diff options
author | Roberto Sassu <roberto.sassu@polito.it> | 2011-06-27 07:45:43 -0400 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-06-27 09:11:02 -0400 |
commit | f8f8527103a264b5e4ab2ce5c1743b28f3219d90 (patch) | |
tree | b10b58c812409c60223716fe8514a76a924a30aa /fs | |
parent | 4e561d388feff18e4b798cef6a1a84a2cc7f20c2 (diff) |
eCryptfs: export global eCryptfs definitions to include/linux/ecryptfs.h
Some eCryptfs specific definitions, such as the current version and the
authentication token structure, are moved to the new include file
'include/linux/ecryptfs.h', in order to be available for all kernel
subsystems.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
Acked-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 109 |
1 files changed, 1 insertions, 108 deletions
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 43c7c43b06f5..bb8ec5d4301c 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
@@ -36,125 +36,18 @@ | |||
36 | #include <linux/hash.h> | 36 | #include <linux/hash.h> |
37 | #include <linux/nsproxy.h> | 37 | #include <linux/nsproxy.h> |
38 | #include <linux/backing-dev.h> | 38 | #include <linux/backing-dev.h> |
39 | #include <linux/ecryptfs.h> | ||
39 | 40 | ||
40 | /* Version verification for shared data structures w/ userspace */ | ||
41 | #define ECRYPTFS_VERSION_MAJOR 0x00 | ||
42 | #define ECRYPTFS_VERSION_MINOR 0x04 | ||
43 | #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03 | ||
44 | /* These flags indicate which features are supported by the kernel | ||
45 | * module; userspace tools such as the mount helper read | ||
46 | * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine | ||
47 | * how to behave. */ | ||
48 | #define ECRYPTFS_VERSIONING_PASSPHRASE 0x00000001 | ||
49 | #define ECRYPTFS_VERSIONING_PUBKEY 0x00000002 | ||
50 | #define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004 | ||
51 | #define ECRYPTFS_VERSIONING_POLICY 0x00000008 | ||
52 | #define ECRYPTFS_VERSIONING_XATTR 0x00000010 | ||
53 | #define ECRYPTFS_VERSIONING_MULTKEY 0x00000020 | ||
54 | #define ECRYPTFS_VERSIONING_DEVMISC 0x00000040 | ||
55 | #define ECRYPTFS_VERSIONING_HMAC 0x00000080 | ||
56 | #define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION 0x00000100 | ||
57 | #define ECRYPTFS_VERSIONING_GCM 0x00000200 | ||
58 | #define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \ | ||
59 | | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \ | ||
60 | | ECRYPTFS_VERSIONING_PUBKEY \ | ||
61 | | ECRYPTFS_VERSIONING_XATTR \ | ||
62 | | ECRYPTFS_VERSIONING_MULTKEY \ | ||
63 | | ECRYPTFS_VERSIONING_DEVMISC \ | ||
64 | | ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION) | ||
65 | #define ECRYPTFS_MAX_PASSWORD_LENGTH 64 | ||
66 | #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH | ||
67 | #define ECRYPTFS_SALT_SIZE 8 | ||
68 | #define ECRYPTFS_SALT_SIZE_HEX (ECRYPTFS_SALT_SIZE*2) | ||
69 | /* The original signature size is only for what is stored on disk; all | ||
70 | * in-memory representations are expanded hex, so it better adapted to | ||
71 | * be passed around or referenced on the command line */ | ||
72 | #define ECRYPTFS_SIG_SIZE 8 | ||
73 | #define ECRYPTFS_SIG_SIZE_HEX (ECRYPTFS_SIG_SIZE*2) | ||
74 | #define ECRYPTFS_PASSWORD_SIG_SIZE ECRYPTFS_SIG_SIZE_HEX | ||
75 | #define ECRYPTFS_MAX_KEY_BYTES 64 | ||
76 | #define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512 | ||
77 | #define ECRYPTFS_DEFAULT_IV_BYTES 16 | 41 | #define ECRYPTFS_DEFAULT_IV_BYTES 16 |
78 | #define ECRYPTFS_FILE_VERSION 0x03 | ||
79 | #define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096 | 42 | #define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096 |
80 | #define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192 | 43 | #define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192 |
81 | #define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32 | 44 | #define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32 |
