1
2
3
4
5
6
7
8
9
10
11
12#ifndef _FSCRYPT_PRIVATE_H
13#define _FSCRYPT_PRIVATE_H
14
15#define __FS_HAS_ENCRYPTION 1
16#include <linux/fscrypt.h>
17#include <crypto/hash.h>
18
19
20#define FS_KEY_DERIVATION_NONCE_SIZE 16
21
22
23
24
25
26
27
28
29
30
31
32
33struct fscrypt_context {
34 u8 format;
35 u8 contents_encryption_mode;
36 u8 filenames_encryption_mode;
37 u8 flags;
38 u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];
39 u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
40} __packed;
41
42#define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1
43
44
45
46
47
48struct fscrypt_symlink_data {
49 __le16 len;
50 char encrypted_path[1];
51} __packed;
52
53
54
55
56
57
58
59
60struct fscrypt_info {
61
62
63 struct crypto_skcipher *ci_ctfm;
64
65
66
67
68
69 struct crypto_cipher *ci_essiv_tfm;
70
71
72
73
74
75 struct fscrypt_mode *ci_mode;
76
77
78
79
80
81
82 struct fscrypt_master_key *ci_master_key;
83
84
85 u8 ci_data_mode;
86 u8 ci_filename_mode;
87 u8 ci_flags;
88 u8 ci_master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];
89 u8 ci_nonce[FS_KEY_DERIVATION_NONCE_SIZE];
90};
91
92typedef enum {
93 FS_DECRYPT = 0,
94 FS_ENCRYPT,
95} fscrypt_direction_t;
96
97#define FS_CTX_REQUIRES_FREE_ENCRYPT_FL 0x00000001
98#define FS_CTX_HAS_BOUNCE_BUFFER_FL 0x00000002
99
100static inline bool fscrypt_valid_enc_modes(u32 contents_mode,
101 u32 filenames_mode)
102{
103 if (contents_mode == FS_ENCRYPTION_MODE_AES_128_CBC &&
104 filenames_mode == FS_ENCRYPTION_MODE_AES_128_CTS)
105 return true;
106
107 if (contents_mode == FS_ENCRYPTION_MODE_AES_256_XTS &&
108 filenames_mode == FS_ENCRYPTION_MODE_AES_256_CTS)
109 return true;
110
111 if (contents_mode == FS_ENCRYPTION_MODE_ADIANTUM &&
112 filenames_mode == FS_ENCRYPTION_MODE_ADIANTUM)
113 return true;
114
115 return false;
116}
117
118
119extern struct kmem_cache *fscrypt_info_cachep;
120extern int fscrypt_initialize(unsigned int cop_flags);
121extern int fscrypt_do_page_crypto(const struct inode *inode,
122 fscrypt_direction_t rw, u64 lblk_num,
123 struct page *src_page,
124 struct page *dest_page,
125 unsigned int len, unsigned int offs,
126 gfp_t gfp_flags);
127extern struct page *fscrypt_alloc_bounce_page(struct fscrypt_ctx *ctx,
128 gfp_t gfp_flags);
129extern const struct dentry_operations fscrypt_d_ops;
130
131extern void __printf(3, 4) __cold
132fscrypt_msg(struct super_block *sb, const char *level, const char *fmt, ...);
133
134#define fscrypt_warn(sb, fmt, ...) \
135 fscrypt_msg(sb, KERN_WARNING, fmt, ##__VA_ARGS__)
136#define fscrypt_err(sb, fmt, ...) \
137 fscrypt_msg(sb, KERN_ERR, fmt, ##__VA_ARGS__)
138
139#define FSCRYPT_MAX_IV_SIZE 32
140
141union fscrypt_iv {
142 struct {
143
144 __le64 lblk_num;
145
146
147 u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
148 };
149 u8 raw[FSCRYPT_MAX_IV_SIZE];
150};
151
152void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num,
153 const struct fscrypt_info *ci);
154
155
156extern int fname_encrypt(struct inode *inode, const struct qstr *iname,
157 u8 *out, unsigned int olen);
158extern bool fscrypt_fname_encrypted_size(const struct inode *inode,
159 u32 orig_len, u32 max_len,
160 u32 *encrypted_len_ret);
161
162
163
164struct fscrypt_mode {
165 const char *friendly_name;
166 const char *cipher_str;
167 int keysize;
168 int ivsize;
169 bool logged_impl_name;
170 bool needs_essiv;
171};
172
173extern void __exit fscrypt_essiv_cleanup(void);
174
175#endif
176