diff mbox series

[1/4] fs-verity: define a function to return the integrity protected file digest

Message ID 20211129170057.243127-2-zohar@linux.ibm.com (mailing list archive)
State Superseded
Headers show
Series ima: support fs-verity signatures stored as | expand

Commit Message

Mimi Zohar Nov. 29, 2021, 5 p.m. UTC
Define a function named fsverity_measure() to return the verity file digest
and the associated hash algorithm (enum hash_algo).

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 fs/verity/fsverity_private.h |  6 -----
 fs/verity/measure.c          | 49 ++++++++++++++++++++++++++++++++++++
 include/linux/fsverity.h     | 17 +++++++++++++
 3 files changed, 66 insertions(+), 6 deletions(-)

Comments

kernel test robot Nov. 29, 2021, 11:16 p.m. UTC | #1
Hi Mimi,

I love your patch! Yet something to improve:

[auto build test ERROR on zohar-integrity/next-integrity]
[also build test ERROR on fscrypt/fsverity jmorris-security/next-testing v5.16-rc3 next-20211129]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Mimi-Zohar/ima-support-fs-verity-signatures-stored-as/20211130-010506
base:   https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
config: i386-randconfig-m021-20211129 (https://download.01.org/0day-ci/archive/20211130/202111300735.5PPAuPnJ-lkp@intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
        # https://github.com/0day-ci/linux/commit/305ad3bb36a5bd51fe30b33f623eaf165e2efb13
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Mimi-Zohar/ima-support-fs-verity-signatures-stored-as/20211130-010506
        git checkout 305ad3bb36a5bd51fe30b33f623eaf165e2efb13
        # save the config file to linux build tree
        mkdir build_dir
        make W=1 O=build_dir ARCH=i386 SHELL=/bin/bash

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   ld: fs/verity/measure.o: in function `fsverity_measure':
   fs/verity/measure.c:89: undefined reference to `hash_algo_name'
>> ld: fs/verity/measure.c:104: undefined reference to `hash_digest_size'
   ld: fs/verity/measure.c:104: undefined reference to `hash_algo_name'

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
kernel test robot Nov. 29, 2021, 11:36 p.m. UTC | #2
Hi Mimi,

I love your patch! Yet something to improve:

[auto build test ERROR on zohar-integrity/next-integrity]
[also build test ERROR on v5.16-rc3 next-20211129]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Mimi-Zohar/ima-support-fs-verity-signatures-stored-as/20211130-010506
base:   https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
config: arm64-randconfig-r032-20211129 (https://download.01.org/0day-ci/archive/20211130/202111300736.Vz00z1Kd-lkp@intel.com/config)
compiler: aarch64-linux-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/305ad3bb36a5bd51fe30b33f623eaf165e2efb13
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Mimi-Zohar/ima-support-fs-verity-signatures-stored-as/20211130-010506
        git checkout 305ad3bb36a5bd51fe30b33f623eaf165e2efb13
        # save the config file to linux build tree
        mkdir build_dir
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross O=build_dir ARCH=arm64 SHELL=/bin/bash

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   aarch64-linux-ld: fs/verity/measure.o: in function `fsverity_measure':
>> (.text+0x968): undefined reference to `hash_algo_name'
   aarch64-linux-ld: fs/verity/measure.o: relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `hash_algo_name' which may bind externally can not be used when making a shared object; recompile with -fPIC
   (.text+0x968): dangerous relocation: unsupported relocation
>> aarch64-linux-ld: (.text+0x96c): undefined reference to `hash_algo_name'
>> aarch64-linux-ld: (.text+0xa8c): undefined reference to `hash_digest_size'
   aarch64-linux-ld: fs/verity/measure.o: relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `hash_digest_size' which may bind externally can not be used when making a shared object; recompile with -fPIC
   (.text+0xa8c): dangerous relocation: unsupported relocation
   aarch64-linux-ld: (.text+0xa9c): undefined reference to `hash_digest_size'

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Eric Biggers Nov. 30, 2021, 2:19 a.m. UTC | #3
Generally looks fine.  A few nits below:

