Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 437b086b31801f307e36e6cc887ce32f4df26071 / . / fs / crypto / fscrypt_private.h
blob: 9eea18e0168fa68f299f09930e0e4662aa379ceb [file] [log] [blame]
Hyojun Kim63da4202017-10-06 17:10:08 -0700[diff] [blame]1/*
2 * fscrypt_private.h
3 *
4 * Copyright (C) 2015, Google, Inc.
5 *
6 * This contains encryption key functions.
7 *
8 * Written by Michael Halcrow, Ildar Muslukhov, and Uday Savagaonkar, 2015.
9 */
10
11#ifndef _FSCRYPT_PRIVATE_H
12#define _FSCRYPT_PRIVATE_H
13
Neeraj Soni36c65122018-04-18 21:04:46 +0530[diff] [blame]14#ifndef __FS_HAS_ENCRYPTION
Jaegeuk Kim8dec0742017-06-22 12:14:40 -0700[diff] [blame]15#define __FS_HAS_ENCRYPTION 1
Neeraj Soni36c65122018-04-18 21:04:46 +0530[diff] [blame]16#endif
Jaegeuk Kim8dec0742017-06-22 12:14:40 -0700[diff] [blame]17#include <linux/fscrypt.h>
Hyojun Kim63da4202017-10-06 17:10:08 -0700[diff] [blame]18#include <crypto/hash.h>
Neeraj Soni36c65122018-04-18 21:04:46 +0530[diff] [blame]19#include <linux/pfk.h>
Hyojun Kim63da4202017-10-06 17:10:08 -0700[diff] [blame]20
21/* Encryption parameters */
Eric Biggers56733c62018-04-30 15:51:46 -0700[diff] [blame]22#define FS_KEY_DERIVATION_NONCE_SIZE 16
Hyojun Kim63da4202017-10-06 17:10:08 -0700[diff] [blame]23
24/**
25 * Encryption context for inode
26 *
27 * Protector format:
28 * 1 byte: Protector format (1 = this version)
29 * 1 byte: File contents encryption mode
30 * 1 byte: File names encryption mode
31 * 1 byte: Flags
32 * 8 bytes: Master Key descriptor
33 * 16 bytes: Encryption Key derivation nonce
34 */
35struct fscrypt_context {
36 u8 format;
37 u8 contents_encryption_mode;
38 u8 filenames_encryption_mode;
39 u8 flags;
40 u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];
41 u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
42} __packed;
43
44#define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1
45
Jaegeuk Kimd9197652018-01-05 10:44:52 -0800[diff] [blame]46/**
47 * For encrypted symlinks, the ciphertext length is stored at the beginning
48 * of the string in little-endian format.
49 */
50struct fscrypt_symlink_data {
51 __le16 len;
52 char encrypted_path[1];
53} __packed;
54
jianzhoub62aeea2019-01-16 16:11:43 +0800[diff] [blame]55enum ci_type_info {
56 CI_NONE_TYPE = 0,
57 CI_DATA_TYPE,
58 CI_FNAME_TYPE,
Neeraj Soni36c65122018-04-18 21:04:46 +0530[diff] [blame]59};
60
Hyojun Kim63da4202017-10-06 17:10:08 -0700[diff] [blame]61/*
Eric Biggerse33fa312018-11-26 11:27:37 -0800[diff] [blame]62 * fscrypt_info - the "encryption key" for an inode
63 *
64 * When an encrypted file's key is made available, an instance of this struct is
65 * allocated and stored in ->i_crypt_info. Once created, it remains until the
66 * inode is evicted.
Hyojun Kim63da4202017-10-06 17:10:08 -0700[diff] [blame]67 */
68struct fscrypt_info {
Eric Biggerse33fa312018-11-26 11:27:37 -0800[diff] [blame]69 /* The actual crypto transform used for encryption and decryption */
70 struct crypto_skcipher *ci_ctfm;
71
72 /*
73 * Cipher for ESSIV IV generation. Only set for CBC contents
74 * encryption, otherwise is NULL.
75 */
76 struct crypto_cipher *ci_essiv_tfm;
77
78 /*
79 * Encryption mode used for this inode. It corresponds to either
80 * ci_data_mode or ci_filename_mode, depending on the inode type.
81 */
82 struct fscrypt_mode *ci_mode;
83
84 /*
85 * If non-NULL, then this inode uses a master key directly rather than a
86 * derived key, and ci_ctfm will equal ci_master_key->mk_ctfm.
87 * Otherwise, this inode uses a derived key.
