From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org
Cc: Luca Boccassi <luca.boccassi@gmail.com>,
Jes Sorensen <Jes.Sorensen@gmail.com>
Subject: [fsverity-utils PATCH 2/2] programs/fsverity: share code to parse tree parameters
Date: Fri, 13 Nov 2020 16:15:29 -0800 [thread overview]
Message-ID: <20201114001529.185751-3-ebiggers@kernel.org> (raw)
In-Reply-To: <20201114001529.185751-1-ebiggers@kernel.org>
From: Eric Biggers <ebiggers@google.com>
The "digest", "enable", and "sign" commands all parse the --hash-alg,
--block-size, and --salt options and initialize a struct
libfsverity_merkle_tree_params, so share the code that does this.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
programs/cmd_digest.c | 31 ++++---------------------------
programs/cmd_enable.c | 30 ++++--------------------------
programs/cmd_sign.c | 31 ++++---------------------------
programs/fsverity.c | 42 ++++++++++++++++++++++++++++++++++++++----
programs/fsverity.h | 19 +++++++++++++++----
5 files changed, 65 insertions(+), 88 deletions(-)
diff --git a/programs/cmd_digest.c b/programs/cmd_digest.c
index 180f438..e420d17 100644
--- a/programs/cmd_digest.c
+++ b/programs/cmd_digest.c
@@ -14,14 +14,6 @@
#include <fcntl.h>
#include <getopt.h>
-enum {
- OPT_HASH_ALG,
- OPT_BLOCK_SIZE,
- OPT_SALT,
- OPT_COMPACT,
- OPT_FOR_BUILTIN_SIG,
-};
-
static const struct option longopts[] = {
{"hash-alg", required_argument, NULL, OPT_HASH_ALG},
{"block-size", required_argument, NULL, OPT_BLOCK_SIZE},
@@ -44,9 +36,8 @@ struct fsverity_signed_digest {
int fsverity_cmd_digest(const struct fsverity_command *cmd,
int argc, char *argv[])
{
- u8 *salt = NULL;
struct filedes file = { .fd = -1 };
- struct libfsverity_merkle_tree_params tree_params = { .version = 1 };
+ struct libfsverity_merkle_tree_params tree_params = {};
bool compact = false, for_builtin_sig = false;
int status;
int c;
@@ -54,20 +45,10 @@ int fsverity_cmd_digest(const struct fsverity_command *cmd,
while ((c = getopt_long(argc, argv, "", longopts, NULL)) != -1) {
switch (c) {
case OPT_HASH_ALG:
- if (!parse_hash_alg_option(optarg,
- &tree_params.hash_algorithm))
- goto out_usage;
- break;
case OPT_BLOCK_SIZE:
- if (!parse_block_size_option(optarg,
- &tree_params.block_size))
- goto out_usage;
- break;
case OPT_SALT:
- if (!parse_salt_option(optarg, &salt,
- &tree_params.salt_size))
+ if (!parse_tree_param(c, optarg, &tree_params))
goto out_usage;
- tree_params.salt = salt;
break;
case OPT_COMPACT:
compact = true;
@@ -86,11 +67,7 @@ int fsverity_cmd_digest(const struct fsverity_command *cmd,
if (argc < 1)
goto out_usage;
- if (tree_params.hash_algorithm == 0)
- tree_params.hash_algorithm = FS_VERITY_HASH_ALG_DEFAULT;
-
- if (tree_params.block_size == 0)
- tree_params.block_size = get_default_block_size();
+ finalize_tree_params(&tree_params);
for (int i = 0; i < argc; i++) {
struct fsverity_signed_digest *d = NULL;
@@ -146,7 +123,7 @@ int fsverity_cmd_digest(const struct fsverity_command *cmd,
}
status = 0;
out:
- free(salt);
+ destroy_tree_params(&tree_params);
return status;
out_err:
diff --git a/programs/cmd_enable.c b/programs/cmd_enable.c
index 48d33c2..3c722e5 100644
--- a/programs/cmd_enable.c
+++ b/programs/cmd_enable.c
@@ -49,13 +49,6 @@ out:
return ok;
}
-enum {
- OPT_HASH_ALG,
- OPT_BLOCK_SIZE,
- OPT_SALT,
- OPT_SIGNATURE,
-};
-
static const struct option longopts[] = {
{"hash-alg", required_argument, NULL, OPT_HASH_ALG},
{"block-size", required_argument, NULL, OPT_BLOCK_SIZE},
@@ -68,8 +61,7 @@ static const struct option longopts[] = {
int fsverity_cmd_enable(const struct fsverity_command *cmd,
int argc, char *argv[])
{
- struct libfsverity_merkle_tree_params tree_params = { .version = 1 };
- u8 *salt = NULL;
+ struct libfsverity_merkle_tree_params tree_params = {};
