1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /*
3 * Copyright (c) 2023 Huawei Device Co., Ltd.
4 */
5
6 #ifndef LINUX_INCLUDE_CODE_SIGN_H
7 #define LINUX_INCLUDE_CODE_SIGN_H
8
9 #include <linux/hck/lite_hck_code_sign.h>
10
11 /*
12 * Merkle tree properties. The file measurement is the hash of this structure
13 * excluding the signature and with the sig_size field set to 0, while version
14 * is replaced by code sign version.
15 */
16 struct code_sign_descriptor {
17 __u8 version; /* must be 1 */
18 __u8 hash_algorithm; /* Merkle tree hash algorithm */
19 __u8 log_blocksize; /* log2 of size of data and tree blocks */
20 __u8 salt_size; /* size of salt in bytes; 0 if none */
21 __le32 sig_size; /* size of signature in bytes; 0 if none */
22 __le64 data_size; /* size of file the Merkle tree is built over */
23 __u8 root_hash[64]; /* Merkle tree root hash */
24 __u8 salt[32]; /* salt prepended to each hashed block */
25 __u32 flags;
26 __u32 __reserved1; /* must be 0 */
27 __u64 tree_offset; /* merkle tree offset in file */
28 __u8 __reserved2[127]; /* must be 0's */
29 __u8 cs_version; /* code sign version */
30 __u8 signature[]; /* optional PKCS#7 signature */
31 };
32
33 enum {
34 RELEASE_CODE_START = 0x0,
35 RELEASE_PLATFORM_CODE,
36 RELEASE_AUTHED_CODE,
37 RELEASE_DEVELOPER_CODE,
38 RELEASE_BLOCK_CODE,
39 RELEASE_CODE_END,
40
41 DEBUG_CODE_START = 0x100,
42 DEBUG_PLATFORM_CODE,
43 DEBUG_AUTHED_CODE,
44 DEBUG_DEVELOPER_CODE,
45 DEBUG_BLOCK_CODE,
46 DEBUG_DEBUG_CODE,
47 DEBUG_CODE_END,
48
49 MAY_LOCAL_CODE = 0x201,
50 };
51
52 #define FLAG_INSIDE_TREE (1 << 0) /* Merkle tree in file */
53 #define IS_INSIDE_TREE(desc) ((desc)->flags & FLAG_INSIDE_TREE)
54
55 #define CONST_CAST_CODE_SIGN_DESC(desc) ((const struct code_sign_descriptor *)(desc))
56 #define CAST_CODE_SIGN_DESC(desc) ((struct code_sign_descriptor *)(desc))
57
get_tree_offset_compact(const void * desc)58 static inline u64 get_tree_offset_compact(const void *desc)
59 {
60 return CONST_CAST_CODE_SIGN_DESC(desc)->tree_offset;
61 }
62
is_inside_tree_compact(const void * _desc)63 static inline bool is_inside_tree_compact(const void *_desc)
64 {
65 const struct code_sign_descriptor *desc = CONST_CAST_CODE_SIGN_DESC(_desc);
66
67 return desc->cs_version && IS_INSIDE_TREE(desc);
68 }
69
code_sign_check_descriptor_hook(const struct inode * inode,const void * desc)70 static inline int code_sign_check_descriptor_hook(const struct inode *inode, const void *desc)
71 {
72 int ret = 0;
73
74 CALL_HCK_LITE_HOOK(code_sign_check_descriptor_lhck, inode, desc, &ret);
75 return ret;
76 }
77
code_sign_before_measurement_hook(void * desc)78 static inline int code_sign_before_measurement_hook(void *desc)
79 {
80 int ret = 0;
81
82 CALL_HCK_LITE_HOOK(code_sign_before_measurement_lhck, desc, &ret);
83 return ret;
84 }
85
code_sign_after_measurement_hook(void * desc,int version)86 static inline void code_sign_after_measurement_hook(void *desc, int version)
87 {
88 CALL_HCK_LITE_HOOK(code_sign_after_measurement_lhck, desc, version);
89 }
90
91 #endif /* LINUX_INCLUDE_CODE_SIGN_H */
92