From 069de6df56f7ec679b502a4b2318ea29a5f99274 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Tue, 5 Nov 2024 17:53:56 -0500
Subject: [PATCH] Use composefs crate for fsverity digest reading

To increase the motivation to improve that crate and the C library;
especially the C library, because we *must* have it anyways because
we depend on the binaries and we are just not going to rewrite
everything in Rust in the near future.

(And if we *did* start a rewrite of the composefs core I think
 that rewrite should live in that repo, not this one)

Signed-off-by: Colin Walters <walters@verbum.org>
---
 Cargo.toml            |  1 +
 src/fsverity/ioctl.rs | 40 +++++++---------------------------------
 2 files changed, 8 insertions(+), 33 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 7681d0d..393a01f 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -10,6 +10,7 @@ anyhow = { version = "1.0.89", features = ["backtrace"] }
 async-compression = { version = "0.4.17", features = ["tokio", "gzip", "zstd"] }
 clap = { version = "4.5.19", features = ["derive"] }
 containers-image-proxy = "0.7.0"
+composefs = "0.1.3"
 hex = "0.4.3"
 indicatif = { version = "0.17.8", features = ["tokio"] }
 oci-spec = "0.7.0"
diff --git a/src/fsverity/ioctl.rs b/src/fsverity/ioctl.rs
index f4955af..8b9ce6e 100644
--- a/src/fsverity/ioctl.rs
+++ b/src/fsverity/ioctl.rs
@@ -3,7 +3,7 @@ use std::os::fd::AsFd;
 use anyhow::Result;
 use rustix::ioctl;
 
-use super::FsVerityHashValue;
+use super::{FsVerityHashValue, Sha256HashValue};
 
 // See /usr/include/linux/fsverity.h
 #[repr(C)]
@@ -43,36 +43,10 @@ pub fn fs_ioc_enable_verity<F: AsFd, H: FsVerityHashValue>(fd: F) -> Result<()>
     Ok(())
 }
 
-#[repr(C)]
-pub struct FsVerityDigest<F> {
-    digest_algorithm: u16,
-    digest_size: u16,
-    digest: F,
-}
-
-// #define FS_IOC_MEASURE_VERITY   _IORW('f', 134, struct fsverity_digest)
-type FsIocMeasureVerity = ioctl::ReadWriteOpcode<b'f', 134, FsVerityDigest<()>>;
-
-pub fn fs_ioc_measure_verity<F: AsFd, H: FsVerityHashValue>(fd: F) -> Result<H> {
-    let digest_size = std::mem::size_of::<H>() as u16;
-    let digest_algorithm = H::ALGORITHM as u16;
-
-    let mut digest = FsVerityDigest::<H> {
-        digest_algorithm,
-        digest_size,
-        digest: H::EMPTY,
-    };
-
-    unsafe {
-        ioctl::ioctl(
-            fd,
-            ioctl::Updater::<FsIocMeasureVerity, FsVerityDigest<H>>::new(&mut digest),
-        )?;
-    }
-
-    if digest.digest_algorithm != digest_algorithm || digest.digest_size != digest_size {
-        Err(std::io::Error::from(std::io::ErrorKind::InvalidData))?
-    } else {
-        Ok(digest.digest)
-    }
+pub fn fs_ioc_measure_verity<F: AsFd>(fd: F) -> Result<Sha256HashValue> {
+    let mut digest = composefs::fsverity::Digest::new();
+    composefs::fsverity::fsverity_digest_from_fd(fd.as_fd(), &mut digest)?;
+    let mut r = Sha256HashValue::EMPTY;
+    r.copy_from_slice(digest.get());
+    Ok(r)
 }