unix: add support for Linux filesystem encryption

This CL adds in the necessary types and constants to support Linux
filesystem encryption. This includes the structs for the keys and
polices as well as the constants for key size and encryption algorithms.

This code also reduces the scope of some of the regexes in mkerrors.sh.
This is to reduce the number of unrelated constants added in with this
change.

Note that due to a bug in the Linux uapi headers, not all of the
necessary constants and structures are declared in linux/fs.h despite
being part of the kernel ABI. This means that some constants and types
had to be manually added in.

The bug has been patched (https://patchwork.kernel.org/patch/9662723),
and the manual additions can be removed when the patch is merged into
the mainline kernel.

Change-Id: Ib508ad99bdf4c0068933ffcf351c52bb359cfcf4
Reviewed-on: https://go-review.googlesource.com/41417
Reviewed-by: Matt Layher <mdlayher@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>

unix/linux/types.go

@@ -56,6 +56,7 @@ package unix
 #include <utime.h>
 #include <linux/can.h>
 #include <linux/if_alg.h>
+#include <linux/fs.h>
 #include <linux/vm_sockets.h>
 
 // On mips64, the glibc stat and kernel stat do not agree
@@ -107,6 +108,14 @@ struct stat {
 
 #endif
 
+// Certain constants and structs are missing from the fs/crypto UAPI
+#define FS_MAX_KEY_SIZE                 64
+struct fscrypt_key {
+  __u32 mode;
+  __u8 raw[FS_MAX_KEY_SIZE];
+  __u32 size;
+};
+
 #ifdef TCSETS2
 // On systems that have "struct termios2" use this as type Termios.
 typedef struct termios2 termios_t;
@@ -248,6 +257,12 @@ type Fsid C.fsid_t
 
 type Flock_t C.struct_flock
 
+// Filesystem Encryption
+
+type FscryptPolicy C.struct_fscrypt_policy
+
+type FscryptKey C.struct_fscrypt_key
+
 // Advice to Fadvise
 
 const (

unix/mkerrors.sh

@@ -161,6 +161,7 @@ struct ltchars {
 #include <linux/if_addr.h>
 #include <linux/falloc.h>
 #include <linux/filter.h>
+#include <linux/fs.h>
 #include <linux/netlink.h>
 #include <linux/random.h>
 #include <linux/reboot.h>
@@ -196,6 +197,11 @@ struct ltchars {
 // but it is already in bluetooth_linux.go
 #undef SOL_BLUETOOTH
 #endif
+
+// Certain constants are missing from the fs/crypto UAPI
+#define FS_KEY_DESC_PREFIX              "fscrypt:"
+#define FS_KEY_DESC_PREFIX_SIZE         8
+#define FS_MAX_KEY_SIZE                 64
 '
 
 includes_NetBSD='
@@ -390,12 +396,13 @@ ccflags="$@"
 		$2 ~ /^CLOCK_/ ||
 		$2 ~ /^CAN_/ ||
 		$2 ~ /^ALG_/ ||
+		$2 ~ /^FS_(POLICY_FLAGS|KEY_DESC|ENCRYPTION_MODE|[A-Z0-9_]+_KEY_SIZE|IOC_(GET|SET)_ENCRYPTION)/ ||
 		$2 ~ /^GRND_/ ||
 		$2 ~ /^SPLICE_/ ||
 		$2 ~ /^(VM|VMADDR)_/ ||
 		$2 !~ "WMESGLEN" &&
 		$2 ~ /^W[A-Z0-9]+$/ ||
-		$2 ~ /^BLK/ {printf("\t%s = C.%s\n", $2, $2)}
+		$2 ~ /^BLK[A-Z]*(GET$|SET$|BUF$|PART$|SIZE)/ {printf("\t%s = C.%s\n", $2, $2)}
 		$2 ~ /^__WCOREFLAG$/ {next}
 		$2 ~ /^__W[A-Z0-9]+$/ {printf("\t%s = C.%s\n", substr($2,3), $2)}
 