u8 *sig = NULL;
u32 sig_size = 0;
struct filedes file;
@@ -79,20 +71,10 @@ int fsverity_cmd_enable(const struct fsverity_command *cmd,
while ((c = getopt_long(argc, argv, "", longopts, NULL)) != -1) {
switch (c) {
case OPT_HASH_ALG:
- if (!parse_hash_alg_option(optarg,
- &tree_params.hash_algorithm))
- goto out_usage;
- break;
case OPT_BLOCK_SIZE:
- if (!parse_block_size_option(optarg,
- &tree_params.block_size))
- goto out_usage;
- break;
case OPT_SALT:
- if (!parse_salt_option(optarg, &salt,
- &tree_params.salt_size))
+ if (!parse_tree_param(c, optarg, &tree_params))
goto out_usage;
- tree_params.salt = salt;
break;
case OPT_SIGNATURE:
if (sig != NULL) {
@@ -113,11 +95,7 @@ int fsverity_cmd_enable(const struct fsverity_command *cmd,
if (argc != 1)
goto out_usage;
- if (tree_params.hash_algorithm == 0)
- tree_params.hash_algorithm = FS_VERITY_HASH_ALG_DEFAULT;
-
- if (tree_params.block_size == 0)
- tree_params.block_size = get_default_block_size();
+ finalize_tree_params(&tree_params);
if (!open_file(&file, argv[0], O_RDONLY, 0))
goto out_err;
@@ -133,7 +111,7 @@ int fsverity_cmd_enable(const struct fsverity_command *cmd,
status = 0;
out:
- free(salt);
+ destroy_tree_params(&tree_params);
free(sig);
return status;
diff --git a/programs/cmd_sign.c b/programs/cmd_sign.c
index 580e4df..fb17b8a 100644
--- a/programs/cmd_sign.c
+++ b/programs/cmd_sign.c
@@ -26,14 +26,6 @@ static bool write_signature(const char *filename, const u8 *sig, u32 sig_size)
return ok;
}
-enum {
- OPT_HASH_ALG,
- OPT_BLOCK_SIZE,
- OPT_SALT,
- OPT_KEY,
- OPT_CERT,
-};
-
static const struct option longopts[] = {
{"hash-alg", required_argument, NULL, OPT_HASH_ALG},
{"block-size", required_argument, NULL, OPT_BLOCK_SIZE},
@@ -48,8 +40,7 @@ int fsverity_cmd_sign(const struct fsverity_command *cmd,
int argc, char *argv[])
{
struct filedes file = { .fd = -1 };
- u8 *salt = NULL;
- struct libfsverity_merkle_tree_params tree_params = { .version = 1 };
+ struct libfsverity_merkle_tree_params tree_params = {};
struct libfsverity_signature_params sig_params = {};
struct libfsverity_digest *digest = NULL;
char digest_hex[FS_VERITY_MAX_DIGEST_SIZE * 2 + 1];
@@ -61,20 +52,10 @@ int fsverity_cmd_sign(const struct fsverity_command *cmd,
while ((c = getopt_long(argc, argv, "", longopts, NULL)) != -1) {
switch (c) {
case OPT_HASH_ALG:
- if (!parse_hash_alg_option(optarg,
- &tree_params.hash_algorithm))
- goto out_usage;
- break;
case OPT_BLOCK_SIZE:
- if (!parse_block_size_option(optarg,
- &tree_params.block_size))
- goto out_usage;
- break;
case OPT_SALT:
- if (!parse_salt_option(optarg, &salt,
- &tree_params.salt_size))
+ if (!parse_tree_param(c, optarg, &tree_params))
goto out_usage;
- tree_params.salt = salt;
break;
case OPT_KEY:
if (sig_params.keyfile != NULL) {
@@ -101,11 +82,7 @@ int fsverity_cmd_sign(const struct fsverity_command *cmd,
if (argc != 2)
goto out_usage;
- if (tree_params.hash_algorithm == 0)
- tree_params.hash_algorithm = FS_VERITY_HASH_ALG_DEFAULT;
-
- if (tree_params.block_size == 0)
- tree_params.block_size = get_default_block_size();
+ finalize_tree_params(&tree_params);
if (sig_params.keyfile == NULL) {
error_msg("Missing --key argument");
@@ -143,7 +120,7 @@ int fsverity_cmd_sign(const struct fsverity_command *cmd,
status = 0;
out:
filedes_close(&file);
- free(salt);
+ destroy_tree_params(&tree_params);
free(digest);
free(sig);
return status;
diff --git a/programs/fsverity.c b/programs/fsverity.c
index 4a2f8df..052a640 100644
--- a/programs/fsverity.c
+++ b/programs/fsverity.c
@@ -134,7 +134,7 @@ static const struct fsverity_command *find_command(const char *name)
return NULL;
}
-bool parse_hash_alg_option(const char *arg, u32 *alg_ptr)
+static bool parse_hash_alg_option(const char *arg, u32 *alg_ptr)
{
char *end;
