fsverity.h (3293B)
1/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ 2/* 3 * fs-verity user API 4 * 5 * These ioctls can be used on filesystems that support fs-verity. See the 6 * "User API" section of Documentation/filesystems/fsverity.rst. 7 * 8 * Copyright 2019 Google LLC 9 */ 10#ifndef _UAPI_LINUX_FSVERITY_H 11#define _UAPI_LINUX_FSVERITY_H 12 13#include <linux/ioctl.h> 14#include <linux/types.h> 15 16#define FS_VERITY_HASH_ALG_SHA256 1 17#define FS_VERITY_HASH_ALG_SHA512 2 18 19struct fsverity_enable_arg { 20 __u32 version; 21 __u32 hash_algorithm; 22 __u32 block_size; 23 __u32 salt_size; 24 __u64 salt_ptr; 25 __u32 sig_size; 26 __u32 __reserved1; 27 __u64 sig_ptr; 28 __u64 __reserved2[11]; 29}; 30 31struct fsverity_digest { 32 __u16 digest_algorithm; 33 __u16 digest_size; /* input/output */ 34 __u8 digest[]; 35}; 36 37/* 38 * Struct containing a file's Merkle tree properties. The fs-verity file digest 39 * is the hash of this struct. A userspace program needs this struct only if it 40 * needs to compute fs-verity file digests itself, e.g. in order to sign files. 41 * It isn't needed just to enable fs-verity on a file. 42 * 43 * Note: when computing the file digest, 'sig_size' and 'signature' must be left 44 * zero and empty, respectively. These fields are present only because some 45 * filesystems reuse this struct as part of their on-disk format. 46 */ 47struct fsverity_descriptor { 48 __u8 version; /* must be 1 */ 49 __u8 hash_algorithm; /* Merkle tree hash algorithm */ 50 __u8 log_blocksize; /* log2 of size of data and tree blocks */ 51 __u8 salt_size; /* size of salt in bytes; 0 if none */ 52#ifdef __KERNEL__ 53 __le32 sig_size; 54#else 55 __le32 __reserved_0x04; /* must be 0 */ 56#endif 57 __le64 data_size; /* size of file the Merkle tree is built over */ 58 __u8 root_hash[64]; /* Merkle tree root hash */ 59 __u8 salt[32]; /* salt prepended to each hashed block */ 60 __u8 __reserved[144]; /* must be 0's */ 61#ifdef __KERNEL__ 62 __u8 signature[]; 63#endif 64}; 65 66/* 67 * Format in which fs-verity file digests are signed in built-in signatures. 68 * This is the same as 'struct fsverity_digest', except here some magic bytes 69 * are prepended to provide some context about what is being signed in case the 70 * same key is used for non-fsverity purposes, and here the fields have fixed 71 * endianness. 72 * 73 * This struct is specific to the built-in signature verification support, which 74 * is optional. fs-verity users may also verify signatures in userspace, in 75 * which case userspace is responsible for deciding on what bytes are signed. 76 * This struct may still be used, but it doesn't have to be. For example, 77 * userspace could instead use a string like "sha256:$digest_as_hex_string". 78 */ 79struct fsverity_formatted_digest { 80 char magic[8]; /* must be "FSVerity" */ 81 __le16 digest_algorithm; 82 __le16 digest_size; 83 __u8 digest[]; 84}; 85 86#define FS_VERITY_METADATA_TYPE_MERKLE_TREE 1 87#define FS_VERITY_METADATA_TYPE_DESCRIPTOR 2 88#define FS_VERITY_METADATA_TYPE_SIGNATURE 3 89 90struct fsverity_read_metadata_arg { 91 __u64 metadata_type; 92 __u64 offset; 93 __u64 length; 94 __u64 buf_ptr; 95 __u64 __reserved; 96}; 97 98#define FS_IOC_ENABLE_VERITY _IOW('f', 133, struct fsverity_enable_arg) 99#define FS_IOC_MEASURE_VERITY _IOWR('f', 134, struct fsverity_digest) 100#define FS_IOC_READ_VERITY_METADATA \ 101 _IOWR('f', 135, struct fsverity_read_metadata_arg) 102 103#endif /* _UAPI_LINUX_FSVERITY_H */