fs-verity: don't pass whole descriptor to fsverity_verify_signature()

Now that fsverity_get_descriptor() validates the sig_size field,
fsverity_verify_signature() doesn't need to do it.

Just change the prototype of fsverity_verify_signature() to take the
signature directly rather than take a fsverity_descriptor.

Link: https://lore.kernel.org/r/20210115181819.34732-3-ebiggers@kernel.org
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Reviewed-by: Amy Parker <enbyamy@gmail.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>

diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h
index 6c9caccc06021cce5981c3becf5ed4f988c466db..a7920434bae50c3112ffb1c870549fe6aa0477d1 100644 (file)
--- a/fs/verity/fsverity_private.h
+++ b/fs/verity/fsverity_private.h
@@ -140,15 +140,13 @@ void __init fsverity_exit_info_cache(void);
 
 #ifdef CONFIG_FS_VERITY_BUILTIN_SIGNATURES
 int fsverity_verify_signature(const struct fsverity_info *vi,
-                             const struct fsverity_descriptor *desc,
-                             size_t desc_size);
+                             const u8 *signature, size_t sig_size);
 
 int __init fsverity_init_signature(void);
 #else /* !CONFIG_FS_VERITY_BUILTIN_SIGNATURES */
 static inline int
 fsverity_verify_signature(const struct fsverity_info *vi,
-                         const struct fsverity_descriptor *desc,
-                         size_t desc_size)
+                         const u8 *signature, size_t sig_size)
 {
        return 0;
 }

diff --git a/fs/verity/open.c b/fs/verity/open.c
index a987bb785e9b008079fd83ccb1be62696bbe7e6b..60ff8af7219feafe90b06d5c8c5b0df301498186 100644 (file)
--- a/fs/verity/open.c
+++ b/fs/verity/open.c
@@ -181,7 +181,8 @@ struct fsverity_info *fsverity_create_info(const struct inode *inode,
                 vi->tree_params.hash_alg->name,
                 vi->tree_params.digest_size, vi->file_digest);
 
-       err = fsverity_verify_signature(vi, desc, desc_size);
+       err = fsverity_verify_signature(vi, desc->signature,
+                                       le32_to_cpu(desc->sig_size));
 out:
        if (err) {
                fsverity_free_info(vi);

diff --git a/fs/verity/signature.c b/fs/verity/signature.c
index 012468eda2a78bc71ddf7ecf5cb59fff8587735b..143a530a80088bc62514b65ad3e21718ca819077 100644 (file)
--- a/fs/verity/signature.c
+++ b/fs/verity/signature.c
@@ -29,21 +29,19 @@ static struct key *fsverity_keyring;
 /**
  * fsverity_verify_signature() - check a verity file's signature
  * @vi: the file's fsverity_info
- * @desc: the file's fsverity_descriptor
- * @desc_size: size of @desc
+ * @signature: the file's built-in signature
+ * @sig_size: size of signature in bytes, or 0 if no signature
  *
- * If the file's fs-verity descriptor includes a signature of the file digest,
- * verify it against the certificates in the fs-verity keyring.
+ * If the file includes a signature of its fs-verity file digest, verify it
+ * against the certificates in the fs-verity keyring.
  *
  * Return: 0 on success (signature valid or not required); -errno on failure
  */
 int fsverity_verify_signature(const struct fsverity_info *vi,
-                             const struct fsverity_descriptor *desc,
-                             size_t desc_size)
+                             const u8 *signature, size_t sig_size)
 {
        const struct inode *inode = vi->inode;
        const struct fsverity_hash_alg *hash_alg = vi->tree_params.hash_alg;
-       const u32 sig_size = le32_to_cpu(desc->sig_size);
        struct fsverity_formatted_digest *d;
        int err;
 
@@ -56,11 +54,6 @@ int fsverity_verify_signature(const struct fsverity_info *vi,
                return 0;
        }
 
-       if (sig_size > desc_size - sizeof(*desc)) {
-               fsverity_err(inode, "Signature overflows verity descriptor");
-               return -EBADMSG;
-       }
-
        d = kzalloc(sizeof(*d) + hash_alg->digest_size, GFP_KERNEL);
        if (!d)
                return -ENOMEM;
@@ -70,8 +63,7 @@ int fsverity_verify_signature(const struct fsverity_info *vi,
        memcpy(d->digest, vi->file_digest, hash_alg->digest_size);
 
        err = verify_pkcs7_signature(d, sizeof(*d) + hash_alg->digest_size,
-                                    desc->signature, sig_size,
-                                    fsverity_keyring,
+                                    signature, sig_size, fsverity_keyring,
                                     VERIFYING_UNSPECIFIED_SIGNATURE,
                                     NULL, NULL);
        kfree(d);