Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Data Structures | Macros | Functions | Variables
ecryptfs_kernel.h File Reference
#include <keys/user-type.h>
#include <keys/encrypted-type.h>
#include <linux/fs.h>
#include <linux/fs_stack.h>
#include <linux/namei.h>
#include <linux/scatterlist.h>
#include <linux/hash.h>
#include <linux/nsproxy.h>
#include <linux/backing-dev.h>
#include <linux/ecryptfs.h>

Go to the source code of this file.

Data Structures

struct  ecryptfs_key_record
 
struct  ecryptfs_auth_tok_list
 
struct  ecryptfs_page_crypt_context
 
struct  ecryptfs_key_sig
 
struct  ecryptfs_filename
 
struct  ecryptfs_crypt_stat
 
struct  ecryptfs_inode_info
 
struct  ecryptfs_dentry_info
 
struct  ecryptfs_global_auth_tok
 
struct  ecryptfs_key_tfm
 
struct  ecryptfs_mount_crypt_stat
 
struct  ecryptfs_sb_info
 
struct  ecryptfs_file_info
 
struct  ecryptfs_auth_tok_list_item
 
struct  ecryptfs_message
 
struct  ecryptfs_msg_ctx
 
struct  ecryptfs_daemon
 

Macros

#define ECRYPTFS_DEFAULT_IV_BYTES   16
 
#define ECRYPTFS_DEFAULT_EXTENT_SIZE   4096
 
#define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE   8192
 
#define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS   32
 
#define ECRYPTFS_DEFAULT_SEND_TIMEOUT   HZ
 
#define ECRYPTFS_MAX_MSG_CTX_TTL   (HZ*3)
 
#define ECRYPTFS_DEFAULT_NUM_USERS   4
 
#define ECRYPTFS_MAX_NUM_USERS   32768
 
#define ECRYPTFS_XATTR_NAME   "user.ecryptfs"
 
#define ECRYPTFS_PREPARE_COMMIT_MODE   0
 
#define ECRYPTFS_WRITEPAGE_MODE   1
 
#define ECRYPTFS_MAX_KEYSET_SIZE   1024
 
#define ECRYPTFS_MAX_CIPHER_NAME_SIZE   32
 
#define ECRYPTFS_MAX_NUM_ENC_KEYS   64
 
#define ECRYPTFS_MAX_IV_BYTES   16 /* 128 bits */
 
#define ECRYPTFS_SALT_BYTES   2
 
#define MAGIC_ECRYPTFS_MARKER   0x3c81b7f5
 
#define MAGIC_ECRYPTFS_MARKER_SIZE_BYTES   8 /* 4*2 */
 
#define ECRYPTFS_FILE_SIZE_BYTES   (sizeof(u64))
 
#define ECRYPTFS_SIZE_AND_MARKER_BYTES
 
#define ECRYPTFS_DEFAULT_CIPHER   "aes"
 
#define ECRYPTFS_DEFAULT_KEY_BYTES   16
 
#define ECRYPTFS_DEFAULT_HASH   "md5"
 
#define ECRYPTFS_TAG_70_DIGEST   ECRYPTFS_DEFAULT_HASH
 
#define ECRYPTFS_TAG_1_PACKET_TYPE   0x01
 
#define ECRYPTFS_TAG_3_PACKET_TYPE   0x8C
 
#define ECRYPTFS_TAG_11_PACKET_TYPE   0xED
 
#define ECRYPTFS_TAG_64_PACKET_TYPE   0x40
 
#define ECRYPTFS_TAG_65_PACKET_TYPE   0x41
 
#define ECRYPTFS_TAG_66_PACKET_TYPE   0x42
 
#define ECRYPTFS_TAG_67_PACKET_TYPE   0x43
 
#define ECRYPTFS_TAG_70_PACKET_TYPE
 
#define ECRYPTFS_TAG_71_PACKET_TYPE
 
#define ECRYPTFS_TAG_72_PACKET_TYPE
 
#define ECRYPTFS_TAG_73_PACKET_TYPE
 
#define ECRYPTFS_MIN_PKT_LEN_SIZE   1 /* Min size to specify packet length */
 
#define ECRYPTFS_MAX_PKT_LEN_SIZE
 
#define ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES   16
 
#define ECRYPTFS_NON_NULL   0x42 /* A reasonable substitute for NULL */
 
#define MD5_DIGEST_SIZE   16
 
#define ECRYPTFS_TAG_70_DIGEST_SIZE   MD5_DIGEST_SIZE
 
#define ECRYPTFS_TAG_70_MIN_METADATA_SIZE
 
#define ECRYPTFS_TAG_70_MAX_METADATA_SIZE
 
#define ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX   "ECRYPTFS_FEK_ENCRYPTED."
 
#define ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX_SIZE   23
 
#define ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX   "ECRYPTFS_FNEK_ENCRYPTED."
 
#define ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE   24
 
#define ECRYPTFS_ENCRYPTED_DENTRY_NAME_LEN   (18 + 1 + 4 + 1 + 32)
 
