1/*
  2 * linux/fs/ext4/ext4_crypto.h
  3 *
  4 * Copyright (C) 2015, Google, Inc.
  5 *
  6 * This contains encryption header content for ext4
  7 *
  8 * Written by Michael Halcrow, 2015.
  9 */
 10
 11#ifndef _EXT4_CRYPTO_H
 12#define _EXT4_CRYPTO_H
 13
 14#include <linux/fs.h>
 15
 16#define EXT4_KEY_DESCRIPTOR_SIZE 8
 17
 18/* Policy provided via an ioctl on the topmost directory */
 19struct ext4_encryption_policy {
 20	char version;
 21	char contents_encryption_mode;
 22	char filenames_encryption_mode;
 23	char flags;
 24	char master_key_descriptor[EXT4_KEY_DESCRIPTOR_SIZE];
 25} __attribute__((__packed__));
 26
 27#define EXT4_ENCRYPTION_CONTEXT_FORMAT_V1 1
 28#define EXT4_KEY_DERIVATION_NONCE_SIZE 16
 29
 30#define EXT4_POLICY_FLAGS_PAD_4		0x00
 31#define EXT4_POLICY_FLAGS_PAD_8		0x01
 32#define EXT4_POLICY_FLAGS_PAD_16	0x02
 33#define EXT4_POLICY_FLAGS_PAD_32	0x03
 34#define EXT4_POLICY_FLAGS_PAD_MASK	0x03
 35#define EXT4_POLICY_FLAGS_VALID		0x03
 36
 37/**
 38 * Encryption context for inode
 39 *
 40 * Protector format:
 41 *  1 byte: Protector format (1 = this version)
 42 *  1 byte: File contents encryption mode
 43 *  1 byte: File names encryption mode
 44 *  1 byte: Reserved
 45 *  8 bytes: Master Key descriptor
 46 *  16 bytes: Encryption Key derivation nonce
 47 */
 48struct ext4_encryption_context {
 49	char format;
 50	char contents_encryption_mode;
 51	char filenames_encryption_mode;
 52	char flags;
 53	char master_key_descriptor[EXT4_KEY_DESCRIPTOR_SIZE];
 54	char nonce[EXT4_KEY_DERIVATION_NONCE_SIZE];
 55} __attribute__((__packed__));
 56
 57/* Encryption parameters */
 58#define EXT4_XTS_TWEAK_SIZE 16
 59#define EXT4_AES_128_ECB_KEY_SIZE 16
 60#define EXT4_AES_256_GCM_KEY_SIZE 32
 61#define EXT4_AES_256_CBC_KEY_SIZE 32
 62#define EXT4_AES_256_CTS_KEY_SIZE 32
 63#define EXT4_AES_256_XTS_KEY_SIZE 64
 64#define EXT4_MAX_KEY_SIZE 64
 65
 66#define EXT4_KEY_DESC_PREFIX "ext4:"
 67#define EXT4_KEY_DESC_PREFIX_SIZE 5
 68
 69/* This is passed in from userspace into the kernel keyring */
 70struct ext4_encryption_key {
 71        __u32 mode;
 72        char raw[EXT4_MAX_KEY_SIZE];
 73        __u32 size;
 74} __attribute__((__packed__));
 75
 76struct ext4_crypt_info {
 77	char		ci_data_mode;
 78	char		ci_filename_mode;
 79	char		ci_flags;
 80	struct crypto_skcipher *ci_ctfm;
 81	struct key	*ci_keyring_key;
 82	char		ci_master_key[EXT4_KEY_DESCRIPTOR_SIZE];
 83};
 84
 85#define EXT4_CTX_REQUIRES_FREE_ENCRYPT_FL             0x00000001
 86#define EXT4_WRITE_PATH_FL			      0x00000002
 87
 88struct ext4_crypto_ctx {
 89	union {
 90		struct {
 91			struct page *bounce_page;       /* Ciphertext page */
 92			struct page *control_page;      /* Original page  */
 93		} w;
 94		struct {
 95			struct bio *bio;
 96			struct work_struct work;
 97		} r;
 98		struct list_head free_list;     /* Free list */
 99	};
100	char flags;                      /* Flags */
101	char mode;                       /* Encryption mode for tfm */
102};
103
104struct ext4_completion_result {
105	struct completion completion;
106	int res;
107};
108
109#define DECLARE_EXT4_COMPLETION_RESULT(ecr) \
110	struct ext4_completion_result ecr = { \
111		COMPLETION_INITIALIZER((ecr).completion), 0 }
112
113static inline int ext4_encryption_key_size(int mode)
114{
115	switch (mode) {
116	case EXT4_ENCRYPTION_MODE_AES_256_XTS:
117		return EXT4_AES_256_XTS_KEY_SIZE;
118	case EXT4_ENCRYPTION_MODE_AES_256_GCM:
119		return EXT4_AES_256_GCM_KEY_SIZE;
120	case EXT4_ENCRYPTION_MODE_AES_256_CBC:
121		return EXT4_AES_256_CBC_KEY_SIZE;
122	case EXT4_ENCRYPTION_MODE_AES_256_CTS:
123		return EXT4_AES_256_CTS_KEY_SIZE;
124	default:
125		BUG();
126	}
127	return 0;
128}
129
130#define EXT4_FNAME_NUM_SCATTER_ENTRIES	4
131#define EXT4_CRYPTO_BLOCK_SIZE		16
132#define EXT4_FNAME_CRYPTO_DIGEST_SIZE	32
133
134struct ext4_str {
135	unsigned char *name;
136	u32 len;
137};
138
139/**
140 * For encrypted symlinks, the ciphertext length is stored at the beginning
141 * of the string in little-endian format.
142 */
143struct ext4_encrypted_symlink_data {
144	__le16 len;
145	char encrypted_path[1];
146} __attribute__((__packed__));
147
148/**
149 * This function is used to calculate the disk space required to
150 * store a filename of length l in encrypted symlink format.
151 */
152static inline u32 encrypted_symlink_data_len(u32 l)
153{
154	if (l < EXT4_CRYPTO_BLOCK_SIZE)
155		l = EXT4_CRYPTO_BLOCK_SIZE;
156	return (l + sizeof(struct ext4_encrypted_symlink_data) - 1);
157}
158
159#endif	/* _EXT4_CRYPTO_H */