@@ -20,26 +20,9 @@
#include <unistd.h>
#include "commands.h"
-#include "fsverity_uapi.h"
+#include "libfsverity.h"
#include "hash_algs.h"
-/*
- * Merkle tree properties. The file measurement is the hash of this structure
- * excluding the signature and with the sig_size field set to 0.
- */
-struct fsverity_descriptor {
- __u8 version; /* must be 1 */
- __u8 hash_algorithm; /* Merkle tree hash algorithm */
- __u8 log_blocksize; /* log2 of size of data and tree blocks */
- __u8 salt_size; /* size of salt in bytes; 0 if none */
- __le32 sig_size; /* size of signature in bytes; 0 if none */
- __le64 data_size; /* size of file the Merkle tree is built over */
- __u8 root_hash[64]; /* Merkle tree root hash */
- __u8 salt[32]; /* salt prepended to each hashed block */
- __u8 __reserved[144]; /* must be 0's */
- __u8 signature[]; /* optional PKCS#7 signature */
-};
-
/*
* Format in which verity file measurements are signed. This is the same as
* 'struct fsverity_digest', except here some magic bytes are prepended to
@@ -13,13 +13,14 @@
#include <stddef.h>
#include <stdint.h>
+#include <linux/types.h>
#define FS_VERITY_HASH_ALG_SHA256 1
#define FS_VERITY_HASH_ALG_SHA512 2
struct libfsverity_merkle_tree_params {
uint16_t version;
- uint16_t hash_algorithm;
+ uint16_t hash_algorithm; /* Matches the digest_algorithm type */
uint32_t block_size;
uint32_t salt_size;
const uint8_t *salt;
@@ -27,6 +28,7 @@ struct libfsverity_merkle_tree_params {
};
struct libfsverity_digest {
+ char magic[8]; /* must be "FSVerity" */
uint16_t digest_algorithm;
uint16_t digest_size;
uint8_t digest[];
@@ -38,4 +40,26 @@ struct libfsverity_signature_params {
uint64_t reserved[11];
};
+/*
+ * Merkle tree properties. The file measurement is the hash of this structure
+ * excluding the signature and with the sig_size field set to 0.
+ */
+struct fsverity_descriptor {
+ uint8_t version; /* must be 1 */
+ uint8_t hash_algorithm; /* Merkle tree hash algorithm */
+ uint8_t log_blocksize; /* log2 of size of data and tree blocks */
+ uint8_t salt_size; /* size of salt in bytes; 0 if none */
+ __le32 sig_size; /* size of signature in bytes; 0 if none */
+ __le64 data_size; /* size of file the Merkle tree is built over */
+ uint8_t root_hash[64]; /* Merkle tree root hash */
+ uint8_t salt[32]; /* salt prepended to each hashed block */
+ uint8_t __reserved[144];/* must be 0's */
+ uint8_t signature[]; /* optional PKCS#7 signature */
+};
+
+int
+libfsverity_compute_digest(int fd,
+ const struct libfsverity_merkle_tree_params *params,
+ struct libfsverity_digest **digest_ret);
+
#endif