Rewrite fsveritysetup in C
Make fsveritysetup a subcommand 'setup' of the 'fsverity' program which
previously had just the 'enable' and 'set_measurement' commands.
When signing the file measurement, use libcrypto directly instead of
invoking the 'openssl' binary.
Similarly, build the Merkle tree in C code (using libcrypto for SHA-256,
or zlib for CRC-32) rather than invoking the 'veritysetup' binary.
Other improvements over the original Python script are included as well.
Signed-off-by: Eric Biggers <ebiggers@google.com>
diff --git a/cmd_enable.c b/cmd_enable.c
new file mode 100644
index 0000000..6d28297
--- /dev/null
+++ b/cmd_enable.c
@@ -0,0 +1,37 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * The 'fsverity enable' command
+ *
+ * Copyright (C) 2018 Google, Inc.
+ *
+ * Written by Eric Biggers, 2018.
+ */
+
+#include <fcntl.h>
+#include <sys/ioctl.h>
+
+#include "commands.h"
+#include "fsverity_sys_decls.h"
+
+int fsverity_cmd_enable(const struct fsverity_command *cmd,
+ int argc, char *argv[])
+{
+ struct filedes file;
+
+ if (argc != 2) {
+ usage(cmd, stderr);
+ return 2;
+ }
+
+ if (!open_file(&file, argv[1], O_RDONLY, 0))
+ return 1;
+ if (ioctl(file.fd, FS_IOC_ENABLE_VERITY, NULL) != 0) {
+ error_msg_errno("FS_IOC_ENABLE_VERITY failed on '%s'",
+ file.name);
+ filedes_close(&file);
+ return 1;
+ }
+ if (!filedes_close(&file))
+ return 1;
+ return 0;
+}