unix/zerrors_linux_386.go

@@ -168,6 +168,7 @@ const (
 	BLKFRASET                        = 0x1264
 	BLKGETSIZE                       = 0x1260
 	BLKGETSIZE64                     = 0x80041272
+	BLKPBSZGET                       = 0x127b
 	BLKRAGET                         = 0x1263
 	BLKRASET                         = 0x1262
 	BLKROGET                         = 0x125e
@@ -449,6 +450,24 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x1000
+	FS_ENCRYPTION_MODE_AES_256_CBC   = 0x3
+	FS_ENCRYPTION_MODE_AES_256_CTS   = 0x4
+	FS_ENCRYPTION_MODE_AES_256_GCM   = 0x2
+	FS_ENCRYPTION_MODE_AES_256_XTS   = 0x1
+	FS_ENCRYPTION_MODE_INVALID       = 0x0
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	FS_KEY_DESCRIPTOR_SIZE           = 0x8
+	FS_KEY_DESC_PREFIX               = "fscrypt:"
+	FS_KEY_DESC_PREFIX_SIZE          = 0x8
+	FS_MAX_KEY_SIZE                  = 0x40
+	FS_POLICY_FLAGS_PAD_16           = 0x2
+	FS_POLICY_FLAGS_PAD_32           = 0x3
+	FS_POLICY_FLAGS_PAD_4            = 0x0
+	FS_POLICY_FLAGS_PAD_8            = 0x1
+	FS_POLICY_FLAGS_PAD_MASK         = 0x3
+	FS_POLICY_FLAGS_VALID            = 0x3
 	F_DUPFD                          = 0x0
 	F_DUPFD_CLOEXEC                  = 0x406
 	F_EXLCK                          = 0x4
@@ -810,6 +829,7 @@ const (
 	MS_ACTIVE                        = 0x40000000
 	MS_ASYNC                         = 0x1
 	MS_BIND                          = 0x1000
+	MS_BORN                          = 0x20000000
 	MS_DIRSYNC                       = 0x80
 	MS_INVALIDATE                    = 0x2
 	MS_I_VERSION                     = 0x800000
@@ -823,6 +843,8 @@ const (
 	MS_NODEV                         = 0x4
 	MS_NODIRATIME                    = 0x800
 	MS_NOEXEC                        = 0x8
+	MS_NOREMOTELOCK                  = 0x8000000
+	MS_NOSEC                         = 0x10000000
 	MS_NOSUID                        = 0x2
 	MS_NOUSER                        = -0x80000000
 	MS_POSIXACL                      = 0x10000
@@ -839,6 +861,7 @@ const (
 	MS_SYNC                          = 0x4
 	MS_SYNCHRONOUS                   = 0x10
 	MS_UNBINDABLE                    = 0x20000
+	MS_VERBOSE                       = 0x8000
 	NAME_MAX                         = 0xff
 	NETLINK_ADD_MEMBERSHIP           = 0x1
 	NETLINK_AUDIT                    = 0x9

unix/zerrors_linux_amd64.go

@@ -168,6 +168,7 @@ const (
 	BLKFRASET                        = 0x1264
 	BLKGETSIZE                       = 0x1260
 	BLKGETSIZE64                     = 0x80081272
+	BLKPBSZGET                       = 0x127b
 	BLKRAGET                         = 0x1263
 	BLKRASET                         = 0x1262
 	BLKROGET                         = 0x125e
@@ -449,6 +450,24 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x1000
+	FS_ENCRYPTION_MODE_AES_256_CBC   = 0x3
+	FS_ENCRYPTION_MODE_AES_256_CTS   = 0x4
+	FS_ENCRYPTION_MODE_AES_256_GCM   = 0x2
+	FS_ENCRYPTION_MODE_AES_256_XTS   = 0x1
+	FS_ENCRYPTION_MODE_INVALID       = 0x0
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	FS_KEY_DESCRIPTOR_SIZE           = 0x8
+	FS_KEY_DESC_PREFIX               = "fscrypt:"
+	FS_KEY_DESC_PREFIX_SIZE          = 0x8
+	FS_MAX_KEY_SIZE                  = 0x40
+	FS_POLICY_FLAGS_PAD_16           = 0x2
+	FS_POLICY_FLAGS_PAD_32           = 0x3
+	FS_POLICY_FLAGS_PAD_4            = 0x0
+	FS_POLICY_FLAGS_PAD_8            = 0x1
+	FS_POLICY_FLAGS_PAD_MASK         = 0x3
+	FS_POLICY_FLAGS_VALID            = 0x3
 	F_DUPFD                          = 0x0
 	F_DUPFD_CLOEXEC                  = 0x406
 	F_EXLCK                          = 0x4
@@ -810,6 +829,7 @@ const (
 	MS_ACTIVE                        = 0x40000000
 	MS_ASYNC                         = 0x1
 	MS_BIND                          = 0x1000
+	MS_BORN                          = 0x20000000
 	MS_DIRSYNC                       = 0x80
 	MS_INVALIDATE                    = 0x2
 	MS_I_VERSION                     = 0x800000
@@ -823,6 +843,8 @@ const (
 	MS_NODEV                         = 0x4
 	MS_NODIRATIME                    = 0x800
 	MS_NOEXEC                        = 0x8
+	MS_NOREMOTELOCK                  = 0x8000000
+	MS_NOSEC                         = 0x10000000
 	MS_NOSUID                        = 0x2
 	MS_NOUSER                        = -0x80000000
 	MS_POSIXACL                      = 0x10000
@@ -839,6 +861,7 @@ const (
 	MS_SYNC                          = 0x4
 	MS_SYNCHRONOUS                   = 0x10
 	MS_UNBINDABLE                    = 0x20000
+	MS_VERBOSE                       = 0x8000
 	NAME_MAX                         = 0xff
 	NETLINK_ADD_MEMBERSHIP           = 0x1
 	NETLINK_AUDIT                    = 0x9

