diff options
| author | Roberto Sassu <roberto.sassu@polito.it> | 2011-06-27 07:45:43 -0400 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-06-27 09:11:02 -0400 |
| commit | f8f8527103a264b5e4ab2ce5c1743b28f3219d90 (patch) | |
| tree | b10b58c812409c60223716fe8514a76a924a30aa /fs/ecryptfs | |
| parent | 4e561d388feff18e4b798cef6a1a84a2cc7f20c2 (diff) | |
eCryptfs: export global eCryptfs definitions to include/linux/ecryptfs.h
Some eCryptfs specific definitions, such as the current version and the
authentication token structure, are moved to the new include file
'include/linux/ecryptfs.h', in order to be available for all kernel
subsystems.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
Acked-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'fs/ecryptfs')
| -rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 109 |
1 files changed, 1 insertions, 108 deletions
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 43c7c43b06f5..bb8ec5d4301c 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
| @@ -36,125 +36,18 @@ | |||
| 36 | #include <linux/hash.h> | 36 | #include <linux/hash.h> |
| 37 | #include <linux/nsproxy.h> | 37 | #include <linux/nsproxy.h> |
| 38 | #include <linux/backing-dev.h> | 38 | #include <linux/backing-dev.h> |
| 39 | #include <linux/ecryptfs.h> | ||
| 39 | 40 | ||
| 40 | /* Version verification for shared data structures w/ userspace */ | ||
| 41 | #define ECRYPTFS_VERSION_MAJOR 0x00 | ||
| 42 | #define ECRYPTFS_VERSION_MINOR 0x04 | ||
| 43 | #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03 | ||
| 44 | /* These flags indicate which features are supported by the kernel | ||
| 45 | * module; userspace tools such as the mount helper read | ||
| 46 | * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine | ||
| 47 | * how to behave. */ | ||
| 48 | #define ECRYPTFS_VERSIONING_PASSPHRASE 0x00000001 | ||
| 49 | #define ECRYPTFS_VERSIONING_PUBKEY 0x00000002 | ||
| 50 | #define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004 | ||
| 51 | #define ECRYPTFS_VERSIONING_POLICY 0x00000008 | ||
| 52 | #define ECRYPTFS_VERSIONING_XATTR 0x00000010 | ||
| 53 | #define ECRYPTFS_VERSIONING_MULTKEY 0x00000020 | ||
| 54 | #define ECRYPTFS_VERSIONING_DEVMISC 0x00000040 | ||
| 55 | #define ECRYPTFS_VERSIONING_HMAC 0x00000080 | ||
| 56 | #define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION 0x00000100 | ||
| 57 | #define ECRYPTFS_VERSIONING_GCM 0x00000200 | ||
| 58 | #define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \ | ||
| 59 | | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \ | ||
| 60 | | ECRYPTFS_VERSIONING_PUBKEY \ | ||
| 61 | | ECRYPTFS_VERSIONING_XATTR \ | ||
| 62 | | ECRYPTFS_VERSIONING_MULTKEY \ | ||
| 63 | | ECRYPTFS_VERSIONING_DEVMISC \ | ||
| 64 | | ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION) | ||
| 65 | #define ECRYPTFS_MAX_PASSWORD_LENGTH 64 | ||
| 66 | #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH | ||
| 67 | #define ECRYPTFS_SALT_SIZE 8 | ||
| 68 | #define ECRYPTFS_SALT_SIZE_HEX (ECRYPTFS_SALT_SIZE*2) | ||
| 69 | /* The original signature size is only for what is stored on disk; all | ||
| 70 | * in-memory representations are expanded hex, so it better adapted to | ||
| 71 | * be passed around or referenced on the command line */ | ||
| 72 | #define ECRYPTFS_SIG_SIZE 8 | ||
| 73 | #define ECRYPTFS_SIG_SIZE_HEX (ECRYPTFS_SIG_SIZE*2) | ||
| 74 | #define ECRYPTFS_PASSWORD_SIG_SIZE ECRYPTFS_SIG_SIZE_HEX | ||
| 75 | #define ECRYPTFS_MAX_KEY_BYTES 64 | ||
| 76 | #define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512 | ||
| 77 | #define ECRYPTFS_DEFAULT_IV_BYTES 16 | 41 | #define ECRYPTFS_DEFAULT_IV_BYTES 16 |
| 78 | #define ECRYPTFS_FILE_VERSION 0x03 | ||
| 79 | #define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096 | 42 | #define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096 |
| 80 | #define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192 | 43 | #define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192 |
| 81 | #define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32 | 44 | #define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32 |
