xref: /openbmc/linux/fs/crypto/fscrypt_private.h (revision cc4e0df038ddb73510c01712abf302b3f0130147) 
13325bea5STheodore Ts'o /*
23325bea5STheodore Ts'o  * fscrypt_private.h
33325bea5STheodore Ts'o  *
43325bea5STheodore Ts'o  * Copyright (C) 2015, Google, Inc.
53325bea5STheodore Ts'o  *
63325bea5STheodore Ts'o  * This contains encryption key functions.
73325bea5STheodore Ts'o  *
83325bea5STheodore Ts'o  * Written by Michael Halcrow, Ildar Muslukhov, and Uday Savagaonkar, 2015.
93325bea5STheodore Ts'o  */
103325bea5STheodore Ts'o 
113325bea5STheodore Ts'o #ifndef _FSCRYPT_PRIVATE_H
123325bea5STheodore Ts'o #define _FSCRYPT_PRIVATE_H
133325bea5STheodore Ts'o 
143325bea5STheodore Ts'o #include <linux/fscrypto.h>
153325bea5STheodore Ts'o 
16*cc4e0df0STheodore Ts'o #define FS_FNAME_CRYPTO_DIGEST_SIZE	32
17*cc4e0df0STheodore Ts'o 
18*cc4e0df0STheodore Ts'o /* Encryption parameters */
19*cc4e0df0STheodore Ts'o #define FS_XTS_TWEAK_SIZE		16
20*cc4e0df0STheodore Ts'o #define FS_AES_128_ECB_KEY_SIZE		16
21*cc4e0df0STheodore Ts'o #define FS_AES_256_GCM_KEY_SIZE		32
22*cc4e0df0STheodore Ts'o #define FS_AES_256_CBC_KEY_SIZE		32
23*cc4e0df0STheodore Ts'o #define FS_AES_256_CTS_KEY_SIZE		32
24*cc4e0df0STheodore Ts'o #define FS_AES_256_XTS_KEY_SIZE		64
25*cc4e0df0STheodore Ts'o #define FS_MAX_KEY_SIZE			64
26*cc4e0df0STheodore Ts'o 
27*cc4e0df0STheodore Ts'o #define FS_KEY_DESC_PREFIX		"fscrypt:"
28*cc4e0df0STheodore Ts'o #define FS_KEY_DESC_PREFIX_SIZE		8
29*cc4e0df0STheodore Ts'o 
30*cc4e0df0STheodore Ts'o #define FS_KEY_DERIVATION_NONCE_SIZE		16
31*cc4e0df0STheodore Ts'o 
32*cc4e0df0STheodore Ts'o /**
33*cc4e0df0STheodore Ts'o  * Encryption context for inode
34*cc4e0df0STheodore Ts'o  *
35*cc4e0df0STheodore Ts'o  * Protector format:
36*cc4e0df0STheodore Ts'o  *  1 byte: Protector format (1 = this version)
37*cc4e0df0STheodore Ts'o  *  1 byte: File contents encryption mode
38*cc4e0df0STheodore Ts'o  *  1 byte: File names encryption mode
39*cc4e0df0STheodore Ts'o  *  1 byte: Flags
40*cc4e0df0STheodore Ts'o  *  8 bytes: Master Key descriptor
41*cc4e0df0STheodore Ts'o  *  16 bytes: Encryption Key derivation nonce
42*cc4e0df0STheodore Ts'o  */
43*cc4e0df0STheodore Ts'o struct fscrypt_context {
44*cc4e0df0STheodore Ts'o 	u8 format;
45*cc4e0df0STheodore Ts'o 	u8 contents_encryption_mode;
46*cc4e0df0STheodore Ts'o 	u8 filenames_encryption_mode;
47*cc4e0df0STheodore Ts'o 	u8 flags;
48*cc4e0df0STheodore Ts'o 	u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];
49*cc4e0df0STheodore Ts'o 	u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
50*cc4e0df0STheodore Ts'o } __packed;
51*cc4e0df0STheodore Ts'o 
52*cc4e0df0STheodore Ts'o #define FS_ENCRYPTION_CONTEXT_FORMAT_V1		1
53*cc4e0df0STheodore Ts'o 
54*cc4e0df0STheodore Ts'o /* This is passed in from userspace into the kernel keyring */
55*cc4e0df0STheodore Ts'o struct fscrypt_key {
56*cc4e0df0STheodore Ts'o 	u32 mode;
57*cc4e0df0STheodore Ts'o 	u8 raw[FS_MAX_KEY_SIZE];
58*cc4e0df0STheodore Ts'o 	u32 size;
59*cc4e0df0STheodore Ts'o } __packed;
60*cc4e0df0STheodore Ts'o 
61*cc4e0df0STheodore Ts'o /*
62*cc4e0df0STheodore Ts'o  * A pointer to this structure is stored in the file system's in-core
63*cc4e0df0STheodore Ts'o  * representation of an inode.
64*cc4e0df0STheodore Ts'o  */
65*cc4e0df0STheodore Ts'o struct fscrypt_info {
66*cc4e0df0STheodore Ts'o 	u8 ci_data_mode;
67*cc4e0df0STheodore Ts'o 	u8 ci_filename_mode;
68*cc4e0df0STheodore Ts'o 	u8 ci_flags;
69*cc4e0df0STheodore Ts'o 	struct crypto_skcipher *ci_ctfm;
70*cc4e0df0STheodore Ts'o 	struct key *ci_keyring_key;
71*cc4e0df0STheodore Ts'o 	u8 ci_master_key[FS_KEY_DESCRIPTOR_SIZE];
72*cc4e0df0STheodore Ts'o };
73*cc4e0df0STheodore Ts'o 
74*cc4e0df0STheodore Ts'o #define FS_CTX_REQUIRES_FREE_ENCRYPT_FL		0x00000001
75*cc4e0df0STheodore Ts'o #define FS_WRITE_PATH_FL			0x00000002
76*cc4e0df0STheodore Ts'o 
77*cc4e0df0STheodore Ts'o struct fscrypt_completion_result {
78*cc4e0df0STheodore Ts'o 	struct completion completion;
79*cc4e0df0STheodore Ts'o 	int res;
80*cc4e0df0STheodore Ts'o };
81*cc4e0df0STheodore Ts'o 
82*cc4e0df0STheodore Ts'o #define DECLARE_FS_COMPLETION_RESULT(ecr) \
83*cc4e0df0STheodore Ts'o 	struct fscrypt_completion_result ecr = { \
84*cc4e0df0STheodore Ts'o 		COMPLETION_INITIALIZER((ecr).completion), 0 }
85*cc4e0df0STheodore Ts'o 
86*cc4e0df0STheodore Ts'o 
87b98701dfSTheodore Ts'o /* crypto.c */
88b98701dfSTheodore Ts'o int fscrypt_initialize(void);
89b98701dfSTheodore Ts'o 
903325bea5STheodore Ts'o /* keyinfo.c */
913325bea5STheodore Ts'o extern int fscrypt_get_crypt_info(struct inode *);
923325bea5STheodore Ts'o 
933325bea5STheodore Ts'o #endif /* _FSCRYPT_PRIVATE_H */
94