unix/zerrors_linux_arm.go

@@ -168,6 +168,7 @@ const (
 	BLKFRASET                        = 0x1264
 	BLKGETSIZE                       = 0x1260
 	BLKGETSIZE64                     = 0x80041272
+	BLKPBSZGET                       = 0x127b
 	BLKRAGET                         = 0x1263
 	BLKRASET                         = 0x1262
 	BLKROGET                         = 0x125e
@@ -449,6 +450,24 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x1000
+	FS_ENCRYPTION_MODE_AES_256_CBC   = 0x3
+	FS_ENCRYPTION_MODE_AES_256_CTS   = 0x4
+	FS_ENCRYPTION_MODE_AES_256_GCM   = 0x2
+	FS_ENCRYPTION_MODE_AES_256_XTS   = 0x1
+	FS_ENCRYPTION_MODE_INVALID       = 0x0
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	FS_KEY_DESCRIPTOR_SIZE           = 0x8
+	FS_KEY_DESC_PREFIX               = "fscrypt:"
+	FS_KEY_DESC_PREFIX_SIZE          = 0x8
+	FS_MAX_KEY_SIZE                  = 0x40
+	FS_POLICY_FLAGS_PAD_16           = 0x2
+	FS_POLICY_FLAGS_PAD_32           = 0x3
+	FS_POLICY_FLAGS_PAD_4            = 0x0
+	FS_POLICY_FLAGS_PAD_8            = 0x1
+	FS_POLICY_FLAGS_PAD_MASK         = 0x3
+	FS_POLICY_FLAGS_VALID            = 0x3
 	F_DUPFD                          = 0x0
 	F_DUPFD_CLOEXEC                  = 0x406
 	F_EXLCK                          = 0x4
@@ -809,6 +828,7 @@ const (
 	MS_ACTIVE                        = 0x40000000
 	MS_ASYNC                         = 0x1
 	MS_BIND                          = 0x1000
+	MS_BORN                          = 0x20000000
 	MS_DIRSYNC                       = 0x80
 	MS_INVALIDATE                    = 0x2
 	MS_I_VERSION                     = 0x800000
@@ -822,6 +842,8 @@ const (
 	MS_NODEV                         = 0x4
 	MS_NODIRATIME                    = 0x800
 	MS_NOEXEC                        = 0x8
+	MS_NOREMOTELOCK                  = 0x8000000
+	MS_NOSEC                         = 0x10000000
 	MS_NOSUID                        = 0x2
 	MS_NOUSER                        = -0x80000000
 	MS_POSIXACL                      = 0x10000
@@ -838,6 +860,7 @@ const (
 	MS_SYNC                          = 0x4
 	MS_SYNCHRONOUS                   = 0x10
 	MS_UNBINDABLE                    = 0x20000
+	MS_VERBOSE                       = 0x8000
 	NAME_MAX                         = 0xff
 	NETLINK_ADD_MEMBERSHIP           = 0x1
 	NETLINK_AUDIT                    = 0x9

unix/zerrors_linux_arm64.go

@@ -168,6 +168,7 @@ const (
 	BLKFRASET                        = 0x1264
 	BLKGETSIZE                       = 0x1260
 	BLKGETSIZE64                     = 0x80081272
+	BLKPBSZGET                       = 0x127b
 	BLKRAGET                         = 0x1263
 	BLKRASET                         = 0x1262
 	BLKROGET                         = 0x125e
@@ -450,6 +451,24 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x1000
+	FS_ENCRYPTION_MODE_AES_256_CBC   = 0x3
+	FS_ENCRYPTION_MODE_AES_256_CTS   = 0x4
+	FS_ENCRYPTION_MODE_AES_256_GCM   = 0x2
+	FS_ENCRYPTION_MODE_AES_256_XTS   = 0x1
+	FS_ENCRYPTION_MODE_INVALID       = 0x0
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	FS_KEY_DESCRIPTOR_SIZE           = 0x8
+	FS_KEY_DESC_PREFIX               = "fscrypt:"
+	FS_KEY_DESC_PREFIX_SIZE          = 0x8
+	FS_MAX_KEY_SIZE                  = 0x40
+	FS_POLICY_FLAGS_PAD_16           = 0x2
+	FS_POLICY_FLAGS_PAD_32           = 0x3
+	FS_POLICY_FLAGS_PAD_4            = 0x0
+	FS_POLICY_FLAGS_PAD_8            = 0x1
+	FS_POLICY_FLAGS_PAD_MASK         = 0x3
+	FS_POLICY_FLAGS_VALID            = 0x3
 	F_DUPFD                          = 0x0
 	F_DUPFD_CLOEXEC                  = 0x406
 	F_EXLCK                          = 0x4
@@ -810,6 +829,7 @@ const (
 	MS_ACTIVE                        = 0x40000000
 	MS_ASYNC                         = 0x1
 	MS_BIND                          = 0x1000
+	MS_BORN                          = 0x20000000
 	MS_DIRSYNC                       = 0x80
 	MS_INVALIDATE                    = 0x2
 	MS_I_VERSION                     = 0x800000
@@ -823,6 +843,8 @@ const (
 	MS_NODEV                         = 0x4
 	MS_NODIRATIME                    = 0x800
 	MS_NOEXEC                        = 0x8
+	MS_NOREMOTELOCK                  = 0x8000000
+	MS_NOSEC                         = 0x10000000
 	MS_NOSUID                        = 0x2
 	MS_NOUSER                        = -0x80000000
 	MS_POSIXACL                      = 0x10000
@@ -839,6 +861,7 @@ const (
 	MS_SYNC                          = 0x4
 	MS_SYNCHRONOUS                   = 0x10
 	MS_UNBINDABLE                    = 0x20000
+	MS_VERBOSE                       = 0x8000
 	NAME_MAX                         = 0xff
 	NETLINK_ADD_MEMBERSHIP           = 0x1
 	NETLINK_AUDIT                    = 0x9

