1
2
3
4
5
6
7
8#ifndef _FSVERITY_PRIVATE_H
9#define _FSVERITY_PRIVATE_H
10
11#ifdef CONFIG_FS_VERITY_DEBUG
12#define DEBUG
13#endif
14
15#define pr_fmt(fmt) "fs-verity: " fmt
16
17#include <crypto/sha2.h>
18#include <linux/fsverity.h>
19#include <linux/mempool.h>
20
21struct ahash_request;
22
23
24
25
26
27#define FS_VERITY_MAX_LEVELS 8
28
29
30
31
32
33#define FS_VERITY_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
34
35
36struct fsverity_hash_alg {
37 struct crypto_ahash *tfm;
38 const char *name;
39 unsigned int digest_size;
40 unsigned int block_size;
41 mempool_t req_pool;
42};
43
44
45struct merkle_tree_params {
46 struct fsverity_hash_alg *hash_alg;
47 const u8 *hashstate;
48 unsigned int digest_size;
49 unsigned int block_size;
50 unsigned int hashes_per_block;
51 unsigned int log_blocksize;
52 unsigned int log_arity;
53 unsigned int num_levels;
54 u64 tree_size;
55 unsigned long level0_blocks;
56
57
58
59
60
61 u64 level_start[FS_VERITY_MAX_LEVELS];
62};
63
64
65
66
67
68
69
70
71
72
73struct fsverity_info {
74 struct merkle_tree_params tree_params;
75 u8 root_hash[FS_VERITY_MAX_DIGEST_SIZE];
76 u8 file_digest[FS_VERITY_MAX_DIGEST_SIZE];
77 const struct inode *inode;
78};
79
80
81#define FS_VERITY_MAX_DESCRIPTOR_SIZE 16384
82
83#define FS_VERITY_MAX_SIGNATURE_SIZE (FS_VERITY_MAX_DESCRIPTOR_SIZE - \
84 sizeof(struct fsverity_descriptor))
85
86
87
88extern struct fsverity_hash_alg fsverity_hash_algs[];
89
90struct fsverity_hash_alg *fsverity_get_hash_alg(const struct inode *inode,
91 unsigned int num);
92struct ahash_request *fsverity_alloc_hash_request(struct fsverity_hash_alg *alg,
93 gfp_t gfp_flags);
94void fsverity_free_hash_request(struct fsverity_hash_alg *alg,
95 struct ahash_request *req);
96const u8 *fsverity_prepare_hash_state(struct fsverity_hash_alg *alg,
97 const u8 *salt, size_t salt_size);
98int fsverity_hash_page(const struct merkle_tree_params *params,
99 const struct inode *inode,
100 struct ahash_request *req, struct page *page, u8 *out);
101int fsverity_hash_buffer(struct fsverity_hash_alg *alg,
102 const void *data, size_t size, u8 *out);
103void __init fsverity_check_hash_algs(void);
104
105
106
107void __printf(3, 4) __cold
108fsverity_msg(const struct inode *inode, const char *level,
109 const char *fmt, ...);
110
111#define fsverity_warn(inode, fmt, ...) \
112 fsverity_msg((inode), KERN_WARNING, fmt, ##__VA_ARGS__)
113#define fsverity_err(inode, fmt, ...) \
114 fsverity_msg((inode), KERN_ERR, fmt, ##__VA_ARGS__)
115
116
117
118int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
119 const struct inode *inode,
120 unsigned int hash_algorithm,
121 unsigned int log_blocksize,
122 const u8 *salt, size_t salt_size);
123
124struct fsverity_info *fsverity_create_info(const struct inode *inode,
125 struct fsverity_descriptor *desc,
126 size_t desc_size);
127
128void fsverity_set_info(struct inode *inode, struct fsverity_info *vi);
129
130void fsverity_free_info(struct fsverity_info *vi);
131
132int fsverity_get_descriptor(struct inode *inode,
133 struct fsverity_descriptor **desc_ret,
134 size_t *desc_size_ret);
135
136int __init fsverity_init_info_cache(void);
137void __init fsverity_exit_info_cache(void);
138
139
140
141#ifdef CONFIG_FS_VERITY_BUILTIN_SIGNATURES
142int fsverity_verify_signature(const struct fsverity_info *vi,
143 const u8 *signature, size_t sig_size);
144
145int __init fsverity_init_signature(void);
146#else
147static inline int
148fsverity_verify_signature(const struct fsverity_info *vi,
149 const u8 *signature, size_t sig_size)
150{
151 return 0;
152}
153
154static inline int fsverity_init_signature(void)
155{
156 return 0;
157}
158#endif
159
160
161
162int __init fsverity_init_workqueue(void);
163void __init fsverity_exit_workqueue(void);
164
165#endif
166