#define ECRYPTFS_FILENAME_CONTAINS_DECRYPTED   0x00000001
 
#define ECRYPTFS_STRUCT_INITIALIZED   0x00000001
 
#define ECRYPTFS_POLICY_APPLIED   0x00000002
 
#define ECRYPTFS_ENCRYPTED   0x00000004
 
#define ECRYPTFS_SECURITY_WARNING   0x00000008
 
#define ECRYPTFS_ENABLE_HMAC   0x00000010
 
#define ECRYPTFS_ENCRYPT_IV_PAGES   0x00000020
 
#define ECRYPTFS_KEY_VALID   0x00000040
 
#define ECRYPTFS_METADATA_IN_XATTR   0x00000080
 
#define ECRYPTFS_VIEW_AS_ENCRYPTED   0x00000100
 
#define ECRYPTFS_KEY_SET   0x00000200
 
#define ECRYPTFS_ENCRYPT_FILENAMES   0x00000400
 
#define ECRYPTFS_ENCFN_USE_MOUNT_FNEK   0x00000800
 
#define ECRYPTFS_ENCFN_USE_FEK   0x00001000
 
#define ECRYPTFS_UNLINK_SIGS   0x00002000
 
#define ECRYPTFS_I_SIZE_INITIALIZED   0x00004000
 
#define ECRYPTFS_AUTH_TOK_INVALID   0x00000001
 
#define ECRYPTFS_AUTH_TOK_FNEK   0x00000002
 
#define ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED   0x00000001
 
#define ECRYPTFS_XATTR_METADATA_ENABLED   0x00000002
 
#define ECRYPTFS_ENCRYPTED_VIEW_ENABLED   0x00000004
 
#define ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED   0x00000008
 
#define ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES   0x00000010
 
#define ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK   0x00000020
 
#define ECRYPTFS_GLOBAL_ENCFN_USE_FEK   0x00000040
 
#define ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY   0x00000080
 
#define ECRYPTFS_MSG_CTX_STATE_FREE   0x01
 
#define ECRYPTFS_MSG_CTX_STATE_PENDING   0x02
 
#define ECRYPTFS_MSG_CTX_STATE_DONE   0x03
 
#define ECRYPTFS_MSG_CTX_STATE_NO_REPLY   0x04
 
#define ECRYPTFS_MSG_HELO   100
 
#define ECRYPTFS_MSG_QUIT   101
 
#define ECRYPTFS_MSG_REQUEST   102
 
#define ECRYPTFS_MSG_RESPONSE   103
 
#define ECRYPTFS_DAEMON_IN_READ   0x00000001
 
#define ECRYPTFS_DAEMON_IN_POLL   0x00000002
 
#define ECRYPTFS_DAEMON_ZOMBIE   0x00000004
 
#define ECRYPTFS_DAEMON_MISCDEV_OPEN   0x00000008
 
#define ecryptfs_printk(type, fmt, arg...)   __ecryptfs_printk(type "%s: " fmt, __func__, ## arg);
 

Functions

void ecryptfs_dump_auth_tok (struct ecryptfs_auth_tok *auth_tok)
 
void ecryptfs_to_hex (char *dst, char *src, size_t src_size)
 
void ecryptfs_from_hex (char *dst, char *src, int dst_size)
 
 __printf (1, 2) void __ecryptfs_printk(const char *fmt
 
struct inodeecryptfs_get_inode (struct inode *lower_inode, struct super_block *sb)
 
void ecryptfs_i_size_init (const char *page_virt, struct inode *inode)
 
int ecryptfs_initialize_file (struct dentry *ecryptfs_dentry, struct inode *ecryptfs_inode)
 
int ecryptfs_decode_and_decrypt_filename (char **decrypted_name, size_t *decrypted_name_size, struct dentry *ecryptfs_dentry, const char *name, size_t name_size)
 
int ecryptfs_fill_zeros (struct file *file, loff_t new_length)
 
int ecryptfs_encrypt_and_encode_filename (char **encoded_name, size_t *encoded_name_size, struct ecryptfs_crypt_stat *crypt_stat, struct ecryptfs_mount_crypt_stat *mount_crypt_stat, const char *name, size_t name_size)
 
struct dentryecryptfs_lower_dentry (struct dentry *this_dentry)
 
void ecryptfs_dump_hex (char *data, int bytes)
 
int virt_to_scatterlist (const void *addr, int size, struct scatterlist *sg, int sg_size)
 
int ecryptfs_compute_root_iv (struct ecryptfs_crypt_stat *crypt_stat)
 
void ecryptfs_rotate_iv (unsigned char *iv)
 
void ecryptfs_init_crypt_stat (struct ecryptfs_crypt_stat *crypt_stat)
 
void ecryptfs_destroy_crypt_stat (struct ecryptfs_crypt_stat *crypt_stat)
 
void ecryptfs_destroy_mount_crypt_stat (struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
 
int ecryptfs_init_crypt_ctx (struct ecryptfs_crypt_stat *crypt_stat)
 
int ecryptfs_write_inode_size_to_metadata (struct inode *ecryptfs_inode)
 
int ecryptfs_encrypt_page (struct page *page)
 
int ecryptfs_decrypt_page (struct page *page)
 
int ecryptfs_write_metadata (struct dentry *ecryptfs_dentry, struct inode *ecryptfs_inode)
 
int ecryptfs_read_metadata (struct dentry *ecryptfs_dentry)
 
int ecryptfs_new_file_context (struct inode *ecryptfs_inode)
 
void ecryptfs_write_crypt_stat_flags (char *page_virt, struct ecryptfs_crypt_stat *crypt_stat, size_t *written)
 
int ecryptfs_read_and_validate_header_region (struct inode *inode)
 
int ecryptfs_read_and_validate_xattr_region (struct dentry *dentry, struct inode *inode)
 
u8 ecryptfs_code_for_cipher_string (char *cipher_name, size_t key_bytes)
 
int ecryptfs_cipher_code_to_string (char *str, u8 cipher_code)
 
void ecryptfs_set_default_sizes (struct ecryptfs_crypt_stat *crypt_stat)
 
int ecryptfs_generate_key_packet_set (char *dest_base, struct ecryptfs_crypt_stat *crypt_stat, struct dentry *ecryptfs_dentry, size_t *len, size_t max)
 
int ecryptfs_parse_packet_set (struct ecryptfs_crypt_stat *crypt_stat, unsigned char *src, struct dentry *ecryptfs_dentry)
 
int ecryptfs_truncate (struct dentry *dentry, loff_t new_length)
 
ssize_t ecryptfs_getxattr_lower (struct dentry *lower_dentry, const char *name, void *value, size_t size)
 
int ecryptfs_setxattr (struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
 
int ecryptfs_read_xattr_region (char *page_virt, struct inode *ecryptfs_inode)
 
int ecryptfs_process_response (struct ecryptfs_daemon *daemon, struct ecryptfs_message *msg, u32 seq)
 
int ecryptfs_send_message (char *data, int data_len, struct ecryptfs_msg_ctx **msg_ctx)
 
int ecryptfs_wait_for_response (struct ecryptfs_msg_ctx *msg_ctx, struct ecryptfs_message **emsg)
 
int ecryptfs_init_messaging (void)
 
void ecryptfs_release_messaging (void)
 
void ecryptfs_write_header_metadata (char *virt, struct ecryptfs_crypt_stat *crypt_stat, size_t *written)
 
int ecryptfs_add_keysig (struct ecryptfs_crypt_stat *crypt_stat, char *sig)
 