unix/zerrors_linux_mips.go

@@ -168,6 +168,7 @@ const (
 	BLKFRASET                        = 0x20001264
 	BLKGETSIZE                       = 0x20001260
 	BLKGETSIZE64                     = 0x40041272
+	BLKPBSZGET                       = 0x2000127b
 	BLKRAGET                         = 0x20001263
 	BLKRASET                         = 0x20001262
 	BLKROGET                         = 0x2000125e
@@ -449,6 +450,24 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x2000
+	FS_ENCRYPTION_MODE_AES_256_CBC   = 0x3
+	FS_ENCRYPTION_MODE_AES_256_CTS   = 0x4
+	FS_ENCRYPTION_MODE_AES_256_GCM   = 0x2
+	FS_ENCRYPTION_MODE_AES_256_XTS   = 0x1
+	FS_ENCRYPTION_MODE_INVALID       = 0x0
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	FS_KEY_DESCRIPTOR_SIZE           = 0x8
+	FS_KEY_DESC_PREFIX               = "fscrypt:"
+	FS_KEY_DESC_PREFIX_SIZE          = 0x8
+	FS_MAX_KEY_SIZE                  = 0x40
+	FS_POLICY_FLAGS_PAD_16           = 0x2
+	FS_POLICY_FLAGS_PAD_32           = 0x3
+	FS_POLICY_FLAGS_PAD_4            = 0x0
+	FS_POLICY_FLAGS_PAD_8            = 0x1
+	FS_POLICY_FLAGS_PAD_MASK         = 0x3
+	FS_POLICY_FLAGS_VALID            = 0x3
 	F_DUPFD                          = 0x0
 	F_DUPFD_CLOEXEC                  = 0x406
 	F_EXLCK                          = 0x4
@@ -810,6 +829,7 @@ const (
 	MS_ACTIVE                        = 0x40000000
 	MS_ASYNC                         = 0x1
 	MS_BIND                          = 0x1000
+	MS_BORN                          = 0x20000000
 	MS_DIRSYNC                       = 0x80
 	MS_INVALIDATE                    = 0x2
 	MS_I_VERSION                     = 0x800000
@@ -823,6 +843,8 @@ const (
 	MS_NODEV                         = 0x4
 	MS_NODIRATIME                    = 0x800
 	MS_NOEXEC                        = 0x8
+	MS_NOREMOTELOCK                  = 0x8000000
+	MS_NOSEC                         = 0x10000000
 	MS_NOSUID                        = 0x2
 	MS_NOUSER                        = -0x80000000
 	MS_POSIXACL                      = 0x10000
@@ -839,6 +861,7 @@ const (
 	MS_SYNC                          = 0x4
 	MS_SYNCHRONOUS                   = 0x10
 	MS_UNBINDABLE                    = 0x20000
+	MS_VERBOSE                       = 0x8000
 	NAME_MAX                         = 0xff
 	NETLINK_ADD_MEMBERSHIP           = 0x1
 	NETLINK_AUDIT                    = 0x9

unix/zerrors_linux_mips64.go

@@ -168,6 +168,7 @@ const (
 	BLKFRASET                        = 0x20001264
 	BLKGETSIZE                       = 0x20001260
 	BLKGETSIZE64                     = 0x40081272
+	BLKPBSZGET                       = 0x2000127b
 	BLKRAGET                         = 0x20001263
 	BLKRASET                         = 0x20001262
 	BLKROGET                         = 0x2000125e
@@ -449,6 +450,24 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x2000
+	FS_ENCRYPTION_MODE_AES_256_CBC   = 0x3
+	FS_ENCRYPTION_MODE_AES_256_CTS   = 0x4
+	FS_ENCRYPTION_MODE_AES_256_GCM   = 0x2
+	FS_ENCRYPTION_MODE_AES_256_XTS   = 0x1
+	FS_ENCRYPTION_MODE_INVALID       = 0x0
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	FS_KEY_DESCRIPTOR_SIZE           = 0x8
+	FS_KEY_DESC_PREFIX               = "fscrypt:"
+	FS_KEY_DESC_PREFIX_SIZE          = 0x8
+	FS_MAX_KEY_SIZE                  = 0x40
+	FS_POLICY_FLAGS_PAD_16           = 0x2
+	FS_POLICY_FLAGS_PAD_32           = 0x3
+	FS_POLICY_FLAGS_PAD_4            = 0x0
+	FS_POLICY_FLAGS_PAD_8            = 0x1
+	FS_POLICY_FLAGS_PAD_MASK         = 0x3
+	FS_POLICY_FLAGS_VALID            = 0x3
 	F_DUPFD                          = 0x0
 	F_DUPFD_CLOEXEC                  = 0x406
 	F_EXLCK                          = 0x4
@@ -810,6 +829,7 @@ const (
 	MS_ACTIVE                        = 0x40000000
 	MS_ASYNC                         = 0x1
 	MS_BIND                          = 0x1000
+	MS_BORN                          = 0x20000000
 	MS_DIRSYNC                       = 0x80
 	MS_INVALIDATE                    = 0x2
 	MS_I_VERSION                     = 0x800000
@@ -823,6 +843,8 @@ const (
 	MS_NODEV                         = 0x4
 	MS_NODIRATIME                    = 0x800
 	MS_NOEXEC                        = 0x8
+	MS_NOREMOTELOCK                  = 0x8000000
+	MS_NOSEC                         = 0x10000000
 	MS_NOSUID                        = 0x2
 	MS_NOUSER                        = -0x80000000
 	MS_POSIXACL                      = 0x10000
@@ -839,6 +861,7 @@ const (
 	MS_SYNC                          = 0x4
 	MS_SYNCHRONOUS                   = 0x10
 	MS_UNBINDABLE                    = 0x20000
+	MS_VERBOSE                       = 0x8000
 	NAME_MAX                         = 0xff
 	NETLINK_ADD_MEMBERSHIP           = 0x1
 	NETLINK_AUDIT                    = 0x9

