| // Copyright 2017 The Chromium OS Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef CRYPTOHOME_DIRCRYPTO_UTIL_H_ |
| #define CRYPTOHOME_DIRCRYPTO_UTIL_H_ |
| |
| #include <base/files/file_path.h> |
| #include <brillo/secure_blob.h> |
| |
| extern "C" { |
| #include <keyutils.h> |
| #include <linux/fscrypt.h> |
| } |
| |
| namespace dircrypto { |
| |
| // State of the directory's encryption key. |
| enum class KeyState { |
| UNKNOWN, // Cannot get the state. |
| NOT_SUPPORTED, // The directory doesn't support dircrypto. |
| NO_KEY, // No key is set. |
| ENCRYPTED, // Key is set. |
| }; |
| |
| // KeyReference describes an in-use fscrypt key. |
| struct KeyReference { |
| // Policy version: FSCRYPT_POLICY_V2 is only supported on kernels >= 5.4. |
| int policy_version = FSCRYPT_POLICY_V1; |
| // Key identifier/descriptor. |
| brillo::SecureBlob reference; |
| }; |
| |
| // keyutils functions use -1 as the invalid key serial value. |
| constexpr key_serial_t kInvalidKeySerial = -1; |
| |
| // Checks if the device supports fscrypt key add/remove ioctls. |
| bool CheckFscryptKeyIoctlSupport(); |
| |
| // Sets the directory key. |
| bool SetDirectoryKey(const base::FilePath& dir, |
| const KeyReference& key_reference); |
| |
| // Adds the directory key. |
| bool AddDirectoryKey(const brillo::SecureBlob& key, |
| KeyReference* key_reference); |
| |
| // Removes the directory key. |
| bool RemoveDirectoryKey(const KeyReference& key_reference, |
| const base::FilePath& dir); |
| |
| // Returns the directory's key state, or returns UNKNOWN on errors. |
| KeyState GetDirectoryKeyState(const base::FilePath& dir); |
| |
| // Returns the directory's policy version or returns -1. |
| int GetDirectoryPolicyVersion(const base::FilePath& dir); |
| |
| } // namespace dircrypto |
| |
| #endif // CRYPTOHOME_DIRCRYPTO_UTIL_H_ |