1 /* 2 * linux/fs/ext4/ext4_crypto.h 3 * 4 * Copyright (C) 2015, Google, Inc. 5 * 6 * This contains encryption header content for ext4 7 * 8 * Written by Michael Halcrow, 2015. 9 */ 10 11 #ifndef _EXT4_CRYPTO_H 12 #define _EXT4_CRYPTO_H 13 14 #include <linux/fs.h> 15 16 #define EXT4_KEY_DESCRIPTOR_SIZE 8 17 18 /* Policy provided via an ioctl on the topmost directory */ 19 struct ext4_encryption_policy { 20 char version; 21 char contents_encryption_mode; 22 char filenames_encryption_mode; 23 char flags; 24 char master_key_descriptor[EXT4_KEY_DESCRIPTOR_SIZE]; 25 } __attribute__((__packed__)); 26 27 #define EXT4_ENCRYPTION_CONTEXT_FORMAT_V1 1 28 #define EXT4_KEY_DERIVATION_NONCE_SIZE 16 29 30 #define EXT4_POLICY_FLAGS_PAD_4 0x00 31 #define EXT4_POLICY_FLAGS_PAD_8 0x01 32 #define EXT4_POLICY_FLAGS_PAD_16 0x02 33 #define EXT4_POLICY_FLAGS_PAD_32 0x03 34 #define EXT4_POLICY_FLAGS_PAD_MASK 0x03 35 #define EXT4_POLICY_FLAGS_VALID 0x03 36 37 /** 38 * Encryption context for inode 39 * 40 * Protector format: 41 * 1 byte: Protector format (1 = this version) 42 * 1 byte: File contents encryption mode 43 * 1 byte: File names encryption mode 44 * 1 byte: Reserved 45 * 8 bytes: Master Key descriptor 46 * 16 bytes: Encryption Key derivation nonce 47 */ 48 struct ext4_encryption_context { 49 char format; 50 char contents_encryption_mode; 51 char filenames_encryption_mode; 52 char flags; 53 char master_key_descriptor[EXT4_KEY_DESCRIPTOR_SIZE]; 54 char nonce[EXT4_KEY_DERIVATION_NONCE_SIZE]; 55 } __attribute__((__packed__)); 56 57 /* Encryption parameters */ 58 #define EXT4_XTS_TWEAK_SIZE 16 59 #define EXT4_AES_128_ECB_KEY_SIZE 16 60 #define EXT4_AES_256_GCM_KEY_SIZE 32 61 #define EXT4_AES_256_ECB_KEY_SIZE 32 62 #define EXT4_AES_256_CBC_KEY_SIZE 32 63 #define EXT4_AES_256_CTS_KEY_SIZE 32 64 #define EXT4_AES_256_HEH_KEY_SIZE 32 65 #define EXT4_AES_256_XTS_KEY_SIZE 64 66 #define EXT4_MAX_KEY_SIZE 64 67 68 #define EXT4_KEY_DESC_PREFIX "ext4:" 69 #define EXT4_KEY_DESC_PREFIX_SIZE 5 70 71 /* This is passed in from userspace into the kernel keyring */ 72 struct ext4_encryption_key { 73 __u32 mode; 74 char raw[EXT4_MAX_KEY_SIZE]; 75 __u32 size; 76 } __attribute__((__packed__)); 77 78 struct ext4_crypt_info { 79 char ci_data_mode; 80 char ci_filename_mode; 81 char ci_flags; 82 struct crypto_ablkcipher *ci_ctfm; 83 char ci_master_key[EXT4_KEY_DESCRIPTOR_SIZE]; 84 }; 85 86 #define EXT4_CTX_REQUIRES_FREE_ENCRYPT_FL 0x00000001 87 #define EXT4_WRITE_PATH_FL 0x00000002 88 89 struct ext4_crypto_ctx { 90 union { 91 struct { 92 struct page *bounce_page; /* Ciphertext page */ 93 struct page *control_page; /* Original page */ 94 } w; 95 struct { 96 struct bio *bio; 97 struct work_struct work; 98 } r; 99 struct list_head free_list; /* Free list */ 100 }; 101 char flags; /* Flags */ 102 char mode; /* Encryption mode for tfm */ 103 }; 104 105 struct ext4_completion_result { 106 struct completion completion; 107 int res; 108 }; 109 110 #define DECLARE_EXT4_COMPLETION_RESULT(ecr) \ 111 struct ext4_completion_result ecr = { \ 112 COMPLETION_INITIALIZER((ecr).completion), 0 } 113 ext4_encryption_key_size(int mode)114static inline int ext4_encryption_key_size(int mode) 115 { 116 switch (mode) { 117 case EXT4_ENCRYPTION_MODE_AES_256_XTS: 118 return EXT4_AES_256_XTS_KEY_SIZE; 119 case EXT4_ENCRYPTION_MODE_AES_256_GCM: 120 return EXT4_AES_256_GCM_KEY_SIZE; 121 case EXT4_ENCRYPTION_MODE_AES_256_CBC: 122 return EXT4_AES_256_CBC_KEY_SIZE; 123 case EXT4_ENCRYPTION_MODE_AES_256_CTS: 124 return EXT4_AES_256_CTS_KEY_SIZE; 125 case EXT4_ENCRYPTION_MODE_AES_256_HEH: 126 return EXT4_AES_256_HEH_KEY_SIZE; 127 case EXT4_ENCRYPTION_MODE_SPECK128_256_XTS: 128 return 64; 129 case EXT4_ENCRYPTION_MODE_SPECK128_256_CTS: 130 return 32; 131 default: 132 BUG(); 133 } 134 return 0; 135 } 136 137 #define EXT4_FNAME_NUM_SCATTER_ENTRIES 4 138 #define EXT4_CRYPTO_BLOCK_SIZE 16 139 #define EXT4_FNAME_CRYPTO_DIGEST_SIZE 32 140 141 struct ext4_str { 142 unsigned char *name; 143 u32 len; 144 }; 145 146 /** 147 * For encrypted symlinks, the ciphertext length is stored at the beginning 148 * of the string in little-endian format. 149 */ 150 struct ext4_encrypted_symlink_data { 151 __le16 len; 152 char encrypted_path[1]; 153 } __attribute__((__packed__)); 154 155 /** 156 * This function is used to calculate the disk space required to 157 * store a filename of length l in encrypted symlink format. 158 */ encrypted_symlink_data_len(u32 l)159static inline u32 encrypted_symlink_data_len(u32 l) 160 { 161 if (l < EXT4_CRYPTO_BLOCK_SIZE) 162 l = EXT4_CRYPTO_BLOCK_SIZE; 163 return (l + sizeof(struct ext4_encrypted_symlink_data) - 1); 164 } 165 166 #endif /* _EXT4_CRYPTO_H */ 167