int ecryptfs_add_global_auth_tok (struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig, u32 global_auth_tok_flags)
 
int ecryptfs_get_global_auth_tok_for_sig (struct ecryptfs_global_auth_tok **global_auth_tok, struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
 
int ecryptfs_add_new_key_tfm (struct ecryptfs_key_tfm **key_tfm, char *cipher_name, size_t key_size)
 
int ecryptfs_init_crypto (void)
 
int ecryptfs_destroy_crypto (void)
 
int ecryptfs_tfm_exists (char *cipher_name, struct ecryptfs_key_tfm **key_tfm)
 
int ecryptfs_get_tfm_and_mutex_for_cipher_name (struct crypto_blkcipher **tfm, struct mutex **tfm_mutex, char *cipher_name)
 
int ecryptfs_keyring_auth_tok_for_sig (struct key **auth_tok_key, struct ecryptfs_auth_tok **auth_tok, char *sig)
 
int ecryptfs_write_lower (struct inode *ecryptfs_inode, char *data, loff_t offset, size_t size)
 
int ecryptfs_write_lower_page_segment (struct inode *ecryptfs_inode, struct page *page_for_lower, size_t offset_in_page, size_t size)
 
int ecryptfs_write (struct inode *inode, char *data, loff_t offset, size_t size)
 
int ecryptfs_read_lower (char *data, loff_t offset, size_t size, struct inode *ecryptfs_inode)
 
int ecryptfs_read_lower_page_segment (struct page *page_for_ecryptfs, pgoff_t page_index, size_t offset_in_page, size_t size, struct inode *ecryptfs_inode)
 
struct pageecryptfs_get_locked_page (struct inode *inode, loff_t index)
 
int ecryptfs_exorcise_daemon (struct ecryptfs_daemon *daemon)
 
int ecryptfs_find_daemon_by_euid (struct ecryptfs_daemon **daemon)
 
int ecryptfs_parse_packet_length (unsigned char *data, size_t *size, size_t *length_size)
 
int ecryptfs_write_packet_length (char *dest, size_t size, size_t *packet_size_length)
 
int ecryptfs_init_ecryptfs_miscdev (void)
 
void ecryptfs_destroy_ecryptfs_miscdev (void)
 
int ecryptfs_send_miscdev (char *data, size_t data_size, struct ecryptfs_msg_ctx *msg_ctx, u8 msg_type, u16 msg_flags, struct ecryptfs_daemon *daemon)
 
void ecryptfs_msg_ctx_alloc_to_free (struct ecryptfs_msg_ctx *msg_ctx)
 
int ecryptfs_spawn_daemon (struct ecryptfs_daemon **daemon, struct file *file)
 
int ecryptfs_init_kthread (void)
 
void ecryptfs_destroy_kthread (void)
 
int ecryptfs_privileged_open (struct file **lower_file, struct dentry *lower_dentry, struct vfsmount *lower_mnt, const struct cred *cred)
 
int ecryptfs_get_lower_file (struct dentry *dentry, struct inode *inode)
 
void ecryptfs_put_lower_file (struct inode *inode)
 
int ecryptfs_write_tag_70_packet (char *dest, size_t *remaining_bytes, size_t *packet_size, struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *filename, size_t filename_size)
 
int ecryptfs_parse_tag_70_packet (char **filename, size_t *filename_size, size_t *packet_size, struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *data, size_t max_packet_size)
 
int ecryptfs_set_f_namelen (long *namelen, long lower_namelen, struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
 
int ecryptfs_derive_iv (char *iv, struct ecryptfs_crypt_stat *crypt_stat, loff_t offset)
 

Variables

struct mutex key_tfm_list_mutex
 
struct mutex ecryptfs_daemon_hash_mux
 
struct file_operations ecryptfs_main_fops
 
struct file_operations ecryptfs_dir_fops
 
struct inode_operations ecryptfs_main_iops
 
struct inode_operations ecryptfs_dir_iops
 
struct inode_operations ecryptfs_symlink_iops
 
struct super_operations ecryptfs_sops
 
struct dentry_operations ecryptfs_dops
 
struct address_space_operations ecryptfs_aops
 
int ecryptfs_verbosity
 
unsigned int ecryptfs_message_buf_len
 
signed long ecryptfs_message_wait_timeout
 
unsigned int ecryptfs_number_of_users
 
struct kmem_cacheecryptfs_auth_tok_list_item_cache
 
struct kmem_cacheecryptfs_file_info_cache
 
struct kmem_cacheecryptfs_dentry_info_cache
 
struct kmem_cacheecryptfs_inode_info_cache
 
struct kmem_cacheecryptfs_sb_info_cache
 
struct kmem_cacheecryptfs_header_cache
 
struct kmem_cacheecryptfs_xattr_cache
 
struct kmem_cacheecryptfs_key_record_cache
 
struct kmem_cacheecryptfs_key_sig_cache
 
struct kmem_cacheecryptfs_global_auth_tok_cache
 
struct kmem_cacheecryptfs_key_tfm_cache
 

Macro Definition Documentation

#define ECRYPTFS_AUTH_TOK_FNEK   0x00000002

Definition at line 267 of file ecryptfs_kernel.h.

#define ECRYPTFS_AUTH_TOK_INVALID   0x00000001

Definition at line 266 of file ecryptfs_kernel.h.

#define ECRYPTFS_DAEMON_IN_POLL   0x00000002

Definition at line 383 of file ecryptfs_kernel.h.

#define ECRYPTFS_DAEMON_IN_READ   0x00000001

Definition at line 382 of file ecryptfs_kernel.h.

#define ECRYPTFS_DAEMON_MISCDEV_OPEN   0x00000008

Definition at line 385 of file ecryptfs_kernel.h.

#define ECRYPTFS_DAEMON_ZOMBIE   0x00000004

Definition at line 384 of file ecryptfs_kernel.h.

#define ECRYPTFS_DEFAULT_CIPHER   "aes"

Definition at line 135 of file ecryptfs_kernel.h.

#define ECRYPTFS_DEFAULT_EXTENT_SIZE   4096

Definition at line 43 of file ecryptfs_kernel.h.

#define ECRYPTFS_DEFAULT_HASH   "md5"

Definition at line 137 of file ecryptfs_kernel.h.

