Rename "file measurement" to "file digest"

As was done in the kernel, rename "file measurement" to "file digest".
"File digest" has ended up being the more intuitive name, and it avoids
using multiple names for the same thing.

Acked-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201113213314.73616-3-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
This commit is contained in:
Eric Biggers
2020-11-13 13:33:14 -08:00
parent 39194220bc
commit c7e0612deb
7 changed files with 27 additions and 27 deletions
+3 -3
View File
@@ -8,9 +8,9 @@
## Version 1.1
* Split the file measurement computation and signing functionality
of the `fsverity` program into a library `libfsverity`. See
`README.md` and `Makefile` for more details.
* Split the file digest computation and signing functionality of the
`fsverity` program into a library `libfsverity`. See `README.md`
and `Makefile` for more details.
* Improved the Makefile.
+10 -10
View File
@@ -18,9 +18,9 @@ might add support for fs-verity in the future.
fsverity-utils currently contains just one program, `fsverity`. The
`fsverity` program allows you to set up fs-verity protected files.
In addition, the file measurement computation and signing
functionality of `fsverity` is optionally exposed through a C library
`libfsverity`. See `libfsverity.h` for the API of this library.
In addition, the file digest computation and signing functionality of
`fsverity` is optionally exposed through a C library `libfsverity`.
See `libfsverity.h` for the API of this library.
## Building and installing
@@ -66,13 +66,13 @@ See the `Makefile` for other supported build and installation options.
# Enable verity on the file
fsverity enable file
# Show the verity file measurement
# Show the verity file digest
fsverity measure file
# File should still be readable as usual. However, all data read
# is now transparently checked against a hidden Merkle tree, whose
# root hash is incorporated into the verity file measurement.
# Reads of any corrupted parts of the data will fail.
# root hash is incorporated into the verity file digest. Reads of
# any corrupted parts of the data will fail.
sha256sum file
```
@@ -84,10 +84,10 @@ against a trusted value.
### Using builtin signatures
With `CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y`, the filesystem supports
automatically verifying a signed file measurement that has been
included in the verity metadata. The signature is verified against
the set of X.509 certificates that have been loaded into the
".fs-verity" kernel keyring. Here's an example:
automatically verifying a signed file digest that has been included in
the verity metadata. The signature is verified against the set of
X.509 certificates that have been loaded into the ".fs-verity" kernel
keyring. Here's an example:
```bash
# Generate a new certificate and private key:
+9 -9
View File
@@ -91,9 +91,9 @@ typedef int (*libfsverity_read_fn_t)(void *fd, void *buf, size_t count);
/**
* libfsverity_compute_digest() - Compute digest of a file
* An fsverity_digest (also called a "file measurement") is the root of
* a file's Merkle tree. Not to be confused with a traditional file
* digest computed over the entire file.
* A fs-verity file digest is the hash of a file's fsverity_descriptor.
* Not to be confused with a traditional file digest computed over the
* entire file, or with the bare fsverity_descriptor::root_hash.
* @fd: context that will be passed to @read_fn
* @read_fn: a function that will read the data of the file
* @params: Pointer to the Merkle tree parameters
@@ -112,12 +112,12 @@ libfsverity_compute_digest(void *fd, libfsverity_read_fn_t read_fn,
/**
* libfsverity_sign_digest() - Sign previously computed digest of a file
* This signature is used by the file system to validate the
* signed file measurement against a public key loaded into the
* .fs-verity kernel keyring, when CONFIG_FS_VERITY_BUILTIN_SIGNATURES
* is enabled. The signature is formatted as PKCS#7 stored in DER
* format. See Documentation/filesystems/fsverity.rst in the kernel
* source tree for further details.
* This signature is used by the filesystem to validate the signed file
* digest against a public key loaded into the .fs-verity kernel
* keyring, when CONFIG_FS_VERITY_BUILTIN_SIGNATURES is enabled. The
* signature is formatted as PKCS#7 stored in DER format. See
* Documentation/filesystems/fsverity.rst in the kernel source tree for
* further details.
* @digest: pointer to previously computed digest
* @sig_params: struct libfsverity_signature_params providing filenames of
* the keyfile and certificate file. Reserved fields must be zero.
+1 -1
View File
@@ -24,7 +24,7 @@ static const struct option longopts[] = {
};
/*
* Compute the fs-verity measurement of the given file(s), for offline signing.
* Compute the fs-verity digest of the given file(s), for offline signing.
*/
int fsverity_cmd_digest(const struct fsverity_command *cmd,
int argc, char *argv[])
+1 -1
View File
@@ -14,7 +14,7 @@
#include <fcntl.h>
#include <sys/ioctl.h>
/* Display the measurement of the given verity file(s). */
/* Display the fs-verity digest of the given verity file(s). */
int fsverity_cmd_measure(const struct fsverity_command *cmd,
int argc, char *argv[])
{
+1 -1
View File
@@ -35,7 +35,7 @@ static const struct option longopts[] = {
{NULL, 0, NULL, 0}
};
/* Sign a file for fs-verity by computing its measurement, then signing it. */
/* Sign a file for fs-verity by computing its digest, then signing it. */
int fsverity_cmd_sign(const struct fsverity_command *cmd,
int argc, char *argv[])
{
+2 -2
View File
@@ -23,7 +23,7 @@ static const struct fsverity_command {
.name = "digest",
.func = fsverity_cmd_digest,
.short_desc =
"Compute the fs-verity measurement of the given file(s), for offline signing",
"Compute the fs-verity digest of the given file(s), for offline signing",
.usage_str =
" fsverity digest FILE...\n"
" [--hash-alg=HASH_ALG] [--block-size=BLOCK_SIZE] [--salt=SALT]\n"
@@ -40,7 +40,7 @@ static const struct fsverity_command {
.name = "measure",
.func = fsverity_cmd_measure,
.short_desc =
"Display the measurement of the given verity file(s)",
"Display the fs-verity digest of the given verity file(s)",
.usage_str =
" fsverity measure FILE...\n"
}, {