/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* fs-verity (file-based verity) support
*
* Copyright (C) 2018 Google LLC
*/
#ifndef _UAPI_LINUX_FSVERITY_H
#define _UAPI_LINUX_FSVERITY_H
#include <linux/limits.h>
#include <linux/ioctl.h>
#include <linux/types.h>
/* ========== Ioctls ========== */
struct fsverity_digest {
__u16 digest_algorithm;
__u16 digest_size; /* input/output */
__u8 digest[];
};
#define FS_IOC_ENABLE_VERITY _IO('f', 133)
#define FS_IOC_MEASURE_VERITY _IOWR('f', 134, struct fsverity_digest)
/* ========== On-disk format ========== */
#define FS_VERITY_MAGIC "FSVerity"
/* Supported hash algorithms */
#define FS_VERITY_ALG_SHA256 1
#define FS_VERITY_ALG_SHA512 2
#define FS_VERITY_ALG_CRC32C 3 /* for integrity only */
/* Metadata stored near the end of fs-verity files, after the Merkle tree */
/* This structure is 64 bytes long */
struct fsverity_descriptor {
__u8 magic[8]; /* must be FS_VERITY_MAGIC */
__u8 major_version; /* must be 1 */
__u8 minor_version; /* must be 0 */
__u8 log_data_blocksize;/* log2(data-bytes-per-hash), e.g. 12 for 4KB */
__u8 log_tree_blocksize;/* log2(tree-bytes-per-hash), e.g. 12 for 4KB */
__le16 data_algorithm; /* hash algorithm for data blocks */
__le16 tree_algorithm; /* hash algorithm for tree blocks */
__le32 flags; /* flags */
__le32 reserved1; /* must be 0 */
__le64 orig_file_size; /* size of the original, unpadded data */
__le16 auth_ext_count; /* number of authenticated extensions */
__u8 reserved2[30]; /* must be 0 */
};
/* followed by list of 'auth_ext_count' authenticated extensions */
/*
* then followed by '__le16 unauth_ext_count' padded to next 8-byte boundary,
* then a list of 'unauth_ext_count' (may be 0) unauthenticated extensions
*/
/* Extension types */
#define FS_VERITY_EXT_ROOT_HASH 1
#define FS_VERITY_EXT_SALT 2
#define FS_VERITY_EXT_PKCS7_SIGNATURE 3
#define FS_VERITY_EXT_ELIDE 4
#define FS_VERITY_EXT_PATCH 5
/* Header of each extension (variable-length metadata item) */
struct fsverity_extension {
/*
* Length in bytes, including this header but excluding padding to next
* 8-byte boundary that is applied when advancing to the next extension.
*/
__le32 length;
__le16 type; /* Type of this extension (see codes above) */
__le16 reserved; /* Reserved, must be 0 */
};
/* followed by the payload of 'length - 8' bytes */
/* Extension payload formats */
/*
* FS_VERITY_EXT_ROOT_HASH payload is just a byte array, with size equal to the
* digest size of the hash algorithm given in the fsverity_descriptor
*/
/* FS_VERITY_EXT_SALT payload is just a byte array, any size */
/*
* FS_VERITY_EXT_PKCS7_SIGNATURE payload is a DER-encoded PKCS#7 message
* containing the signed file measurement in the following format:
*/
struct fsverity_digest_disk {
__le16 digest_algorithm;
__le16 digest_size;
__u8 digest[];
};
/* FS_VERITY_EXT_ELIDE payload */
struct fsverity_extension_elide {
__le64 offset;
__le64 length;
};
/* FS_VERITY_EXT_PATCH payload */
struct fsverity_extension_patch {
__le64 offset;
/* followed by variable-length patch data */
};
/* Fields stored at the very end of the file */
struct fsverity_footer {
__le32 desc_reverse_offset; /* distance to fsverity_descriptor */
__u8 magic[8]; /* FS_VERITY_MAGIC */
} __attribute__((packed));
#endif /* _UAPI_LINUX_FSVERITY_H */