eCryptfs: export global eCryptfs definitions to include/linux/ecryptfs.h

Some eCryptfs specific definitions, such as the current version and the authentication token structure, are moved to the new include file 'include/linux/ecryptfs.h', in order to be available for all kernel subsystems. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Acked-by: Gianluca Ramunno <ramunno@polito.it> Acked-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2011-06-27 13:45:43 +02:00 · 2011-06-27 13:45:43 +02:00 · f8f8527103
commit f8f8527103
parent 4e561d388f
2 changed files with 114 additions and 108 deletions
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@ -36,125 +36,18 @@
 #include <linux/hash.h>
 #include <linux/nsproxy.h>
 #include <linux/backing-dev.h>
 #include <linux/ecryptfs.h>
 /* Version verification for shared data structures w/ userspace */
 #define ECRYPTFS_VERSION_MAJOR 0x00
 #define ECRYPTFS_VERSION_MINOR 0x04
 #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03
 /* These flags indicate which features are supported by the kernel
 * module; userspace tools such as the mount helper read
 * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine
 * how to behave. */
 #define ECRYPTFS_VERSIONING_PASSPHRASE            0x00000001
 #define ECRYPTFS_VERSIONING_PUBKEY                0x00000002
 #define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004
 #define ECRYPTFS_VERSIONING_POLICY                0x00000008
 #define ECRYPTFS_VERSIONING_XATTR                 0x00000010
 #define ECRYPTFS_VERSIONING_MULTKEY               0x00000020
 #define ECRYPTFS_VERSIONING_DEVMISC               0x00000040
 #define ECRYPTFS_VERSIONING_HMAC                  0x00000080
 #define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION   0x00000100
 #define ECRYPTFS_VERSIONING_GCM                   0x00000200
 #define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \
 				  | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \
 				  | ECRYPTFS_VERSIONING_PUBKEY \
 				  | ECRYPTFS_VERSIONING_XATTR \
 				  | ECRYPTFS_VERSIONING_MULTKEY \
 				  | ECRYPTFS_VERSIONING_DEVMISC \
 				  | ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION)
 #define ECRYPTFS_MAX_PASSWORD_LENGTH 64
 #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH
 #define ECRYPTFS_SALT_SIZE 8
 #define ECRYPTFS_SALT_SIZE_HEX (ECRYPTFS_SALT_SIZE*2)
 /* The original signature size is only for what is stored on disk; all
 * in-memory representations are expanded hex, so it better adapted to
 * be passed around or referenced on the command line */
 #define ECRYPTFS_SIG_SIZE 8
 #define ECRYPTFS_SIG_SIZE_HEX (ECRYPTFS_SIG_SIZE*2)
 #define ECRYPTFS_PASSWORD_SIG_SIZE ECRYPTFS_SIG_SIZE_HEX
 #define ECRYPTFS_MAX_KEY_BYTES 64
 #define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512
 #define ECRYPTFS_DEFAULT_IV_BYTES 16
 #define ECRYPTFS_FILE_VERSION 0x03
 #define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096
 #define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192
 #define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32
 #define ECRYPTFS_DEFAULT_SEND_TIMEOUT HZ
 #define ECRYPTFS_MAX_MSG_CTX_TTL (HZ*3)
 #define ECRYPTFS_MAX_PKI_NAME_BYTES 16
 #define ECRYPTFS_DEFAULT_NUM_USERS 4
 #define ECRYPTFS_MAX_NUM_USERS 32768
 #define ECRYPTFS_XATTR_NAME "user.ecryptfs"
 #define RFC2440_CIPHER_DES3_EDE 0x02
 #define RFC2440_CIPHER_CAST_5 0x03
 #define RFC2440_CIPHER_BLOWFISH 0x04
 #define RFC2440_CIPHER_AES_128 0x07
 #define RFC2440_CIPHER_AES_192 0x08
 #define RFC2440_CIPHER_AES_256 0x09
 #define RFC2440_CIPHER_TWOFISH 0x0a
 #define RFC2440_CIPHER_CAST_6 0x0b
 #define RFC2440_CIPHER_RSA 0x01
 /**
 * For convenience, we may need to pass around the encrypted session
 * key between kernel and userspace because the authentication token
 * may not be extractable.  For example, the TPM may not release the
 * private key, instead requiring the encrypted data and returning the
 * decrypted data.
