1 /* 2 * Copyright (C) 2015 Google, Inc. 3 * 4 * This software is licensed under the terms of the GNU General Public 5 * License version 2, as published by the Free Software Foundation, and 6 * may be copied, distributed, and modified under those terms. 7 * 8 * This program is distributed in the hope that it will be useful, 9 * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 * GNU General Public License for more details. 12 * 13 */ 14 15 #ifndef DM_ANDROID_VERITY_H 16 #define DM_ANDROID_VERITY_H 17 18 #include <crypto/sha.h> 19 20 #define RSANUMBYTES 256 21 #define VERITY_METADATA_MAGIC_NUMBER 0xb001b001 22 #define VERITY_METADATA_MAGIC_DISABLE 0x46464f56 23 #define VERITY_METADATA_VERSION 0 24 #define VERITY_STATE_DISABLE 1 25 #define DATA_BLOCK_SIZE (4 * 1024) 26 #define VERITY_METADATA_SIZE (8 * DATA_BLOCK_SIZE) 27 #define VERITY_TABLE_ARGS 10 28 #define VERITY_COMMANDLINE_PARAM_LENGTH 20 29 #define BUILD_VARIANT 20 30 31 /* 32 * <subject>:<sha1-id> is the format for the identifier. 33 * subject can either be the Common Name(CN) + Organization Name(O) or 34 * just the CN if the it is prefixed with O 35 * From https://tools.ietf.org/html/rfc5280#appendix-A 36 * ub-organization-name-length INTEGER ::= 64 37 * ub-common-name-length INTEGER ::= 64 38 * 39 * http://lxr.free-electrons.com/source/crypto/asymmetric_keys/x509_cert_parser.c?v=3.9#L278 40 * ctx->o_size + 2 + ctx->cn_size + 1 41 * + 41 characters for ":" and sha1 id 42 * 64 + 2 + 64 + 1 + 1 + 40 (172) 43 * setting VERITY_DEFAULT_KEY_ID_LENGTH to 200 characters. 44 */ 45 #define VERITY_DEFAULT_KEY_ID_LENGTH 200 46 47 #define FEC_MAGIC 0xFECFECFE 48 #define FEC_BLOCK_SIZE (4 * 1024) 49 #define FEC_VERSION 0 50 #define FEC_RSM 255 51 #define FEC_ARG_LENGTH 300 52 53 #define VERITY_TABLE_OPT_RESTART "restart_on_corruption" 54 #define VERITY_TABLE_OPT_LOGGING "ignore_corruption" 55 #define VERITY_TABLE_OPT_IGNZERO "ignore_zero_blocks" 56 57 #define VERITY_TABLE_OPT_FEC_FORMAT \ 58 "use_fec_from_device %s fec_start %llu fec_blocks %llu fec_roots %u ignore_zero_blocks" 59 #define VERITY_TABLE_OPT_FEC_ARGS 9 60 61 #define VERITY_DEBUG 0 62 63 #define DM_MSG_PREFIX "android-verity" 64 65 #define DM_LINEAR_ARGS 2 66 #define DM_LINEAR_TARGET_OFFSET "0" 67 68 /* 69 * There can be two formats. 70 * if fec is present 71 * <data_blocks> <verity_tree> <verity_metdata_32K><fec_data><fec_data_4K> 72 * if fec is not present 73 * <data_blocks> <verity_tree> <verity_metdata_32K> 74 */ 75 struct fec_header { 76 __le32 magic; 77 __le32 version; 78 __le32 size; 79 __le32 roots; 80 __le32 fec_size; 81 __le64 inp_size; 82 u8 hash[SHA256_DIGEST_SIZE]; 83 } __attribute__((packed)); 84 85 struct android_metadata_header { 86 __le32 magic_number; 87 __le32 protocol_version; 88 char signature[RSANUMBYTES]; 89 __le32 table_length; 90 }; 91 92 struct android_metadata { 93 struct android_metadata_header *header; 94 char *verity_table; 95 }; 96 97 struct fec_ecc_metadata { 98 bool valid; 99 u32 roots; 100 u64 blocks; 101 u64 rounds; 102 u64 start; 103 }; 104 105 struct bio_read { 106 struct page **page_io; 107 int number_of_pages; 108 }; 109 110 extern struct target_type linear_target; 111 112 extern void dm_linear_dtr(struct dm_target *ti); 113 extern int dm_linear_map(struct dm_target *ti, struct bio *bio); 114 extern void dm_linear_status(struct dm_target *ti, status_type_t type, 115 unsigned status_flags, char *result, unsigned maxlen); 116 extern int dm_linear_ioctl(struct dm_target *ti, unsigned int cmd, 117 unsigned long arg); 118 extern int dm_linear_merge(struct dm_target *ti, struct bvec_merge_data *bvm, 119 struct bio_vec *biovec, int max_size); 120 extern int dm_linear_iterate_devices(struct dm_target *ti, 121 iterate_devices_callout_fn fn, void *data); 122 extern int dm_linear_ctr(struct dm_target *ti, unsigned int argc, char **argv); 123 #endif /* DM_ANDROID_VERITY_H */ 124