1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2 /*
3  * fs-verity (file-based verity) support
4  *
5  * Copyright (C) 2018 Google LLC
6  */
7 #ifndef _UAPI_LINUX_FSVERITY_H
8 #define _UAPI_LINUX_FSVERITY_H
9 
10 #include <linux/limits.h>
11 #include <linux/ioctl.h>
12 #include <linux/types.h>
13 
14 /* ========== Ioctls ========== */
15 
16 struct fsverity_digest {
17 	__u16 digest_algorithm;
18 	__u16 digest_size; /* input/output */
19 	__u8 digest[];
20 };
21 
22 #define FS_IOC_ENABLE_VERITY	_IO('f', 133)
23 #define FS_IOC_MEASURE_VERITY	_IOWR('f', 134, struct fsverity_digest)
24 
25 /* ========== On-disk format ========== */
26 
27 #define FS_VERITY_MAGIC		"FSVerity"
28 
29 /* Supported hash algorithms */
30 #define FS_VERITY_ALG_SHA256	1
31 #define FS_VERITY_ALG_SHA512	2
32 #define FS_VERITY_ALG_CRC32C	3	/* for integrity only */
33 
34 /* Metadata stored near the end of fs-verity files, after the Merkle tree */
35 /* This structure is 64 bytes long */
36 struct fsverity_descriptor {
37 	__u8 magic[8];		/* must be FS_VERITY_MAGIC */
38 	__u8 major_version;	/* must be 1 */
39 	__u8 minor_version;	/* must be 0 */
40 	__u8 log_data_blocksize;/* log2(data-bytes-per-hash), e.g. 12 for 4KB */
41 	__u8 log_tree_blocksize;/* log2(tree-bytes-per-hash), e.g. 12 for 4KB */
42 	__le16 data_algorithm;	/* hash algorithm for data blocks */
43 	__le16 tree_algorithm;	/* hash algorithm for tree blocks */
44 	__le32 flags;		/* flags */
45 	__le32 reserved1;	/* must be 0 */
46 	__le64 orig_file_size;	/* size of the original, unpadded data */
47 	__le16 auth_ext_count;	/* number of authenticated extensions */
48 	__u8 reserved2[30];	/* must be 0 */
49 };
50 /* followed by list of 'auth_ext_count' authenticated extensions */
51 /*
52  * then followed by '__le16 unauth_ext_count' padded to next 8-byte boundary,
53  * then a list of 'unauth_ext_count' (may be 0) unauthenticated extensions
54  */
55 
56 /* Extension types */
57 #define FS_VERITY_EXT_ROOT_HASH		1
58 #define FS_VERITY_EXT_SALT		2
59 #define FS_VERITY_EXT_PKCS7_SIGNATURE	3
60 #define FS_VERITY_EXT_ELIDE		4
61 #define FS_VERITY_EXT_PATCH		5
62 
63 /* Header of each extension (variable-length metadata item) */
64 struct fsverity_extension {
65 	/*
66 	 * Length in bytes, including this header but excluding padding to next
67 	 * 8-byte boundary that is applied when advancing to the next extension.
68 	 */
69 	__le32 length;
70 	__le16 type;		/* Type of this extension (see codes above) */
71 	__le16 reserved;	/* Reserved, must be 0 */
72 };
73 /* followed by the payload of 'length - 8' bytes */
74 
75 /* Extension payload formats */
76 
77 /*
78  * FS_VERITY_EXT_ROOT_HASH payload is just a byte array, with size equal to the
79  * digest size of the hash algorithm given in the fsverity_descriptor
80  */
81 
82 /* FS_VERITY_EXT_SALT payload is just a byte array, any size */
83 
84 /*
85  * FS_VERITY_EXT_PKCS7_SIGNATURE payload is a DER-encoded PKCS#7 message
86  * containing the signed file measurement in the following format:
87  */
88 struct fsverity_digest_disk {
89 	__le16 digest_algorithm;
90 	__le16 digest_size;
91 	__u8 digest[];
92 };
93 
94 /* FS_VERITY_EXT_ELIDE payload */
95 struct fsverity_extension_elide {
96 	__le64 offset;
97 	__le64 length;
98 };
99 
100 /* FS_VERITY_EXT_PATCH payload */
101 struct fsverity_extension_patch {
102 	__le64 offset;
103 	/* followed by variable-length patch data */
104 };
105 
106 /* Fields stored at the very end of the file */
107 struct fsverity_footer {
108 	__le32 desc_reverse_offset;	/* distance to fsverity_descriptor */
109 	__u8 magic[8];			/* FS_VERITY_MAGIC */
110 } __attribute__((packed));
111 
112 #endif /* _UAPI_LINUX_FSVERITY_H */
113