aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs/ecryptfs_kernel.h
diff options
context:
space:
mode:
authorRoberto Sassu <roberto.sassu@polito.it>2011-06-27 07:45:43 -0400
committerMimi Zohar <zohar@linux.vnet.ibm.com>2011-06-27 09:11:02 -0400
commitf8f8527103a264b5e4ab2ce5c1743b28f3219d90 (patch)
treeb10b58c812409c60223716fe8514a76a924a30aa /fs/ecryptfs/ecryptfs_kernel.h
parent4e561d388feff18e4b798cef6a1a84a2cc7f20c2 (diff)
eCryptfs: export global eCryptfs definitions to include/linux/ecryptfs.h
Some eCryptfs specific definitions, such as the current version and the authentication token structure, are moved to the new include file 'include/linux/ecryptfs.h', in order to be available for all kernel subsystems. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Acked-by: Gianluca Ramunno <ramunno@polito.it> Acked-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'fs/ecryptfs/ecryptfs_kernel.h')
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h109
1 files changed, 1 insertions, 108 deletions
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 43c7c43b06f5..bb8ec5d4301c 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -36,125 +36,18 @@
36#include <linux/hash.h> 36#include <linux/hash.h>
37#include <linux/nsproxy.h> 37#include <linux/nsproxy.h>
38#include <linux/backing-dev.h> 38#include <linux/backing-dev.h>
39#include <linux/ecryptfs.h>
39 40
40/* Version verification for shared data structures w/ userspace */
41#define ECRYPTFS_VERSION_MAJOR 0x00
42#define ECRYPTFS_VERSION_MINOR 0x04
43#define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03
44/* These flags indicate which features are supported by the kernel
45 * module; userspace tools such as the mount helper read
46 * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine
47 * how to behave. */
48#define ECRYPTFS_VERSIONING_PASSPHRASE 0x00000001
49#define ECRYPTFS_VERSIONING_PUBKEY 0x00000002
50#define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004
51#define ECRYPTFS_VERSIONING_POLICY 0x00000008
52#define ECRYPTFS_VERSIONING_XATTR 0x00000010
53#define ECRYPTFS_VERSIONING_MULTKEY 0x00000020
54#define ECRYPTFS_VERSIONING_DEVMISC 0x00000040
55#define ECRYPTFS_VERSIONING_HMAC 0x00000080
56#define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION 0x00000100
57#define ECRYPTFS_VERSIONING_GCM 0x00000200
58#define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \
59 | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \
60 | ECRYPTFS_VERSIONING_PUBKEY \
61 | ECRYPTFS_VERSIONING_XATTR \
62 | ECRYPTFS_VERSIONING_MULTKEY \
63 | ECRYPTFS_VERSIONING_DEVMISC \
64 | ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION)
65#define ECRYPTFS_MAX_PASSWORD_LENGTH 64
66#define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH
67#define ECRYPTFS_SALT_SIZE 8
68#define ECRYPTFS_SALT_SIZE_HEX (ECRYPTFS_SALT_SIZE*2)
69/* The original signature size is only for what is stored on disk; all
70 * in-memory representations are expanded hex, so it better adapted to
71 * be passed around or referenced on the command line */
72#define ECRYPTFS_SIG_SIZE 8
73#define ECRYPTFS_SIG_SIZE_HEX (ECRYPTFS_SIG_SIZE*2)
74#define ECRYPTFS_PASSWORD_SIG_SIZE ECRYPTFS_SIG_SIZE_HEX
75#define ECRYPTFS_MAX_KEY_BYTES 64
76#define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512
77#define ECRYPTFS_DEFAULT_IV_BYTES 16 41#define ECRYPTFS_DEFAULT_IV_BYTES 16
78#define ECRYPTFS_FILE_VERSION 0x03
79#define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096 42#define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096
80#define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192 43#define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192
81#define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32 44#define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32
82#define ECRYPTFS_DEFAULT_SEND_TIMEOUT HZ 45#define ECRYPTFS_DEFAULT_SEND_TIMEOUT HZ
83#define ECRYPTFS_MAX_MSG_CTX_TTL (HZ*3) 46#define ECRYPTFS_MAX_MSG_CTX_TTL (HZ*3)
84#define ECRYPTFS_MAX_PKI_NAME_BYTES 16
85#define ECRYPTFS_DEFAULT_NUM_USERS 4 47#define ECRYPTFS_DEFAULT_NUM_USERS 4
86#define ECRYPTFS_MAX_NUM_USERS 32768 48#define ECRYPTFS_MAX_NUM_USERS 32768
87#define ECRYPTFS_XATTR_NAME "user.ecryptfs" 49#define ECRYPTFS_XATTR_NAME "user.ecryptfs"
88 50
89#define RFC2440_CIPHER_DES3_EDE 0x02
90#define RFC2440_CIPHER_CAST_5 0x03
91#define RFC2440_CIPHER_BLOWFISH 0x04
92#define RFC2440_CIPHER_AES_128 0x07
93#define RFC2440_CIPHER_AES_192 0x08
94#define RFC2440_CIPHER_AES_256 0x09
95#define RFC2440_CIPHER_TWOFISH 0x0a
96#define RFC2440_CIPHER_CAST_6 0x0b
97
98#define RFC2440_CIPHER_RSA 0x01
99
100/**
101 * For convenience, we may need to pass around the encrypted session
102 * key between kernel and userspace because the authentication token
103 * may not be extractable. For example, the TPM may not release the
104 * private key, instead requiring the encrypted data and returning the
105 * decrypted data.
106 */
107struct ecryptfs_session_key {
108#define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT 0x00000001
109#define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT 0x00000002
110#define ECRYPTFS_CONTAINS_DECRYPTED_KEY 0x00000004
111#define ECRYPTFS_CONTAINS_ENCRYPTED_KEY 0x00000008
112 u32 flags;
113 u32 encrypted_key_size;
114 u32 decrypted_key_size;
115 u8 encrypted_key[ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES];
116 u8 decrypted_key[ECRYPTFS_MAX_KEY_BYTES];
117};
118
119struct ecryptfs_password {
120 u32 password_bytes;
121 s32 hash_algo;
122 u32 hash_iterations;
123 u32 session_key_encryption_key_bytes;
124#define ECRYPTFS_PERSISTENT_PASSWORD 0x01
125#define ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET 0x02
126 u32 flags;
127 /* Iterated-hash concatenation of salt and passphrase */
128 u8 session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
129 u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
130 /* Always in expanded hex */
131 u8 salt[ECRYPTFS_SALT_SIZE];
132};
133
134enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY};
135
136struct ecryptfs_private_key {
137 u32 key_size;
138 u32 data_len;
139 u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
140 char pki_type[ECRYPTFS_MAX_PKI_NAME_BYTES + 1];
141 u8 data[];
142};
143
144/* May be a password or a private key */
145struct ecryptfs_auth_tok {
146 u16 version; /* 8-bit major and 8-bit minor */
147 u16 token_type;
148#define ECRYPTFS_ENCRYPT_ONLY 0x00000001
149 u32 flags;
150 struct ecryptfs_session_key session_key;
151 u8 reserved[32];
152 union {
153 struct ecryptfs_password password;
154 struct ecryptfs_private_key private_key;
155 } token;
156} __attribute__ ((packed));
157
158void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok); 51void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok);
159extern void ecryptfs_to_hex(char *dst, char *src, size_t src_size); 52extern void ecryptfs_to_hex(char *dst, char *src, size_t src_size);
160extern void ecryptfs_from_hex(char *dst, char *src, int dst_size); 53extern void ecryptfs_from_hex(char *dst, char *src, int dst_size);