82 | #define ECRYPTFS_DEFAULT_SEND_TIMEOUT HZ | 45 | #define ECRYPTFS_DEFAULT_SEND_TIMEOUT HZ |
83 | #define ECRYPTFS_MAX_MSG_CTX_TTL (HZ*3) | 46 | #define ECRYPTFS_MAX_MSG_CTX_TTL (HZ*3) |
84 | #define ECRYPTFS_MAX_PKI_NAME_BYTES 16 | ||
85 | #define ECRYPTFS_DEFAULT_NUM_USERS 4 | 47 | #define ECRYPTFS_DEFAULT_NUM_USERS 4 |
86 | #define ECRYPTFS_MAX_NUM_USERS 32768 | 48 | #define ECRYPTFS_MAX_NUM_USERS 32768 |
87 | #define ECRYPTFS_XATTR_NAME "user.ecryptfs" | 49 | #define ECRYPTFS_XATTR_NAME "user.ecryptfs" |
88 | 50 | ||
89 | #define RFC2440_CIPHER_DES3_EDE 0x02 | ||
90 | #define RFC2440_CIPHER_CAST_5 0x03 | ||
91 | #define RFC2440_CIPHER_BLOWFISH 0x04 | ||
92 | #define RFC2440_CIPHER_AES_128 0x07 | ||
93 | #define RFC2440_CIPHER_AES_192 0x08 | ||
94 | #define RFC2440_CIPHER_AES_256 0x09 | ||
95 | #define RFC2440_CIPHER_TWOFISH 0x0a | ||
96 | #define RFC2440_CIPHER_CAST_6 0x0b | ||
97 | |||
98 | #define RFC2440_CIPHER_RSA 0x01 | ||
99 | |||
100 | /** | ||
101 | * For convenience, we may need to pass around the encrypted session | ||
102 | * key between kernel and userspace because the authentication token | ||
103 | * may not be extractable. For example, the TPM may not release the | ||
104 | * private key, instead requiring the encrypted data and returning the | ||
105 | * decrypted data. | ||
106 | */ | ||
107 | struct ecryptfs_session_key { | ||
108 | #define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT 0x00000001 | ||
109 | #define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT 0x00000002 | ||
110 | #define ECRYPTFS_CONTAINS_DECRYPTED_KEY 0x00000004 | ||
111 | #define ECRYPTFS_CONTAINS_ENCRYPTED_KEY 0x00000008 | ||
112 | u32 flags; | ||
113 | u32 encrypted_key_size; | ||
114 | u32 decrypted_key_size; | ||
115 | u8 encrypted_key[ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES]; | ||
116 | u8 decrypted_key[ECRYPTFS_MAX_KEY_BYTES]; | ||
117 | }; | ||
118 | |||
119 | struct ecryptfs_password { | ||
120 | u32 password_bytes; | ||
121 | s32 hash_algo; | ||
122 | u32 hash_iterations; | ||
123 | u32 session_key_encryption_key_bytes; | ||
124 | #define ECRYPTFS_PERSISTENT_PASSWORD 0x01 | ||
125 | #define ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET 0x02 | ||
126 | u32 flags; | ||
127 | /* Iterated-hash concatenation of salt and passphrase */ | ||
128 | u8 session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES]; | ||
129 | u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1]; | ||
130 | /* Always in expanded hex */ | ||
131 | u8 salt[ECRYPTFS_SALT_SIZE]; | ||
132 | }; | ||
133 | |||
134 | enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY}; | ||
135 | |||
136 | struct ecryptfs_private_key { | ||
137 | u32 key_size; | ||
138 | u32 data_len; | ||
139 | u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1]; | ||
140 | char pki_type[ECRYPTFS_MAX_PKI_NAME_BYTES + 1]; | ||
141 | u8 data[]; | ||
142 | }; | ||
143 | |||
144 | /* May be a password or a private key */ | ||
145 | struct ecryptfs_auth_tok { | ||
146 | u16 version; /* 8-bit major and 8-bit minor */ | ||
147 | u16 token_type; | ||
148 | #define ECRYPTFS_ENCRYPT_ONLY 0x00000001 | ||
149 | u32 flags; | ||
150 | struct ecryptfs_session_key session_key; | ||
151 | u8 reserved[32]; | ||
152 | union { | ||
153 | struct ecryptfs_password password; | ||
154 | struct ecryptfs_private_key private_key; | ||
155 | } token; | ||
156 | } __attribute__ ((packed)); | ||
157 | |||
158 | void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok); | 51 | void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok); |
159 | extern void ecryptfs_to_hex(char *dst, char *src, size_t src_size); | 52 | extern void ecryptfs_to_hex(char *dst, char *src, size_t src_size); |
160 | extern void ecryptfs_from_hex(char *dst, char *src, int dst_size); | 53 | extern void ecryptfs_from_hex(char *dst, char *src, int dst_size); |