#define ECRYPTFS_DEFAULT_IV_BYTES   16

eCryptfs: Linux filesystem encryption layer Kernel declarations.

Copyright (C) 1997-2003 Erez Zadok Copyright (C) 2001-2003 Stony Brook University Copyright (C) 2004-2008 International Business Machines Corp. Author(s): Michael A. Halcrow mahal.nosp@m.cro@.nosp@m.us.ib.nosp@m.m.co.nosp@m.m Trevor S. Highland trevo.nosp@m.r.hi.nosp@m.ghlan.nosp@m.d@gm.nosp@m.ail.c.nosp@m.om Tyler Hicks tyhic.nosp@m.ks@o.nosp@m.u.edu

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

Definition at line 42 of file ecryptfs_kernel.h.

#define ECRYPTFS_DEFAULT_KEY_BYTES   16

Definition at line 136 of file ecryptfs_kernel.h.

#define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS   32

Definition at line 45 of file ecryptfs_kernel.h.

#define ECRYPTFS_DEFAULT_NUM_USERS   4

Definition at line 48 of file ecryptfs_kernel.h.

#define ECRYPTFS_DEFAULT_SEND_TIMEOUT   HZ

Definition at line 46 of file ecryptfs_kernel.h.

#define ECRYPTFS_ENABLE_HMAC   0x00000010

Definition at line 196 of file ecryptfs_kernel.h.

#define ECRYPTFS_ENCFN_USE_FEK   0x00001000

Definition at line 204 of file ecryptfs_kernel.h.

#define ECRYPTFS_ENCFN_USE_MOUNT_FNEK   0x00000800

Definition at line 203 of file ecryptfs_kernel.h.

#define ECRYPTFS_ENCRYPT_FILENAMES   0x00000400

Definition at line 202 of file ecryptfs_kernel.h.

#define ECRYPTFS_ENCRYPT_IV_PAGES   0x00000020

Definition at line 197 of file ecryptfs_kernel.h.

#define ECRYPTFS_ENCRYPTED   0x00000004

Definition at line 194 of file ecryptfs_kernel.h.

#define ECRYPTFS_ENCRYPTED_DENTRY_NAME_LEN   (18 + 1 + 4 + 1 + 32)

Definition at line 166 of file ecryptfs_kernel.h.

#define ECRYPTFS_ENCRYPTED_VIEW_ENABLED   0x00000004

Definition at line 308 of file ecryptfs_kernel.h.

#define ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX   "ECRYPTFS_FEK_ENCRYPTED."

Definition at line 162 of file ecryptfs_kernel.h.

#define ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX_SIZE   23

Definition at line 163 of file ecryptfs_kernel.h.

#define ECRYPTFS_FILE_SIZE_BYTES   (sizeof(u64))

Definition at line 132 of file ecryptfs_kernel.h.

#define ECRYPTFS_FILENAME_CONTAINS_DECRYPTED   0x00000001

Definition at line 175 of file ecryptfs_kernel.h.

#define ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES   16

Definition at line 154 of file ecryptfs_kernel.h.

#define ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX   "ECRYPTFS_FNEK_ENCRYPTED."

Definition at line 164 of file ecryptfs_kernel.h.

#define ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE   24

Definition at line 165 of file ecryptfs_kernel.h.

#define ECRYPTFS_GLOBAL_ENCFN_USE_FEK   0x00000040

Definition at line 312 of file ecryptfs_kernel.h.

#define ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK   0x00000020

Definition at line 311 of file ecryptfs_kernel.h.

#define ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES   0x00000010

Definition at line 310 of file ecryptfs_kernel.h.

#define ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY   0x00000080

Definition at line 313 of file ecryptfs_kernel.h.

#define ECRYPTFS_I_SIZE_INITIALIZED   0x00004000

Definition at line 206 of file ecryptfs_kernel.h.

#define ECRYPTFS_KEY_SET   0x00000200

Definition at line 201 of file ecryptfs_kernel.h.

#define ECRYPTFS_KEY_VALID   0x00000040

Definition at line 198 of file ecryptfs_kernel.h.

#define ECRYPTFS_MAX_CIPHER_NAME_SIZE   32

Definition at line 126 of file ecryptfs_kernel.h.

#define ECRYPTFS_MAX_IV_BYTES   16 /* 128 bits */

Definition at line 128 of file ecryptfs_kernel.h.

#define ECRYPTFS_MAX_KEYSET_SIZE   1024

Definition at line 125 of file ecryptfs_kernel.h.

#define ECRYPTFS_MAX_MSG_CTX_TTL   (HZ*3)

Definition at line 47 of file ecryptfs_kernel.h.

#define ECRYPTFS_MAX_NUM_ENC_KEYS   64

Definition at line 127 of file ecryptfs_kernel.h.

#define ECRYPTFS_MAX_NUM_USERS   32768

Definition at line 49 of file ecryptfs_kernel.h.

#define ECRYPTFS_MAX_PKT_LEN_SIZE
Value:
2 /* Pass at least this many bytes to
* ecryptfs_parse_packet_length() and
* ecryptfs_write_packet_length()
*/

Definition at line 151 of file ecryptfs_kernel.h.

#define ECRYPTFS_METADATA_IN_XATTR   0x00000080

Definition at line 199 of file ecryptfs_kernel.h.

#define ECRYPTFS_MIN_PKT_LEN_SIZE   1 /* Min size to specify packet length */

Definition at line 150 of file ecryptfs_kernel.h.

#define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE   8192

Definition at line 44 of file ecryptfs_kernel.h.

#define ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED   0x00000008

Definition at line 309 of file ecryptfs_kernel.h.

#define ECRYPTFS_MSG_CTX_STATE_DONE   0x03

Definition at line 358 of file ecryptfs_kernel.h.

#define ECRYPTFS_MSG_CTX_STATE_FREE   0x01

Definition at line 356 of file ecryptfs_kernel.h.

#define ECRYPTFS_MSG_CTX_STATE_NO_REPLY   0x04

Definition at line 359 of file ecryptfs_kernel.h.

#define ECRYPTFS_MSG_CTX_STATE_PENDING   0x02

Definition at line 357 of file ecryptfs_kernel.h.

#define ECRYPTFS_MSG_HELO   100

Definition at line 361 of file ecryptfs_kernel.h.

