• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * fscrypt_private.h
4  *
5  * Copyright (C) 2015, Google, Inc.
6  *
7  * Originally written by Michael Halcrow, Ildar Muslukhov, and Uday Savagaonkar.
8  * Heavily modified since then.
9  */
10 
11 #ifndef _FSCRYPT_PRIVATE_H
12 #define _FSCRYPT_PRIVATE_H
13 
14 #define FSCRYPT_NEED_OPS
15 #include <linux/fscrypt.h>
16 #include <linux/siphash.h>
17 #include <crypto/hash.h>
18 #include <linux/bio-crypt-ctx.h>
19 
20 #define CONST_STRLEN(str)	(sizeof(str) - 1)
21 
22 #define FSCRYPT_FILE_NONCE_SIZE	16
23 
24 #define FSCRYPT_MIN_KEY_SIZE	16
25 #define FSCRYPT_MAX_HW_WRAPPED_KEY_SIZE	128
26 
27 #define FSCRYPT_CONTEXT_V1	1
28 #define FSCRYPT_CONTEXT_V2	2
29 
30 /* Keep this in sync with include/uapi/linux/fscrypt.h */
31 #define FSCRYPT_MODE_MAX	FSCRYPT_MODE_ADIANTUM
32 
33 struct fscrypt_context_v1 {
34 	u8 version; /* FSCRYPT_CONTEXT_V1 */
35 	u8 contents_encryption_mode;
36 	u8 filenames_encryption_mode;
37 	u8 flags;
38 	u8 master_key_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];
39 	u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
40 };
41 
42 struct fscrypt_context_v2 {
43 	u8 version; /* FSCRYPT_CONTEXT_V2 */
44 	u8 contents_encryption_mode;
45 	u8 filenames_encryption_mode;
46 	u8 flags;
47 	u8 __reserved[4];
48 	u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];
49 	u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
50 };
51 
52 /*
53  * fscrypt_context - the encryption context of an inode
54  *
55  * This is the on-disk equivalent of an fscrypt_policy, stored alongside each
56  * encrypted file usually in a hidden extended attribute.  It contains the
57  * fields from the fscrypt_policy, in order to identify the encryption algorithm
58  * and key with which the file is encrypted.  It also contains a nonce that was
59  * randomly generated by fscrypt itself; this is used as KDF input or as a tweak
60  * to cause different files to be encrypted differently.
61  */
62 union fscrypt_context {
63 	u8 version;
64 	struct fscrypt_context_v1 v1;
65 	struct fscrypt_context_v2 v2;
66 };
67 
68 /*
69  * Return the size expected for the given fscrypt_context based on its version
70  * number, or 0 if the context version is unrecognized.
71  */
fscrypt_context_size(const union fscrypt_context * ctx)72 static inline int fscrypt_context_size(const union fscrypt_context *ctx)
73 {
74 	switch (ctx->version) {
75 	case FSCRYPT_CONTEXT_V1:
76 		BUILD_BUG_ON(sizeof(ctx->v1) != 28);
77 		return sizeof(ctx->v1);
78 	case FSCRYPT_CONTEXT_V2:
79 		BUILD_BUG_ON(sizeof(ctx->v2) != 40);
80 		return sizeof(ctx->v2);
81 	}
82 	return 0;
83 }
84 
85 /* Check whether an fscrypt_context has a recognized version number and size */
fscrypt_context_is_valid(const union fscrypt_context * ctx,int ctx_size)86 static inline bool fscrypt_context_is_valid(const union fscrypt_context *ctx,
87 					    int ctx_size)
88 {
89 	return ctx_size >= 1 && ctx_size == fscrypt_context_size(ctx);
90 }
91 
92 /* Retrieve the context's nonce, assuming the context was already validated */
fscrypt_context_nonce(const union fscrypt_context * ctx)93 static inline const u8 *fscrypt_context_nonce(const union fscrypt_context *ctx)
94 {
95 	switch (ctx->version) {
96 	case FSCRYPT_CONTEXT_V1:
97 		return ctx->v1.nonce;
98 	case FSCRYPT_CONTEXT_V2:
99 		return ctx->v2.nonce;
100 	}
101 	WARN_ON(1);
102 	return NULL;
103 }
104 
105 #undef fscrypt_policy
106 union fscrypt_policy {
107 	u8 version;
108 	struct fscrypt_policy_v1 v1;
109 	struct fscrypt_policy_v2 v2;
110 };
111 
112 /*
113  * Return the size expected for the given fscrypt_policy based on its version
114  * number, or 0 if the policy version is unrecognized.
