mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-08-23 01:10:04 +00:00
b7e7cf7a66
fscrypt provides facilities to use different encryption algorithms which are selectable by userspace when setting the encryption policy. Currently, only AES-256-XTS for file contents and AES-256-CBC-CTS for file names are implemented. This is a clear case of kernel offers the mechanism and userspace selects a policy. Similar to what dm-crypt and ecryptfs have. This patch adds support for using AES-128-CBC for file contents and AES-128-CBC-CTS for file name encryption. To mitigate watermarking attacks, IVs are generated using the ESSIV algorithm. While AES-CBC is actually slightly less secure than AES-XTS from a security point of view, there is more widespread hardware support. Using AES-CBC gives us the acceptable performance while still providing a moderate level of security for persistent storage. Especially low-powered embedded devices with crypto accelerators such as CAAM or CESA often only support AES-CBC. Since using AES-CBC over AES-XTS is basically thought of a last resort, we use AES-128-CBC over AES-256-CBC since it has less encryption rounds and yields noticeable better performance starting from a file size of just a few kB. Signed-off-by: Daniel Walter <dwalter@sigma-star.at> [david@sigma-star.at: addressed review comments] Signed-off-by: David Gstir <david@sigma-star.at> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
97 lines
2.4 KiB
C
97 lines
2.4 KiB
C
/*
|
|
* fscrypt_private.h
|
|
*
|
|
* Copyright (C) 2015, Google, Inc.
|
|
*
|
|
* This contains encryption key functions.
|
|
*
|
|
* Written by Michael Halcrow, Ildar Muslukhov, and Uday Savagaonkar, 2015.
|
|
*/
|
|
|
|
#ifndef _FSCRYPT_PRIVATE_H
|
|
#define _FSCRYPT_PRIVATE_H
|
|
|
|
#include <linux/fscrypt_supp.h>
|
|
#include <crypto/hash.h>
|
|
|
|
/* Encryption parameters */
|
|
#define FS_IV_SIZE 16
|
|
#define FS_AES_128_ECB_KEY_SIZE 16
|
|
#define FS_AES_128_CBC_KEY_SIZE 16
|
|
#define FS_AES_128_CTS_KEY_SIZE 16
|
|
#define FS_AES_256_GCM_KEY_SIZE 32
|
|
#define FS_AES_256_CBC_KEY_SIZE 32
|
|
#define FS_AES_256_CTS_KEY_SIZE 32
|
|
#define FS_AES_256_XTS_KEY_SIZE 64
|
|
|
|
#define FS_KEY_DERIVATION_NONCE_SIZE 16
|
|
|
|
/**
|
|
* Encryption context for inode
|
|
*
|
|
* Protector format:
|
|
* 1 byte: Protector format (1 = this version)
|
|
* 1 byte: File contents encryption mode
|
|
* 1 byte: File names encryption mode
|
|
* 1 byte: Flags
|
|
* 8 bytes: Master Key descriptor
|
|
* 16 bytes: Encryption Key derivation nonce
|
|
*/
|
|
struct fscrypt_context {
|
|
u8 format;
|
|
u8 contents_encryption_mode;
|
|
u8 filenames_encryption_mode;
|
|
u8 flags;
|
|
u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];
|
|
u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
|
|
} __packed;
|
|
|
|
#define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1
|
|
|
|
/*
|
|
* A pointer to this structure is stored in the file system's in-core
|
|
* representation of an inode.
|
|
*/
|
|
struct fscrypt_info {
|
|
u8 ci_data_mode;
|
|
u8 ci_filename_mode;
|
|
u8 ci_flags;
|
|
struct crypto_skcipher *ci_ctfm;
|
|
struct crypto_cipher *ci_essiv_tfm;
|
|
u8 ci_master_key[FS_KEY_DESCRIPTOR_SIZE];
|
|
};
|
|
|
|
typedef enum {
|
|
FS_DECRYPT = 0,
|
|
FS_ENCRYPT,
|
|
} fscrypt_direction_t;
|
|
|
|
#define FS_CTX_REQUIRES_FREE_ENCRYPT_FL 0x00000001
|
|
#define FS_CTX_HAS_BOUNCE_BUFFER_FL 0x00000002
|
|
|
|
struct fscrypt_completion_result {
|
|
struct completion completion;
|
|
int res;
|
|
};
|
|
|
|
#define DECLARE_FS_COMPLETION_RESULT(ecr) \
|
|
struct fscrypt_completion_result ecr = { \
|
|
COMPLETION_INITIALIZER_ONSTACK((ecr).completion), 0 }
|
|
|
|
|
|
/* crypto.c */
|
|
extern int fscrypt_initialize(unsigned int cop_flags);
|
|
extern struct workqueue_struct *fscrypt_read_workqueue;
|
|
extern int fscrypt_do_page_crypto(const struct inode *inode,
|
|
fscrypt_direction_t rw, u64 lblk_num,
|
|
struct page *src_page,
|
|
struct page *dest_page,
|
|
unsigned int len, unsigned int offs,
|
|
gfp_t gfp_flags);
|
|
extern struct page *fscrypt_alloc_bounce_page(struct fscrypt_ctx *ctx,
|
|
gfp_t gfp_flags);
|
|
|
|
/* keyinfo.c */
|
|
extern void __exit fscrypt_essiv_cleanup(void);
|
|
|
|
#endif /* _FSCRYPT_PRIVATE_H */
|