unsigned long n = strtoul(arg, &end, 10);
@@ -159,7 +159,7 @@ bool parse_hash_alg_option(const char *arg, u32 *alg_ptr)
return false;
}
-bool parse_block_size_option(const char *arg, u32 *size_ptr)
+static bool parse_block_size_option(const char *arg, u32 *size_ptr)
{
char *end;
unsigned long n = strtoul(arg, &end, 10);
@@ -177,7 +177,8 @@ bool parse_block_size_option(const char *arg, u32 *size_ptr)
return true;
}
-bool parse_salt_option(const char *arg, u8 **salt_ptr, u32 *salt_size_ptr)
+static bool parse_salt_option(const char *arg, u8 **salt_ptr,
+ u32 *salt_size_ptr)
{
if (*salt_ptr != NULL) {
error_msg("--salt can only be specified once");
@@ -192,7 +193,23 @@ bool parse_salt_option(const char *arg, u8 **salt_ptr, u32 *salt_size_ptr)
return true;
}
-u32 get_default_block_size(void)
+bool parse_tree_param(int opt_char, const char *arg,
+ struct libfsverity_merkle_tree_params *params)
+{
+ switch (opt_char) {
+ case OPT_HASH_ALG:
+ return parse_hash_alg_option(arg, ¶ms->hash_algorithm);
+ case OPT_BLOCK_SIZE:
+ return parse_block_size_option(arg, ¶ms->block_size);
+ case OPT_SALT:
+ return parse_salt_option(arg, (u8 **)¶ms->salt,
+ ¶ms->salt_size);
+ default:
+ ASSERT(0);
+ }
+}
+
+static u32 get_default_block_size(void)
{
long n = sysconf(_SC_PAGESIZE);
@@ -205,6 +222,23 @@ u32 get_default_block_size(void)
return n;
}
+void finalize_tree_params(struct libfsverity_merkle_tree_params *params)
+{
+ params->version = 1;
+
+ if (params->hash_algorithm == 0)
+ params->hash_algorithm = FS_VERITY_HASH_ALG_DEFAULT;
+
+ if (params->block_size == 0)
+ params->block_size = get_default_block_size();
+}
+
+void destroy_tree_params(struct libfsverity_merkle_tree_params *params)
+{
+ free((u8 *)params->salt);
+ memset(params, 0, sizeof(*params));
+}
+
int main(int argc, char *argv[])
{
const struct fsverity_command *cmd;
diff --git a/programs/fsverity.h b/programs/fsverity.h
index 669fef2..51bba32 100644
--- a/programs/fsverity.h
+++ b/programs/fsverity.h
@@ -23,6 +23,17 @@
*/
#define FS_VERITY_MAX_DIGEST_SIZE 64
+enum {
+ OPT_BLOCK_SIZE,
+ OPT_CERT,
+ OPT_COMPACT,
+ OPT_FOR_BUILTIN_SIG,
+ OPT_HASH_ALG,
+ OPT_KEY,
+ OPT_SALT,
+ OPT_SIGNATURE,
+};
+
struct fsverity_command;
/* cmd_digest.c */
@@ -43,9 +54,9 @@ int fsverity_cmd_sign(const struct fsverity_command *cmd,
/* fsverity.c */
void usage(const struct fsverity_command *cmd, FILE *fp);
-bool parse_hash_alg_option(const char *arg, u32 *alg_ptr);
-bool parse_block_size_option(const char *arg, u32 *size_ptr);
-bool parse_salt_option(const char *arg, u8 **salt_ptr, u32 *salt_size_ptr);
-u32 get_default_block_size(void);
+bool parse_tree_param(int opt_char, const char *arg,
+ struct libfsverity_merkle_tree_params *params);
+void finalize_tree_params(struct libfsverity_merkle_tree_params *params);
+void destroy_tree_params(struct libfsverity_merkle_tree_params *params);
#endif /* PROGRAMS_FSVERITY_H */
--
2.29.2
next prev parent reply other threads:[~2020-11-14 0:16 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-14 0:15 [fsverity-utils PATCH 0/2] Add libfsverity_enable() API Eric Biggers
2020-11-14 0:15 ` [fsverity-utils PATCH 1/2] lib: add libfsverity_enable() and libfsverity_enable_with_sig() Eric Biggers
2020-11-16 11:52 ` Luca Boccassi
2020-11-16 17:41 ` Eric Biggers
2020-11-16 17:50 ` Luca Boccassi
2020-11-16 18:42 ` Eric Biggers
2020-11-16 19:28 ` Luca Boccassi
2020-11-14 0:15 ` Eric Biggers [this message]
2020-11-16 11:32 ` [fsverity-utils PATCH 2/2] programs/fsverity: share code to parse tree parameters Luca Boccassi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201114001529.185751-3-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=Jes.Sorensen@gmail.com \
--cc=linux-fscrypt@vger.kernel.org \
--cc=luca.boccassi@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.