1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /*
3 * Copyright (c) 2023 Huawei Device Co., Ltd.
4 */
5
6 #ifndef LINUX_INCLUDE_CODE_SIGN_H
7 #define LINUX_INCLUDE_CODE_SIGN_H
8
9 #include <linux/hck/lite_hck_code_sign.h>
10
11 /*
12 * Merkle tree properties. The file measurement is the hash of this structure
13 * excluding the signature and with the sig_size field set to 0, while version
14 * is replaced by code sign version.
15 */
16 struct code_sign_descriptor {
17 __u8 version; /* must be 1 */
18 __u8 hash_algorithm; /* Merkle tree hash algorithm */
19 __u8 log_blocksize; /* log2 of size of data and tree blocks */
20 __u8 salt_size; /* size of salt in bytes; 0 if none */
21 __le32 sig_size; /* size of signature in bytes; 0 if none */
22 __le64 data_size; /* size of file the Merkle tree is built over */
23 __u8 root_hash[64]; /* Merkle tree root hash */
24 __u8 salt[32]; /* salt prepended to each hashed block */
25 __u32 flags;
26 __u32 pgtypeinfo_size; /* size of page type info (in number of btis) */
27 __u64 tree_offset; /* merkle tree offset in file */
28 __u64 pgtypeinfo_off; /* offset of page type info */
29 __u8 __reserved2[119]; /* must be 0's */
30 __u8 cs_version; /* code sign version */
31 __u8 signature[]; /* optional PKCS#7 signature */
32 };
33
34 enum {
35 RELEASE_CODE_START = 0x0,
36 RELEASE_PLATFORM_CODE,
37 RELEASE_AUTHED_CODE,
38 RELEASE_DEVELOPER_CODE,
39 RELEASE_BLOCK_CODE,
40 RELEASE_CODE_END,
41
42 DEBUG_CODE_START = 0x100,
43 DEBUG_PLATFORM_CODE,
44 DEBUG_AUTHED_CODE,
45 DEBUG_DEVELOPER_CODE,
46 DEBUG_BLOCK_CODE,
47 DEBUG_DEBUG_CODE,
48 DEBUG_CODE_END,
49
50 MAY_LOCAL_CODE = 0x201,
51 };
52
53 #define FLAG_INSIDE_TREE (1 << 0) /* Merkle tree in file */
54 #define IS_INSIDE_TREE(desc) ((desc)->flags & FLAG_INSIDE_TREE)
55
56 #define CONST_CAST_CODE_SIGN_DESC(desc) ((const struct code_sign_descriptor *)(desc))
57 #define CAST_CODE_SIGN_DESC(desc) ((struct code_sign_descriptor *)(desc))
58
get_tree_offset_compact(const void * desc)59 static inline u64 get_tree_offset_compact(const void *desc)
60 {
61 return CONST_CAST_CODE_SIGN_DESC(desc)->tree_offset;
62 }
63
is_inside_tree_compact(const void * _desc)64 static inline bool is_inside_tree_compact(const void *_desc)
65 {
66 const struct code_sign_descriptor *desc = CONST_CAST_CODE_SIGN_DESC(_desc);
67
68 return desc->cs_version && IS_INSIDE_TREE(desc);
69 }
70
code_sign_check_descriptor_hook(const struct inode * inode,const void * desc)71 static inline int code_sign_check_descriptor_hook(const struct inode *inode, const void *desc)
72 {
73 int ret = 0;
74
75 CALL_HCK_LITE_HOOK(code_sign_check_descriptor_lhck, inode, desc, &ret);
76 return ret;
77 }
78
code_sign_before_measurement_hook(void * desc)79 static inline int code_sign_before_measurement_hook(void *desc)
80 {
81 int ret = 0;
82
83 CALL_HCK_LITE_HOOK(code_sign_before_measurement_lhck, desc, &ret);
84 return ret;
85 }
86
code_sign_after_measurement_hook(void * desc,int version)87 static inline void code_sign_after_measurement_hook(void *desc, int version)
88 {
89 CALL_HCK_LITE_HOOK(code_sign_after_measurement_lhck, desc, version);
90 }
91
92 #endif /* LINUX_INCLUDE_CODE_SIGN_H */
93