Commit | Line | Data |
---|---|---|
9bd8212f MH |
1 | /* |
2 | * linux/fs/ext4/ext4_crypto.h | |
3 | * | |
4 | * Copyright (C) 2015, Google, Inc. | |
5 | * | |
6 | * This contains encryption header content for ext4 | |
7 | * | |
8 | * Written by Michael Halcrow, 2015. | |
9 | */ | |
10 | ||
11 | #ifndef _EXT4_CRYPTO_H | |
12 | #define _EXT4_CRYPTO_H | |
13 | ||
14 | #include <linux/fs.h> | |
15 | ||
16 | #define EXT4_KEY_DESCRIPTOR_SIZE 8 | |
17 | ||
18 | /* Policy provided via an ioctl on the topmost directory */ | |
19 | struct ext4_encryption_policy { | |
20 | char version; | |
21 | char contents_encryption_mode; | |
22 | char filenames_encryption_mode; | |
23 | char master_key_descriptor[EXT4_KEY_DESCRIPTOR_SIZE]; | |
24 | } __attribute__((__packed__)); | |
25 | ||
26 | #define EXT4_ENCRYPTION_CONTEXT_FORMAT_V1 1 | |
27 | #define EXT4_KEY_DERIVATION_NONCE_SIZE 16 | |
28 | ||
29 | /** | |
30 | * Encryption context for inode | |
31 | * | |
32 | * Protector format: | |
33 | * 1 byte: Protector format (1 = this version) | |
34 | * 1 byte: File contents encryption mode | |
35 | * 1 byte: File names encryption mode | |
36 | * 1 byte: Reserved | |
37 | * 8 bytes: Master Key descriptor | |
38 | * 16 bytes: Encryption Key derivation nonce | |
39 | */ | |
40 | struct ext4_encryption_context { | |
41 | char format; | |
42 | char contents_encryption_mode; | |
43 | char filenames_encryption_mode; | |
44 | char reserved; | |
45 | char master_key_descriptor[EXT4_KEY_DESCRIPTOR_SIZE]; | |
46 | char nonce[EXT4_KEY_DERIVATION_NONCE_SIZE]; | |
47 | } __attribute__((__packed__)); | |
48 | ||
b30ab0e0 MH |
49 | /* Encryption parameters */ |
50 | #define EXT4_XTS_TWEAK_SIZE 16 | |
51 | #define EXT4_AES_128_ECB_KEY_SIZE 16 | |
52 | #define EXT4_AES_256_GCM_KEY_SIZE 32 | |
53 | #define EXT4_AES_256_CBC_KEY_SIZE 32 | |
54 | #define EXT4_AES_256_CTS_KEY_SIZE 32 | |
55 | #define EXT4_AES_256_XTS_KEY_SIZE 64 | |
56 | #define EXT4_MAX_KEY_SIZE 64 | |
57 | ||
88bd6ccd MH |
58 | #define EXT4_KEY_DESC_PREFIX "ext4:" |
59 | #define EXT4_KEY_DESC_PREFIX_SIZE 5 | |
60 | ||
b30ab0e0 MH |
61 | struct ext4_encryption_key { |
62 | uint32_t mode; | |
63 | char raw[EXT4_MAX_KEY_SIZE]; | |
64 | uint32_t size; | |
65 | }; | |
66 | ||
67 | #define EXT4_CTX_REQUIRES_FREE_ENCRYPT_FL 0x00000001 | |
68 | #define EXT4_BOUNCE_PAGE_REQUIRES_FREE_ENCRYPT_FL 0x00000002 | |
69 | ||
70 | struct ext4_crypto_ctx { | |
71 | struct crypto_tfm *tfm; /* Crypto API context */ | |
72 | struct page *bounce_page; /* Ciphertext page on write path */ | |
73 | struct page *control_page; /* Original page on write path */ | |
74 | struct bio *bio; /* The bio for this context */ | |
75 | struct work_struct work; /* Work queue for read complete path */ | |
76 | struct list_head free_list; /* Free list */ | |
77 | int flags; /* Flags */ | |
78 | int mode; /* Encryption mode for tfm */ | |
79 | }; | |
80 | ||
81 | struct ext4_completion_result { | |
82 | struct completion completion; | |
83 | int res; | |
84 | }; | |
85 | ||
86 | #define DECLARE_EXT4_COMPLETION_RESULT(ecr) \ | |
87 | struct ext4_completion_result ecr = { \ | |
88 | COMPLETION_INITIALIZER((ecr).completion), 0 } | |
89 | ||
90 | static inline int ext4_encryption_key_size(int mode) | |
91 | { | |
92 | switch (mode) { | |
93 | case EXT4_ENCRYPTION_MODE_AES_256_XTS: | |
94 | return EXT4_AES_256_XTS_KEY_SIZE; | |
95 | case EXT4_ENCRYPTION_MODE_AES_256_GCM: | |
96 | return EXT4_AES_256_GCM_KEY_SIZE; | |
97 | case EXT4_ENCRYPTION_MODE_AES_256_CBC: | |
98 | return EXT4_AES_256_CBC_KEY_SIZE; | |
99 | case EXT4_ENCRYPTION_MODE_AES_256_CTS: | |
100 | return EXT4_AES_256_CTS_KEY_SIZE; | |
101 | default: | |
102 | BUG(); | |
103 | } | |
104 | return 0; | |
105 | } | |
106 | ||
d5d0e8c7 MH |
107 | #define EXT4_FNAME_NUM_SCATTER_ENTRIES 4 |
108 | #define EXT4_CRYPTO_BLOCK_SIZE 16 | |
109 | #define EXT4_FNAME_CRYPTO_DIGEST_SIZE 32 | |
110 | ||
111 | struct ext4_str { | |
112 | unsigned char *name; | |
113 | u32 len; | |
114 | }; | |
115 | ||
116 | struct ext4_fname_crypto_ctx { | |
117 | u32 lim; | |
118 | char tmp_buf[EXT4_CRYPTO_BLOCK_SIZE]; | |
119 | struct crypto_ablkcipher *ctfm; | |
120 | struct crypto_hash *htfm; | |
121 | struct page *workpage; | |
122 | struct ext4_encryption_key key; | |
123 | unsigned has_valid_key : 1; | |
124 | unsigned ctfm_key_is_ready : 1; | |
125 | }; | |
126 | ||
f348c252 TT |
127 | /** |
128 | * For encrypted symlinks, the ciphertext length is stored at the beginning | |
129 | * of the string in little-endian format. | |
130 | */ | |
131 | struct ext4_encrypted_symlink_data { | |
132 | __le16 len; | |
133 | char encrypted_path[1]; | |
134 | } __attribute__((__packed__)); | |
135 | ||
136 | /** | |
137 | * This function is used to calculate the disk space required to | |
138 | * store a filename of length l in encrypted symlink format. | |
139 | */ | |
140 | static inline u32 encrypted_symlink_data_len(u32 l) | |
141 | { | |
142 | if (l < EXT4_CRYPTO_BLOCK_SIZE) | |
143 | l = EXT4_CRYPTO_BLOCK_SIZE; | |
144 | return (l + sizeof(struct ext4_encrypted_symlink_data) - 1); | |
145 | } | |
146 | ||
9bd8212f | 147 | #endif /* _EXT4_CRYPTO_H */ |