1
2
3
4
5
6
7
8#ifndef _UAPI_LINUX_FSCRYPT_H
9#define _UAPI_LINUX_FSCRYPT_H
10
11#include <linux/ioctl.h>
12#include <linux/types.h>
13
14
15#define FSCRYPT_POLICY_FLAGS_PAD_4 0x00
16#define FSCRYPT_POLICY_FLAGS_PAD_8 0x01
17#define FSCRYPT_POLICY_FLAGS_PAD_16 0x02
18#define FSCRYPT_POLICY_FLAGS_PAD_32 0x03
19#define FSCRYPT_POLICY_FLAGS_PAD_MASK 0x03
20#define FSCRYPT_POLICY_FLAG_DIRECT_KEY 0x04
21#define FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 0x08
22#define FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 0x10
23
24
25#define FSCRYPT_MODE_AES_256_XTS 1
26#define FSCRYPT_MODE_AES_256_CTS 4
27#define FSCRYPT_MODE_AES_128_CBC 5
28#define FSCRYPT_MODE_AES_128_CTS 6
29#define FSCRYPT_MODE_ADIANTUM 9
30
31
32
33
34
35
36
37
38#define FSCRYPT_POLICY_V1 0
39#define FSCRYPT_KEY_DESCRIPTOR_SIZE 8
40struct fscrypt_policy_v1 {
41 __u8 version;
42 __u8 contents_encryption_mode;
43 __u8 filenames_encryption_mode;
44 __u8 flags;
45 __u8 master_key_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];
46};
47
48
49
50
51
52#define FSCRYPT_KEY_DESC_PREFIX "fscrypt:"
53#define FSCRYPT_KEY_DESC_PREFIX_SIZE 8
54#define FSCRYPT_MAX_KEY_SIZE 64
55struct fscrypt_key {
56 __u32 mode;
57 __u8 raw[FSCRYPT_MAX_KEY_SIZE];
58 __u32 size;
59};
60
61
62
63
64#define FSCRYPT_POLICY_V2 2
65#define FSCRYPT_KEY_IDENTIFIER_SIZE 16
66struct fscrypt_policy_v2 {
67 __u8 version;
68 __u8 contents_encryption_mode;
69 __u8 filenames_encryption_mode;
70 __u8 flags;
71 __u8 __reserved[4];
72 __u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];
73};
74
75
76struct fscrypt_get_policy_ex_arg {
77 __u64 policy_size;
78 union {
79 __u8 version;
80 struct fscrypt_policy_v1 v1;
81 struct fscrypt_policy_v2 v2;
82 } policy;
83};
84
85
86
87
88
89#define FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR 1
90
91
92
93
94
95
96#define FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER 2
97
98
99
100
101
102struct fscrypt_key_specifier {
103 __u32 type;
104 __u32 __reserved;
105 union {
106 __u8 __reserved[32];
107 __u8 descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];
108 __u8 identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];
109 } u;
110};
111
112
113
114
115
116struct fscrypt_provisioning_key_payload {
117 __u32 type;
118 __u32 __reserved;
119 __u8 raw[];
120};
121
122
123struct fscrypt_add_key_arg {
124 struct fscrypt_key_specifier key_spec;
125 __u32 raw_size;
126 __u32 key_id;
127 __u32 __reserved[8];
128 __u8 raw[];
129};
130
131
132struct fscrypt_remove_key_arg {
133 struct fscrypt_key_specifier key_spec;
134#define FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY 0x00000001
135#define FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS 0x00000002
136 __u32 removal_status_flags;
137 __u32 __reserved[5];
138};
139
140
141struct fscrypt_get_key_status_arg {
142
143 struct fscrypt_key_specifier key_spec;
144 __u32 __reserved[6];
145
146
147#define FSCRYPT_KEY_STATUS_ABSENT 1
148#define FSCRYPT_KEY_STATUS_PRESENT 2
149#define FSCRYPT_KEY_STATUS_INCOMPLETELY_REMOVED 3
150 __u32 status;
151#define FSCRYPT_KEY_STATUS_FLAG_ADDED_BY_SELF 0x00000001
152 __u32 status_flags;
153 __u32 user_count;
154 __u32 __out_reserved[13];
155};
156
157#define FS_IOC_SET_ENCRYPTION_POLICY _IOR('f', 19, struct fscrypt_policy_v1)
158#define FS_IOC_GET_ENCRYPTION_PWSALT _IOW('f', 20, __u8[16])
159#define FS_IOC_GET_ENCRYPTION_POLICY _IOW('f', 21, struct fscrypt_policy_v1)
160#define FS_IOC_GET_ENCRYPTION_POLICY_EX _IOWR('f', 22, __u8[9])
161#define FS_IOC_ADD_ENCRYPTION_KEY _IOWR('f', 23, struct fscrypt_add_key_arg)
162#define FS_IOC_REMOVE_ENCRYPTION_KEY _IOWR('f', 24, struct fscrypt_remove_key_arg)
163#define FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS _IOWR('f', 25, struct fscrypt_remove_key_arg)
164#define FS_IOC_GET_ENCRYPTION_KEY_STATUS _IOWR('f', 26, struct fscrypt_get_key_status_arg)
165#define FS_IOC_GET_ENCRYPTION_NONCE _IOR('f', 27, __u8[16])
166
167
168
169
170#ifndef __KERNEL__
171#define fscrypt_policy fscrypt_policy_v1
172#define FS_KEY_DESCRIPTOR_SIZE FSCRYPT_KEY_DESCRIPTOR_SIZE
173#define FS_POLICY_FLAGS_PAD_4 FSCRYPT_POLICY_FLAGS_PAD_4
174#define FS_POLICY_FLAGS_PAD_8 FSCRYPT_POLICY_FLAGS_PAD_8
175#define FS_POLICY_FLAGS_PAD_16 FSCRYPT_POLICY_FLAGS_PAD_16
176#define FS_POLICY_FLAGS_PAD_32 FSCRYPT_POLICY_FLAGS_PAD_32
177#define FS_POLICY_FLAGS_PAD_MASK FSCRYPT_POLICY_FLAGS_PAD_MASK
178#define FS_POLICY_FLAG_DIRECT_KEY FSCRYPT_POLICY_FLAG_DIRECT_KEY
179#define FS_POLICY_FLAGS_VALID 0x07
180#define FS_ENCRYPTION_MODE_INVALID 0
181#define FS_ENCRYPTION_MODE_AES_256_XTS FSCRYPT_MODE_AES_256_XTS
182#define FS_ENCRYPTION_MODE_AES_256_GCM 2
183#define FS_ENCRYPTION_MODE_AES_256_CBC 3
184#define FS_ENCRYPTION_MODE_AES_256_CTS FSCRYPT_MODE_AES_256_CTS
185#define FS_ENCRYPTION_MODE_AES_128_CBC FSCRYPT_MODE_AES_128_CBC
186#define FS_ENCRYPTION_MODE_AES_128_CTS FSCRYPT_MODE_AES_128_CTS
187#define FS_ENCRYPTION_MODE_SPECK128_256_XTS 7
188#define FS_ENCRYPTION_MODE_SPECK128_256_CTS 8
189#define FS_ENCRYPTION_MODE_ADIANTUM FSCRYPT_MODE_ADIANTUM
190#define FS_KEY_DESC_PREFIX FSCRYPT_KEY_DESC_PREFIX
191#define FS_KEY_DESC_PREFIX_SIZE FSCRYPT_KEY_DESC_PREFIX_SIZE
192#define FS_MAX_KEY_SIZE FSCRYPT_MAX_KEY_SIZE
193#endif
194
195#endif
196