115  */
fscrypt_policy_size(const union fscrypt_policy * policy)116 static inline int fscrypt_policy_size(const union fscrypt_policy *policy)
117 {
118 	switch (policy->version) {
119 	case FSCRYPT_POLICY_V1:
120 		return sizeof(policy->v1);
121 	case FSCRYPT_POLICY_V2:
122 		return sizeof(policy->v2);
123 	}
124 	return 0;
125 }
126 
127 /* Return the contents encryption mode of a valid encryption policy */
128 static inline u8
fscrypt_policy_contents_mode(const union fscrypt_policy * policy)129 fscrypt_policy_contents_mode(const union fscrypt_policy *policy)
130 {
131 	switch (policy->version) {
132 	case FSCRYPT_POLICY_V1:
133 		return policy->v1.contents_encryption_mode;
134 	case FSCRYPT_POLICY_V2:
135 		return policy->v2.contents_encryption_mode;
136 	}
137 	BUG();
138 }
139 
140 /* Return the filenames encryption mode of a valid encryption policy */
141 static inline u8
fscrypt_policy_fnames_mode(const union fscrypt_policy * policy)142 fscrypt_policy_fnames_mode(const union fscrypt_policy *policy)
143 {
144 	switch (policy->version) {
145 	case FSCRYPT_POLICY_V1:
146 		return policy->v1.filenames_encryption_mode;
147 	case FSCRYPT_POLICY_V2:
148 		return policy->v2.filenames_encryption_mode;
149 	}
150 	BUG();
151 }
152 
153 /* Return the flags (FSCRYPT_POLICY_FLAG*) of a valid encryption policy */
154 static inline u8
fscrypt_policy_flags(const union fscrypt_policy * policy)155 fscrypt_policy_flags(const union fscrypt_policy *policy)
156 {
157 	switch (policy->version) {
158 	case FSCRYPT_POLICY_V1:
159 		return policy->v1.flags;
160 	case FSCRYPT_POLICY_V2:
161 		return policy->v2.flags;
162 	}
163 	BUG();
164 }
165 
166 /*
167  * For encrypted symlinks, the ciphertext length is stored at the beginning
168  * of the string in little-endian format.
169  */
170 struct fscrypt_symlink_data {
171 	__le16 len;
172 	char encrypted_path[1];
173 } __packed;
174 
175 /**
176  * struct fscrypt_prepared_key - a key prepared for actual encryption/decryption
177  * @tfm: crypto API transform object
178  * @blk_key: key for blk-crypto
179  *
180  * Normally only one of the fields will be non-NULL.
181  */
182 struct fscrypt_prepared_key {
183 	struct crypto_skcipher *tfm;
184 #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
185 	struct fscrypt_blk_crypto_key *blk_key;
186 #endif
187 };
188 
189 /*
190  * fscrypt_info - the "encryption key" for an inode
191  *
192  * When an encrypted file's key is made available, an instance of this struct is
193  * allocated and stored in ->i_crypt_info.  Once created, it remains until the
194  * inode is evicted.
195  */
196 struct fscrypt_info {
197 
198 	/* The key in a form prepared for actual encryption/decryption */
199 	struct fscrypt_prepared_key	ci_key;
200 
201 	/* True if the key should be freed when this fscrypt_info is freed */
202 	bool ci_owns_key;
203 
204 #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
205 	/*
206 	 * True if this inode will use inline encryption (blk-crypto) instead of
207 	 * the traditional filesystem-layer encryption.
208 	 */
209 	bool ci_inlinecrypt;
210 #endif
211 
212 	/*
213 	 * Encryption mode used for this inode.  It corresponds to either the
214 	 * contents or filenames encryption mode, depending on the inode type.
215 	 */
216 	struct fscrypt_mode *ci_mode;
217 
218 	/* Back-pointer to the inode */
219 	struct inode *ci_inode;
220 
221 	/*
222 	 * The master key with which this inode was unlocked (decrypted).  This
223 	 * will be NULL if the master key was found in a process-subscribed
224 	 * keyring rather than in the filesystem-level keyring.
225 	 */
226 	struct key *ci_master_key;
227 
228 	/*
229 	 * Link in list of inodes that were unlocked with the master key.
230 	 * Only used when ->ci_master_key is set.
