| /* |
| * fscrypt_private.h |
| * |
| * Copyright (C) 2015, Google, Inc. |
| * |
| * This contains encryption key functions. |
| * |
| * Written by Michael Halcrow, Ildar Muslukhov, and Uday Savagaonkar, 2015. |
| */ |
| |
| #ifndef _FSCRYPT_PRIVATE_H |
| #define _FSCRYPT_PRIVATE_H |
| |
| #ifndef __FS_HAS_ENCRYPTION |
| #define __FS_HAS_ENCRYPTION 1 |
| #endif |
| #include <linux/fscrypt.h> |
| #include <crypto/hash.h> |
| #include <linux/pfk.h> |
| |
| /* Encryption parameters */ |
| #define FS_KEY_DERIVATION_NONCE_SIZE 16 |
| |
| /** |
| * Encryption context for inode |
| * |
| * Protector format: |
| * 1 byte: Protector format (1 = this version) |
| * 1 byte: File contents encryption mode |
| * 1 byte: File names encryption mode |
| * 1 byte: Flags |
| * 8 bytes: Master Key descriptor |
| * 16 bytes: Encryption Key derivation nonce |
| */ |
| struct fscrypt_context { |
| u8 format; |
| u8 contents_encryption_mode; |
| u8 filenames_encryption_mode; |
| u8 flags; |
| u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE]; |
| u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE]; |
| } __packed; |
| |
| #define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1 |
| |
| /** |
| * For encrypted symlinks, the ciphertext length is stored at the beginning |
| * of the string in little-endian format. |
| */ |
| struct fscrypt_symlink_data { |
| __le16 len; |
| char encrypted_path[1]; |
| } __packed; |
| |
| enum ci_type_info { |
| CI_NONE_TYPE = 0, |
| CI_DATA_TYPE, |
| CI_FNAME_TYPE, |
| }; |
| |
| /* |
| * fscrypt_info - the "encryption key" for an inode |
| * |
| * When an encrypted file's key is made available, an instance of this struct is |
| * allocated and stored in ->i_crypt_info. Once created, it remains until the |
| * inode is evicted. |
| */ |
| struct fscrypt_info { |
| /* The actual crypto transform used for encryption and decryption */ |
| struct crypto_skcipher *ci_ctfm; |
| |
| /* |
| * Cipher for ESSIV IV generation. Only set for CBC contents |
| * encryption, otherwise is NULL. |
| */ |
| struct crypto_cipher *ci_essiv_tfm; |
| |
| /* |
| * Encryption mode used for this inode. It corresponds to either |
| * ci_data_mode or ci_filename_mode, depending on the inode type. |
| */ |
| struct fscrypt_mode *ci_mode; |
| |
| /* |
| * If non-NULL, then this inode uses a master key directly rather than a |
| * derived key, and ci_ctfm will equal ci_master_key->mk_ctfm. |
| * Otherwise, this inode uses a derived key. |
| */ |
| struct fscrypt_master_key *ci_master_key; |
| |
| /* fields from the fscrypt_context */ |
| u8 ci_type; |
| u8 ci_data_mode; |
| u8 ci_filename_mode; |
| u8 ci_flags; |
| u8 ci_master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE]; |
| u8 ci_nonce[FS_KEY_DERIVATION_NONCE_SIZE]; |
| u8 ci_raw_key[FS_MAX_KEY_SIZE]; |
| }; |
| |
| typedef enum { |
| FS_DECRYPT = 0, |
| FS_ENCRYPT, |
| } fscrypt_direction_t; |
| |
| #define FS_CTX_REQUIRES_FREE_ENCRYPT_FL 0x00000001 |
| |
| static inline bool fscrypt_valid_enc_modes(u32 contents_mode, |
| u32 filenames_mode) |
| { |
| if (contents_mode == FS_ENCRYPTION_MODE_AES_128_CBC && |
| filenames_mode == FS_ENCRYPTION_MODE_AES_128_CTS) |
| return true; |
| |
| if (contents_mode == FS_ENCRYPTION_MODE_AES_256_XTS && |
| filenames_mode == FS_ENCRYPTION_MODE_AES_256_CTS) |
| return true; |
| |
| if (contents_mode == FS_ENCRYPTION_MODE_PRIVATE && |
| filenames_mode == FS_ENCRYPTION_MODE_AES_256_CTS) |
| return true; |
| |
| if (contents_mode == FS_ENCRYPTION_MODE_ADIANTUM && |
| filenames_mode == FS_ENCRYPTION_MODE_ADIANTUM) |
| return true; |
| |
| return false; |
| } |
| |
| static inline bool is_private_data_mode(struct fscrypt_info *ci) |
| { |
| return ci->ci_type == CI_DATA_TYPE && |
| ci->ci_data_mode == FS_ENCRYPTION_MODE_PRIVATE; |
| } |
| |
| /* crypto.c */ |
| extern struct kmem_cache *fscrypt_info_cachep; |
| extern int fscrypt_initialize(unsigned int cop_flags); |
| extern int fscrypt_crypt_block(const struct inode *inode, |
| fscrypt_direction_t rw, u64 lblk_num, |
| struct page *src_page, struct page *dest_page, |
| unsigned int len, unsigned int offs, |
| gfp_t gfp_flags); |
| extern struct page *fscrypt_alloc_bounce_page(gfp_t gfp_flags); |
| extern const struct dentry_operations fscrypt_d_ops; |
| |
| extern void __printf(3, 4) __cold |
| fscrypt_msg(struct super_block *sb, const char *level, const char *fmt, ...); |
| |
| #define fscrypt_warn(sb, fmt, ...) \ |
| fscrypt_msg(sb, KERN_WARNING, fmt, ##__VA_ARGS__) |
| #define fscrypt_err(sb, fmt, ...) \ |
| fscrypt_msg(sb, KERN_ERR, fmt, ##__VA_ARGS__) |
| |
| #define FSCRYPT_MAX_IV_SIZE 32 |
| |
| union fscrypt_iv { |
| struct { |
| /* logical block number within the file */ |
| __le64 lblk_num; |
| |
| /* per-file nonce; only set in DIRECT_KEY mode */ |
| u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE]; |
| }; |
| u8 raw[FSCRYPT_MAX_IV_SIZE]; |
| }; |
| |
| void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num, |
| const struct fscrypt_info *ci); |
| |
| /* fname.c */ |
| extern int fname_encrypt(struct inode *inode, const struct qstr *iname, |
| u8 *out, unsigned int olen); |
| extern bool fscrypt_fname_encrypted_size(const struct inode *inode, |
| u32 orig_len, u32 max_len, |
| u32 *encrypted_len_ret); |
| |
| /* keyinfo.c */ |
| |
| struct fscrypt_mode { |
| const char *friendly_name; |
| const char *cipher_str; |
| int keysize; |
| int ivsize; |
| bool logged_impl_name; |
| bool needs_essiv; |
| }; |
| |
| extern void __exit fscrypt_essiv_cleanup(void); |
| |
| #endif /* _FSCRYPT_PRIVATE_H */ |