unix/zerrors_linux_mips64le.go

@@ -168,6 +168,7 @@ const (
 	BLKFRASET                        = 0x20001264
 	BLKGETSIZE                       = 0x20001260
 	BLKGETSIZE64                     = 0x40081272
+	BLKPBSZGET                       = 0x2000127b
 	BLKRAGET                         = 0x20001263
 	BLKRASET                         = 0x20001262
 	BLKROGET                         = 0x2000125e
@@ -449,6 +450,24 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x2000
+	FS_ENCRYPTION_MODE_AES_256_CBC   = 0x3
+	FS_ENCRYPTION_MODE_AES_256_CTS   = 0x4
+	FS_ENCRYPTION_MODE_AES_256_GCM   = 0x2
+	FS_ENCRYPTION_MODE_AES_256_XTS   = 0x1
+	FS_ENCRYPTION_MODE_INVALID       = 0x0
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	FS_KEY_DESCRIPTOR_SIZE           = 0x8
+	FS_KEY_DESC_PREFIX               = "fscrypt:"
+	FS_KEY_DESC_PREFIX_SIZE          = 0x8
+	FS_MAX_KEY_SIZE                  = 0x40
+	FS_POLICY_FLAGS_PAD_16           = 0x2
+	FS_POLICY_FLAGS_PAD_32           = 0x3
+	FS_POLICY_FLAGS_PAD_4            = 0x0
+	FS_POLICY_FLAGS_PAD_8            = 0x1
+	FS_POLICY_FLAGS_PAD_MASK         = 0x3
+	FS_POLICY_FLAGS_VALID            = 0x3
 	F_DUPFD                          = 0x0
 	F_DUPFD_CLOEXEC                  = 0x406
 	F_EXLCK                          = 0x4
@@ -810,6 +829,7 @@ const (
 	MS_ACTIVE                        = 0x40000000
 	MS_ASYNC                         = 0x1
 	MS_BIND                          = 0x1000
+	MS_BORN                          = 0x20000000
 	MS_DIRSYNC                       = 0x80
 	MS_INVALIDATE                    = 0x2
 	MS_I_VERSION                     = 0x800000
@@ -823,6 +843,8 @@ const (
 	MS_NODEV                         = 0x4
 	MS_NODIRATIME                    = 0x800
 	MS_NOEXEC                        = 0x8
+	MS_NOREMOTELOCK                  = 0x8000000
+	MS_NOSEC                         = 0x10000000
 	MS_NOSUID                        = 0x2
 	MS_NOUSER                        = -0x80000000
 	MS_POSIXACL                      = 0x10000
@@ -839,6 +861,7 @@ const (
 	MS_SYNC                          = 0x4
 	MS_SYNCHRONOUS                   = 0x10
 	MS_UNBINDABLE                    = 0x20000
+	MS_VERBOSE                       = 0x8000
 	NAME_MAX                         = 0xff
 	NETLINK_ADD_MEMBERSHIP           = 0x1
 	NETLINK_AUDIT                    = 0x9

unix/zerrors_linux_mipsle.go

@@ -168,6 +168,7 @@ const (
 	BLKFRASET                        = 0x20001264
 	BLKGETSIZE                       = 0x20001260
 	BLKGETSIZE64                     = 0x40041272
+	BLKPBSZGET                       = 0x2000127b
 	BLKRAGET                         = 0x20001263
 	BLKRASET                         = 0x20001262
 	BLKROGET                         = 0x2000125e
@@ -449,6 +450,24 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x2000
+	FS_ENCRYPTION_MODE_AES_256_CBC   = 0x3
+	FS_ENCRYPTION_MODE_AES_256_CTS   = 0x4
+	FS_ENCRYPTION_MODE_AES_256_GCM   = 0x2
+	FS_ENCRYPTION_MODE_AES_256_XTS   = 0x1
+	FS_ENCRYPTION_MODE_INVALID       = 0x0
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	FS_KEY_DESCRIPTOR_SIZE           = 0x8
+	FS_KEY_DESC_PREFIX               = "fscrypt:"
+	FS_KEY_DESC_PREFIX_SIZE          = 0x8
+	FS_MAX_KEY_SIZE                  = 0x40
+	FS_POLICY_FLAGS_PAD_16           = 0x2
+	FS_POLICY_FLAGS_PAD_32           = 0x3
+	FS_POLICY_FLAGS_PAD_4            = 0x0
+	FS_POLICY_FLAGS_PAD_8            = 0x1
+	FS_POLICY_FLAGS_PAD_MASK         = 0x3
+	FS_POLICY_FLAGS_VALID            = 0x3
 	F_DUPFD                          = 0x0
 	F_DUPFD_CLOEXEC                  = 0x406
 	F_EXLCK                          = 0x4
@@ -810,6 +829,7 @@ const (
 	MS_ACTIVE                        = 0x40000000
 	MS_ASYNC                         = 0x1
 	MS_BIND                          = 0x1000
+	MS_BORN                          = 0x20000000
 	MS_DIRSYNC                       = 0x80
 	MS_INVALIDATE                    = 0x2
 	MS_I_VERSION                     = 0x800000
@@ -823,6 +843,8 @@ const (
 	MS_NODEV                         = 0x4
 	MS_NODIRATIME                    = 0x800
 	MS_NOEXEC                        = 0x8
+	MS_NOREMOTELOCK                  = 0x8000000
+	MS_NOSEC                         = 0x10000000
 	MS_NOSUID                        = 0x2
 	MS_NOUSER                        = -0x80000000
 	MS_POSIXACL                      = 0x10000
@@ -839,6 +861,7 @@ const (
 	MS_SYNC                          = 0x4
 	MS_SYNCHRONOUS                   = 0x10
 	MS_UNBINDABLE                    = 0x20000
+	MS_VERBOSE                       = 0x8000
 	NAME_MAX                         = 0xff
 	NETLINK_ADD_MEMBERSHIP           = 0x1
 	NETLINK_AUDIT                    = 0x9

