Orange Pi5 kernel

^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) /* SPDX-License-Identifier: GPL-2.0 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * fs-verity: read-only file-based authenticity protection
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Copyright 2019 Google LLC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8) #ifndef _FSVERITY_PRIVATE_H
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) #define _FSVERITY_PRIVATE_H
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #ifdef CONFIG_FS_VERITY_DEBUG
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) #define DEBUG
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #define pr_fmt(fmt) "fs-verity: " fmt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <crypto/sha.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) #include <linux/fsverity.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) #include <linux/mempool.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) struct ahash_request;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24)  * Implementation limit: maximum depth of the Merkle tree.  For now 8 is plenty;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25)  * it's enough for over U64_MAX bytes of data using SHA-256 and 4K blocks.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) #define FS_VERITY_MAX_LEVELS		8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30)  * Largest digest size among all hash algorithms supported by fs-verity.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31)  * Currently assumed to be <= size of fsverity_descriptor::root_hash.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) #define FS_VERITY_MAX_DIGEST_SIZE	SHA512_DIGEST_SIZE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) /* A hash algorithm supported by fs-verity */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) struct fsverity_hash_alg {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 	struct crypto_ahash *tfm; /* hash tfm, allocated on demand */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 	const char *name;	  /* crypto API name, e.g. sha256 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 	unsigned int digest_size; /* digest size in bytes, e.g. 32 for SHA-256 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 	unsigned int block_size;  /* block size in bytes, e.g. 64 for SHA-256 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 	mempool_t req_pool;	  /* mempool with a preallocated hash request */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) /* Merkle tree parameters: hash algorithm, initial hash state, and topology */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) struct merkle_tree_params {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 	struct fsverity_hash_alg *hash_alg; /* the hash algorithm */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 	const u8 *hashstate;		/* initial hash state or NULL */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 	unsigned int digest_size;	/* same as hash_alg->digest_size */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 	unsigned int block_size;	/* size of data and tree blocks */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 	unsigned int hashes_per_block;	/* number of hashes per tree block */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 	unsigned int log_blocksize;	/* log2(block_size) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 	unsigned int log_arity;		/* log2(hashes_per_block) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 	unsigned int num_levels;	/* number of levels in Merkle tree */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 	u64 tree_size;			/* Merkle tree size in bytes */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 	unsigned long level0_blocks;	/* number of blocks in tree level 0 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 	 * Starting block index for each tree level, ordered from leaf level (0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 	 * to root level ('num_levels - 1')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 	u64 level_start[FS_VERITY_MAX_LEVELS];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65)  * fsverity_info - cached verity metadata for an inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67)  * When a verity file is first opened, an instance of this struct is allocated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68)  * and stored in ->i_verity_info; it remains until the inode is evicted.  It
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69)  * caches information about the Merkle tree that's needed to efficiently verify
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70)  * data read from the file.  It also caches the file digest.  The Merkle tree
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71)  * pages themselves are not cached here, but the filesystem may cache them.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) struct fsverity_info {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 	struct merkle_tree_params tree_params;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 	u8 root_hash[FS_VERITY_MAX_DIGEST_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 	u8 file_digest[FS_VERITY_MAX_DIGEST_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 	const struct inode *inode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) /* Arbitrary limit to bound the kmalloc() size.  Can be changed. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) #define FS_VERITY_MAX_DESCRIPTOR_SIZE	16384
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) #define FS_VERITY_MAX_SIGNATURE_SIZE	(FS_VERITY_MAX_DESCRIPTOR_SIZE - \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 					 sizeof(struct fsverity_descriptor))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) /* hash_algs.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) extern struct fsverity_hash_alg fsverity_hash_algs[];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) struct fsverity_hash_alg *fsverity_get_hash_alg(const struct inode *inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 						unsigned int num);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) struct ahash_request *fsverity_alloc_hash_request(struct fsverity_hash_alg *alg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 						  gfp_t gfp_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) void fsverity_free_hash_request(struct fsverity_hash_alg *alg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 				struct ahash_request *req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) const u8 *fsverity_prepare_hash_state(struct fsverity_hash_alg *alg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 				      const u8 *salt, size_t salt_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) int fsverity_hash_page(const struct merkle_tree_params *params,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 		       const struct inode *inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 		       struct ahash_request *req, struct page *page, u8 *out);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) int fsverity_hash_buffer(struct fsverity_hash_alg *alg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 			 const void *data, size_t size, u8 *out);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) void __init fsverity_check_hash_algs(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) /* init.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) void __printf(3, 4) __cold
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) fsverity_msg(const struct inode *inode, const char *level,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 	     const char *fmt, ...);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) #define fsverity_warn(inode, fmt, ...)		\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 	fsverity_msg((inode), KERN_WARNING, fmt, ##__VA_ARGS__)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) #define fsverity_err(inode, fmt, ...)		\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 	fsverity_msg((inode), KERN_ERR, fmt, ##__VA_ARGS__)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) /* open.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 				     const struct inode *inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 				     unsigned int hash_algorithm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 				     unsigned int log_blocksize,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 				     const u8 *salt, size_t salt_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) struct fsverity_info *fsverity_create_info(const struct inode *inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 					   struct fsverity_descriptor *desc,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 					   size_t desc_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) void fsverity_set_info(struct inode *inode, struct fsverity_info *vi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) void fsverity_free_info(struct fsverity_info *vi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) int fsverity_get_descriptor(struct inode *inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 			    struct fsverity_descriptor **desc_ret,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 			    size_t *desc_size_ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) int __init fsverity_init_info_cache(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) void __init fsverity_exit_info_cache(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) /* signature.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) #ifdef CONFIG_FS_VERITY_BUILTIN_SIGNATURES
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) int fsverity_verify_signature(const struct fsverity_info *vi,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 			      const u8 *signature, size_t sig_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) int __init fsverity_init_signature(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) #else /* !CONFIG_FS_VERITY_BUILTIN_SIGNATURES */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) static inline int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) fsverity_verify_signature(const struct fsverity_info *vi,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 			  const u8 *signature, size_t sig_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) static inline int fsverity_init_signature(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) #endif /* !CONFIG_FS_VERITY_BUILTIN_SIGNATURES */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) /* verify.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) int __init fsverity_init_workqueue(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) void __init fsverity_exit_workqueue(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) #endif /* _FSVERITY_PRIVATE_H */