88 */
89 struct fscrypt_master_key *ci_master_key;
90
91 /* fields from the fscrypt_context */
jianzhoub62aeea2019-01-16 16:11:43 +0800[diff] [blame]92 u8 ci_type;
Hyojun Kim63da4202017-10-06 17:10:08 -0700[diff] [blame]93 u8 ci_data_mode;
94 u8 ci_filename_mode;
95 u8 ci_flags;
Eric Biggerse33fa312018-11-26 11:27:37 -0800[diff] [blame]96 u8 ci_master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];
97 u8 ci_nonce[FS_KEY_DERIVATION_NONCE_SIZE];
Neeraj Sonic692cb92018-04-18 17:20:22 +0530[diff] [blame]98 u8 ci_raw_key[FS_MAX_KEY_SIZE];
Hyojun Kim63da4202017-10-06 17:10:08 -0700[diff] [blame]99};
100
101typedef enum {
102 FS_DECRYPT = 0,
103 FS_ENCRYPT,
104} fscrypt_direction_t;
105
106#define FS_CTX_REQUIRES_FREE_ENCRYPT_FL 0x00000001
107#define FS_CTX_HAS_BOUNCE_BUFFER_FL 0x00000002
108
Jaegeuk Kimd9197652018-01-05 10:44:52 -0800[diff] [blame]109static inline bool fscrypt_valid_enc_modes(u32 contents_mode,
110 u32 filenames_mode)
111{
112 if (contents_mode == FS_ENCRYPTION_MODE_AES_128_CBC &&
113 filenames_mode == FS_ENCRYPTION_MODE_AES_128_CTS)
114 return true;
115
116 if (contents_mode == FS_ENCRYPTION_MODE_AES_256_XTS &&
117 filenames_mode == FS_ENCRYPTION_MODE_AES_256_CTS)
118 return true;
119
Neeraj Soni07c3e612018-07-23 14:26:53 +0530[diff] [blame]120 if (contents_mode == FS_ENCRYPTION_MODE_PRIVATE &&
121 filenames_mode == FS_ENCRYPTION_MODE_AES_256_CTS)
Neeraj Sonic692cb92018-04-18 17:20:22 +0530[diff] [blame]122 return true;
jianzhoub62aeea2019-01-16 16:11:43 +0800[diff] [blame]123
Eric Biggerse33fa312018-11-26 11:27:37 -0800[diff] [blame]124 if (contents_mode == FS_ENCRYPTION_MODE_ADIANTUM &&
125 filenames_mode == FS_ENCRYPTION_MODE_ADIANTUM)
126 return true;
127
Jaegeuk Kimd9197652018-01-05 10:44:52 -0800[diff] [blame]128 return false;
129}
130
Neeraj Soni36c65122018-04-18 21:04:46 +0530[diff] [blame]131static inline bool is_private_data_mode(struct fscrypt_info *ci)
132{
jianzhoub62aeea2019-01-16 16:11:43 +0800[diff] [blame]133 return ci->ci_type == CI_DATA_TYPE &&
Neeraj Soni36c65122018-04-18 21:04:46 +0530[diff] [blame]134 ci->ci_data_mode == FS_ENCRYPTION_MODE_PRIVATE;
135}
136
Hyojun Kim63da4202017-10-06 17:10:08 -0700[diff] [blame]137/* crypto.c */
Jaegeuk Kimd9197652018-01-05 10:44:52 -0800[diff] [blame]138extern struct kmem_cache *fscrypt_info_cachep;
Hyojun Kim63da4202017-10-06 17:10:08 -0700[diff] [blame]139extern int fscrypt_initialize(unsigned int cop_flags);
Hyojun Kim63da4202017-10-06 17:10:08 -0700[diff] [blame]140extern int fscrypt_do_page_crypto(const struct inode *inode,
141 fscrypt_direction_t rw, u64 lblk_num,
142 struct page *src_page,
143 struct page *dest_page,
144 unsigned int len, unsigned int offs,
145 gfp_t gfp_flags);
146extern struct page *fscrypt_alloc_bounce_page(struct fscrypt_ctx *ctx,
147 gfp_t gfp_flags);
Eric Biggers38660252018-04-30 15:51:36 -0700[diff] [blame]148extern const struct dentry_operations fscrypt_d_ops;
Jaegeuk Kime6b120d2017-07-10 12:55:09 -0700[diff] [blame]149
Eric Biggers78275d82018-04-30 15:51:47 -0700[diff] [blame]150extern void __printf(3, 4) __cold
151fscrypt_msg(struct super_block *sb, const char *level, const char *fmt, ...);
152
153#define fscrypt_warn(sb, fmt, ...) \
154 fscrypt_msg(sb, KERN_WARNING, fmt, ##__VA_ARGS__)
155#define fscrypt_err(sb, fmt, ...) \
156 fscrypt_msg(sb, KERN_ERR, fmt, ##__VA_ARGS__)
Hyojun Kim63da4202017-10-06 17:10:08 -0700[diff] [blame]157
Eric Biggerse33fa312018-11-26 11:27:37 -0800[diff] [blame]158#define FSCRYPT_MAX_IV_SIZE 32
159
160union fscrypt_iv {
161 struct {
162 /* logical block number within the file */
163 __le64 lblk_num;
164
165 /* per-file nonce; only set in DIRECT_KEY mode */
166 u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
167 };
168 u8 raw[FSCRYPT_MAX_IV_SIZE];
169};
170
171void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num,
172 const struct fscrypt_info *ci);
173
Jaegeuk Kimd9197652018-01-05 10:44:52 -0800[diff] [blame]174/* fname.c */
175extern int fname_encrypt(struct inode *inode, const struct qstr *iname,
176 u8 *out, unsigned int olen);
177extern bool fscrypt_fname_encrypted_size(const struct inode *inode,
178 u32 orig_len, u32 max_len,
179 u32 *encrypted_len_ret);
180
Hyojun Kim63da4202017-10-06 17:10:08 -0700[diff] [blame]181/* keyinfo.c */
Eric Biggerse33fa312018-11-26 11:27:37 -0800[diff] [blame]182
183struct fscrypt_mode {
184 const char *friendly_name;
185 const char *cipher_str;
186 int keysize;
187 int ivsize;
188 bool logged_impl_name;
189 bool needs_essiv;
190};
191
Hyojun Kim63da4202017-10-06 17:10:08 -0700[diff] [blame]192extern void __exit fscrypt_essiv_cleanup(void);
193
194#endif /* _FSCRYPT_PRIVATE_H */