#define ECRYPTFS_MSG_QUIT   101

Definition at line 362 of file ecryptfs_kernel.h.

#define ECRYPTFS_MSG_REQUEST   102

Definition at line 363 of file ecryptfs_kernel.h.

#define ECRYPTFS_MSG_RESPONSE   103

Definition at line 364 of file ecryptfs_kernel.h.

#define ECRYPTFS_NON_NULL   0x42 /* A reasonable substitute for NULL */

Definition at line 155 of file ecryptfs_kernel.h.

#define ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED   0x00000001

Definition at line 306 of file ecryptfs_kernel.h.

#define ECRYPTFS_POLICY_APPLIED   0x00000002

Definition at line 193 of file ecryptfs_kernel.h.

#define ECRYPTFS_PREPARE_COMMIT_MODE   0

Definition at line 73 of file ecryptfs_kernel.h.

#define ecryptfs_printk (   type,
  fmt,
  arg... 
)    __ecryptfs_printk(type "%s: " fmt, __func__, ## arg);

Definition at line 512 of file ecryptfs_kernel.h.

#define ECRYPTFS_SALT_BYTES   2

Definition at line 129 of file ecryptfs_kernel.h.

#define ECRYPTFS_SECURITY_WARNING   0x00000008

Definition at line 195 of file ecryptfs_kernel.h.

#define ECRYPTFS_SIZE_AND_MARKER_BYTES
#define ECRYPTFS_STRUCT_INITIALIZED   0x00000001

Definition at line 192 of file ecryptfs_kernel.h.

#define ECRYPTFS_TAG_11_PACKET_TYPE   0xED

Definition at line 141 of file ecryptfs_kernel.h.

#define ECRYPTFS_TAG_1_PACKET_TYPE   0x01

Definition at line 139 of file ecryptfs_kernel.h.

#define ECRYPTFS_TAG_3_PACKET_TYPE   0x8C

Definition at line 140 of file ecryptfs_kernel.h.

#define ECRYPTFS_TAG_64_PACKET_TYPE   0x40

Definition at line 142 of file ecryptfs_kernel.h.

#define ECRYPTFS_TAG_65_PACKET_TYPE   0x41

Definition at line 143 of file ecryptfs_kernel.h.

#define ECRYPTFS_TAG_66_PACKET_TYPE   0x42

Definition at line 144 of file ecryptfs_kernel.h.

#define ECRYPTFS_TAG_67_PACKET_TYPE   0x43

Definition at line 145 of file ecryptfs_kernel.h.

#define ECRYPTFS_TAG_70_DIGEST   ECRYPTFS_DEFAULT_HASH

Definition at line 138 of file ecryptfs_kernel.h.

#define ECRYPTFS_TAG_70_DIGEST_SIZE   MD5_DIGEST_SIZE

Definition at line 157 of file ecryptfs_kernel.h.

#define ECRYPTFS_TAG_70_MAX_METADATA_SIZE
Value:

Definition at line 160 of file ecryptfs_kernel.h.

#define ECRYPTFS_TAG_70_MIN_METADATA_SIZE
Value:

Definition at line 158 of file ecryptfs_kernel.h.

#define ECRYPTFS_TAG_70_PACKET_TYPE
Value:
0x46 /* FNEK-encrypted filename
* as dentry name */

Definition at line 146 of file ecryptfs_kernel.h.

#define ECRYPTFS_TAG_71_PACKET_TYPE
Value:
0x47 /* FNEK-encrypted filename in
* metadata */

Definition at line 147 of file ecryptfs_kernel.h.

#define ECRYPTFS_TAG_72_PACKET_TYPE
Value:
0x48 /* FEK-encrypted filename as
* dentry name */

Definition at line 148 of file ecryptfs_kernel.h.

#define ECRYPTFS_TAG_73_PACKET_TYPE
Value:
0x49 /* FEK-encrypted filename as
* metadata */

Definition at line 149 of file ecryptfs_kernel.h.

#define ECRYPTFS_UNLINK_SIGS   0x00002000

Definition at line 205 of file ecryptfs_kernel.h.

#define ECRYPTFS_VIEW_AS_ENCRYPTED   0x00000100

Definition at line 200 of file ecryptfs_kernel.h.

#define ECRYPTFS_WRITEPAGE_MODE   1

Definition at line 74 of file ecryptfs_kernel.h.

#define ECRYPTFS_XATTR_METADATA_ENABLED   0x00000002

Definition at line 307 of file ecryptfs_kernel.h.

#define ECRYPTFS_XATTR_NAME   "user.ecryptfs"

Definition at line 50 of file ecryptfs_kernel.h.

#define MAGIC_ECRYPTFS_MARKER   0x3c81b7f5

Definition at line 130 of file ecryptfs_kernel.h.

#define MAGIC_ECRYPTFS_MARKER_SIZE_BYTES   8 /* 4*2 */

Definition at line 131 of file ecryptfs_kernel.h.

#define MD5_DIGEST_SIZE   16

Definition at line 156 of file ecryptfs_kernel.h.

Function Documentation

__printf ( ,
 
) const
int ecryptfs_add_global_auth_tok ( struct ecryptfs_mount_crypt_stat mount_crypt_stat,
char sig,
u32  global_auth_tok_flags 
)

Definition at line 2507 of file keystore.c.

int ecryptfs_add_keysig ( struct ecryptfs_crypt_stat crypt_stat,
char sig 
)

Definition at line 2486 of file keystore.c.

int ecryptfs_add_new_key_tfm ( struct ecryptfs_key_tfm **  key_tfm,
char cipher_name,
size_t  key_size 
)

Definition at line 1800 of file crypto.c.

int ecryptfs_cipher_code_to_string ( char str,
u8  cipher_code 
)

ecryptfs_cipher_code_to_string : Destination to write out the cipher name : The code to convert to cipher name string

Returns zero on success

Definition at line 1147 of file crypto.c.

u8 ecryptfs_code_for_cipher_string ( char cipher_name,
size_t  key_bytes 
)

ecryptfs_code_for_cipher_string : The string alias for the cipher : Length of key in bytes; used for AES code selection

Returns zero on no match, or the cipher code on match

Definition at line 1112 of file crypto.c.

int ecryptfs_compute_root_iv ( struct ecryptfs_crypt_stat crypt_stat)

ecryptfs_compute_root_iv

On error, sets the root IV to all 0's.

