1
2
3
4
5
6
7
8#ifndef _FSVERITY_PRIVATE_H
9#define _FSVERITY_PRIVATE_H
10
11#ifdef CONFIG_FS_VERITY_DEBUG
12#define DEBUG
13#endif
14
15#define pr_fmt(fmt) "fs-verity: " fmt
16
17#include <crypto/sha2.h>
18#include <linux/fsverity.h>
19#include <linux/mempool.h>
20
21struct ahash_request;
22
23
24
25
26
27#define FS_VERITY_MAX_LEVELS 8
28
29
30
31
32
33#define FS_VERITY_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
34
35
36struct fsverity_hash_alg {
37 struct crypto_ahash *tfm;
38 const char *name;
39 unsigned int digest_size;
40 unsigned int block_size;
41 mempool_t req_pool;
42};
43
44
45struct merkle_tree_params {
46 struct fsverity_hash_alg *hash_alg;
47 const u8 *hashstate;
48 unsigned int digest_size;
49 unsigned int block_size;
50 unsigned int hashes_per_block;
51 unsigned int log_blocksize;
52 unsigned int log_arity;
53 unsigned int num_levels;
54 u64 tree_size;
55 unsigned long level0_blocks;
56
57
58
59
60
61 u64 level_start[FS_VERITY_MAX_LEVELS];
62};
63
64
65
66
67
68
69
70
71
72
73struct fsverity_info {
74 struct merkle_tree_params tree_params;
75 u8 root_hash[FS_VERITY_MAX_DIGEST_SIZE];
76 u8 file_digest[FS_VERITY_MAX_DIGEST_SIZE];
77 const struct inode *inode;
78};
79
80
81#define FS_VERITY_MAX_DESCRIPTOR_SIZE 16384
82
83#define FS_VERITY_MAX_SIGNATURE_SIZE (FS_VERITY_MAX_DESCRIPTOR_SIZE - \
84 sizeof(struct fsverity_descriptor))
85
86
87
88extern struct fsverity_hash_alg fsverity_hash_algs[];
89
90struct fsverity_hash_alg *fsverity_get_hash_alg(const struct inode *inode,
91 unsigned int num);
92struct ahash_request *fsverity_alloc_hash_request(struct fsverity_hash_alg *alg,
93 gfp_t gfp_flags);
94void fsverity_free_hash_request(struct fsverity_hash_alg *alg,
95 struct ahash_request *req);
96const u8 *fsverity_prepare_hash_state(struct fsverity_hash_alg *alg,
97 const u8 *salt, size_t salt_size);
98int fsverity_hash_page(const struct merkle_tree_params *params,
99 const struct inode *inode,
100 struct ahash_request *req, struct page *page, u8 *out);
101int fsverity_hash_buffer(struct fsverity_hash_alg *alg,
102 const void *data, size_t size, u8 *out);
103void __init fsverity_check_hash_algs(void);
104
105
106
107void __printf(3, 4) __cold
108fsverity_msg(const struct inode *inode, const char *level,
109 const char *fmt, ...);
110
111#define fsverity_warn(inode, fmt, ...) \
112 fsverity_msg((inode), KERN_WARNING, fmt, ##__VA_ARGS__)
113#define fsverity_err(inode, fmt, ...) \
114 fsverity_msg((inode), KERN_ERR, fmt, ##__VA_ARGS__)
115
116
117
118int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
119 const struct inode *inode,
120 unsigned int hash_algorithm,
121 unsigned int log_blocksize,
122 const u8 *salt, size_t salt_size);
123
124struct fsverity_info *fsverity_create_info(const struct inode *inode,
125 void *desc, size_t desc_size);
126
127void fsverity_set_info(struct inode *inode, struct fsverity_info *vi);
128
129void fsverity_free_info(struct fsverity_info *vi);
130
131int __init fsverity_init_info_cache(void);
132void __init fsverity_exit_info_cache(void);
133
134
135
136#ifdef CONFIG_FS_VERITY_BUILTIN_SIGNATURES
137int fsverity_verify_signature(const struct fsverity_info *vi,
138 const struct fsverity_descriptor *desc,
139 size_t desc_size);
140
141int __init fsverity_init_signature(void);
142#else
143static inline int
144fsverity_verify_signature(const struct fsverity_info *vi,
145 const struct fsverity_descriptor *desc,
146 size_t desc_size)
147{
148 return 0;
149}
150
151static inline int fsverity_init_signature(void)
152{
153 return 0;
154}
155#endif
156
157
158
159int __init fsverity_init_workqueue(void);
160void __init fsverity_exit_workqueue(void);
161
162#endif
163