| 82 | #define ECRYPTFS_DEFAULT_SEND_TIMEOUT HZ | 45 | #define ECRYPTFS_DEFAULT_SEND_TIMEOUT HZ |
| 83 | #define ECRYPTFS_MAX_MSG_CTX_TTL (HZ*3) | 46 | #define ECRYPTFS_MAX_MSG_CTX_TTL (HZ*3) |
| 84 | #define ECRYPTFS_MAX_PKI_NAME_BYTES 16 | ||
| 85 | #define ECRYPTFS_DEFAULT_NUM_USERS 4 | 47 | #define ECRYPTFS_DEFAULT_NUM_USERS 4 |
| 86 | #define ECRYPTFS_MAX_NUM_USERS 32768 | 48 | #define ECRYPTFS_MAX_NUM_USERS 32768 |
| 87 | #define ECRYPTFS_XATTR_NAME "user.ecryptfs" | 49 | #define ECRYPTFS_XATTR_NAME "user.ecryptfs" |
| 88 | 50 | ||
| 89 | #define RFC2440_CIPHER_DES3_EDE 0x02 | ||
| 90 | #define RFC2440_CIPHER_CAST_5 0x03 | ||
| 91 | #define RFC2440_CIPHER_BLOWFISH 0x04 | ||
| 92 | #define RFC2440_CIPHER_AES_128 0x07 | ||
| 93 | #define RFC2440_CIPHER_AES_192 0x08 | ||
| 94 | #define RFC2440_CIPHER_AES_256 0x09 | ||
| 95 | #define RFC2440_CIPHER_TWOFISH 0x0a | ||
| 96 | #define RFC2440_CIPHER_CAST_6 0x0b | ||
| 97 | |||
| 98 | #define RFC2440_CIPHER_RSA 0x01 | ||
| 99 | |||
| 100 | /** | ||
| 101 | * For convenience, we may need to pass around the encrypted session | ||
| 102 | * key between kernel and userspace because the authentication token | ||
| 103 | * may not be extractable. For example, the TPM may not release the | ||
| 104 | * private key, instead requiring the encrypted data and returning the | ||
| 105 | * decrypted data. | ||
| 106 | */ | ||
| 107 | struct ecryptfs_session_key { | ||
| 108 | #define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT 0x00000001 | ||
| 109 | #define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT 0x00000002 | ||
| 110 | #define ECRYPTFS_CONTAINS_DECRYPTED_KEY 0x00000004 | ||
| 111 | #define ECRYPTFS_CONTAINS_ENCRYPTED_KEY 0x00000008 | ||
| 112 | u32 flags; | ||
| 113 | u32 encrypted_key_size; | ||
| 114 | u32 decrypted_key_size; | ||
| 115 | u8 encrypted_key[ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES]; | ||
| 116 | u8 decrypted_key[ECRYPTFS_MAX_KEY_BYTES]; | ||
| 117 | }; | ||
| 118 | |||
| 119 | struct ecryptfs_password { | ||
| 120 | u32 password_bytes; | ||
| 121 | s32 hash_algo; | ||
| 122 | u32 hash_iterations; | ||
| 123 | u32 session_key_encryption_key_bytes; | ||
| 124 | #define ECRYPTFS_PERSISTENT_PASSWORD 0x01 | ||
| 125 | #define ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET 0x02 | ||
| 126 | u32 flags; | ||
| 127 | /* Iterated-hash concatenation of salt and passphrase */ | ||
| 128 | u8 session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES]; | ||
| 129 | u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1]; | ||
| 130 | /* Always in expanded hex */ | ||
| 131 | u8 salt[ECRYPTFS_SALT_SIZE]; | ||
| 132 | }; | ||
| 133 | |||
| 134 | enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY}; | ||
| 135 | |||
| 136 | struct ecryptfs_private_key { | ||
| 137 | u32 key_size; | ||
| 138 | u32 data_len; | ||
| 139 | u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1]; | ||
| 140 | char pki_type[ECRYPTFS_MAX_PKI_NAME_BYTES + 1]; | ||
| 141 | u8 data[]; | ||
| 142 | }; | ||
| 143 | |||
| 144 | /* May be a password or a private key */ | ||
| 145 | struct ecryptfs_auth_tok { | ||
| 146 | u16 version; /* 8-bit major and 8-bit minor */ | ||
| 147 | u16 token_type; | ||
| 148 | #define ECRYPTFS_ENCRYPT_ONLY 0x00000001 | ||
| 149 | u32 flags; | ||
| 150 | struct ecryptfs_session_key session_key; | ||
| 151 | u8 reserved[32]; | ||
| 152 | union { | ||
| 153 | struct ecryptfs_password password; | ||
| 154 | struct ecryptfs_private_key private_key; | ||
| 155 | } token; | ||
| 156 | } __attribute__ ((packed)); | ||
| 157 | |||
| 158 | void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok); | 51 | void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok); |
| 159 | extern void ecryptfs_to_hex(char *dst, char *src, size_t src_size); | 52 | extern void ecryptfs_to_hex(char *dst, char *src, size_t src_size); |
| 160 | extern void ecryptfs_from_hex(char *dst, char *src, int dst_size); | 53 | extern void ecryptfs_from_hex(char *dst, char *src, int dst_size); |