231 	 */
232 	struct list_head ci_master_key_link;
233 
234 	/*
235 	 * If non-NULL, then encryption is done using the master key directly
236 	 * and ci_key will equal ci_direct_key->dk_key.
237 	 */
238 	struct fscrypt_direct_key *ci_direct_key;
239 
240 	/*
241 	 * This inode's hash key for filenames.  This is a 128-bit SipHash-2-4
242 	 * key.  This is only set for directories that use a keyed dirhash over
243 	 * the plaintext filenames -- currently just casefolded directories.
244 	 */
245 	siphash_key_t ci_dirhash_key;
246 	bool ci_dirhash_key_initialized;
247 
248 	/* The encryption policy used by this inode */
249 	union fscrypt_policy ci_policy;
250 
251 	/* This inode's nonce, copied from the fscrypt_context */
252 	u8 ci_nonce[FSCRYPT_FILE_NONCE_SIZE];
253 
254 	/* Hashed inode number.  Only set for IV_INO_LBLK_32 */
255 	u32 ci_hashed_ino;
256 };
257 
258 typedef enum {
259 	FS_DECRYPT = 0,
260 	FS_ENCRYPT,
261 } fscrypt_direction_t;
262 
263 /* crypto.c */
264 extern struct kmem_cache *fscrypt_info_cachep;
265 int fscrypt_initialize(unsigned int cop_flags);
266 int fscrypt_crypt_block(const struct inode *inode, fscrypt_direction_t rw,
267 			u64 lblk_num, struct page *src_page,
268 			struct page *dest_page, unsigned int len,
269 			unsigned int offs, gfp_t gfp_flags);
270 struct page *fscrypt_alloc_bounce_page(gfp_t gfp_flags);
271 
272 void __printf(3, 4) __cold
273 fscrypt_msg(const struct inode *inode, const char *level, const char *fmt, ...);
274 
275 #define fscrypt_warn(inode, fmt, ...)		\
276 	fscrypt_msg((inode), KERN_WARNING, fmt, ##__VA_ARGS__)
277 #define fscrypt_err(inode, fmt, ...)		\
278 	fscrypt_msg((inode), KERN_ERR, fmt, ##__VA_ARGS__)
279 
280 #define FSCRYPT_MAX_IV_SIZE	32
281 
282 union fscrypt_iv {
283 	struct {
284 		/* logical block number within the file */
285 		__le64 lblk_num;
286 
287 		/* per-file nonce; only set in DIRECT_KEY mode */
288 		u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
289 	};
290 	u8 raw[FSCRYPT_MAX_IV_SIZE];
291 	__le64 dun[FSCRYPT_MAX_IV_SIZE / sizeof(__le64)];
292 };
293 
294 void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num,
295 			 const struct fscrypt_info *ci);
296 
297 /* fname.c */
298 int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname,
299 			  u8 *out, unsigned int olen);
300 bool fscrypt_fname_encrypted_size(const struct inode *inode, u32 orig_len,
301 				  u32 max_len, u32 *encrypted_len_ret);
302 
303 /* hkdf.c */
304 
305 struct fscrypt_hkdf {
306 	struct crypto_shash *hmac_tfm;
307 };
308 
309 int fscrypt_init_hkdf(struct fscrypt_hkdf *hkdf, const u8 *master_key,
310 		      unsigned int master_key_size);
311 
312 /*
313  * The list of contexts in which fscrypt uses HKDF.  These values are used as
314  * the first byte of the HKDF application-specific info string to guarantee that
315  * info strings are never repeated between contexts.  This ensures that all HKDF
316  * outputs are unique and cryptographically isolated, i.e. knowledge of one
317  * output doesn't reveal another.
