aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs/ecryptfs_kernel.h
diff options
context:
space:
mode:
Diffstat (limited to 'fs/ecryptfs/ecryptfs_kernel.h')
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h71
1 files changed, 59 insertions, 12 deletions
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 1b9dd9a96f19..6ddab6c856ac 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -48,10 +48,12 @@
48#define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004 48#define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004
49#define ECRYPTFS_VERSIONING_POLICY 0x00000008 49#define ECRYPTFS_VERSIONING_POLICY 0x00000008
50#define ECRYPTFS_VERSIONING_XATTR 0x00000010 50#define ECRYPTFS_VERSIONING_XATTR 0x00000010
51#define ECRYPTFS_VERSIONING_MULTKEY 0x00000020
51#define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \ 52#define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \
52 | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \ 53 | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \
53 | ECRYPTFS_VERSIONING_PUBKEY \ 54 | ECRYPTFS_VERSIONING_PUBKEY \
54 | ECRYPTFS_VERSIONING_XATTR) 55 | ECRYPTFS_VERSIONING_XATTR \
56 | ECRYPTFS_VERSIONING_MULTKEY)
55#define ECRYPTFS_MAX_PASSWORD_LENGTH 64 57#define ECRYPTFS_MAX_PASSWORD_LENGTH 64
56#define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH 58#define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH
57#define ECRYPTFS_SALT_SIZE 8 59#define ECRYPTFS_SALT_SIZE 8
@@ -144,6 +146,7 @@ struct ecryptfs_private_key {
144struct ecryptfs_auth_tok { 146struct ecryptfs_auth_tok {
145 u16 version; /* 8-bit major and 8-bit minor */ 147 u16 version; /* 8-bit major and 8-bit minor */
146 u16 token_type; 148 u16 token_type;
149#define ECRYPTFS_ENCRYPT_ONLY 0x00000001
147 u32 flags; 150 u32 flags;
148 struct ecryptfs_session_key session_key; 151 struct ecryptfs_session_key session_key;
149 u8 reserved[32]; 152 u8 reserved[32];
@@ -153,6 +156,7 @@ struct ecryptfs_auth_tok {
153 } token; 156 } token;
154} __attribute__ ((packed)); 157} __attribute__ ((packed));
155 158
159int ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok);
156void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok); 160void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok);
157extern void ecryptfs_to_hex(char *dst, char *src, size_t src_size); 161extern void ecryptfs_to_hex(char *dst, char *src, size_t src_size);
158extern void ecryptfs_from_hex(char *dst, char *src, int dst_size); 162extern void ecryptfs_from_hex(char *dst, char *src, int dst_size);
@@ -194,7 +198,6 @@ ecryptfs_get_key_payload_data(struct key *key)
194#define ECRYPTFS_MAX_KEYSET_SIZE 1024 198#define ECRYPTFS_MAX_KEYSET_SIZE 1024
195#define ECRYPTFS_MAX_CIPHER_NAME_SIZE 32 199#define ECRYPTFS_MAX_CIPHER_NAME_SIZE 32
196#define ECRYPTFS_MAX_NUM_ENC_KEYS 64 200#define ECRYPTFS_MAX_NUM_ENC_KEYS 64
197#define ECRYPTFS_MAX_NUM_KEYSIGS 2 /* TODO: Make this a linked list */
198#define ECRYPTFS_MAX_IV_BYTES 16 /* 128 bits */ 201#define ECRYPTFS_MAX_IV_BYTES 16 /* 128 bits */
199#define ECRYPTFS_SALT_BYTES 2 202#define ECRYPTFS_SALT_BYTES 2
200#define MAGIC_ECRYPTFS_MARKER 0x3c81b7f5 203#define MAGIC_ECRYPTFS_MARKER 0x3c81b7f5
@@ -212,6 +215,11 @@ ecryptfs_get_key_payload_data(struct key *key)
212#define ECRYPTFS_TAG_67_PACKET_TYPE 0x43 215#define ECRYPTFS_TAG_67_PACKET_TYPE 0x43
213#define MD5_DIGEST_SIZE 16 216#define MD5_DIGEST_SIZE 16
214 217
218struct ecryptfs_key_sig {
219 struct list_head crypt_stat_list;
220 char keysig[ECRYPTFS_SIG_SIZE_HEX];
221};
222
215/** 223/**
216 * This is the primary struct associated with each encrypted file. 224 * This is the primary struct associated with each encrypted file.