 */
 struct ecryptfs_session_key {
 #define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT 0x00000001
 #define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT 0x00000002
 #define ECRYPTFS_CONTAINS_DECRYPTED_KEY 0x00000004
 #define ECRYPTFS_CONTAINS_ENCRYPTED_KEY 0x00000008
 	u32 flags;
 	u32 encrypted_key_size;
 	u32 decrypted_key_size;
 	u8 encrypted_key[ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES];
 	u8 decrypted_key[ECRYPTFS_MAX_KEY_BYTES];
 };
 struct ecryptfs_password {
 	u32 password_bytes;
 	s32 hash_algo;
 	u32 hash_iterations;
 	u32 session_key_encryption_key_bytes;
 #define ECRYPTFS_PERSISTENT_PASSWORD 0x01
 #define ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET 0x02
 	u32 flags;
 	/* Iterated-hash concatenation of salt and passphrase */
 	u8 session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
 	u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
 	/* Always in expanded hex */
 	u8 salt[ECRYPTFS_SALT_SIZE];
 };
 enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY};
 struct ecryptfs_private_key {
 	u32 key_size;
 	u32 data_len;
 	u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
 	char pki_type[ECRYPTFS_MAX_PKI_NAME_BYTES + 1];
 	u8 data[];
 };
 /* May be a password or a private key */
 struct ecryptfs_auth_tok {
 	u16 version; /* 8-bit major and 8-bit minor */
 	u16 token_type;
 #define ECRYPTFS_ENCRYPT_ONLY 0x00000001
 	u32 flags;
 	struct ecryptfs_session_key session_key;
 	u8 reserved[32];
 	union {
 		struct ecryptfs_password password;
 		struct ecryptfs_private_key private_key;
 	} token;
 } __attribute__ ((packed));
 void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok);
 extern void ecryptfs_to_hex(char *dst, char *src, size_t src_size);
 extern void ecryptfs_from_hex(char *dst, char *src, int dst_size);
--- a/include/linux/ecryptfs.h
+++ b/include/linux/ecryptfs.h
@ -0,0 +1,113 @@
 #ifndef _LINUX_ECRYPTFS_H
 #define _LINUX_ECRYPTFS_H
 /* Version verification for shared data structures w/ userspace */
 #define ECRYPTFS_VERSION_MAJOR 0x00
 #define ECRYPTFS_VERSION_MINOR 0x04
 #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03
 /* These flags indicate which features are supported by the kernel
 * module; userspace tools such as the mount helper read
 * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine
 * how to behave. */
 #define ECRYPTFS_VERSIONING_PASSPHRASE            0x00000001
 #define ECRYPTFS_VERSIONING_PUBKEY                0x00000002
 #define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004
 #define ECRYPTFS_VERSIONING_POLICY                0x00000008
 #define ECRYPTFS_VERSIONING_XATTR                 0x00000010
 #define ECRYPTFS_VERSIONING_MULTKEY               0x00000020
 #define ECRYPTFS_VERSIONING_DEVMISC               0x00000040
 #define ECRYPTFS_VERSIONING_HMAC                  0x00000080
 #define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION   0x00000100
 #define ECRYPTFS_VERSIONING_GCM                   0x00000200
 #define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \
 				  | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \
 				  | ECRYPTFS_VERSIONING_PUBKEY \
 				  | ECRYPTFS_VERSIONING_XATTR \
 				  | ECRYPTFS_VERSIONING_MULTKEY \
 				  | ECRYPTFS_VERSIONING_DEVMISC \
 				  | ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION)
 #define ECRYPTFS_MAX_PASSWORD_LENGTH 64
 #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH
 #define ECRYPTFS_SALT_SIZE 8
 #define ECRYPTFS_SALT_SIZE_HEX (ECRYPTFS_SALT_SIZE*2)
 /* The original signature size is only for what is stored on disk; all
 * in-memory representations are expanded hex, so it better adapted to
 * be passed around or referenced on the command line */
 #define ECRYPTFS_SIG_SIZE 8
 #define ECRYPTFS_SIG_SIZE_HEX (ECRYPTFS_SIG_SIZE*2)
 #define ECRYPTFS_PASSWORD_SIG_SIZE ECRYPTFS_SIG_SIZE_HEX
 #define ECRYPTFS_MAX_KEY_BYTES 64
 #define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512
 #define ECRYPTFS_FILE_VERSION 0x03
 #define ECRYPTFS_MAX_PKI_NAME_BYTES 16
 #define RFC2440_CIPHER_DES3_EDE 0x02
 #define RFC2440_CIPHER_CAST_5 0x03
 #define RFC2440_CIPHER_BLOWFISH 0x04
 #define RFC2440_CIPHER_AES_128 0x07
 #define RFC2440_CIPHER_AES_192 0x08
 #define RFC2440_CIPHER_AES_256 0x09
 #define RFC2440_CIPHER_TWOFISH 0x0a
 #define RFC2440_CIPHER_CAST_6 0x0b
 #define RFC2440_CIPHER_RSA 0x01
 /**
 * For convenience, we may need to pass around the encrypted session
 * key between kernel and userspace because the authentication token
 * may not be extractable.  For example, the TPM may not release the
 * private key, instead requiring the encrypted data and returning the
 * decrypted data.
 */
 struct ecryptfs_session_key {
 #define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT 0x00000001
 #define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT 0x00000002
 #define ECRYPTFS_CONTAINS_DECRYPTED_KEY 0x00000004
 #define ECRYPTFS_CONTAINS_ENCRYPTED_KEY 0x00000008
 	u32 flags;
 	u32 encrypted_key_size;
 	u32 decrypted_key_size;
 	u8 encrypted_key[ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES];
 	u8 decrypted_key[ECRYPTFS_MAX_KEY_BYTES];
 };
 struct ecryptfs_password {
 	u32 password_bytes;
 	s32 hash_algo;
 	u32 hash_iterations;
 	u32 session_key_encryption_key_bytes;
 #define ECRYPTFS_PERSISTENT_PASSWORD 0x01
 #define ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET 0x02
 	u32 flags;
 	/* Iterated-hash concatenation of salt and passphrase */
 	u8 session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
 	u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
 	/* Always in expanded hex */
 	u8 salt[ECRYPTFS_SALT_SIZE];
 };
 enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY};
 struct ecryptfs_private_key {
 	u32 key_size;
 	u32 data_len;
 	u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
 	char pki_type[ECRYPTFS_MAX_PKI_NAME_BYTES + 1];
 	u8 data[];
 };
 /* May be a password or a private key */
 struct ecryptfs_auth_tok {
 	u16 version; /* 8-bit major and 8-bit minor */
 	u16 token_type;
 #define ECRYPTFS_ENCRYPT_ONLY 0x00000001
 	u32 flags;
 	struct ecryptfs_session_key session_key;
 	u8 reserved[32];
 	union {
 		struct ecryptfs_password password;
 		struct ecryptfs_private_key private_key;
 	} token;
 } __attribute__ ((packed));
 #endif /* _LINUX_ECRYPTFS_H */