318  */
319 #define HKDF_CONTEXT_KEY_IDENTIFIER	1
320 #define HKDF_CONTEXT_PER_FILE_ENC_KEY	2
321 #define HKDF_CONTEXT_DIRECT_KEY		3
322 #define HKDF_CONTEXT_IV_INO_LBLK_64_KEY	4
323 #define HKDF_CONTEXT_DIRHASH_KEY	5
324 #define HKDF_CONTEXT_IV_INO_LBLK_32_KEY	6
325 #define HKDF_CONTEXT_INODE_HASH_KEY	7
326 
327 int fscrypt_hkdf_expand(const struct fscrypt_hkdf *hkdf, u8 context,
328 			const u8 *info, unsigned int infolen,
329 			u8 *okm, unsigned int okmlen);
330 
331 void fscrypt_destroy_hkdf(struct fscrypt_hkdf *hkdf);
332 
333 /* inline_crypt.c */
334 #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
335 extern int fscrypt_select_encryption_impl(struct fscrypt_info *ci,
336 					  bool is_hw_wrapped_key);
337 
338 static inline bool
fscrypt_using_inline_encryption(const struct fscrypt_info * ci)339 fscrypt_using_inline_encryption(const struct fscrypt_info *ci)
340 {
341 	return ci->ci_inlinecrypt;
342 }
343 
344 extern int fscrypt_prepare_inline_crypt_key(
345 					struct fscrypt_prepared_key *prep_key,
346 					const u8 *raw_key,
347 					unsigned int raw_key_size,
348 					bool is_hw_wrapped,
349 					const struct fscrypt_info *ci);
350 
351 extern void fscrypt_destroy_inline_crypt_key(
352 					struct fscrypt_prepared_key *prep_key);
353 
354 extern int fscrypt_derive_raw_secret(struct super_block *sb,
355 				     const u8 *wrapped_key,
356 				     unsigned int wrapped_key_size,
357 				     u8 *raw_secret,
358 				     unsigned int raw_secret_size);
359 
360 /*
361  * Check whether the crypto transform or blk-crypto key has been allocated in
362  * @prep_key, depending on which encryption implementation the file will use.
363  */
364 static inline bool
fscrypt_is_key_prepared(struct fscrypt_prepared_key * prep_key,const struct fscrypt_info * ci)365 fscrypt_is_key_prepared(struct fscrypt_prepared_key *prep_key,
366 			const struct fscrypt_info *ci)
367 {
368 	/*
369 	 * The two smp_load_acquire()'s here pair with the smp_store_release()'s
370 	 * in fscrypt_prepare_inline_crypt_key() and fscrypt_prepare_key().
371 	 * I.e., in some cases (namely, if this prep_key is a per-mode
372 	 * encryption key) another task can publish blk_key or tfm concurrently,
373 	 * executing a RELEASE barrier.  We need to use smp_load_acquire() here
374 	 * to safely ACQUIRE the memory the other task published.
375 	 */
376 	if (fscrypt_using_inline_encryption(ci))
377 		return smp_load_acquire(&prep_key->blk_key) != NULL;
378 	return smp_load_acquire(&prep_key->tfm) != NULL;
379 }
380 
381 #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
382 
fscrypt_select_encryption_impl(struct fscrypt_info * ci,bool is_hw_wrapped_key)383 static inline int fscrypt_select_encryption_impl(struct fscrypt_info *ci,
384 						 bool is_hw_wrapped_key)
385 {
386 	return 0;
387 }
388 
fscrypt_using_inline_encryption(const struct fscrypt_info * ci)389 static inline bool fscrypt_using_inline_encryption(
390 					const struct fscrypt_info *ci)
391 {
392 	return false;
393 }
394 
395 static inline int
fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key * prep_key,const u8 * raw_key,unsigned int raw_key_size,bool is_hw_wrapped,const struct fscrypt_info * ci)396 fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
397 				 const u8 *raw_key, unsigned int raw_key_size,
398 				 bool is_hw_wrapped,
399 				 const struct fscrypt_info *ci)
400 {
401 	WARN_ON(1);
402 	return -EOPNOTSUPP;
403 }
404 
405 static inline void
fscrypt_destroy_inline_crypt_key(struct fscrypt_prepared_key * prep_key)406 fscrypt_destroy_inline_crypt_key(struct fscrypt_prepared_key *prep_key)
407 {
408 }
409 
fscrypt_derive_raw_secret(struct super_block * sb,const u8 * wrapped_key,unsigned int wrapped_key_size,u8 * raw_secret,unsigned int raw_secret_size)410 static inline int fscrypt_derive_raw_secret(struct super_block *sb,
411 					    const u8 *wrapped_key,
412 					    unsigned int wrapped_key_size,
413 					    u8 *raw_secret,
414 					    unsigned int raw_secret_size)
415 {
416 	fscrypt_warn(NULL,
417 		     "kernel built without support for hardware-wrapped keys");
418 	return -EOPNOTSUPP;
419 }
420 
421 static inline bool
fscrypt_is_key_prepared(struct fscrypt_prepared_key * prep_key,const struct fscrypt_info * ci)422 fscrypt_is_key_prepared(struct fscrypt_prepared_key *prep_key,
423 			const struct fscrypt_info *ci)
424 {
425 	return smp_load_acquire(&prep_key->tfm) != NULL;
426 }
427 #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
428 
429 /* keyring.c */
430 
431 /*
432  * fscrypt_master_key_secret - secret key material of an in-use master key
433  */
434 struct fscrypt_master_key_secret {
435 
436 	/*
437 	 * For v2 policy keys: HKDF context keyed by this master key.
