diff options
| author | Paul Lawrence <paullawrence@google.com> | 2020-03-13 12:38:35 -0700 |
|---|---|---|
| committer | Paul Lawrence <paullawrence@google.com> | 2020-03-18 10:11:34 -0700 |
| commit | 758073bec37716c23f4711fbed1bd4b9a21cbb96 (patch) | |
| tree | 6882c5c439da1f4bcb713cb7f824d68438ff17b8 /include/uapi | |
| parent | 8118f34d9664148a08f77f40a47b39f819e941ee (diff) | |
ANDROID: Incremental fs: Remove signature checks from kernel
Test: selftests pass
Bug: 133435829
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: Ia7e69b1b0176202da4b418ea815b370cbdacd5c2
Diffstat (limited to 'include/uapi')
| -rw-r--r-- | include/uapi/linux/incrementalfs.h | 69 |
1 files changed, 24 insertions, 45 deletions
diff --git a/include/uapi/linux/incrementalfs.h b/include/uapi/linux/incrementalfs.h index 81947ded482e..2efc53f591ef 100644 --- a/include/uapi/linux/incrementalfs.h +++ b/include/uapi/linux/incrementalfs.h @@ -35,6 +35,8 @@ #define INCFS_XATTR_METADATA_NAME (XATTR_USER_PREFIX "incfs.metadata") #define INCFS_MAX_SIGNATURE_SIZE 8096 +#define INCFS_SIGNATURE_VERSION 2 +#define INCFS_SIGNATURE_SECTIONS 2 #define INCFS_IOCTL_BASE_CODE 'g' @@ -142,48 +144,6 @@ enum incfs_hash_tree_algorithm { INCFS_HASH_TREE_SHA256 = 1 }; -struct incfs_file_signature_info { - /* - * A pointer to file's root hash (if determined != 0) - * Actual hash size determined by hash_tree_alg. - * Size of the buffer should be at least INCFS_MAX_HASH_SIZE - * - * Equivalent to: u8 *root_hash; - */ - __aligned_u64 root_hash; - - /* - * A pointer to additional data that was attached to the root hash - * before signing. - * - * Equivalent to: u8 *additional_data; - */ - __aligned_u64 additional_data; - - /* Size of additional data. */ - __u32 additional_data_size; - - /* Reserved - must be 0 */ - __u32 reserved1; - - /* - * A pointer to pkcs7 signature DER blob. - * - * Equivalent to: u8 *signature; - */ - __aligned_u64 signature; - - - /* Size of pkcs7 signature DER blob */ - __u32 signature_size; - - /* Reserved - must be 0 */ - __u32 reserved2; - - /* Value from incfs_hash_tree_algorithm */ - __u8 hash_tree_alg; -}; - /* * Create a new file or directory. */ @@ -240,11 +200,30 @@ struct incfs_new_file_args { /* Reserved - must be 0 */ __u32 reserved4; - /* struct incfs_file_signature_info *signature_info; */ + /* + * Points to an APK V4 Signature data blob + * Signature must have two sections + * Format is: + * u32 version + * u32 size_of_hash_info_section + * u8 hash_info_section[] + * u32 size_of_signing_info_section + * u8 signing_info_section[] + * + * Note that incfs does not care about what is in signing_info_section + * + * hash_info_section has following format: + * u32 hash_algorithm; // Must be SHA256 == 1 + * u8 log2_blocksize; // Must be 12 for 4096 byte blocks + * u32 salt_size; + * u8 salt[]; + * u32 hash_size; + * u8 root_hash[]; + */ __aligned_u64 signature_info; - /* Reserved - must be 0 */ - __aligned_u64 reserved5; + /* Size of signature_info */ + __aligned_u64 signature_size; /* Reserved - must be 0 */ __aligned_u64 reserved6; |