diff options
| author | Michael Halcrow <mhalcrow@us.ibm.com> | 2007-10-16 04:28:05 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-10-16 12:43:12 -0400 |
| commit | 45eaab79678b9e27e08f0cf250eb2df9d6a48df0 (patch) | |
| tree | ff13018aa1d66f1b1d9abbba6df7a361518bacb7 /fs/ecryptfs/ecryptfs_kernel.h | |
| parent | e9f6a99cb844a61b04cab5b82e333d6efef1f735 (diff) | |
eCryptfs: remove header_extent_size
There is no point to keeping a separate header_extent_size and an extent_size.
The total size of the header can always be represented as some multiple of
the regular data extent size.
[randy.dunlap@oracle.com: ecryptfs: fix printk format warning]
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ecryptfs/ecryptfs_kernel.h')
| -rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 39 |
1 files changed, 27 insertions, 12 deletions
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 78761e4bdab8..a618ab77642d 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
| @@ -38,7 +38,7 @@ | |||
| 38 | /* Version verification for shared data structures w/ userspace */ | 38 | /* Version verification for shared data structures w/ userspace */ |
| 39 | #define ECRYPTFS_VERSION_MAJOR 0x00 | 39 | #define ECRYPTFS_VERSION_MAJOR 0x00 |
| 40 | #define ECRYPTFS_VERSION_MINOR 0x04 | 40 | #define ECRYPTFS_VERSION_MINOR 0x04 |
| 41 | #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x02 | 41 | #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03 |
| 42 | /* These flags indicate which features are supported by the kernel | 42 | /* These flags indicate which features are supported by the kernel |
| 43 | * module; userspace tools such as the mount helper read | 43 | * module; userspace tools such as the mount helper read |
| 44 | * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine | 44 | * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine |
| @@ -67,8 +67,7 @@ | |||
| 67 | #define ECRYPTFS_MAX_KEY_BYTES 64 | 67 | #define ECRYPTFS_MAX_KEY_BYTES 64 |
| 68 | #define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512 | 68 | #define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512 |
| 69 | #define ECRYPTFS_DEFAULT_IV_BYTES 16 | 69 | #define ECRYPTFS_DEFAULT_IV_BYTES 16 |
| 70 | #define ECRYPTFS_FILE_VERSION 0x02 | 70 | #define ECRYPTFS_FILE_VERSION 0x03 |
| 71 | #define ECRYPTFS_DEFAULT_HEADER_EXTENT_SIZE 8192 | ||
| 72 | #define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096 | 71 | #define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096 |
| 73 | #define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192 | 72 | #define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192 |
| 74 | #define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32 | 73 | #define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32 |
| @@ -201,7 +200,7 @@ ecryptfs_get_key_payload_data(struct key *key) | |||
| 201 | #define ECRYPTFS_SALT_BYTES 2 | 200 | #define ECRYPTFS_SALT_BYTES 2 |
| 202 | #define MAGIC_ECRYPTFS_MARKER 0x3c81b7f5 | 201 | #define MAGIC_ECRYPTFS_MARKER 0x3c81b7f5 |
| 203 | #define MAGIC_ECRYPTFS_MARKER_SIZE_BYTES 8 /* 4*2 */ | 202 | #define MAGIC_ECRYPTFS_MARKER_SIZE_BYTES 8 /* 4*2 */ |
| 204 | #define ECRYPTFS_FILE_SIZE_BYTES 8 | 203 | #define ECRYPTFS_FILE_SIZE_BYTES (sizeof(u64)) |
| 205 | #define ECRYPTFS_DEFAULT_CIPHER "aes" | 204 | #define ECRYPTFS_DEFAULT_CIPHER "aes" |
| 206 | #define ECRYPTFS_DEFAULT_KEY_BYTES 16 | 205 | #define ECRYPTFS_DEFAULT_KEY_BYTES 16 |
| 207 | #define ECRYPTFS_DEFAULT_HASH "md5" | 206 | #define ECRYPTFS_DEFAULT_HASH "md5" |
| @@ -238,7 +237,6 @@ struct ecryptfs_crypt_stat { | |||
| 238 | u32 flags; | 237 | u32 flags; |
| 239 | unsigned int file_version; | 238 | unsigned int file_version; |
| 240 | size_t iv_bytes; | 239 | size_t iv_bytes; |
| 241 | size_t header_extent_size; | ||
| 242 | size_t num_header_extents_at_front; | 240 | size_t num_header_extents_at_front; |