438 	 * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).
439 	 */
440 	struct fscrypt_hkdf	hkdf;
441 
442 	/* Size of the raw key in bytes.  Set even if ->raw isn't set. */
443 	u32			size;
444 
445 	/* True if the key in ->raw is a hardware-wrapped key. */
446 	bool			is_hw_wrapped;
447 
448 	/*
449 	 * For v1 policy keys: the raw key.  Wiped for v2 policy keys, unless
450 	 * ->is_hw_wrapped is true, in which case this contains the wrapped key
451 	 * rather than the key with which 'hkdf' was keyed.
452 	 */
453 	u8			raw[FSCRYPT_MAX_HW_WRAPPED_KEY_SIZE];
454 
455 } __randomize_layout;
456 
457 /*
458  * fscrypt_master_key - an in-use master key
459  *
460  * This represents a master encryption key which has been added to the
461  * filesystem and can be used to "unlock" the encrypted files which were
462  * encrypted with it.
463  */
464 struct fscrypt_master_key {
465 
466 	/*
467 	 * The secret key material.  After FS_IOC_REMOVE_ENCRYPTION_KEY is
468 	 * executed, this is wiped and no new inodes can be unlocked with this
469 	 * key; however, there may still be inodes in ->mk_decrypted_inodes
470 	 * which could not be evicted.  As long as some inodes still remain,
471 	 * FS_IOC_REMOVE_ENCRYPTION_KEY can be retried, or
472 	 * FS_IOC_ADD_ENCRYPTION_KEY can add the secret again.
473 	 *
474 	 * Locking: protected by key->sem (outer) and mk_secret_sem (inner).
475 	 * The reason for two locks is that key->sem also protects modifying
476 	 * mk_users, which ranks it above the semaphore for the keyring key
477 	 * type, which is in turn above page faults (via keyring_read).  But
478 	 * sometimes filesystems call fscrypt_get_encryption_info() from within
479 	 * a transaction, which ranks it below page faults.  So we need a
480 	 * separate lock which protects mk_secret but not also mk_users.
481 	 */
482 	struct fscrypt_master_key_secret	mk_secret;
483 	struct rw_semaphore			mk_secret_sem;
484 
485 	/*
486 	 * For v1 policy keys: an arbitrary key descriptor which was assigned by
487 	 * userspace (->descriptor).
488 	 *
489 	 * For v2 policy keys: a cryptographic hash of this key (->identifier).
490 	 */
491 	struct fscrypt_key_specifier		mk_spec;
492 
493 	/*
494 	 * Keyring which contains a key of type 'key_type_fscrypt_user' for each
495 	 * user who has added this key.  Normally each key will be added by just
496 	 * one user, but it's possible that multiple users share a key, and in
497 	 * that case we need to keep track of those users so that one user can't
498 	 * remove the key before the others want it removed too.
499 	 *
500 	 * This is NULL for v1 policy keys; those can only be added by root.
501 	 *
502 	 * Locking: in addition to this keyrings own semaphore, this is
503 	 * protected by the master key's key->sem, so we can do atomic
504 	 * search+insert.  It can also be searched without taking any locks, but
505 	 * in that case the returned key may have already been removed.
506 	 */
507 	struct key		*mk_users;
508 
509 	/*
510 	 * Length of ->mk_decrypted_inodes, plus one if mk_secret is present.
511 	 * Once this goes to 0, the master key is removed from ->s_master_keys.
512 	 * The 'struct fscrypt_master_key' will continue to live as long as the
513 	 * 'struct key' whose payload it is, but we won't let this reference
514 	 * count rise again.
515 	 */
516 	refcount_t		mk_refcount;
517 
518 	/*
519 	 * List of inodes that were unlocked using this key.  This allows the
520 	 * inodes to be evicted efficiently if the key is removed.
521 	 */
522 	struct list_head	mk_decrypted_inodes;
523 	spinlock_t		mk_decrypted_inodes_lock;
524 
525 	/*
526 	 * Per-mode encryption keys for the various types of encryption policies
527 	 * that use them.  Allocated and derived on-demand.
