1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Copyright 2019 Google LLC 4 */ 5 #ifndef _INCFS_INTEGRITY_H 6 #define _INCFS_INTEGRITY_H 7 #include <linux/types.h> 8 #include <linux/kernel.h> 9 #include <crypto/hash.h> 10 11 #include <uapi/linux/incrementalfs.h> 12 13 #include "internal.h" 14 15 #define INCFS_MAX_MTREE_LEVELS 8 16 #define INCFS_MAX_HASH_AREA_SIZE (1280 * 1024 * 1024) 17 18 struct incfs_hash_alg { 19 const char *name; 20 int digest_size; 21 enum incfs_hash_tree_algorithm id; 22 23 struct crypto_shash *shash; 24 }; 25 26 /* Merkle tree structure. */ 27 struct mtree { 28 struct incfs_hash_alg *alg; 29 30 u8 root_hash[INCFS_MAX_HASH_SIZE]; 31 32 /* Offset of each hash level in the hash area. */ 33 u32 hash_level_suboffset[INCFS_MAX_MTREE_LEVELS]; 34 35 u32 hash_tree_area_size; 36 37 /* Number of levels in hash_level_suboffset */ 38 int depth; 39 }; 40 41 struct signature_info { 42 struct mem_range root_hash; 43 44 struct mem_range additional_data; 45 46 struct mem_range signature; 47 48 enum incfs_hash_tree_algorithm hash_alg; 49 }; 50 51 struct incfs_hash_alg *incfs_get_hash_alg(enum incfs_hash_tree_algorithm id); 52 53 struct mtree *incfs_alloc_mtree(enum incfs_hash_tree_algorithm id, 54 int data_block_count, 55 struct mem_range root_hash); 56 57 void incfs_free_mtree(struct mtree *tree); 58 59 size_t incfs_get_mtree_depth(enum incfs_hash_tree_algorithm alg, loff_t size); 60 61 size_t incfs_get_mtree_hash_count(enum incfs_hash_tree_algorithm alg, 62 loff_t size); 63 64 int incfs_calc_digest(struct incfs_hash_alg *alg, struct mem_range data, 65 struct mem_range digest); 66 67 int incfs_validate_pkcs7_signature(struct mem_range pkcs7_blob, 68 struct mem_range root_hash, struct mem_range add_data); 69 70 void incfs_free_signature_info(struct signature_info *si); 71 72 #endif /* _INCFS_INTEGRITY_H */ 73