On Mon, Nov 29, 2021 at 12:00:54PM -0500, Mimi Zohar wrote:
> Define a function named fsverity_measure() to return the verity file digest
> and the associated hash algorithm (enum hash_algo).
> 
> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> ---
>  fs/verity/fsverity_private.h |  6 -----
>  fs/verity/measure.c          | 49 ++++++++++++++++++++++++++++++++++++
>  include/linux/fsverity.h     | 17 +++++++++++++
>  3 files changed, 66 insertions(+), 6 deletions(-)
> 
> diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h
> index a7920434bae5..54c5f0993541 100644
> --- a/fs/verity/fsverity_private.h
> +++ b/fs/verity/fsverity_private.h
> @@ -26,12 +26,6 @@ struct ahash_request;
>   */
>  #define FS_VERITY_MAX_LEVELS		8
>  
> -/*
> - * Largest digest size among all hash algorithms supported by fs-verity.
> - * Currently assumed to be <= size of fsverity_descriptor::root_hash.
> - */
> -#define FS_VERITY_MAX_DIGEST_SIZE	SHA512_DIGEST_SIZE

The include of sha2.h should be removed from this file.

> +/**
> + * fsverity_measure() - get a verity file's digest
> + * @inode: inode to get digest of
> + * @digest: pointer to the digest
> + * @alg: pointer to the hash algorithm enumeration

It should be made clear that @digest and @alg are output, for example:

 * @digest: (out) pointer to the digest
 * @alg: (out) pointer to the hash algorithm enumeration

> + * Return the file hash algorithm, digest size, and digest of an fsverity
> + * protected file.

The digest size is implied, not returned.

> +
> +		if (!strcmp(hash_alg->name, hash_algo_name[i])) {

As the kernel test robot pointed out, this creates a dependency on
CRYPTO_HASH_INFO.  So FS_VERITY will need to select CRYPTO_HASH_INFO.

- Eric
Lakshmi Ramasubramanian Nov. 30, 2021, 5:33 a.m. UTC | #4
Hi Mimi,

On 11/29/2021 6:19 PM, Eric Biggers wrote:
> Generally looks fine.  A few nits below:
> 
> On Mon, Nov 29, 2021 at 12:00:54PM -0500, Mimi Zohar wrote:
>> Define a function named fsverity_measure() to return the verity file digest
>> and the associated hash algorithm (enum hash_algo).
>>
>> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
>> ---
>>   fs/verity/fsverity_private.h |  6 -----
>>   fs/verity/measure.c          | 49 ++++++++++++++++++++++++++++++++++++
>>   include/linux/fsverity.h     | 17 +++++++++++++
>>   3 files changed, 66 insertions(+), 6 deletions(-)
>>
>> diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h
>> index a7920434bae5..54c5f0993541 100644
>> --- a/fs/verity/fsverity_private.h
>> +++ b/fs/verity/fsverity_private.h
>> @@ -26,12 +26,6 @@ struct ahash_request;
>>    */
>>   #define FS_VERITY_MAX_LEVELS		8
>>   
>> -/*
>> - * Largest digest size among all hash algorithms supported by fs-verity.
>> - * Currently assumed to be <= size of fsverity_descriptor::root_hash.
>> - */
>> -#define FS_VERITY_MAX_DIGEST_SIZE	SHA512_DIGEST_SIZE
> 
> The include of sha2.h should be removed from this file.
> 
>> +/**
>> + * fsverity_measure() - get a verity file's digest
nit: The function name seems to suggest it is measuring the fs-verity 
file's digest. Since it is reading the file's digest: 
fsverity_read_digest() or fsverity_read_measure()?

  -lakshmi

>> + * @inode: inode to get digest of
>> + * @digest: pointer to the digest
>> + * @alg: pointer to the hash algorithm enumeration
> 
> It should be made clear that @digest and @alg are output, for example:
> 
>   * @digest: (out) pointer to the digest
>   * @alg: (out) pointer to the hash algorithm enumeration
> 
>> + * Return the file hash algorithm, digest size, and digest of an fsverity
>> + * protected file.
> 
> The digest size is implied, not returned.
> 
>> +
>> +		if (!strcmp(hash_alg->name, hash_algo_name[i])) {
> 
> As the kernel test robot pointed out, this creates a dependency on
> CRYPTO_HASH_INFO.  So FS_VERITY will need to select CRYPTO_HASH_INFO.
> 
> - Eric
>
Eric Biggers Nov. 30, 2021, 6:30 a.m. UTC | #5
On Mon, Nov 29, 2021 at 09:33:29PM -0800, Lakshmi Ramasubramanian wrote:
> > > +/**
> > > + * fsverity_measure() - get a verity file's digest
> nit: The function name seems to suggest it is measuring the fs-verity file's
> digest. Since it is reading the file's digest: fsverity_read_digest() or
> fsverity_read_measure()?

I suggest fsverity_get_digest().  "read" is misleading because it's not being
read from disk.