528 	 */
529 	struct fscrypt_prepared_key mk_direct_keys[FSCRYPT_MODE_MAX + 1];
530 	struct fscrypt_prepared_key mk_iv_ino_lblk_64_keys[FSCRYPT_MODE_MAX + 1];
531 	struct fscrypt_prepared_key mk_iv_ino_lblk_32_keys[FSCRYPT_MODE_MAX + 1];
532 
533 	/* Hash key for inode numbers.  Initialized only when needed. */
534 	siphash_key_t		mk_ino_hash_key;
535 	bool			mk_ino_hash_key_initialized;
536 
537 } __randomize_layout;
538 
539 static inline bool
is_master_key_secret_present(const struct fscrypt_master_key_secret * secret)540 is_master_key_secret_present(const struct fscrypt_master_key_secret *secret)
541 {
542 	/*
543 	 * The READ_ONCE() is only necessary for fscrypt_drop_inode() and
544 	 * fscrypt_key_describe().  These run in atomic context, so they can't
545 	 * take ->mk_secret_sem and thus 'secret' can change concurrently which
546 	 * would be a data race.  But they only need to know whether the secret
547 	 * *was* present at the time of check, so READ_ONCE() suffices.
548 	 */
549 	return READ_ONCE(secret->size) != 0;
550 }
551 
master_key_spec_type(const struct fscrypt_key_specifier * spec)552 static inline const char *master_key_spec_type(
553 				const struct fscrypt_key_specifier *spec)
554 {
555 	switch (spec->type) {
556 	case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR:
557 		return "descriptor";
558 	case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER:
559 		return "identifier";
560 	}
561 	return "[unknown]";
562 }
563 
master_key_spec_len(const struct fscrypt_key_specifier * spec)564 static inline int master_key_spec_len(const struct fscrypt_key_specifier *spec)
565 {
566 	switch (spec->type) {
567 	case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR:
568 		return FSCRYPT_KEY_DESCRIPTOR_SIZE;
569 	case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER:
570 		return FSCRYPT_KEY_IDENTIFIER_SIZE;
571 	}
572 	return 0;
573 }
574 
575 struct key *
576 fscrypt_find_master_key(struct super_block *sb,
577 			const struct fscrypt_key_specifier *mk_spec);
578 
579 int fscrypt_add_test_dummy_key(struct super_block *sb,
580 			       struct fscrypt_key_specifier *key_spec);
581 
582 int fscrypt_verify_key_added(struct super_block *sb,
583 			     const u8 identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]);
584 
585 int __init fscrypt_init_keyring(void);
586 
587 /* keysetup.c */
588 
589 struct fscrypt_mode {
590 	const char *friendly_name;
591 	const char *cipher_str;
592 	int keysize;
593 	int ivsize;
594 	enum blk_crypto_mode_num blk_crypto_mode;
595 	int logged_impl_name;
596 };
597 
598 extern struct fscrypt_mode fscrypt_modes[];
599 
600 int fscrypt_prepare_key(struct fscrypt_prepared_key *prep_key,
601 			const u8 *raw_key, unsigned int raw_key_size,
602 			bool is_hw_wrapped, const struct fscrypt_info *ci);
603 
604 void fscrypt_destroy_prepared_key(struct fscrypt_prepared_key *prep_key);
605 
606 int fscrypt_set_per_file_enc_key(struct fscrypt_info *ci, const u8 *raw_key);
607 
608 int fscrypt_derive_dirhash_key(struct fscrypt_info *ci,
609 			       const struct fscrypt_master_key *mk);
610 
611 /* keysetup_v1.c */
612 
613 void fscrypt_put_direct_key(struct fscrypt_direct_key *dk);
614 
615 int fscrypt_setup_v1_file_key(struct fscrypt_info *ci,
616 			      const u8 *raw_master_key);
617 
618 int fscrypt_setup_v1_file_key_via_subscribed_keyrings(struct fscrypt_info *ci);
619 
620 /* policy.c */
621 
622 bool fscrypt_policies_equal(const union fscrypt_policy *policy1,
623 			    const union fscrypt_policy *policy2);
624 bool fscrypt_supported_policy(const union fscrypt_policy *policy_u,
625 			      const struct inode *inode);
626 int fscrypt_policy_from_context(union fscrypt_policy *policy_u,
627 				const union fscrypt_context *ctx_u,
628 				int ctx_size);
629 
630 #endif /* _FSCRYPT_PRIVATE_H */
631