2 * linux/fs/ext4/ext4_crypto.h
4 * Copyright (C) 2015, Google, Inc.
6 * This contains encryption header content for ext4
8 * Written by Michael Halcrow, 2015.
11 #ifndef _EXT4_CRYPTO_H
12 #define _EXT4_CRYPTO_H
16 #define EXT4_KEY_DESCRIPTOR_SIZE 8
18 /* Policy provided via an ioctl on the topmost directory */
19 struct ext4_encryption_policy {
21 char contents_encryption_mode;
22 char filenames_encryption_mode;
23 char master_key_descriptor[EXT4_KEY_DESCRIPTOR_SIZE];
24 } __attribute__((__packed__));
26 #define EXT4_ENCRYPTION_CONTEXT_FORMAT_V1 1
27 #define EXT4_KEY_DERIVATION_NONCE_SIZE 16
30 * Encryption context for inode
33 * 1 byte: Protector format (1 = this version)
34 * 1 byte: File contents encryption mode
35 * 1 byte: File names encryption mode
37 * 8 bytes: Master Key descriptor
38 * 16 bytes: Encryption Key derivation nonce
40 struct ext4_encryption_context {
42 char contents_encryption_mode;
43 char filenames_encryption_mode;
45 char master_key_descriptor[EXT4_KEY_DESCRIPTOR_SIZE];
46 char nonce[EXT4_KEY_DERIVATION_NONCE_SIZE];
47 } __attribute__((__packed__));
49 /* Encryption parameters */
50 #define EXT4_XTS_TWEAK_SIZE 16
51 #define EXT4_AES_128_ECB_KEY_SIZE 16
52 #define EXT4_AES_256_GCM_KEY_SIZE 32
53 #define EXT4_AES_256_CBC_KEY_SIZE 32
54 #define EXT4_AES_256_CTS_KEY_SIZE 32
55 #define EXT4_AES_256_XTS_KEY_SIZE 64
56 #define EXT4_MAX_KEY_SIZE 64
58 struct ext4_encryption_key {
60 char raw[EXT4_MAX_KEY_SIZE];
64 #define EXT4_CTX_REQUIRES_FREE_ENCRYPT_FL 0x00000001
65 #define EXT4_BOUNCE_PAGE_REQUIRES_FREE_ENCRYPT_FL 0x00000002
67 struct ext4_crypto_ctx {
68 struct crypto_tfm *tfm; /* Crypto API context */
69 struct page *bounce_page; /* Ciphertext page on write path */
70 struct page *control_page; /* Original page on write path */
71 struct bio *bio; /* The bio for this context */
72 struct work_struct work; /* Work queue for read complete path */
73 struct list_head free_list; /* Free list */
74 int flags; /* Flags */
75 int mode; /* Encryption mode for tfm */
78 struct ext4_completion_result {
79 struct completion completion;
83 #define DECLARE_EXT4_COMPLETION_RESULT(ecr) \
84 struct ext4_completion_result ecr = { \
85 COMPLETION_INITIALIZER((ecr).completion), 0 }
87 static inline int ext4_encryption_key_size(int mode)
90 case EXT4_ENCRYPTION_MODE_AES_256_XTS:
91 return EXT4_AES_256_XTS_KEY_SIZE;
92 case EXT4_ENCRYPTION_MODE_AES_256_GCM:
93 return EXT4_AES_256_GCM_KEY_SIZE;
94 case EXT4_ENCRYPTION_MODE_AES_256_CBC:
95 return EXT4_AES_256_CBC_KEY_SIZE;
96 case EXT4_ENCRYPTION_MODE_AES_256_CTS:
97 return EXT4_AES_256_CTS_KEY_SIZE;
104 #endif /* _EXT4_CRYPTO_H */