cleanup_inode(struct inode *inode);
+ssize_t fsverity_get_file_digest(struct fsverity_info *info, u8 *buf,
+				 size_t bufsize, enum hash_algo *algo);
 
 /* read_metadata.c */
 
@@ -187,6 +190,13 @@ static inline void fsverity_cleanup_inode(struct inode *inode)
 {
 }
 
+static inline ssize_t fsverity_get_file_digest(struct fsverity_info *info,
+					       u8 *buf, size_t bufsize,
+					       enum hash_algo *algo)
+{
+	return -EOPNOTSUPP;
+}
+
 /* read_metadata.c */
 
 static inline int fsverity_ioctl_read_metadata(struct file *filp,
-- 
2.32.0