| 243 | size_t extent_size; /* Data extent size; default is 4096 */ | 241 | size_t extent_size; /* Data extent size; default is 4096 */ |
| 244 | size_t key_size; | 242 | size_t key_size; |
| @@ -273,6 +271,17 @@ struct ecryptfs_dentry_info { | |||
| 273 | }; | 271 | }; |
| 274 | 272 | ||
| 275 | /** | 273 | /** |
| 274 | * ecryptfs_global_auth_tok - A key used to encrypt all new files under the mountpoint | ||
| 275 | * @flags: Status flags | ||
| 276 | * @mount_crypt_stat_list: These auth_toks hang off the mount-wide | ||
| 277 | * cryptographic context. Every time a new | ||
| 278 | * inode comes into existence, eCryptfs copies | ||
| 279 | * the auth_toks on that list to the set of | ||
| 280 | * auth_toks on the inode's crypt_stat | ||
| 281 | * @global_auth_tok_key: The key from the user's keyring for the sig | ||
| 282 | * @global_auth_tok: The key contents | ||
| 283 | * @sig: The key identifier | ||
| 284 | * | ||
| 276 | * ecryptfs_global_auth_tok structs refer to authentication token keys | 285 | * ecryptfs_global_auth_tok structs refer to authentication token keys |
| 277 | * in the user keyring that apply to newly created files. A list of | 286 | * in the user keyring that apply to newly created files. A list of |
| 278 | * these objects hangs off of the mount_crypt_stat struct for any | 287 | * these objects hangs off of the mount_crypt_stat struct for any |
| @@ -283,15 +292,21 @@ struct ecryptfs_dentry_info { | |||
| 283 | struct ecryptfs_global_auth_tok { | 292 | struct ecryptfs_global_auth_tok { |
| 284 | #define ECRYPTFS_AUTH_TOK_INVALID 0x00000001 | 293 | #define ECRYPTFS_AUTH_TOK_INVALID 0x00000001 |
| 285 | u32 flags; | 294 | u32 flags; |
| 286 | struct list_head mount_crypt_stat_list; /* Default auth_tok list for | 295 | struct list_head mount_crypt_stat_list; |
| 287 | * the mount_crypt_stat */ | 296 | struct key *global_auth_tok_key; |
| 288 | struct key *global_auth_tok_key; /* The key from the user's keyring for | 297 | struct ecryptfs_auth_tok *global_auth_tok; |
| 289 | * the sig */ | 298 | unsigned char sig[ECRYPTFS_SIG_SIZE_HEX + 1]; |
| 290 | struct ecryptfs_auth_tok *global_auth_tok; /* The key contents */ | ||
| 291 | unsigned char sig[ECRYPTFS_SIG_SIZE_HEX + 1]; /* The key identifier */ | ||
| 292 | }; | 299 | }; |
| 293 | 300 | ||
| 294 | /** | 301 | /** |
| 302 | * ecryptfs_key_tfm - Persistent key tfm | ||
| 303 | * @key_tfm: crypto API handle to the key | ||
| 304 | * @key_size: Key size in bytes | ||
| 305 | * @key_tfm_mutex: Mutex to ensure only one operation in eCryptfs is | ||
| 306 | * using the persistent TFM at any point in time | ||
| 307 | * @key_tfm_list: Handle to hang this off the module-wide TFM list | ||
| 308 | * @cipher_name: String name for the cipher for this TFM | ||
| 309 | * | ||
| 295 | * Typically, eCryptfs will use the same ciphers repeatedly throughout | 310 | * Typically, eCryptfs will use the same ciphers repeatedly throughout |
| 296 | * the course of its operations. In order to avoid unnecessarily | 311 | * the course of its operations. In order to avoid unnecessarily |
| 297 | * destroying and initializing the same cipher repeatedly, eCryptfs | 312 | * destroying and initializing the same cipher repeatedly, eCryptfs |
| @@ -301,7 +316,7 @@ struct ecryptfs_key_tfm { | |||
| 301 | struct crypto_blkcipher *key_tfm; | 316 | struct crypto_blkcipher *key_tfm; |
| 302 | size_t key_size; | 317 | size_t key_size; |
| 303 | struct mutex key_tfm_mutex; | 318 | struct mutex key_tfm_mutex; |
| 304 | struct list_head key_tfm_list; /* The module's tfm list */ | 319 | struct list_head key_tfm_list; |
| 305 | unsigned char cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; | 320 | unsigned char cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; |
| 306 | }; | 321 | }; |
| 307 | 322 | ||