This source file includes following definitions.
- fsverity_verify_signature
- fsverity_init_signature
1
2
3
4
5
6
7
8 #ifndef _FSVERITY_PRIVATE_H
9 #define _FSVERITY_PRIVATE_H
10
11 #ifdef CONFIG_FS_VERITY_DEBUG
12 #define DEBUG
13 #endif
14
15 #define pr_fmt(fmt) "fs-verity: " fmt
16
17 #include <crypto/sha.h>
18 #include <linux/fsverity.h>
19
20 struct ahash_request;
21
22
23
24
25
26 #define FS_VERITY_MAX_LEVELS 8
27
28
29
30
31
32 #define FS_VERITY_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
33
34
35 struct fsverity_hash_alg {
36 struct crypto_ahash *tfm;
37 const char *name;
38 unsigned int digest_size;
39 unsigned int block_size;
40 };
41
42
43 struct merkle_tree_params {
44 const struct fsverity_hash_alg *hash_alg;
45 const u8 *hashstate;
46 unsigned int digest_size;
47 unsigned int block_size;
48 unsigned int hashes_per_block;
49 unsigned int log_blocksize;
50 unsigned int log_arity;
51 unsigned int num_levels;
52 u64 tree_size;
53
54
55
56
57
58 u64 level_start[FS_VERITY_MAX_LEVELS];
59 };
60
61
62
63
64
65
66
67
68
69
70 struct fsverity_info {
71 struct merkle_tree_params tree_params;
72 u8 root_hash[FS_VERITY_MAX_DIGEST_SIZE];
73 u8 measurement[FS_VERITY_MAX_DIGEST_SIZE];
74 const struct inode *inode;
75 };
76
77
78
79
80
81 struct fsverity_descriptor {
82 __u8 version;
83 __u8 hash_algorithm;
84 __u8 log_blocksize;
85 __u8 salt_size;
86 __le32 sig_size;
87 __le64 data_size;
88 __u8 root_hash[64];
89 __u8 salt[32];
90 __u8 __reserved[144];
91 __u8 signature[];
92 };
93
94
95 #define FS_VERITY_MAX_DESCRIPTOR_SIZE 16384
96
97 #define FS_VERITY_MAX_SIGNATURE_SIZE (FS_VERITY_MAX_DESCRIPTOR_SIZE - \
98 sizeof(struct fsverity_descriptor))
99
100
101
102
103
104
105
106 struct fsverity_signed_digest {
107 char magic[8];
108 __le16 digest_algorithm;
109 __le16 digest_size;
110 __u8 digest[];
111 };
112
113
114
115 extern struct fsverity_hash_alg fsverity_hash_algs[];
116
117 const struct fsverity_hash_alg *fsverity_get_hash_alg(const struct inode *inode,
118 unsigned int num);
119 const u8 *fsverity_prepare_hash_state(const struct fsverity_hash_alg *alg,
120 const u8 *salt, size_t salt_size);
121 int fsverity_hash_page(const struct merkle_tree_params *params,
122 const struct inode *inode,
123 struct ahash_request *req, struct page *page, u8 *out);
124 int fsverity_hash_buffer(const struct fsverity_hash_alg *alg,
125 const void *data, size_t size, u8 *out);
126 void __init fsverity_check_hash_algs(void);
127
128
129
130 extern void __printf(3, 4) __cold
131 fsverity_msg(const struct inode *inode, const char *level,
132 const char *fmt, ...);
133
134 #define fsverity_warn(inode, fmt, ...) \
135 fsverity_msg((inode), KERN_WARNING, fmt, ##__VA_ARGS__)
136 #define fsverity_err(inode, fmt, ...) \
137 fsverity_msg((inode), KERN_ERR, fmt, ##__VA_ARGS__)
138
139
140
141 int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
142 const struct inode *inode,
143 unsigned int hash_algorithm,
144 unsigned int log_blocksize,
145 const u8 *salt, size_t salt_size);
146
147 struct fsverity_info *fsverity_create_info(const struct inode *inode,
148 void *desc, size_t desc_size);
149
150 void fsverity_set_info(struct inode *inode, struct fsverity_info *vi);
151
152 void fsverity_free_info(struct fsverity_info *vi);
153
154 int __init fsverity_init_info_cache(void);
155 void __init fsverity_exit_info_cache(void);
156
157
158
159 #ifdef CONFIG_FS_VERITY_BUILTIN_SIGNATURES
160 int fsverity_verify_signature(const struct fsverity_info *vi,
161 const struct fsverity_descriptor *desc,
162 size_t desc_size);
163
164 int __init fsverity_init_signature(void);
165 #else
166 static inline int
167 fsverity_verify_signature(const struct fsverity_info *vi,
168 const struct fsverity_descriptor *desc,
169 size_t desc_size)
170 {
171 return 0;
172 }
173
174 static inline int fsverity_init_signature(void)
175 {
176 return 0;
177 }
178 #endif
179
180
181
182 int __init fsverity_init_workqueue(void);
183 void __init fsverity_exit_workqueue(void);
184
185 #endif