4 files changed, 76 insertions, 67 deletions

diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
index 56f98f45cece..4d9d221b1d60 100644
--- a/fs/crypto/crypto.c
+++ b/fs/crypto/crypto.c
@@ -27,7 +27,7 @@
 #include <linux/bio.h>
 #include <linux/dcache.h>
 #include <linux/namei.h>
-#include <linux/fscrypto.h>
+#include "fscrypt_private.h"
 
 static unsigned int num_prealloc_crypto_pages = 32;
 static unsigned int num_prealloc_crypto_ctxs = 128;
diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h
index bb92f0c0961b..c98b2a7fb6d3 100644
--- a/fs/crypto/fscrypt_private.h
+++ b/fs/crypto/fscrypt_private.h
@@ -13,6 +13,77 @@
 
 #include <linux/fscrypto.h>
 
+#define FS_FNAME_CRYPTO_DIGEST_SIZE     32
+
+/* Encryption parameters */
+#define FS_XTS_TWEAK_SIZE               16
+#define FS_AES_128_ECB_KEY_SIZE         16
+#define FS_AES_256_GCM_KEY_SIZE         32
+#define FS_AES_256_CBC_KEY_SIZE         32
+#define FS_AES_256_CTS_KEY_SIZE         32
+#define FS_AES_256_XTS_KEY_SIZE         64
+#define FS_MAX_KEY_SIZE                 64
+
+#define FS_KEY_DESC_PREFIX              "fscrypt:"
+#define FS_KEY_DESC_PREFIX_SIZE         8
+
+#define FS_KEY_DERIVATION_NONCE_SIZE            16
+
+/**
+ * Encryption context for inode
+ *
+ * Protector format:
+ *  1 byte: Protector format (1 = this version)
+ *  1 byte: File contents encryption mode
+ *  1 byte: File names encryption mode
+ *  1 byte: Flags
+ *  8 bytes: Master Key descriptor
+ *  16 bytes: Encryption Key derivation nonce
+ */
+struct fscrypt_context {
+        u8 format;
+        u8 contents_encryption_mode;
+        u8 filenames_encryption_mode;
+        u8 flags;
+        u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];
+        u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
+} __packed;
+
+#define FS_ENCRYPTION_CONTEXT_FORMAT_V1         1
+
+/* This is passed in from userspace into the kernel keyring */
+struct fscrypt_key {
+        u32 mode;
+        u8 raw[FS_MAX_KEY_SIZE];
+        u32 size;
+} __packed;
+
+/*
+ * A pointer to this structure is stored in the file system's in-core
+ * representation of an inode.
+ */
+struct fscrypt_info {
+        u8 ci_data_mode;
+        u8 ci_filename_mode;
+        u8 ci_flags;
+        struct crypto_skcipher *ci_ctfm;
+        struct key *ci_keyring_key;
+        u8 ci_master_key[FS_KEY_DESCRIPTOR_SIZE];
+};
+
+#define FS_CTX_REQUIRES_FREE_ENCRYPT_FL         0x00000001
+#define FS_WRITE_PATH_FL                        0x00000002
+
+struct fscrypt_completion_result {
+        struct completion completion;
+        int res;
+};
+
+#define DECLARE_FS_COMPLETION_RESULT(ecr) \
+        struct fscrypt_completion_result ecr = { \
+                COMPLETION_INITIALIZER((ecr).completion), 0 }
+
+
 /* crypto.c */
 int fscrypt_initialize(void);
 
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index b96a10e3cf78..6ed7c2eebeec 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -10,8 +10,8 @@
 
 #include <linux/random.h>
 #include <linux/string.h>
-#include <linux/fscrypto.h>
 #include <linux/mount.h>
+#include "fscrypt_private.h"
 
 static int inode_has_encryption_context(struct inode *inode)
 {
diff --git a/include/linux/fscrypto.h b/include/linux/fscrypto.h
index ce2ebdee6a89..71e8a20711ec 100644
--- a/include/linux/fscrypto.h
+++ b/include/linux/fscrypto.h
@@ -18,9 +18,6 @@
 #include <crypto/skcipher.h>
 #include <uapi/linux/fs.h>
 
-#define FS_KEY_DERIVATION_NONCE_SIZE            16
-#define FS_ENCRYPTION_CONTEXT_FORMAT_V1         1
-
 #define FS_POLICY_FLAGS_PAD_4           0x00
 #define FS_POLICY_FLAGS_PAD_8           0x01
 #define FS_POLICY_FLAGS_PAD_16          0x02
@@ -35,56 +32,10 @@
 #define FS_ENCRYPTION_MODE_AES_256_CBC          3
 #define FS_ENCRYPTION_MODE_AES_256_CTS          4
 
-/**
- * Encryption context for inode
- *
- * Protector format:
- *  1 byte: Protector format (1 = this version)
- *  1 byte: File contents encryption mode
- *  1 byte: File names encryption mode
- *  1 byte: Flags
- *  8 bytes: Master Key descriptor
- *  16 bytes: Encryption Key derivation nonce
- */
-struct fscrypt_context {
-        u8 format;
-        u8 contents_encryption_mode;
-        u8 filenames_encryption_mode;
-        u8 flags;
-        u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];
-        u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
-} __packed;
-
-/* Encryption parameters */
-#define FS_XTS_TWEAK_SIZE               16
-#define FS_AES_128_ECB_KEY_SIZE         16
-#define FS_AES_256_GCM_KEY_SIZE         32
-#define FS_AES_256_CBC_KEY_SIZE         32
-#define FS_AES_256_CTS_KEY_SIZE         32
-#define FS_AES_256_XTS_KEY_SIZE         64
-#define FS_MAX_KEY_SIZE                 64
-
-#define FS_KEY_DESC_PREFIX              "fscrypt:"
-#define FS_KEY_DESC_PREFIX_SIZE         8
-
-/* This is passed in from userspace into the kernel keyring */
-struct fscrypt_key {
-        u32 mode;
-        u8 raw[FS_MAX_KEY_SIZE];
-        u32 size;
-} __packed;
-
-struct fscrypt_info {
-        u8 ci_data_mode;
-        u8 ci_filename_mode;
-        u8 ci_flags;
-        struct crypto_skcipher *ci_ctfm;
-        struct key *ci_keyring_key;
-        u8 ci_master_key[FS_KEY_DESCRIPTOR_SIZE];
-};
+#define FS_CRYPTO_BLOCK_SIZE            16
 
-#define FS_CTX_REQUIRES_FREE_ENCRYPT_FL         0x00000001
-#define FS_WRITE_PATH_FL                        0x00000002
+struct fscrypt_info;
+struct fscrypt_ctx;
 
 struct fscrypt_ctx {
         union {
@@ -102,19 +53,6 @@ struct fscrypt_ctx {
         u8 mode;                                /* Encryption mode for tfm */
 };
 
-struct fscrypt_completion_result {
-        struct completion completion;
-        int res;
-};
-
-#define DECLARE_FS_COMPLETION_RESULT(ecr) \
-        struct fscrypt_completion_result ecr = { \
-                COMPLETION_INITIALIZER((ecr).completion), 0 }
-
-#define FS_FNAME_NUM_SCATTER_ENTRIES    4
-#define FS_CRYPTO_BLOCK_SIZE            16
-#define FS_FNAME_CRYPTO_DIGEST_SIZE     32
-
 /**
  * For encrypted symlinks, the ciphertext length is stored at the beginning
  * of the string in little-endian format.