/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
|
/*
|
* fs-verity (file-based verity) support
|
*
|
* Copyright (C) 2018 Google LLC
|
*/
|
#ifndef _UAPI_LINUX_FSVERITY_H
|
#define _UAPI_LINUX_FSVERITY_H
|
|
#include <linux/limits.h>
|
#include <linux/ioctl.h>
|
#include <linux/types.h>
|
|
/* ========== Ioctls ========== */
|
|
struct fsverity_digest {
|
__u16 digest_algorithm;
|
__u16 digest_size; /* input/output */
|
__u8 digest[];
|
};
|
|
#define FS_IOC_ENABLE_VERITY _IO('f', 133)
|
#define FS_IOC_MEASURE_VERITY _IOWR('f', 134, struct fsverity_digest)
|
|
/* ========== On-disk format ========== */
|
|
#define FS_VERITY_MAGIC "FSVerity"
|
|
/* Supported hash algorithms */
|
#define FS_VERITY_ALG_SHA256 1
|
#define FS_VERITY_ALG_SHA512 2
|
#define FS_VERITY_ALG_CRC32C 3 /* for integrity only */
|
|
/* Metadata stored near the end of fs-verity files, after the Merkle tree */
|
/* This structure is 64 bytes long */
|
struct fsverity_descriptor {
|
__u8 magic[8]; /* must be FS_VERITY_MAGIC */
|
__u8 major_version; /* must be 1 */
|
__u8 minor_version; /* must be 0 */
|
__u8 log_data_blocksize;/* log2(data-bytes-per-hash), e.g. 12 for 4KB */
|
__u8 log_tree_blocksize;/* log2(tree-bytes-per-hash), e.g. 12 for 4KB */
|
__le16 data_algorithm; /* hash algorithm for data blocks */
|
__le16 tree_algorithm; /* hash algorithm for tree blocks */
|
__le32 flags; /* flags */
|
__le32 reserved1; /* must be 0 */
|
__le64 orig_file_size; /* size of the original, unpadded data */
|
__le16 auth_ext_count; /* number of authenticated extensions */
|
__u8 reserved2[30]; /* must be 0 */
|
};
|
/* followed by list of 'auth_ext_count' authenticated extensions */
|
/*
|
* then followed by '__le16 unauth_ext_count' padded to next 8-byte boundary,
|
* then a list of 'unauth_ext_count' (may be 0) unauthenticated extensions
|
*/
|
|
/* Extension types */
|
#define FS_VERITY_EXT_ROOT_HASH 1
|
#define FS_VERITY_EXT_SALT 2
|
#define FS_VERITY_EXT_PKCS7_SIGNATURE 3
|
#define FS_VERITY_EXT_ELIDE 4
|
#define FS_VERITY_EXT_PATCH 5
|
|
/* Header of each extension (variable-length metadata item) */
|
struct fsverity_extension {
|
/*
|
* Length in bytes, including this header but excluding padding to next
|
* 8-byte boundary that is applied when advancing to the next extension.
|
*/
|
__le32 length;
|
__le16 type; /* Type of this extension (see codes above) */
|
__le16 reserved; /* Reserved, must be 0 */
|
};
|
/* followed by the payload of 'length - 8' bytes */
|
|
/* Extension payload formats */
|
|
/*
|
* FS_VERITY_EXT_ROOT_HASH payload is just a byte array, with size equal to the
|
* digest size of the hash algorithm given in the fsverity_descriptor
|
*/
|
|
/* FS_VERITY_EXT_SALT payload is just a byte array, any size */
|
|
/*
|
* FS_VERITY_EXT_PKCS7_SIGNATURE payload is a DER-encoded PKCS#7 message
|
* containing the signed file measurement in the following format:
|
*/
|
struct fsverity_digest_disk {
|
__le16 digest_algorithm;
|
__le16 digest_size;
|
__u8 digest[];
|
};
|
|
/* FS_VERITY_EXT_ELIDE payload */
|
struct fsverity_extension_elide {
|
__le64 offset;
|
__le64 length;
|
};
|
|
/* FS_VERITY_EXT_PATCH payload */
|
struct fsverity_extension_patch {
|
__le64 offset;
|
/* followed by variable-length patch data */
|
};
|
|
/* Fields stored at the very end of the file */
|
struct fsverity_footer {
|
__le32 desc_reverse_offset; /* distance to fsverity_descriptor */
|
__u8 magic[8]; /* FS_VERITY_MAGIC */
|
} __attribute__((packed));
|
|
#endif /* _UAPI_LINUX_FSVERITY_H */
|