unix/zerrors_linux_ppc64.go

@@ -168,6 +168,7 @@ const (
 	BLKFRASET                        = 0x20001264
 	BLKGETSIZE                       = 0x20001260
 	BLKGETSIZE64                     = 0x40081272
+	BLKPBSZGET                       = 0x2000127b
 	BLKRAGET                         = 0x20001263
 	BLKRASET                         = 0x20001262
 	BLKROGET                         = 0x2000125e
@@ -449,6 +450,24 @@ const (
 	FF1                              = 0x4000
 	FFDLY                            = 0x4000
 	FLUSHO                           = 0x800000
+	FS_ENCRYPTION_MODE_AES_256_CBC   = 0x3
+	FS_ENCRYPTION_MODE_AES_256_CTS   = 0x4
+	FS_ENCRYPTION_MODE_AES_256_GCM   = 0x2
+	FS_ENCRYPTION_MODE_AES_256_XTS   = 0x1
+	FS_ENCRYPTION_MODE_INVALID       = 0x0
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	FS_KEY_DESCRIPTOR_SIZE           = 0x8
+	FS_KEY_DESC_PREFIX               = "fscrypt:"
+	FS_KEY_DESC_PREFIX_SIZE          = 0x8
+	FS_MAX_KEY_SIZE                  = 0x40
+	FS_POLICY_FLAGS_PAD_16           = 0x2
+	FS_POLICY_FLAGS_PAD_32           = 0x3
+	FS_POLICY_FLAGS_PAD_4            = 0x0
+	FS_POLICY_FLAGS_PAD_8            = 0x1
+	FS_POLICY_FLAGS_PAD_MASK         = 0x3
+	FS_POLICY_FLAGS_VALID            = 0x3
 	F_DUPFD                          = 0x0
 	F_DUPFD_CLOEXEC                  = 0x406
 	F_EXLCK                          = 0x4
@@ -809,6 +828,7 @@ const (
 	MS_ACTIVE                        = 0x40000000
 	MS_ASYNC                         = 0x1
 	MS_BIND                          = 0x1000
+	MS_BORN                          = 0x20000000
 	MS_DIRSYNC                       = 0x80
 	MS_INVALIDATE                    = 0x2
 	MS_I_VERSION                     = 0x800000
@@ -822,6 +842,8 @@ const (
 	MS_NODEV                         = 0x4
 	MS_NODIRATIME                    = 0x800
 	MS_NOEXEC                        = 0x8
+	MS_NOREMOTELOCK                  = 0x8000000
+	MS_NOSEC                         = 0x10000000
 	MS_NOSUID                        = 0x2
 	MS_NOUSER                        = -0x80000000
 	MS_POSIXACL                      = 0x10000
@@ -838,6 +860,7 @@ const (
 	MS_SYNC                          = 0x4
 	MS_SYNCHRONOUS                   = 0x10
 	MS_UNBINDABLE                    = 0x20000
+	MS_VERBOSE                       = 0x8000
 	NAME_MAX                         = 0xff
 	NETLINK_ADD_MEMBERSHIP           = 0x1
 	NETLINK_AUDIT                    = 0x9

