1
2
3
4
5
6
7
8
9
10
11
12#ifndef _FSCRYPT_PRIVATE_H
13#define _FSCRYPT_PRIVATE_H
14
15#include <linux/fscrypt.h>
16#include <crypto/hash.h>
17
18
19#define FS_KEY_DERIVATION_NONCE_SIZE 16
20
21
22
23
24
25
26
27
28
29
30
31
32struct fscrypt_context {
33 u8 format;
34 u8 contents_encryption_mode;
35 u8 filenames_encryption_mode;
36 u8 flags;
37 u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];
38 u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
39} __packed;
40
41#define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1
42
43
44
45
46
47struct fscrypt_symlink_data {
48 __le16 len;
49 char encrypted_path[1];
50} __packed;
51
52
53
54
55
56
57
58
59struct fscrypt_info {
60
61
62 struct crypto_skcipher *ci_ctfm;
63
64
65
66
67
68 struct crypto_cipher *ci_essiv_tfm;
69
70
71
72
73
74 struct fscrypt_mode *ci_mode;
75
76
77
78
79
80
81 struct fscrypt_master_key *ci_master_key;
82
83
84 u8 ci_data_mode;
85 u8 ci_filename_mode;
86 u8 ci_flags;
87 u8 ci_master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];
88 u8 ci_nonce[FS_KEY_DERIVATION_NONCE_SIZE];
89};
90
91typedef enum {
92 FS_DECRYPT = 0,
93 FS_ENCRYPT,
94} fscrypt_direction_t;
95
96#define FS_CTX_REQUIRES_FREE_ENCRYPT_FL 0x00000001
97#define FS_CTX_HAS_BOUNCE_BUFFER_FL 0x00000002
98
99static inline bool fscrypt_valid_enc_modes(u32 contents_mode,
100 u32 filenames_mode)
101{
102 if (contents_mode == FS_ENCRYPTION_MODE_AES_128_CBC &&
103 filenames_mode == FS_ENCRYPTION_MODE_AES_128_CTS)
104 return true;
105
106 if (contents_mode == FS_ENCRYPTION_MODE_AES_256_XTS &&
107 filenames_mode == FS_ENCRYPTION_MODE_AES_256_CTS)
108 return true;
109
110 if (contents_mode == FS_ENCRYPTION_MODE_ADIANTUM &&
111 filenames_mode == FS_ENCRYPTION_MODE_ADIANTUM)
112 return true;
113
114 return false;
115}
116
117
118extern struct kmem_cache *fscrypt_info_cachep;
119extern int fscrypt_initialize(unsigned int cop_flags);
120extern int fscrypt_do_page_crypto(const struct inode *inode,
121 fscrypt_direction_t rw, u64 lblk_num,
122 struct page *src_page,
123 struct page *dest_page,
124 unsigned int len, unsigned int offs,
125 gfp_t gfp_flags);
126extern struct page *fscrypt_alloc_bounce_page(struct fscrypt_ctx *ctx,
127 gfp_t gfp_flags);
128extern const struct dentry_operations fscrypt_d_ops;
129
130extern void __printf(3, 4) __cold
131fscrypt_msg(struct super_block *sb, const char *level, const char *fmt, ...);
132
133#define fscrypt_warn(sb, fmt, ...) \
134 fscrypt_msg(sb, KERN_WARNING, fmt, ##__VA_ARGS__)
135#define fscrypt_err(sb, fmt, ...) \
136 fscrypt_msg(sb, KERN_ERR, fmt, ##__VA_ARGS__)
137
138#define FSCRYPT_MAX_IV_SIZE 32
139
140union fscrypt_iv {
141 struct {
142
143 __le64 lblk_num;
144
145
146 u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
147 };
148 u8 raw[FSCRYPT_MAX_IV_SIZE];
149};
150
151void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num,
152 const struct fscrypt_info *ci);
153
154
155extern int fname_encrypt(struct inode *inode, const struct qstr *iname,
156 u8 *out, unsigned int olen);
157extern bool fscrypt_fname_encrypted_size(const struct inode *inode,
158 u32 orig_len, u32 max_len,
159 u32 *encrypted_len_ret);
160
161
162
163struct fscrypt_mode {
164 const char *friendly_name;
165 const char *cipher_str;
166 int keysize;
167 int ivsize;
168 bool logged_impl_name;
169 bool needs_essiv;
170};
171
172extern void __exit fscrypt_essiv_cleanup(void);
173
174#endif
175