- Eric
diff mbox series

Patch

diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h
index a7920434bae5..54c5f0993541 100644
--- a/fs/verity/fsverity_private.h
+++ b/fs/verity/fsverity_private.h
@@ -26,12 +26,6 @@  struct ahash_request;
  */
 #define FS_VERITY_MAX_LEVELS		8
 
-/*
- * Largest digest size among all hash algorithms supported by fs-verity.
- * Currently assumed to be <= size of fsverity_descriptor::root_hash.
- */
-#define FS_VERITY_MAX_DIGEST_SIZE	SHA512_DIGEST_SIZE
-
 /* A hash algorithm supported by fs-verity */
 struct fsverity_hash_alg {
 	struct crypto_ahash *tfm; /* hash tfm, allocated on demand */
diff --git a/fs/verity/measure.c b/fs/verity/measure.c
index f0d7b30c62db..98d8f6f2a2be 100644
--- a/fs/verity/measure.c
+++ b/fs/verity/measure.c
@@ -57,3 +57,52 @@  int fsverity_ioctl_measure(struct file *filp, void __user *_uarg)
 	return 0;
 }
 EXPORT_SYMBOL_GPL(fsverity_ioctl_measure);
+
+/**
+ * fsverity_measure() - get a verity file's digest
+ * @inode: inode to get digest of
+ * @digest: pointer to the digest
+ * @alg: pointer to the hash algorithm enumeration
+ *
+ * Return the file hash algorithm, digest size, and digest of an fsverity
+ * protected file.
+ *
+ * Return: 0 on success, -errno on failure
+ */
+int fsverity_measure(struct inode *inode, u8 digest[FS_VERITY_MAX_DIGEST_SIZE],
+		     enum hash_algo *alg)
+{
+	const struct fsverity_info *vi;
+	const struct fsverity_hash_alg *hash_alg;
+	int i;
+
+	vi = fsverity_get_info(inode);
+	if (!vi)
+		return -ENODATA; /* not a verity file */
+
+	hash_alg = vi->tree_params.hash_alg;
+	memset(digest, 0, FS_VERITY_MAX_DIGEST_SIZE);
+	*alg = HASH_ALGO__LAST;
+
+	/* convert hash algorithm to hash_algo_name */
+	for (i = 0; i < HASH_ALGO__LAST; i++) {
+		pr_debug("name %s hash_algo_name[%d] %s\n",
+			  hash_alg->name, i, hash_algo_name[i]);
+
+		if (!strcmp(hash_alg->name, hash_algo_name[i])) {
+			*alg = i;
+			break;
+		}
+	}
+
+	/* Shouldn't happen */
+	if (*alg == HASH_ALGO__LAST)
+		return -EINVAL;
+
+	memcpy(digest, vi->file_digest, hash_alg->digest_size);
+
+	pr_debug("file digest:%s %*phN\n", hash_algo_name[*alg],
+		  hash_digest_size[*alg], digest);
+
+	return 0;
+}
diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
index b568b3c7d095..11006b60713b 100644
--- a/include/linux/fsverity.h
+++ b/include/linux/fsverity.h
@@ -12,8 +12,16 @@ 
 #define _LINUX_FSVERITY_H
 
 #include <linux/fs.h>
+#include <crypto/hash_info.h>
+#include <crypto/sha2.h>
 #include <uapi/linux/fsverity.h>
 
+/*
+ * Largest digest size among all hash algorithms supported by fs-verity.
+ * Currently assumed to be <= size of fsverity_descriptor::root_hash.
+ */
+#define FS_VERITY_MAX_DIGEST_SIZE	SHA512_DIGEST_SIZE
+
 /* Verity operations for filesystems */
 struct fsverity_operations {
 
@@ -131,6 +139,8 @@  int fsverity_ioctl_enable(struct file *filp, const void __user *arg);
 /* measure.c */
 
 int fsverity_ioctl_measure(struct file *filp, void __user *arg);
+int fsverity_measure(struct inode *inode, u8 digest[FS_VERITY_MAX_DIGEST_SIZE],
+		     enum hash_algo *alg);
 
 /* open.c */
 
@@ -170,6 +180,13 @@  static inline int fsverity_ioctl_measure(struct file *filp, void __user *arg)
 	return -EOPNOTSUPP;
 }
 
+static inline int fsverity_measure(struct inode *inode,
+				   u8 digest[FS_VERITY_MAX_DIGEST_SIZE],
+				   enum hash_algo *alg)
+{
+	return -EOPNOTSUPP;
+}
+
 /* open.c */
 
 static inline int fsverity_file_open(struct inode *inode, struct file *filp)