unix/zerrors_linux_ppc64le.go

@@ -168,6 +168,7 @@ const (
 	BLKFRASET                        = 0x20001264
 	BLKGETSIZE                       = 0x20001260
 	BLKGETSIZE64                     = 0x40081272
+	BLKPBSZGET                       = 0x2000127b
 	BLKRAGET                         = 0x20001263
 	BLKRASET                         = 0x20001262
 	BLKROGET                         = 0x2000125e
@@ -449,6 +450,24 @@ const (
 	FF1                              = 0x4000
 	FFDLY                            = 0x4000
 	FLUSHO                           = 0x800000
+	FS_ENCRYPTION_MODE_AES_256_CBC   = 0x3
+	FS_ENCRYPTION_MODE_AES_256_CTS   = 0x4
+	FS_ENCRYPTION_MODE_AES_256_GCM   = 0x2
+	FS_ENCRYPTION_MODE_AES_256_XTS   = 0x1
+	FS_ENCRYPTION_MODE_INVALID       = 0x0
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	FS_KEY_DESCRIPTOR_SIZE           = 0x8
+	FS_KEY_DESC_PREFIX               = "fscrypt:"
+	FS_KEY_DESC_PREFIX_SIZE          = 0x8
+	FS_MAX_KEY_SIZE                  = 0x40
+	FS_POLICY_FLAGS_PAD_16           = 0x2
+	FS_POLICY_FLAGS_PAD_32           = 0x3
+	FS_POLICY_FLAGS_PAD_4            = 0x0
+	FS_POLICY_FLAGS_PAD_8            = 0x1
+	FS_POLICY_FLAGS_PAD_MASK         = 0x3
+	FS_POLICY_FLAGS_VALID            = 0x3
 	F_DUPFD                          = 0x0
 	F_DUPFD_CLOEXEC                  = 0x406
 	F_EXLCK                          = 0x4
@@ -809,6 +828,7 @@ const (
 	MS_ACTIVE                        = 0x40000000
 	MS_ASYNC                         = 0x1
 	MS_BIND                          = 0x1000
+	MS_BORN                          = 0x20000000
 	MS_DIRSYNC                       = 0x80
 	MS_INVALIDATE                    = 0x2
 	MS_I_VERSION                     = 0x800000
@@ -822,6 +842,8 @@ const (
 	MS_NODEV                         = 0x4
 	MS_NODIRATIME                    = 0x800
 	MS_NOEXEC                        = 0x8
+	MS_NOREMOTELOCK                  = 0x8000000
+	MS_NOSEC                         = 0x10000000
 	MS_NOSUID                        = 0x2
 	MS_NOUSER                        = -0x80000000
 	MS_POSIXACL                      = 0x10000
@@ -838,6 +860,7 @@ const (
 	MS_SYNC                          = 0x4
 	MS_SYNCHRONOUS                   = 0x10
 	MS_UNBINDABLE                    = 0x20000
+	MS_VERBOSE                       = 0x8000
 	NAME_MAX                         = 0xff
 	NETLINK_ADD_MEMBERSHIP           = 0x1
 	NETLINK_AUDIT                    = 0x9

unix/zerrors_linux_s390x.go

@@ -168,6 +168,7 @@ const (
 	BLKFRASET                        = 0x1264
 	BLKGETSIZE                       = 0x1260
 	BLKGETSIZE64                     = 0x80081272
+	BLKPBSZGET                       = 0x127b
 	BLKRAGET                         = 0x1263
 	BLKRASET                         = 0x1262
 	BLKROGET                         = 0x125e
@@ -449,6 +450,24 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x1000
+	FS_ENCRYPTION_MODE_AES_256_CBC   = 0x3
+	FS_ENCRYPTION_MODE_AES_256_CTS   = 0x4
+	FS_ENCRYPTION_MODE_AES_256_GCM   = 0x2
+	FS_ENCRYPTION_MODE_AES_256_XTS   = 0x1
+	FS_ENCRYPTION_MODE_INVALID       = 0x0
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
+	FS_KEY_DESCRIPTOR_SIZE           = 0x8
+	FS_KEY_DESC_PREFIX               = "fscrypt:"
+	FS_KEY_DESC_PREFIX_SIZE          = 0x8
+	FS_MAX_KEY_SIZE                  = 0x40
+	FS_POLICY_FLAGS_PAD_16           = 0x2
+	FS_POLICY_FLAGS_PAD_32           = 0x3
+	FS_POLICY_FLAGS_PAD_4            = 0x0
+	FS_POLICY_FLAGS_PAD_8            = 0x1
+	FS_POLICY_FLAGS_PAD_MASK         = 0x3
+	FS_POLICY_FLAGS_VALID            = 0x3
 	F_DUPFD                          = 0x0
 	F_DUPFD_CLOEXEC                  = 0x406
 	F_EXLCK                          = 0x4
@@ -809,6 +828,7 @@ const (
 	MS_ACTIVE                        = 0x40000000
 	MS_ASYNC                         = 0x1
 	MS_BIND                          = 0x1000
+	MS_BORN                          = 0x20000000
 	MS_DIRSYNC                       = 0x80
 	MS_INVALIDATE                    = 0x2
 	MS_I_VERSION                     = 0x800000
@@ -822,6 +842,8 @@ const (
 	MS_NODEV                         = 0x4
 	MS_NODIRATIME                    = 0x800
 	MS_NOEXEC                        = 0x8
+	MS_NOREMOTELOCK                  = 0x8000000
+	MS_NOSEC                         = 0x10000000
 	MS_NOSUID                        = 0x2
 	MS_NOUSER                        = -0x80000000
 	MS_POSIXACL                      = 0x10000
@@ -838,6 +860,7 @@ const (
 	MS_SYNC                          = 0x4
 	MS_SYNCHRONOUS                   = 0x10
 	MS_UNBINDABLE                    = 0x20000
+	MS_VERBOSE                       = 0x8000
 	NAME_MAX                         = 0xff
 	NETLINK_ADD_MEMBERSHIP           = 0x1
 	NETLINK_AUDIT                    = 0x9

