diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-09-15 22:09:08 +0200 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2020-09-17 13:36:23 +0200 |
| commit | 89e62e0bd3cb72915b705b5e2da1834e4d8aea9f (patch) | |
| tree | f143f37bffd852432564e37d89983c1035c0618a /src/shared/dissect-image.h | |
| parent | Merge pull request #16929 from ssahani/network-bare-udp (diff) | |
| download | systemd-89e62e0bd3cb72915b705b5e2da1834e4d8aea9f.tar.xz systemd-89e62e0bd3cb72915b705b5e2da1834e4d8aea9f.zip | |
dissect: wrap verity settings in new VeritySettings structure
Just some refactoring: let's place the various verity related parameters
in a common structure, and pass that around instead of the individual
parameters.
Also, let's load the PKCS#7 signature data when finding metadata
right-away, instead of delaying this until we need it. In all cases we
call this there's not much time difference between the metdata finding
and the loading, hence this simplifies things and makes sure root hash
data and its signature is now always acquired together.
Diffstat (limited to 'src/shared/dissect-image.h')
| -rw-r--r-- | src/shared/dissect-image.h | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h index 520d8ab10e..5c1f5bd7b5 100644 --- a/src/shared/dissect-image.h +++ b/src/shared/dissect-image.h @@ -13,6 +13,7 @@ typedef struct DissectedImage DissectedImage; typedef struct DissectedPartition DissectedPartition; typedef struct DecryptedImage DecryptedImage; typedef struct MountOptions MountOptions; +typedef struct VeritySettings VeritySettings; struct DissectedPartition { bool found:1; @@ -92,19 +93,32 @@ struct MountOptions { LIST_FIELDS(MountOptions, mount_options); }; +struct VeritySettings { + /* Binary root hash for the Verity Merkle tree */ + void *root_hash; + size_t root_hash_size; + + /* PKCS#7 signature of the above */ + void *root_hash_sig; + size_t root_hash_sig_size; + + /* Path to the verity data file, if stored externally */ + char *data_path; +}; + MountOptions* mount_options_free_all(MountOptions *options); DEFINE_TRIVIAL_CLEANUP_FUNC(MountOptions*, mount_options_free_all); const char* mount_options_from_designator(const MountOptions *options, PartitionDesignator designator); int probe_filesystem(const char *node, char **ret_fstype); -int dissect_image(int fd, const void *root_hash, size_t root_hash_size, const char *verity_data, const MountOptions *mount_options, DissectImageFlags flags, DissectedImage **ret); -int dissect_image_and_warn(int fd, const char *name, const void *root_hash, size_t root_hash_size, const char *verity_data, const MountOptions *mount_options, DissectImageFlags flags, DissectedImage **ret); +int dissect_image(int fd, const VeritySettings *verity, const MountOptions *mount_options, DissectImageFlags flags, DissectedImage **ret); +int dissect_image_and_warn(int fd, const char *name, const VeritySettings *verity, const MountOptions *mount_options, DissectImageFlags flags, DissectedImage **ret); DissectedImage* dissected_image_unref(DissectedImage *m); DEFINE_TRIVIAL_CLEANUP_FUNC(DissectedImage*, dissected_image_unref); -int dissected_image_decrypt(DissectedImage *m, const char *passphrase, const void *root_hash, size_t root_hash_size, const char *verity_data, const char *root_hash_sig_path, const void *root_hash_sig, size_t root_hash_sig_size, DissectImageFlags flags, DecryptedImage **ret); -int dissected_image_decrypt_interactively(DissectedImage *m, const char *passphrase, const void *root_hash, size_t root_hash_size, const char *verity_data, const char *root_hash_sig_path, const void *root_hash_sig, size_t root_hash_sig_size, DissectImageFlags flags, DecryptedImage **ret); +int dissected_image_decrypt(DissectedImage *m, const char *passphrase, const VeritySettings *verity, DissectImageFlags flags, DecryptedImage **ret); +int dissected_image_decrypt_interactively(DissectedImage *m, const char *passphrase, const VeritySettings *verity, DissectImageFlags flags, DecryptedImage **ret); int dissected_image_mount(DissectedImage *m, const char *dest, uid_t uid_shift, DissectImageFlags flags); int dissected_image_mount_and_warn(DissectedImage *m, const char *where, uid_t uid_shift, DissectImageFlags flags); @@ -117,7 +131,9 @@ int decrypted_image_relinquish(DecryptedImage *d); const char* partition_designator_to_string(PartitionDesignator d) _const_; PartitionDesignator partition_designator_from_string(const char *name) _pure_; -int verity_metadata_load(const char *image, const char *root_hash_path, void **ret_roothash, size_t *ret_roothash_size, char **ret_verity_data, char **ret_roothashsig); +int verity_settings_load(VeritySettings *verity, const char *image, const char *root_hash_path, const char *root_hash_sig_path); +void verity_settings_done(VeritySettings *verity); + bool dissected_image_can_do_verity(const DissectedImage *image, PartitionDesignator d); bool dissected_image_has_verity(const DissectedImage *image, PartitionDesignator d); |