函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:fs\verity\signature.c Create Date:2022-07-29 10:58:52
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:sverity_verify_signature() - check a verity file's signature* If the file's fs-verity descriptor includes a signature of the file* measurement, verify it against the certificates in the fs-verity keyring

函数原型:int fsverity_verify_signature(const struct fsverity_info *vi, const struct fsverity_descriptor *desc, size_t desc_size)

返回类型:int

参数:

类型参数名称
const struct fsverity_info *vi
const struct fsverity_descriptor *desc
size_tdesc_size
41  inode等于inode
42  hash_alg等于he hash algorithm
43  sig_size等于le32_to_cpu(size of signature in bytes; 0 if none )
47  如果sig_size恒等于0则
48  如果/proc/sys/fs/verity/require_signatures* If 1, all verity files must have a valid builtin signature.
49  fsverity_err(inode, "require_signatures=1, rejecting unsigned file!")
51  返回:负EPERM
53  返回:0
56  如果sig_size大于desc_sizedesc的长度则
57  fsverity_err(inode, "Signature overflows verity descriptor")
58  返回:负EBADMSG
61  d等于分配内存并置零
62  如果非d则返回:负ENOMEM
64  memcpy(must be "FSVerity" , "FSVerity", 8)
65  digest_algorithm等于cpu_to_le16(hash_alg - The hash algorithms supported by fs-verity )
66  digest_size等于cpu_to_le16(digest size in bytes, e.g. 32 for SHA-256 )
67  memcpy(digest, measurement, digest size in bytes, e.g. 32 for SHA-256 )
69  err等于verify_pkcs7_signature(d, d的长度 + digest size in bytes, e.g. 32 for SHA-256 , ptional PKCS#7 signature , sig_size, Keyring that contains the trusted X.509 certificates.* Only root (kuid=0) can modify this. Also, root may use* keyctl_restrict_keyring() to prevent any more additions., VERIFYING_UNSPECIFIED_SIGNATURE, NULL, NULL)
74  释放内存
76  如果err
77  如果err恒等于负ENOKEYfsverity_err(inode, "File's signing cert isn't in the fs-verity keyring")
80  否则如果err恒等于负EKEYREJECTEDfsverity_err(inode, "Incorrect file signature")
82  否则如果err恒等于负EBADMSGfsverity_err(inode, "Malformed file signature")
84  否则fsverity_err(inode, "Error %d verifying file signature", err)
87  返回:err
90  pr_debug("Valid signature for file measurement %s:%*phN\n", crypto API name, e.g. sha256 , digest size in bytes, e.g. 32 for SHA-256 , measurement)
92  返回:0