diff options
author | Michael Halcrow <mhalcrow@us.ibm.com> | 2009-01-06 17:41:58 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-01-06 18:59:21 -0500 |
commit | a34f60f748c6fe5d791e9b54cffe442201428254 (patch) | |
tree | 1b5378b49773c0f57bb5f892c3d2096da3c9a803 /fs | |
parent | 9c79f34f7ee71cd28272332b424ca64b2be006ab (diff) |
eCryptfs: Filename Encryption: Header updates
Extensions to the header file to support filename encryption.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Cc: Dustin Kirkland <dustin.kirkland@gmail.com>
Cc: Eric Sandeen <sandeen@redhat.com>
Cc: Tyler Hicks <tchicks@us.ibm.com>
Cc: David Kleikamp <shaggy@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/ecryptfs/crypto.c | 4 | ||||
-rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 61 |
2 files changed, 51 insertions, 14 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 485732751f09..c9839df37c7d 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
@@ -175,8 +175,8 @@ out: | |||
175 | * | 175 | * |
176 | * Returns zero on success; non-zero on error. | 176 | * Returns zero on success; non-zero on error. |
177 | */ | 177 | */ |
178 | static int ecryptfs_derive_iv(char *iv, struct ecryptfs_crypt_stat *crypt_stat, | 178 | int ecryptfs_derive_iv(char *iv, struct ecryptfs_crypt_stat *crypt_stat, |
179 | loff_t offset) | 179 | loff_t offset) |
180 | { | 180 | { |
181 | int rc = 0; | 181 | int rc = 0; |
182 | char dst[MD5_DIGEST_SIZE]; | 182 | char dst[MD5_DIGEST_SIZE]; |
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 76a95bd8819b..b648175a44cd 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
@@ -51,12 +51,16 @@ | |||
51 | #define ECRYPTFS_VERSIONING_XATTR 0x00000010 | 51 | #define ECRYPTFS_VERSIONING_XATTR 0x00000010 |
52 | #define ECRYPTFS_VERSIONING_MULTKEY 0x00000020 | 52 | #define ECRYPTFS_VERSIONING_MULTKEY 0x00000020 |
53 | #define ECRYPTFS_VERSIONING_DEVMISC 0x00000040 | 53 | #define ECRYPTFS_VERSIONING_DEVMISC 0x00000040 |
54 | #define ECRYPTFS_VERSIONING_HMAC 0x00000080 | ||
55 | #define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION 0x00000100 | ||
56 | #define ECRYPTFS_VERSIONING_GCM 0x00000200 | ||
54 | #define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \ | 57 | #define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \ |
55 | | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \ | 58 | | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \ |
56 | | ECRYPTFS_VERSIONING_PUBKEY \ | 59 | | ECRYPTFS_VERSIONING_PUBKEY \ |
57 | | ECRYPTFS_VERSIONING_XATTR \ | 60 | | ECRYPTFS_VERSIONING_XATTR \ |
58 | | ECRYPTFS_VERSIONING_MULTKEY \ | 61 | | ECRYPTFS_VERSIONING_MULTKEY \ |
59 | | ECRYPTFS_VERSIONING_DEVMISC) | 62 | | ECRYPTFS_VERSIONING_DEVMISC \ |
63 | | ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION) | ||
60 | #define ECRYPTFS_MAX_PASSWORD_LENGTH 64 | 64 | #define ECRYPTFS_MAX_PASSWORD_LENGTH 64 |
61 | #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH | 65 | #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH |
62 | #define ECRYPTFS_SALT_SIZE 8 | 66 | #define ECRYPTFS_SALT_SIZE 8 |
@@ -232,23 +236,39 @@ struct ecryptfs_key_sig { | |||
232 | char keysig[ECRYPTFS_SIG_SIZE_HEX]; | 236 | char keysig[ECRYPTFS_SIG_SIZE_HEX]; |
233 | }; | 237 | }; |
234 | 238 | ||
239 | struct ecryptfs_filename { | ||
240 | struct list_head crypt_stat_list; | ||
241 | #define ECRYPTFS_FILENAME_CONTAINS_DECRYPTED 0x00000001 | ||
242 | u32 flags; | ||
243 | u32 seq_no; | ||
244 | char *filename; | ||
245 | char *encrypted_filename; | ||
246 | size_t filename_size; | ||
247 | size_t encrypted_filename_size; | ||
248 | char fnek_sig[ECRYPTFS_SIG_SIZE_HEX]; | ||
249 | char dentry_name[ECRYPTFS_ENCRYPTED_DENTRY_NAME_LEN + 1]; | ||
250 | }; | ||
251 | |||
235 | /** | 252 | /** |
236 | * This is the primary struct associated with each encrypted file. | 253 | * This is the primary struct associated with each encrypted file. |
237 | * | 254 | * |
238 | * TODO: cache align/pack? | 255 | * TODO: cache align/pack? |
239 | */ | 256 | */ |
240 | struct ecryptfs_crypt_stat { | 257 | struct ecryptfs_crypt_stat { |
241 | #define ECRYPTFS_STRUCT_INITIALIZED 0x00000001 | 258 | #define ECRYPTFS_STRUCT_INITIALIZED 0x00000001 |