217 * 225 *
@@ -231,7 +239,6 @@ struct ecryptfs_crypt_stat {
231 u32 flags; 239 u32 flags;
232 unsigned int file_version; 240 unsigned int file_version;
233 size_t iv_bytes; 241 size_t iv_bytes;
234 size_t num_keysigs;
235 size_t header_extent_size; 242 size_t header_extent_size;
236 size_t num_header_extents_at_front; 243 size_t num_header_extents_at_front;
237 size_t extent_size; /* Data extent size; default is 4096 */ 244 size_t extent_size; /* Data extent size; default is 4096 */
@@ -245,7 +252,8 @@ struct ecryptfs_crypt_stat {
245 unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE]; 252 unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE];
246 unsigned char key[ECRYPTFS_MAX_KEY_BYTES]; 253 unsigned char key[ECRYPTFS_MAX_KEY_BYTES];
247 unsigned char root_iv[ECRYPTFS_MAX_IV_BYTES]; 254 unsigned char root_iv[ECRYPTFS_MAX_IV_BYTES];
248 unsigned char keysigs[ECRYPTFS_MAX_NUM_KEYSIGS][ECRYPTFS_SIG_SIZE_HEX]; 255 struct list_head keysig_list;
256 struct mutex keysig_list_mutex;
249 struct mutex cs_tfm_mutex; 257 struct mutex cs_tfm_mutex;
250 struct mutex cs_hash_tfm_mutex; 258 struct mutex cs_hash_tfm_mutex;
251 struct mutex cs_mutex; 259 struct mutex cs_mutex;
@@ -265,6 +273,26 @@ struct ecryptfs_dentry_info {
265 struct ecryptfs_crypt_stat *crypt_stat; 273 struct ecryptfs_crypt_stat *crypt_stat;
266}; 274};
267 275
276struct ecryptfs_global_auth_tok {
277#define ECRYPTFS_AUTH_TOK_INVALID 0x00000001
278 u32 flags;
279 struct list_head mount_crypt_stat_list;
280 struct key *global_auth_tok_key;
281 struct ecryptfs_auth_tok *global_auth_tok;
282 unsigned char sig[ECRYPTFS_SIG_SIZE_HEX + 1];
283};
284
285struct ecryptfs_key_tfm {
286 struct crypto_blkcipher *key_tfm;
287 size_t key_size;
288 struct mutex key_tfm_mutex;
289 struct list_head key_tfm_list;
290 unsigned char cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1];
291};
292
293extern struct list_head key_tfm_list;
294extern struct mutex key_tfm_list_mutex;
295
268/** 296/**
269 * This struct is to enable a mount-wide passphrase/salt combo. This 297 * This struct is to enable a mount-wide passphrase/salt combo. This
270 * is more or less a stopgap to provide similar functionality to other 298 * is more or less a stopgap to provide similar functionality to other
@@ -276,15 +304,14 @@ struct ecryptfs_mount_crypt_stat {
276#define ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED 0x00000001 304#define ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED 0x00000001
277#define ECRYPTFS_XATTR_METADATA_ENABLED 0x00000002 305#define ECRYPTFS_XATTR_METADATA_ENABLED 0x00000002
278#define ECRYPTFS_ENCRYPTED_VIEW_ENABLED 0x00000004 306#define ECRYPTFS_ENCRYPTED_VIEW_ENABLED 0x00000004
307#define ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED 0x00000008
279 u32 flags; 308 u32 flags;
280 struct ecryptfs_auth_tok *global_auth_tok; 309 struct list_head global_auth_tok_list;
281 struct key *global_auth_tok_key; 310 struct mutex global_auth_tok_list_mutex;
311 size_t num_global_auth_toks;
282 size_t global_default_cipher_key_size; 312 size_t global_default_cipher_key_size;
283 struct crypto_blkcipher *global_key_tfm;
284 struct mutex global_key_tfm_mutex;
285 unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE 313 unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE
286 + 1]; 314 + 1];
287 unsigned char global_auth_tok_sig[ECRYPTFS_SIG_SIZE_HEX + 1];
288}; 315};
289 316
290/* superblock private data. */ 317/* superblock private data. */
@@ -468,6 +495,9 @@ extern struct kmem_cache *ecryptfs_header_cache_2;
468extern struct kmem_cache *ecryptfs_xattr_cache; 495extern struct kmem_cache *ecryptfs_xattr_cache;
469extern struct kmem_cache *ecryptfs_lower_page_cache; 496extern struct kmem_cache *ecryptfs_lower_page_cache;
470extern struct kmem_cache *ecryptfs_key_record_cache; 497extern struct kmem_cache *ecryptfs_key_record_cache;
498extern struct kmem_cache *ecryptfs_key_sig_cache;
499extern struct kmem_cache *ecryptfs_global_auth_tok_cache;
500extern struct kmem_cache *ecryptfs_key_tfm_cache;
471 501
472int ecryptfs_interpose(struct dentry *hidden_dentry, 502int ecryptfs_interpose(struct dentry *hidden_dentry,
473 struct dentry *this_dentry, struct super_block *sb, 503 struct dentry *this_dentry, struct super_block *sb,
@@ -538,9 +568,8 @@ int
538ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, 568ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
539 unsigned char *src, struct dentry *ecryptfs_dentry); 569 unsigned char *src, struct dentry *ecryptfs_dentry);
540int ecryptfs_truncate(struct dentry *dentry, loff_t new_length); 570int ecryptfs_truncate(struct dentry *dentry, loff_t new_length);
541int 571int ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,
542ecryptfs_process_cipher(struct crypto_blkcipher **key_tfm, char *cipher_name, 572 char *cipher_name, size_t *key_size);
543 size_t *key_size);
544int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode); 573int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode);
545int ecryptfs_inode_set(struct inode *inode, void *lower_inode); 574int ecryptfs_inode_set(struct inode *inode, void *lower_inode);
546void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode); 575void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode);
@@ -580,6 +609,24 @@ void
580ecryptfs_write_header_metadata(char *virt, 609ecryptfs_write_header_metadata(char *virt,
581 struct ecryptfs_crypt_stat *crypt_stat, 610 struct ecryptfs_crypt_stat *crypt_stat,
582 size_t *written); 611 size_t *written);
612int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig);
613int
614ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
615 char *sig);
616int ecryptfs_get_global_auth_tok_for_sig(
617 struct ecryptfs_global_auth_tok **global_auth_tok,
618 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig);
619int
620ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,
621 size_t key_size);
622int ecryptfs_init_crypto(void);
623int ecryptfs_destruct_crypto(void);
624int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm,
625 struct mutex **tfm_mutex,
626 char *cipher_name);
627int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
628 struct ecryptfs_auth_tok **auth_tok,
629 char *sig);
583int ecryptfs_write_zeros(struct file *file, pgoff_t index, int start, 630int ecryptfs_write_zeros(struct file *file, pgoff_t index, int start,
584 int num_zeros); 631 int num_zeros);
585 632