Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:fs\verity\signature.c Create Date:2022-07-28 20:25:04
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:sverity_verify_signature() - check a verity file's signature* If the file's fs-verity descriptor includes a signature of the file* measurement, verify it against the certificates in the fs-verity keyring

Proto:int fsverity_verify_signature(const struct fsverity_info *vi, const struct fsverity_descriptor *desc, size_t desc_size)

Type:int

Parameter:

TypeParameterName
const struct fsverity_info *vi
const struct fsverity_descriptor *desc
size_tdesc_size
41  inode = inode
42  hash_alg = he hash algorithm
43  sig_size = le32_to_cpu(size of signature in bytes; 0 if none )
47  If sig_size == 0 Then
48  If /proc/sys/fs/verity/require_signatures* If 1, all verity files must have a valid builtin signature. Then
49  fsverity_err(inode, "require_signatures=1, rejecting unsigned file!")
51  Return -EPERM
53  Return 0
56  If sig_size > desc_size - size of desc Then
57  fsverity_err(inode, "Signature overflows verity descriptor")
58  Return -EBADMSG
61  d = kzalloc - allocate memory. The memory is set to zero.*@size: how many bytes of memory are required.*@flags: the type of memory to allocate (see kmalloc).
62  If Not d Then Return -ENOMEM
64  memcpy(must be "FSVerity" , "FSVerity", 8)
65  digest_algorithm = cpu_to_le16(hash_alg - The hash algorithms supported by fs-verity )
66  digest_size = cpu_to_le16(digest size in bytes, e.g. 32 for SHA-256 )
67  memcpy(digest, measurement, digest size in bytes, e.g. 32 for SHA-256 )
69  err = verify_pkcs7_signature(d, size of d + digest size in bytes, e.g. 32 for SHA-256 , ptional PKCS#7 signature , sig_size, Keyring that contains the trusted X.509 certificates.* Only root (kuid=0) can modify this. Also, root may use* keyctl_restrict_keyring() to prevent any more additions., VERIFYING_UNSPECIFIED_SIGNATURE, NULL, NULL)
74  kfree(d)
76  If err Then
77  If err == -ENOKEY Then fsverity_err(inode, "File's signing cert isn't in the fs-verity keyring")
80  Else if err == -EKEYREJECTED Then fsverity_err(inode, "Incorrect file signature")
82  Else if err == -EBADMSG Then fsverity_err(inode, "Malformed file signature")
84  Else fsverity_err(inode, "Error %d verifying file signature", err)
87  Return err
90  pr_debug("Valid signature for file measurement %s:%*phN\n", crypto API name, e.g. sha256 , digest size in bytes, e.g. 32 for SHA-256 , measurement)
92  Return 0