1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ 2 /* 3 * fscrypt user API 4 * 5 * These ioctls can be used on filesystems that support fscrypt. See the 6 * "User API" section of Documentation/filesystems/fscrypt.rst. 7 */ 8 #ifndef _UAPI_LINUX_FSCRYPT_H 9 #define _UAPI_LINUX_FSCRYPT_H 10 11 #include <linux/types.h> 12 13 #define FS_KEY_DESCRIPTOR_SIZE 8 14 15 /* Encryption policy flags */ 16 #define FS_POLICY_FLAGS_PAD_4 0x00 17 #define FS_POLICY_FLAGS_PAD_8 0x01 18 #define FS_POLICY_FLAGS_PAD_16 0x02 19 #define FS_POLICY_FLAGS_PAD_32 0x03 20 #define FS_POLICY_FLAGS_PAD_MASK 0x03 21 #define FS_POLICY_FLAG_DIRECT_KEY 0x04 /* use master key directly */ 22 #define FS_POLICY_FLAGS_VALID 0x07 23 24 /* Encryption algorithms */ 25 #define FS_ENCRYPTION_MODE_INVALID 0 26 #define FS_ENCRYPTION_MODE_AES_256_XTS 1 27 #define FS_ENCRYPTION_MODE_AES_256_GCM 2 28 #define FS_ENCRYPTION_MODE_AES_256_CBC 3 29 #define FS_ENCRYPTION_MODE_AES_256_CTS 4 30 #define FS_ENCRYPTION_MODE_AES_128_CBC 5 31 #define FS_ENCRYPTION_MODE_AES_128_CTS 6 32 #define FS_ENCRYPTION_MODE_SPECK128_256_XTS 7 /* Removed, do not use. */ 33 #define FS_ENCRYPTION_MODE_SPECK128_256_CTS 8 /* Removed, do not use. */ 34 #define FS_ENCRYPTION_MODE_ADIANTUM 9 35 36 struct fscrypt_policy { 37 __u8 version; 38 __u8 contents_encryption_mode; 39 __u8 filenames_encryption_mode; 40 __u8 flags; 41 __u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE]; 42 }; 43 44 #define FS_IOC_SET_ENCRYPTION_POLICY _IOR('f', 19, struct fscrypt_policy) 45 #define FS_IOC_GET_ENCRYPTION_PWSALT _IOW('f', 20, __u8[16]) 46 #define FS_IOC_GET_ENCRYPTION_POLICY _IOW('f', 21, struct fscrypt_policy) 47 48 /* Parameters for passing an encryption key into the kernel keyring */ 49 #define FS_KEY_DESC_PREFIX "fscrypt:" 50 #define FS_KEY_DESC_PREFIX_SIZE 8 51 52 /* Structure that userspace passes to the kernel keyring */ 53 #define FS_MAX_KEY_SIZE 64 54 55 struct fscrypt_key { 56 __u32 mode; 57 __u8 raw[FS_MAX_KEY_SIZE]; 58 __u32 size; 59 }; 60 61 #endif /* _UAPI_LINUX_FSCRYPT_H */ 62