unix/ztypes_linux_386.go

@@ -152,6 +152,20 @@ type Flock_t struct {
 	Pid    int32
 }
 
+type FscryptPolicy struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	Master_key_descriptor     [8]uint8
+}
+
+type FscryptKey struct {
+	Mode uint32
+	Raw  [64]uint8
+	Size uint32
+}
+
 const (
 	FADV_NORMAL     = 0x0
 	FADV_RANDOM     = 0x1

unix/ztypes_linux_amd64.go

@@ -154,6 +154,20 @@ type Flock_t struct {
 	Pad_cgo_1 [4]byte
 }
 
+type FscryptPolicy struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	Master_key_descriptor     [8]uint8
+}
+
+type FscryptKey struct {
+	Mode uint32
+	Raw  [64]uint8
+	Size uint32
+}
+
 const (
 	FADV_NORMAL     = 0x0
 	FADV_RANDOM     = 0x1

unix/ztypes_linux_arm.go

@@ -156,6 +156,20 @@ type Flock_t struct {
 	Pad_cgo_1 [4]byte
 }
 
+type FscryptPolicy struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	Master_key_descriptor     [8]uint8
+}
+
+type FscryptKey struct {
+	Mode uint32
+	Raw  [64]uint8
+	Size uint32
+}
+
 const (
 	FADV_NORMAL     = 0x0
 	FADV_RANDOM     = 0x1

unix/ztypes_linux_arm64.go

@@ -155,6 +155,20 @@ type Flock_t struct {
 	Pad_cgo_1 [4]byte
 }
 
+type FscryptPolicy struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	Master_key_descriptor     [8]uint8
+}
+
+type FscryptKey struct {
+	Mode uint32
+	Raw  [64]uint8
+	Size uint32
+}
+
 const (
 	FADV_NORMAL     = 0x0
 	FADV_RANDOM     = 0x1

unix/ztypes_linux_mips.go

@@ -155,6 +155,20 @@ type Flock_t struct {
 	Pad_cgo_1 [4]byte
 }
 
+type FscryptPolicy struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	Master_key_descriptor     [8]uint8
+}
+
+type FscryptKey struct {
+	Mode uint32
+	Raw  [64]uint8
+	Size uint32
+}
+
 const (
 	FADV_NORMAL     = 0x0
 	FADV_RANDOM     = 0x1

unix/ztypes_linux_mips64.go

@@ -155,6 +155,20 @@ type Flock_t struct {
 	Pad_cgo_1 [4]byte
 }
 
+type FscryptPolicy struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	Master_key_descriptor     [8]uint8
+}
+
+type FscryptKey struct {
+	Mode uint32
+	Raw  [64]uint8
+	Size uint32
+}
+
 const (
 	FADV_NORMAL     = 0x0
 	FADV_RANDOM     = 0x1

unix/ztypes_linux_mips64le.go

@@ -155,6 +155,20 @@ type Flock_t struct {
 	Pad_cgo_1 [4]byte
 }
 
+type FscryptPolicy struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	Master_key_descriptor     [8]uint8
+}
+
+type FscryptKey struct {
+	Mode uint32
+	Raw  [64]uint8
+	Size uint32
+}
+
 const (
 	FADV_NORMAL     = 0x0
 	FADV_RANDOM     = 0x1

unix/ztypes_linux_mipsle.go

@@ -155,6 +155,20 @@ type Flock_t struct {
 	Pad_cgo_1 [4]byte
 }
 
+type FscryptPolicy struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	Master_key_descriptor     [8]uint8
+}
+
+type FscryptKey struct {
+	Mode uint32
+	Raw  [64]uint8
+	Size uint32
+}
+
 const (
 	FADV_NORMAL     = 0x0
 	FADV_RANDOM     = 0x1

unix/ztypes_linux_ppc64.go

@@ -156,6 +156,20 @@ type Flock_t struct {
 	Pad_cgo_1 [4]byte
 }
 
+type FscryptPolicy struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	Master_key_descriptor     [8]uint8
+}
+
+type FscryptKey struct {
+	Mode uint32
+	Raw  [64]uint8
+	Size uint32
+}
+
 const (
 	FADV_NORMAL     = 0x0
 	FADV_RANDOM     = 0x1

unix/ztypes_linux_ppc64le.go

@@ -156,6 +156,20 @@ type Flock_t struct {
 	Pad_cgo_1 [4]byte
 }
 
+type FscryptPolicy struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	Master_key_descriptor     [8]uint8
+}
+
+type FscryptKey struct {
+	Mode uint32
+	Raw  [64]uint8
+	Size uint32
+}
+
 const (
 	FADV_NORMAL     = 0x0
 	FADV_RANDOM     = 0x1

unix/ztypes_linux_s390x.go

@@ -155,6 +155,20 @@ type Flock_t struct {
 	_      [4]byte
 }
 
+type FscryptPolicy struct {
+	Version                   uint8
+	Contents_encryption_mode  uint8
+	Filenames_encryption_mode uint8
+	Flags                     uint8
+	Master_key_descriptor     [8]uint8
+}
+
+type FscryptKey struct {
+	Mode uint32
+	Raw  [64]uint8
+	Size uint32
+}
+
 const (
 	FADV_NORMAL     = 0x0
 	FADV_RANDOM     = 0x1