1 /*
2  * Copyright (C) 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef AUTHFS_FSVERITY_METADATA_H
18 #define AUTHFS_FSVERITY_METADATA_H
19 
20 // This file contains the format of fs-verity metadata (.fsv_meta).
21 //
22 // The header format of .fsv_meta is:
23 //
24 // +-----------+---------------------------------------------+------------+
25 // |  Address  |  Description                                |    Size    |
26 // +-----------+---------------------------------------------+------------+
27 // |  0x0000   |  32-bit LE, version of the format           |     4      |
28 // |           |                                             |            |
29 // |  0x0004   |  fsverity_descriptor (see linux/fsverity.h) |    256     |
30 // |           |                                             |            |
31 // |  0x0104   |  32-bit LE, type of signature               |     4      |
32 // |           |  (0: NONE, 1: PKCS7, 2: RAW)                |            |
33 // |           |                                             |            |
34 // |  0x0108   |  32-bit LE, size of signature               |     4      |
35 // |           |                                             |            |
36 // |  0x010C   |  signature                                  | See 0x0108 |
37 // +-----------+---------------------------------------------+------------+
38 //
39 // After the header, merkle tree dump exists at the first 4K boundary. Usually it's 0x1000, but it
40 // could be, for example, 0x2000 or 0x3000, depending on the size of header.
41 //
42 // TODO(b/193113326): sync with build/make/tools/releasetools/fsverity_metadata_generator.py
43 
44 #include <stddef.h>
45 #include <stdint.h>
46 #include <linux/fsverity.h>
47 
48 const uint64_t CHUNK_SIZE = 4096;
49 
50 // Give the macro value a name to export.
51 const uint8_t FSVERITY_HASH_ALG_SHA256 = FS_VERITY_HASH_ALG_SHA256;
52 
53 enum class FSVERITY_SIGNATURE_TYPE : __le32 {
54     NONE = 0,
55     PKCS7 = 1,
56     RAW = 2,
57 };
58 
59 struct fsverity_metadata_header {
60     __le32 version;
61     fsverity_descriptor descriptor;
62     FSVERITY_SIGNATURE_TYPE signature_type;
63     __le32 signature_size;
64 } __attribute__((packed));
65 
66 #endif   // AUTHFS_FSVERITY_METADATA_H
67