fs-verity: define a function to return the integrity protected file digest

Define a function named fsverity_get_digest() to return the verity file digest and the associated hash algorithm (enum hash_algo). This assumes that before calling fsverity_get_digest() the file must have been opened, which is even true for the IMA measure/appraise on file open policy rule use case (func=FILE_CHECK). do_open() calls vfs_open() immediately prior to ima_file_check(). Acked-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
author: Mimi Zohar <zohar@linux.ibm.com> 2021-11-23 21:37:52 +0300
committer: Mimi Zohar <zohar@linux.ibm.com> 2022-05-01 23:39:36 +0300
commit: 246d921646c071b878480997c294db6c83215b06 (patch)
tree: 15becd1e0c5d5546f70a8712df57cd4a5986685b /fs/verity/Kconfig
parent: 09091c44cb737256f588050e363c4675d88aaac3 (diff)
download: linux-246d921646c071b878480997c294db6c83215b06.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig
index 24d1b54de807..54598cd80145 100644
--- a/fs/verity/Kconfig
+++ b/fs/verity/Kconfig
@@ -3,6 +3,7 @@
 config FS_VERITY
 	bool "FS Verity (read-only file-based authenticity protection)"
 	select CRYPTO
+	select CRYPTO_HASH_INFO
 	# SHA-256 is implied as it's intended to be the default hash algorithm.
 	# To avoid bloat, other wanted algorithms must be selected explicitly.
 	# Note that CRYPTO_SHA256 denotes the generic C implementation, but
author	Mimi Zohar <zohar@linux.ibm.com>	2021-11-23 21:37:52 +0300
committer	Mimi Zohar <zohar@linux.ibm.com>	2022-05-01 23:39:36 +0300
commit	246d921646c071b878480997c294db6c83215b06 (patch)
tree	15becd1e0c5d5546f70a8712df57cd4a5986685b /fs/verity/Kconfig
parent	09091c44cb737256f588050e363c4675d88aaac3 (diff)
download	linux-246d921646c071b878480997c294db6c83215b06.tar.xz