[PATCH v2 0/3] fsverity-utils: introduce libfsverity

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org, Jes Sorensen <jes.sorensen@gmail.com>
Cc: jsorensen@fb.com, kernel-team@fb.com
Subject: [PATCH v2 0/3] fsverity-utils: introduce libfsverity
Date: Mon, 25 May 2020 13:54:29 -0700	[thread overview]
Message-ID: <20200525205432.310304-1-ebiggers@kernel.org> (raw)

From the 'fsverity' program, split out a library 'libfsverity'.
Currently it supports computing file measurements ("digests"), and
signing those file measurements for use with the fs-verity builtin
signature verification feature.

Rewritten from patches by Jes Sorensen <jsorensen@fb.com>.
I made a lot of improvements; see patch 2 for details.

This patchset can also be found at branch "libfsverity" of
https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git/

Changes v1 => v2:
  - Fold in the Makefile fixes from Jes
  - Rename libfsverity_digest_size() and libfsverity_hash_name()
  - Improve the documentation slightly
  - If a memory allocation fails, print the allocation size
  - Use EBADMSG for invalid cert or keyfile, not EINVAL
  - Make libfsverity_find_hash_alg_by_name() handle NULL
  - Avoid introducing compiler warnings with AOSP's default cflags
  - Don't assume that BIO_new_file() sets errno
  - Other small cleanups

Eric Biggers (3):
  Split up cmd_sign.c
  Introduce libfsverity
  Add some basic test programs for libfsverity

 .gitignore                                |  10 +-
 Makefile                                  | 191 ++++++-
 cmd_sign.c                                | 633 ----------------------
 commands.h                                |  24 -
 util.h => common/common_defs.h            |  47 +-
 fsverity_uapi.h => common/fsverity_uapi.h |   0
 common/libfsverity.h                      | 132 +++++
 hash_algs.h                               |  68 ---
 lib/compute_digest.c                      | 240 ++++++++
 hash_algs.c => lib/hash_algs.c            | 129 +++--
 lib/lib_private.h                         |  83 +++
 lib/sign_digest.c                         | 399 ++++++++++++++
 lib/utils.c                               | 109 ++++
 cmd_enable.c => programs/cmd_enable.c     |  32 +-
 cmd_measure.c => programs/cmd_measure.c   |  12 +-
 programs/cmd_sign.c                       | 163 ++++++
 fsverity.c => programs/fsverity.c         |  52 +-
 programs/fsverity.h                       |  43 ++
 programs/test_compute_digest.c            |  61 +++
 programs/test_hash_algs.c                 |  38 ++
 programs/test_sign_digest.c               |  50 ++
 util.c => programs/utils.c                |   7 +-
 programs/utils.h                          |  44 ++
 testdata/cert.pem                         |  31 ++
 testdata/file.sig                         | Bin 0 -> 708 bytes
 testdata/key.pem                          |  52 ++
 26 files changed, 1770 insertions(+), 880 deletions(-)
 delete mode 100644 cmd_sign.c
 delete mode 100644 commands.h
 rename util.h => common/common_defs.h (56%)
 rename fsverity_uapi.h => common/fsverity_uapi.h (100%)
 create mode 100644 common/libfsverity.h
 delete mode 100644 hash_algs.h
 create mode 100644 lib/compute_digest.c
 rename hash_algs.c => lib/hash_algs.c (53%)
 create mode 100644 lib/lib_private.h
 create mode 100644 lib/sign_digest.c
 create mode 100644 lib/utils.c
 rename cmd_enable.c => programs/cmd_enable.c (81%)
 rename cmd_measure.c => programs/cmd_measure.c (83%)
 create mode 100644 programs/cmd_sign.c
 rename fsverity.c => programs/fsverity.c (82%)
 create mode 100644 programs/fsverity.h
 create mode 100644 programs/test_compute_digest.c
 create mode 100644 programs/test_hash_algs.c
 create mode 100644 programs/test_sign_digest.c
 rename util.c => programs/utils.c (96%)
 create mode 100644 programs/utils.h
 create mode 100644 testdata/cert.pem
 create mode 100644 testdata/file.sig
 create mode 100644 testdata/key.pem

-- 
2.26.2

next             reply	other threads:[~2020-05-25 20:55 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-25 20:54 Eric Biggers [this message]
2020-05-25 20:54 ` [PATCH v2 1/3] Split up cmd_sign.c Eric Biggers
2020-05-25 20:54 ` [PATCH v2 2/3] Introduce libfsverity Eric Biggers
2020-05-25 20:54 ` [PATCH v2 3/3] Add some basic test programs for libfsverity Eric Biggers
2020-05-26 22:25 ` [PATCH v2 0/3] fsverity-utils: introduce libfsverity Jes Sorensen
2020-05-26 22:43   ` Eric Biggers
2020-05-27 21:15 ` Eric Biggers
2020-05-28 13:22   ` Jes Sorensen
2020-06-05 16:44     ` Jes Sorensen
2020-06-06  0:46       ` Eric Biggers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200525205432.310304-1-ebiggers@kernel.org \
    --to=ebiggers@kernel.org \
    --cc=jes.sorensen@gmail.com \
    --cc=jsorensen@fb.com \
    --cc=kernel-team@fb.com \
    --cc=linux-fscrypt@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.