Definition at line 811 of file crypto.c.

int ecryptfs_decode_and_decrypt_filename ( char **  decrypted_name,
size_t decrypted_name_size,
struct dentry ecryptfs_dentry,
const char name,
size_t  name_size 
)

Definition at line 2186 of file crypto.c.

int ecryptfs_decrypt_page ( struct page page)

Definition at line 560 of file crypto.c.

int ecryptfs_derive_iv ( char iv,
struct ecryptfs_crypt_stat crypt_stat,
loff_t  offset 
)

ecryptfs_derive_iv : destination for the derived iv vale : Pointer to crypt_stat struct for the current inode : Offset of the extent whose IV we are to derive

Generate the initialization vector from the given root IV and page offset.

Returns zero on success; non-zero on error.

Definition at line 179 of file crypto.c.

void ecryptfs_destroy_crypt_stat ( struct ecryptfs_crypt_stat crypt_stat)

ecryptfs_destroy_crypt_stat : Pointer to the crypt_stat struct to initialize.

Releases all memory associated with a crypt_stat struct.

Definition at line 241 of file crypto.c.

int ecryptfs_destroy_crypto ( void  )

ecryptfs_destroy_crypto - free all cached key_tfms on key_tfm_list

Called only at module unload time

Definition at line 1783 of file crypto.c.

void ecryptfs_destroy_ecryptfs_miscdev ( void  )

ecryptfs_destroy_ecryptfs_miscdev

All of the daemons must be exorcised prior to calling this function.

Definition at line 517 of file miscdev.c.

void ecryptfs_destroy_kthread ( void  )

Definition at line 103 of file kthread.c.

void ecryptfs_destroy_mount_crypt_stat ( struct ecryptfs_mount_crypt_stat mount_crypt_stat)

Definition at line 257 of file crypto.c.

void ecryptfs_dump_auth_tok ( struct ecryptfs_auth_tok auth_tok)

eCryptfs: Linux filesystem encryption layer Functions only useful for debugging.

Copyright (C) 2006 International Business Machines Corp. Author(s): Michael A. Halcrow mahal.nosp@m.cro@.nosp@m.us.ib.nosp@m.m.co.nosp@m.m

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ecryptfs_dump_auth_tok - debug function to print auth toks

This function will print the contents of an ecryptfs authentication token.

Definition at line 32 of file debug.c.

void ecryptfs_dump_hex ( char data,
int  bytes 
)

ecryptfs_dump_hex - debug hex printer : string of bytes to be printed : number of bytes to print

Dump hexadecimal representation of char array

Definition at line 98 of file debug.c.

int ecryptfs_encrypt_and_encode_filename ( char **  encoded_name,
size_t encoded_name_size,
struct ecryptfs_crypt_stat crypt_stat,
struct ecryptfs_mount_crypt_stat mount_crypt_stat,
const char name,
size_t  name_size 
)

Definition at line 2073 of file crypto.c.

int ecryptfs_encrypt_page ( struct page page)

Definition at line 452 of file crypto.c.

int ecryptfs_exorcise_daemon ( struct ecryptfs_daemon daemon)

ecryptfs_exorcise_daemon - Destroy the daemon struct

Must be called ceremoniously while in possession of ecryptfs_daemon_hash_mux and the daemon's own mux.

Definition at line 173 of file messaging.c.

int ecryptfs_fill_zeros ( struct file file,
loff_t  new_length 
)
int ecryptfs_find_daemon_by_euid ( struct ecryptfs_daemon **  daemon)

ecryptfs_find_daemon_by_euid : If return value is zero, points to the desired daemon pointer

Must be called with ecryptfs_daemon_hash_mux held.

Search the hash list for the current effective user id.

Returns zero if the user id exists in the list; non-zero otherwise.

Definition at line 116 of file messaging.c.

void ecryptfs_from_hex ( char dst,
char src,
int  dst_size 
)

ecryptfs_from_hex : Buffer to take the bytes from src hex; must be at least of size (src_size / 2) : Buffer to be converted from a hex string respresentation to raw value : size of dst buffer, or number of hex characters pairs to convert

Definition at line 73 of file crypto.c.

int ecryptfs_generate_key_packet_set ( char dest_base,
struct ecryptfs_crypt_stat crypt_stat,
struct dentry ecryptfs_dentry,
size_t len,
size_t  max 
)

ecryptfs_generate_key_packet_set : Virtual address from which to write the key record set : The cryptographic context from which the authentication tokens will be retrieved : The dentry, used to retrieve the mount crypt stat for the global parameters : The amount written : The maximum amount of data allowed to be written

Generates a key packet set and writes it to the virtual address passed in.

Returns zero on success; non-zero on error.

Definition at line 2392 of file keystore.c.

int ecryptfs_get_global_auth_tok_for_sig ( struct ecryptfs_global_auth_tok **  global_auth_tok,
struct ecryptfs_mount_crypt_stat mount_crypt_stat,
char sig 
)
struct inode* ecryptfs_get_inode ( struct inode lower_inode,
struct super_block sb 
)
read

Definition at line 113 of file inode.c.

struct page* ecryptfs_get_locked_page ( struct inode inode,
loff_t  index 
)
read

eCryptfs: Linux filesystem encryption layer This is where eCryptfs coordinates the symmetric encryption and decryption of the file data as it passes between the lower encrypted file and the upper decrypted file.

Copyright (C) 1997-2003 Erez Zadok Copyright (C) 2001-2003 Stony Brook University Copyright (C) 2004-2007 International Business Machines Corp. Author(s): Michael A. Halcrow mahal.nosp@m.cro@.nosp@m.us.ib.nosp@m.m.co.nosp@m.m

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ecryptfs_get_locked_page

Get one page from cache or lower f/s, return error otherwise.

Returns locked and up-to-date page (if ok), with increased refcnt.