242 | #define ECRYPTFS_POLICY_APPLIED 0x00000002 | 259 | #define ECRYPTFS_POLICY_APPLIED 0x00000002 |
243 | #define ECRYPTFS_NEW_FILE 0x00000004 | 260 | #define ECRYPTFS_NEW_FILE 0x00000004 |
244 | #define ECRYPTFS_ENCRYPTED 0x00000008 | 261 | #define ECRYPTFS_ENCRYPTED 0x00000008 |
245 | #define ECRYPTFS_SECURITY_WARNING 0x00000010 | 262 | #define ECRYPTFS_SECURITY_WARNING 0x00000010 |
246 | #define ECRYPTFS_ENABLE_HMAC 0x00000020 | 263 | #define ECRYPTFS_ENABLE_HMAC 0x00000020 |
247 | #define ECRYPTFS_ENCRYPT_IV_PAGES 0x00000040 | 264 | #define ECRYPTFS_ENCRYPT_IV_PAGES 0x00000040 |
248 | #define ECRYPTFS_KEY_VALID 0x00000080 | 265 | #define ECRYPTFS_KEY_VALID 0x00000080 |
249 | #define ECRYPTFS_METADATA_IN_XATTR 0x00000100 | 266 | #define ECRYPTFS_METADATA_IN_XATTR 0x00000100 |
250 | #define ECRYPTFS_VIEW_AS_ENCRYPTED 0x00000200 | 267 | #define ECRYPTFS_VIEW_AS_ENCRYPTED 0x00000200 |
251 | #define ECRYPTFS_KEY_SET 0x00000400 | 268 | #define ECRYPTFS_KEY_SET 0x00000400 |
269 | #define ECRYPTFS_ENCRYPT_FILENAMES 0x00000800 | ||
270 | #define ECRYPTFS_ENCFN_USE_MOUNT_FNEK 0x00001000 | ||
271 | #define ECRYPTFS_ENCFN_USE_FEK 0x00002000 | ||
252 | u32 flags; | 272 | u32 flags; |
253 | unsigned int file_version; | 273 | unsigned int file_version; |
254 | size_t iv_bytes; | 274 | size_t iv_bytes; |
@@ -597,6 +617,15 @@ struct ecryptfs_open_req { | |||
597 | int ecryptfs_interpose(struct dentry *hidden_dentry, | 617 | int ecryptfs_interpose(struct dentry *hidden_dentry, |
598 | struct dentry *this_dentry, struct super_block *sb, | 618 | struct dentry *this_dentry, struct super_block *sb, |
599 | u32 flags); | 619 | u32 flags); |
620 | int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry, | ||
621 | struct dentry *lower_dentry, | ||
622 | struct ecryptfs_crypt_stat *crypt_stat, | ||
623 | struct inode *ecryptfs_dir_inode, | ||
624 | struct nameidata *ecryptfs_nd); | ||
625 | int ecryptfs_decode_and_decrypt_filename(char **decrypted_name, | ||
626 | size_t *decrypted_name_size, | ||
627 | struct dentry *ecryptfs_dentry, | ||
628 | const char *name, size_t name_size); | ||
600 | int ecryptfs_fill_zeros(struct file *file, loff_t new_length); | 629 | int ecryptfs_fill_zeros(struct file *file, loff_t new_length); |
601 | int ecryptfs_decode_filename(struct ecryptfs_crypt_stat *crypt_stat, | 630 | int ecryptfs_decode_filename(struct ecryptfs_crypt_stat *crypt_stat, |
602 | const char *name, int length, | 631 | const char *name, int length, |
@@ -604,6 +633,12 @@ int ecryptfs_decode_filename(struct ecryptfs_crypt_stat *crypt_stat, | |||
604 | int ecryptfs_encode_filename(struct ecryptfs_crypt_stat *crypt_stat, | 633 | int ecryptfs_encode_filename(struct ecryptfs_crypt_stat *crypt_stat, |
605 | const char *name, int length, | 634 | const char *name, int length, |
606 | char **encoded_name); | 635 | char **encoded_name); |
636 | int ecryptfs_encrypt_and_encode_filename( | ||
637 | char **encoded_name, | ||
638 | size_t *encoded_name_size, | ||
639 | struct ecryptfs_crypt_stat *crypt_stat, | ||
640 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat, | ||
641 | const char *name, size_t name_size); | ||
607 | struct dentry *ecryptfs_lower_dentry(struct dentry *this_dentry); | 642 | struct dentry *ecryptfs_lower_dentry(struct dentry *this_dentry); |
608 | void ecryptfs_dump_hex(char *data, int bytes); | 643 | void ecryptfs_dump_hex(char *data, int bytes); |
609 | int virt_to_scatterlist(const void *addr, int size, struct scatterlist *sg, | 644 | int virt_to_scatterlist(const void *addr, int size, struct scatterlist *sg, |
@@ -730,5 +765,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, | |||
730 | size_t *packet_size, | 765 | size_t *packet_size, |
731 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat, | 766 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat, |
732 | char *data, size_t max_packet_size); | 767 | char *data, size_t max_packet_size); |
768 | int ecryptfs_derive_iv(char *iv, struct ecryptfs_crypt_stat *crypt_stat, | ||
769 | loff_t offset); | ||
733 | 770 | ||
734 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ | 771 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ |