LXR linux/fs/verity/fsverity

   1/* SPDX-License-Identifier: GPL-2.0 */
   2/*
   3 * fs-verity: read-only file-based authenticity protection
   4 *
   5 * Copyright 2019 Google LLC
   6 */
   7
   8#ifndef _FSVERITY_PRIVATE_H
   9#define _FSVERITY_PRIVATE_H
  10
  11#ifdef CONFIG_FS_VERITY_DEBUG
  12#define DEBUG
  13#endif
  14
  15#define pr_fmt(fmt) "fs-verity: " fmt
  16
  17#include <crypto/sha2.h>
  18#include <linux/fsverity.h>
  19#include <linux/mempool.h>
  20
  21struct ahash_request;
  22
  23/*
  24 * Implementation limit: maximum depth of the Merkle tree.  For now 8 is plenty;
  25 * it's enough for over U64_MAX bytes of data using SHA-256 and 4K blocks.
  26 */
  27#define FS_VERITY_MAX_LEVELS            8
  28
  29/*
  30 * Largest digest size among all hash algorithms supported by fs-verity.
  31 * Currently assumed to be <= size of fsverity_descriptor::root_hash.
  32 */
  33#define FS_VERITY_MAX_DIGEST_SIZE       SHA512_DIGEST_SIZE
  34
  35/* A hash algorithm supported by fs-verity */
  36struct fsverity_hash_alg {
  37        struct crypto_ahash *tfm; /* hash tfm, allocated on demand */
  38        const char *name;         /* crypto API name, e.g. sha256 */
  39        unsigned int digest_size; /* digest size in bytes, e.g. 32 for SHA-256 */
  40        unsigned int block_size;  /* block size in bytes, e.g. 64 for SHA-256 */
  41        mempool_t req_pool;       /* mempool with a preallocated hash request */
  42};
  43
  44/* Merkle tree parameters: hash algorithm, initial hash state, and topology */
  45struct merkle_tree_params {
  46        struct fsverity_hash_alg *hash_alg; /* the hash algorithm */
  47        const u8 *hashstate;            /* initial hash state or NULL */
  48        unsigned int digest_size;       /* same as hash_alg->digest_size */
  49        unsigned int block_size;        /* size of data and tree blocks */
  50        unsigned int hashes_per_block;  /* number of hashes per tree block */
  51        unsigned int log_blocksize;     /* log2(block_size) */
  52        unsigned int log_arity;         /* log2(hashes_per_block) */
  53        unsigned int num_levels;        /* number of levels in Merkle tree */
  54        u64 tree_size;                  /* Merkle tree size in bytes */
  55        unsigned long level0_blocks;    /* number of blocks in tree level 0 */
  56
  57        /*
  58         * Starting block index for each tree level, ordered from leaf level (0)
  59         * to root level ('num_levels - 1')
  60         */
  61        u64 level_start[FS_VERITY_MAX_LEVELS];
  62};
  63
  64/*
  65 * fsverity_info - cached verity metadata for an inode
  66 *
  67 * When a verity file is first opened, an instance of this struct is allocated
  68 * and stored in ->i_verity_info; it remains until the inode is evicted.  It
  69 * caches information about the Merkle tree that's needed to efficiently verify
  70 * data read from the file.  It also caches the file digest.  The Merkle tree
  71 * pages themselves are not cached here, but the filesystem may cache them.
  72 */
  73struct fsverity_info {
  74        struct merkle_tree_params tree_params;
  75        u8 root_hash[FS_VERITY_MAX_DIGEST_SIZE];
  76        u8 file_digest[FS_VERITY_MAX_DIGEST_SIZE];
  77        const struct inode *inode;
  78};
  79
  80/* Arbitrary limit to bound the kmalloc() size.  Can be changed. */
  81#define FS_VERITY_MAX_DESCRIPTOR_SIZE   16384
  82
  83#define FS_VERITY_MAX_SIGNATURE_SIZE    (FS_VERITY_MAX_DESCRIPTOR_SIZE - \
  84                                         sizeof(struct fsverity_descriptor))
  85
  86/* hash_algs.c */
  87
  88extern struct fsverity_hash_alg fsverity_hash_algs[];
  89
  90struct fsverity_hash_alg *fsverity_get_hash_alg(const struct inode *inode,
  91                                                unsigned int num);
  92struct ahash_request *fsverity_alloc_hash_request(struct fsverity_hash_alg *alg,
  93                                                  gfp_t gfp_flags);
  94void fsverity_free_hash_request(struct fsverity_hash_alg *alg,
  95                                struct ahash_request *req);
  96const u8 *fsverity_prepare_hash_state(struct fsverity_hash_alg *alg,
  97                                      const u8 *salt, size_t salt_size);
  98int fsverity_hash_page(const struct merkle_tree_params *params,
  99                       const struct inode *inode,
 100                       struct ahash_request *req, struct page *page, u8 *out);
 101int fsverity_hash_buffer(struct fsverity_hash_alg *alg,
 102                         const void *data, size_t size, u8 *out);
 103void __init fsverity_check_hash_algs(void);
 104
 105/* init.c */
 106
 107void __printf(3, 4) __cold
 108fsverity_msg(const struct inode *inode, const char *level,
 109             const char *fmt, ...);
 110
 111#define fsverity_warn(inode, fmt, ...)          \
 112        fsverity_msg((inode), KERN_WARNING, fmt, ##__VA_ARGS__)
 113#define fsverity_err(inode, fmt, ...)           \
 114        fsverity_msg((inode), KERN_ERR, fmt, ##__VA_ARGS__)
 115
 116/* open.c */
 117
 118int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
 119                                     const struct inode *inode,
 120                                     unsigned int hash_algorithm,
 121                                     unsigned int log_blocksize,
 122                                     const u8 *salt, size_t salt_size);
 123
 124struct fsverity_info *fsverity_create_info(const struct inode *inode,
 125                                           struct fsverity_descriptor *desc,
 126                                           size_t desc_size);
 127
 128void fsverity_set_info(struct inode *inode, struct fsverity_info *vi);
 129
 130void fsverity_free_info(struct fsverity_info *vi);
 131
 132int fsverity_get_descriptor(struct inode *inode,
 133                            struct fsverity_descriptor **desc_ret,
 134                            size_t *desc_size_ret);
 135
 136int __init fsverity_init_info_cache(void);
 137void __init fsverity_exit_info_cache(void);
 138
 139/* signature.c */
 140
 141#ifdef CONFIG_FS_VERITY_BUILTIN_SIGNATURES
 142int fsverity_verify_signature(const struct fsverity_info *vi,
 143                              const u8 *signature, size_t sig_size);
 144
 145int __init fsverity_init_signature(void);
 146#else /* !CONFIG_FS_VERITY_BUILTIN_SIGNATURES */
 147static inline int
 148fsverity_verify_signature(const struct fsverity_info *vi,
 149                          const u8 *signature, size_t sig_size)
 150{
 151        return 0;
 152}
 153
 154static inline int fsverity_init_signature(void)
 155{
 156        return 0;
 157}
 158#endif /* !CONFIG_FS_VERITY_BUILTIN_SIGNATURES */
 159
 160/* verify.c */
 161
 162int __init fsverity_init_workqueue(void);
 163void __init fsverity_exit_workqueue(void);
 164
 165#endif /* _FSVERITY_PRIVATE_H */
 166