Definition at line 47 of file mmap.c.

int ecryptfs_get_lower_file ( struct dentry dentry,
struct inode inode 
)

Definition at line 138 of file main.c.

int ecryptfs_get_tfm_and_mutex_for_cipher_name ( struct crypto_blkcipher **  tfm,
struct mutex **  tfm_mutex,
char cipher_name 
)

ecryptfs_get_tfm_and_mutex_for_cipher_name

: set to cached tfm found, or new tfm created : set to mutex for cached tfm found, or new tfm created : the name of the cipher to search for and/or add

Sets pointers to & matching . Searches for cached item first, and creates new if not found. Returns 0 on success, non-zero if adding new cipher failed

Definition at line 1878 of file crypto.c.

ssize_t ecryptfs_getxattr_lower ( struct dentry lower_dentry,
const char name,
void value,
size_t  size 
)

Definition at line 1062 of file inode.c.

void ecryptfs_i_size_init ( const char page_virt,
struct inode inode 
)

Definition at line 1408 of file crypto.c.

int ecryptfs_init_crypt_ctx ( struct ecryptfs_crypt_stat crypt_stat)

ecryptfs_init_crypt_ctx : Uninitialized crypt stats structure

Initialize the crypto context.

TODO: Performance: Keep a cache of initialized cipher contexts; only init if needed

Definition at line 729 of file crypto.c.

void ecryptfs_init_crypt_stat ( struct ecryptfs_crypt_stat crypt_stat)

ecryptfs_init_crypt_stat : Pointer to the crypt_stat struct to initialize.

Initialize the crypt_stat structure.

Definition at line 224 of file crypto.c.

int ecryptfs_init_crypto ( void  )

Definition at line 1771 of file crypto.c.

int ecryptfs_init_ecryptfs_miscdev ( void  )

ecryptfs_init_ecryptfs_miscdev

Messages sent to the userspace daemon from the kernel are placed on a queue associated with the daemon. The next read against the miscdev handle by that daemon will return the oldest message placed on the message queue for the daemon.

Returns zero on success; non-zero otherwise

Definition at line 498 of file miscdev.c.

int ecryptfs_init_kthread ( void  )

Definition at line 86 of file kthread.c.

int ecryptfs_init_messaging ( void  )

Definition at line 371 of file messaging.c.

int ecryptfs_initialize_file ( struct dentry ecryptfs_dentry,
struct inode ecryptfs_inode 
)

ecryptfs_initialize_file

Cause the file to be changed from a basic empty file to an ecryptfs file with a header and first data page.

Returns zero on success

Definition at line 230 of file inode.c.

int ecryptfs_keyring_auth_tok_for_sig ( struct key **  auth_tok_key,
struct ecryptfs_auth_tok **  auth_tok,
char sig 
)

Definition at line 1628 of file keystore.c.

struct dentry* ecryptfs_lower_dentry ( struct dentry this_dentry)
read
void ecryptfs_msg_ctx_alloc_to_free ( struct ecryptfs_msg_ctx msg_ctx)

ecryptfs_msg_ctx_alloc_to_free : The context to move from the alloc list to the free list

Must be called with ecryptfs_msg_ctx_lists_mux held.

Definition at line 97 of file messaging.c.

int ecryptfs_new_file_context ( struct inode ecryptfs_inode)

ecryptfs_new_file_context : The eCryptfs inode

If the crypto context for the file has not yet been established, this is where we do that. Establishing a new crypto context involves the following decisions:

  • What cipher to use?
  • What set of authentication tokens to use? Here we just worry about getting enough information into the authentication tokens so that we know that they are available. We associate the available authentication tokens with the new file via the set of signatures in the crypt_stat struct. Later, when the headers are actually written out, we may again defer to userspace to perform the encryption of the session key; for the foreseeable future, this will be the case with public key packets.

Returns zero on success; non-zero otherwise

Definition at line 947 of file crypto.c.

int ecryptfs_parse_packet_length ( unsigned char data,
size_t size,
size_t length_size 
)

ecryptfs_parse_packet_length : Pointer to memory containing length at offset : This function writes the decoded size to this memory address; zero on error : The number of bytes occupied by the encoded length

Returns zero on success; non-zero on error

Definition at line 95 of file keystore.c.

int ecryptfs_parse_packet_set ( struct ecryptfs_crypt_stat crypt_stat,
unsigned char src,
struct dentry ecryptfs_dentry 
)

ecryptfs_parse_packet_set : The cryptographic context : Virtual address of region of memory containing the packets : The eCryptfs dentry associated with the packet set

Get crypt_stat to have the file's session key if the requisite key is available to decrypt the session key.

Returns Zero if a valid authentication token was retrieved and processed; negative value for file not encrypted or for error conditions.

Definition at line 1758 of file keystore.c.

int ecryptfs_parse_tag_70_packet ( char **  filename,
size_t filename_size,
size_t packet_size,
struct ecryptfs_mount_crypt_stat mount_crypt_stat,
char data,
size_t  max_packet_size 
)

parse_tag_70_packet - Parse and process FNEK-encrypted passphrase packet : This function kmalloc's the memory for the filename : This function sets this to the amount of memory kmalloc'd for the filename : This function sets this to the the number of octets in the packet parsed : The mount-wide cryptographic context : The memory location containing the start of the tag 70 packet : The maximum legal size of the packet to be parsed from

Returns zero on success; non-zero otherwise

Definition at line 914 of file keystore.c.

int ecryptfs_privileged_open ( struct file **  lower_file,
struct dentry lower_dentry,
struct vfsmount lower_mnt,
const struct cred cred 
)

ecryptfs_privileged_open : Result of dentry_open by root on lower dentry : Lower dentry for file to open : Lower vfsmount for file to open

This function gets a r/w file opened againt the lower dentry.

Returns zero on success; non-zero otherwise

Definition at line 130 of file kthread.c.

int ecryptfs_process_response ( struct ecryptfs_daemon daemon,
struct ecryptfs_message msg,
u32  seq 
)

ecryptfs_process_reponse : The ecryptfs message received; the caller should sanity check msg->data_len and free the memory : The sequence number of the message; must match the sequence number for the existing message context waiting for this response

Processes a response message after sending an operation request to userspace. Some other process is awaiting this response. Before sending out its first communications, the other process allocated a msg_ctx from the ecryptfs_msg_ctx_arr at a particular index. The response message contains this index so that we can copy over the response message into the msg_ctx that the process holds a reference to. The other process is going to wake up, check to see that msg_ctx->state == ECRYPTFS_MSG_CTX_STATE_DONE, and then proceed to read off and process the response message. Returns zero upon delivery to desired context element; non-zero upon delivery failure or error.

