1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2 /*
3 * fs-verity user API
4 *
5 * These ioctls can be used on filesystems that support fs-verity. See the
6 * "User API" section of Documentation/filesystems/fsverity.rst.
7 *
8 * Copyright 2019 Google LLC
9 */
10 #ifndef _UAPI_LINUX_FSVERITY_H
11 #define _UAPI_LINUX_FSVERITY_H
12
13 #include <linux/ioctl.h>
14 #include <linux/types.h>
15
16 #define FS_VERITY_HASH_ALG_SHA256 1
17 #define FS_VERITY_HASH_ALG_SHA512 2
18
19 struct fsverity_enable_arg {
20 __u32 version;
21 __u32 hash_algorithm;
22 __u32 block_size;
23 __u32 salt_size;
24 __u64 salt_ptr;
25 __u32 sig_size;
26 __u32 __reserved1;
27 __u64 sig_ptr;
28 __u64 __reserved2[11];
29 };
30
31 struct fsverity_digest {
32 __u16 digest_algorithm;
33 __u16 digest_size; /* input/output */
34 __u8 digest[];
35 };
36
37 /*
38 * Struct containing a file's Merkle tree properties. The fs-verity file digest
39 * is the hash of this struct. A userspace program needs this struct only if it
40 * needs to compute fs-verity file digests itself, e.g. in order to sign files.
41 * It isn't needed just to enable fs-verity on a file.
42 *
43 * Note: when computing the file digest, 'sig_size' and 'signature' must be left
44 * zero and empty, respectively. These fields are present only because some
45 * filesystems reuse this struct as part of their on-disk format.
46 */
47 struct fsverity_descriptor {
48 __u8 version; /* must be 1 */
49 __u8 hash_algorithm; /* Merkle tree hash algorithm */
50 __u8 log_blocksize; /* log2 of size of data and tree blocks */
51 __u8 salt_size; /* size of salt in bytes; 0 if none */
52 #ifdef __KERNEL__
53 __le32 sig_size;
54 #else
55 __le32 __reserved_0x04; /* must be 0 */
56 #endif
57 __le64 data_size; /* size of file the Merkle tree is built over */
58 __u8 root_hash[64]; /* Merkle tree root hash */
59 __u8 salt[32]; /* salt prepended to each hashed block */
60 __u8 __reserved[144]; /* must be 0's */
61 #ifdef __KERNEL__
62 __u8 signature[];
63 #endif
64 };
65
66 /*
67 * Format in which fs-verity file digests are signed in built-in signatures.
68 * This is the same as 'struct fsverity_digest', except here some magic bytes
69 * are prepended to provide some context about what is being signed in case the
70 * same key is used for non-fsverity purposes, and here the fields have fixed
71 * endianness.
72 *
73 * This struct is specific to the built-in signature verification support, which
74 * is optional. fs-verity users may also verify signatures in userspace, in
75 * which case userspace is responsible for deciding on what bytes are signed.
76 * This struct may still be used, but it doesn't have to be. For example,
77 * userspace could instead use a string like "sha256:$digest_as_hex_string".
78 */
79 struct fsverity_formatted_digest {
80 char magic[8]; /* must be "FSVerity" */
81 __le16 digest_algorithm;
82 __le16 digest_size;
83 __u8 digest[];
84 };
85
86 #define FS_VERITY_METADATA_TYPE_MERKLE_TREE 1
87 #define FS_VERITY_METADATA_TYPE_DESCRIPTOR 2
88 #define FS_VERITY_METADATA_TYPE_SIGNATURE 3
89
90 struct fsverity_read_metadata_arg {
91 __u64 metadata_type;
92 __u64 offset;
93 __u64 length;
94 __u64 buf_ptr;
95 __u64 __reserved;
96 };
97
98 #define FS_IOC_ENABLE_VERITY _IOW('f', 133, struct fsverity_enable_arg)
99 #define FS_IOC_MEASURE_VERITY _IOWR('f', 134, struct fsverity_digest)
100 #define FS_IOC_READ_VERITY_METADATA \
101 _IOWR('f', 135, struct fsverity_read_metadata_arg)
102
103 #endif /* _UAPI_LINUX_FSVERITY_H */
104
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.