summaryrefslogtreecommitdiff
path: root/drivers/md/dm-verity.h
blob: 754e70bb5fe09074a6ed75621046bde4c5dacc33 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
/* SPDX-License-Identifier: GPL-2.0-only */
/*
 * Copyright (C) 2012 Red Hat, Inc.
 * Copyright (C) 2015 Google, Inc.
 *
 * Author: Mikulas Patocka <mpatocka@redhat.com>
 *
 * Based on Chromium dm-verity driver (C) 2011 The Chromium OS Authors
 */

#ifndef DM_VERITY_H
#define DM_VERITY_H

#include <linux/dm-io.h>
#include <linux/dm-bufio.h>
#include <linux/device-mapper.h>
#include <linux/interrupt.h>
#include <crypto/hash.h>

#define DM_VERITY_MAX_LEVELS		63

enum verity_mode {
	DM_VERITY_MODE_EIO,
	DM_VERITY_MODE_LOGGING,
	DM_VERITY_MODE_RESTART,
	DM_VERITY_MODE_PANIC
};

enum verity_block_type {
	DM_VERITY_BLOCK_TYPE_DATA,
	DM_VERITY_BLOCK_TYPE_METADATA
};

struct dm_verity_fec;

struct dm_verity {
	struct dm_dev *data_dev;
	struct dm_dev *hash_dev;
	struct dm_target *ti;
	struct dm_bufio_client *bufio;
	char *alg_name;
	struct crypto_ahash *ahash_tfm; /* either this or shash_tfm is set */
	struct crypto_shash *shash_tfm; /* either this or ahash_tfm is set */
	u8 *root_digest;	/* digest of the root block */
	u8 *salt;		/* salt: its size is salt_size */
	u8 *initial_hashstate;	/* salted initial state, if shash_tfm is set */
	u8 *zero_digest;	/* digest for a zero block */
#ifdef CONFIG_SECURITY
	u8 *root_digest_sig;	/* signature of the root digest */
	unsigned int sig_size;	/* root digest signature size */
#endif /* CONFIG_SECURITY */
	unsigned int salt_size;
	sector_t data_start;	/* data offset in 512-byte sectors */
	sector_t hash_start;	/* hash start in blocks */
	sector_t data_blocks;	/* the number of data blocks */
	sector_t hash_blocks;	/* the number of hash blocks */
	unsigned char data_dev_block_bits;	/* log2(data blocksize) */
	unsigned char hash_dev_block_bits;	/* log2(hash blocksize) */
	unsigned char hash_per_block_bits;	/* log2(hashes in hash block) */
	unsigned char levels;	/* the number of tree levels */
	unsigned char version;
	bool hash_failed:1;	/* set if hash of any block failed */
	bool use_bh_wq:1;	/* try to verify in BH wq before normal work-queue */
	unsigned int digest_size;	/* digest size for the current hash algorithm */
	unsigned int hash_reqsize; /* the size of temporary space for crypto */
	enum verity_mode mode;	/* mode for handling verification errors */
	unsigned int corrupted_errs;/* Number of errors for corrupted blocks */

	struct workqueue_struct *verify_wq;

	/* starting blocks for each tree level. 0 is the lowest level. */
	sector_t hash_level_block[DM_VERITY_MAX_LEVELS];

	struct dm_verity_fec *fec;	/* forward error correction */
	unsigned long *validated_blocks; /* bitset blocks validated */

	char *signature_key_desc; /* signature keyring reference */

	struct dm_io_client *io;
	mempool_t recheck_pool;
};

struct dm_verity_io {
	struct dm_verity *v;

	/* original value of bio->bi_end_io */
	bio_end_io_t *orig_bi_end_io;

	struct bvec_iter iter;

	sector_t block;
	unsigned int n_blocks;
	bool in_bh;

	struct work_struct work;
	struct work_struct bh_work;

	u8 real_digest[HASH_MAX_DIGESTSIZE];
	u8 want_digest[HASH_MAX_DIGESTSIZE];

	/*
	 * This struct is followed by a variable-sized hash request of size
	 * v->hash_reqsize, either a struct ahash_request or a struct shash_desc
	 * (depending on whether ahash_tfm or shash_tfm is being used).  To
	 * access it, use verity_io_hash_req().
	 */
};

static inline void *verity_io_hash_req(struct dm_verity *v,
				       struct dm_verity_io *io)
{
	return io + 1;
}

static inline u8 *verity_io_real_digest(struct dm_verity *v,
					struct dm_verity_io *io)
{
	return io->real_digest;
}

static inline u8 *verity_io_want_digest(struct dm_verity *v,
					struct dm_verity_io *io)
{
	return io->want_digest;
}

extern int verity_hash(struct dm_verity *v, struct dm_verity_io *io,
		       const u8 *data, size_t len, u8 *digest, bool may_sleep);

extern int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io,
				 sector_t block, u8 *digest, bool *is_zero);

extern bool dm_is_verity_target(struct dm_target *ti);
extern int dm_verity_get_mode(struct dm_target *ti);
extern int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest,
				     unsigned int *digest_size);

#endif /* DM_VERITY_H */