Returns zero on success; non-zero otherwise

Definition at line 222 of file messaging.c.

void ecryptfs_put_lower_file ( struct inode inode)

Definition at line 158 of file main.c.

int ecryptfs_read_and_validate_header_region ( struct inode inode)

Definition at line 1164 of file crypto.c.

int ecryptfs_read_and_validate_xattr_region ( struct dentry dentry,
struct inode inode 
)

Definition at line 1521 of file crypto.c.

int ecryptfs_read_lower ( char data,
loff_t  offset,
size_t  size,
struct inode ecryptfs_inode 
)

ecryptfs_read_lower : The read data is stored here by this function : Byte offset in the lower file from which to read the data : Number of bytes to read from of the lower file and store into : The eCryptfs inode

Read bytes of data at byte offset from the lower inode into memory location .

Returns bytes read on success; 0 on EOF; less than zero on error

Definition at line 235 of file read_write.c.

int ecryptfs_read_lower_page_segment ( struct page page_for_ecryptfs,
pgoff_t  page_index,
size_t  offset_in_page,
size_t  size,
struct inode ecryptfs_inode 
)

ecryptfs_read_lower_page_segment : The page into which data for eCryptfs will be written : Offset in from which to start writing : The number of bytes to write into : The eCryptfs inode

Determines the byte offset in the file for the given page and offset within the page, maps the page, and makes the call to read the contents of from the lower inode.

Returns zero on success; non-zero otherwise

Definition at line 267 of file read_write.c.

int ecryptfs_read_metadata ( struct dentry ecryptfs_dentry)

ecryptfs_read_metadata

Common entry point for reading file metadata. From here, we could retrieve the header information from the header region of the file, the xattr region of the file, or some other repostory that is stored separately from the file itself. The current implementation supports retrieving the metadata information from the file contents and from the xattr region.

Returns zero if valid headers found and parsed; non-zero otherwise

Definition at line 1551 of file crypto.c.

int ecryptfs_read_xattr_region ( char page_virt,
struct inode ecryptfs_inode 
)

ecryptfs_read_xattr_region : The vitual address into which to read the xattr data : The eCryptfs inode

Attempts to read the crypto metadata from the extended attribute region of the lower file.

Returns zero on success; non-zero on error

Definition at line 1500 of file crypto.c.

void ecryptfs_release_messaging ( void  )

Definition at line 432 of file messaging.c.

void ecryptfs_rotate_iv ( unsigned char iv)
int ecryptfs_send_message ( char data,
int  data_len,
struct ecryptfs_msg_ctx **  msg_ctx 
)

ecryptfs_send_message : The data to send : The length of data : The message context allocated for the send

Grabs ecryptfs_daemon_hash_mux.

Returns zero on success; non-zero otherwise

Definition at line 321 of file messaging.c.

int ecryptfs_send_miscdev ( char data,
size_t  data_size,
struct ecryptfs_msg_ctx msg_ctx,
u8  msg_type,
u16  msg_flags,
struct ecryptfs_daemon daemon 
)

ecryptfs_send_miscdev : Data to send to daemon; may be NULL : Amount of data to send to daemon : Message context, which is used to handle the reply. If this is NULL, then we do not expect a reply. : Type of message : Flags for message : eCryptfs daemon object

Add msg_ctx to queue and then, if it exists, notify the blocked miscdevess about the data being available. Must be called with ecryptfs_daemon_hash_mux held.

Returns zero on success; non-zero otherwise

Definition at line 170 of file miscdev.c.

void ecryptfs_set_default_sizes ( struct ecryptfs_crypt_stat crypt_stat)

Definition at line 787 of file crypto.c.

int ecryptfs_set_f_namelen ( long namelen,
long  lower_namelen,
struct ecryptfs_mount_crypt_stat mount_crypt_stat 
)

Definition at line 2250 of file crypto.c.

int ecryptfs_setxattr ( struct dentry dentry,
const char name,
const void value,
size_t  size,
int  flags 
)

Definition at line 1042 of file inode.c.

int ecryptfs_spawn_daemon ( struct ecryptfs_daemon **  daemon,
struct file file 
)

Definition at line 145 of file messaging.c.

int ecryptfs_tfm_exists ( char cipher_name,
struct ecryptfs_key_tfm **  key_tfm 
)

ecryptfs_tfm_exists - Search for existing tfm for cipher_name. : the name of the cipher to search for : set to corresponding tfm if found

Searches for cached key_tfm matching Must be called with &key_tfm_list_mutex held Returns 1 if found, with set Returns 0 if not found, with set to NULL

Definition at line 1849 of file crypto.c.

void ecryptfs_to_hex ( char dst,
char src,
size_t  src_size 
)

ecryptfs_to_hex : Buffer to take hex character representation of contents of src; must be at least of size (src_size * 2) : Buffer to be converted to a hex string respresentation : number of bytes to convert

Definition at line 58 of file crypto.c.

int ecryptfs_truncate ( struct dentry dentry,
loff_t  new_length 
)

ecryptfs_truncate : The ecryptfs layer dentry : The length to expand the file to

Simple function that handles the truncation of an eCryptfs inode and its corresponding lower inode.

Returns zero on success; non-zero otherwise

Definition at line 879 of file inode.c.

int ecryptfs_wait_for_response ( struct ecryptfs_msg_ctx msg_ctx,
struct ecryptfs_message **  msg 
)

ecryptfs_wait_for_response : The context that was assigned when sending a message : The incoming message from userspace; not set if rc != 0

Sleeps until awaken by ecryptfs_receive_message or until the amount of time exceeds ecryptfs_message_wait_timeout. If zero is returned, msg will point to a valid message from userspace; a non-zero value is returned upon failure to receive a message or an error occurs. Callee must free on success.

Definition at line 344 of file messaging.c.

int ecryptfs_write ( struct inode ecryptfs_inode,
char data,
loff_t  offset,
size_t  size 
)

ecryptfs_write : The eCryptfs file into which to write : Virtual address where data to write is located : Offset in the eCryptfs file at which to begin writing the data from : The number of bytes to write from

Write an arbitrary amount of data to an arbitrary location in the eCryptfs inode page cache. This is done on a page-by-page, and then by an extent-by-extent, basis; individual extents are encrypted and written to the lower page cache (via VFS writes). This function takes care of all the address translation to locations in the lower filesystem; it also handles truncate events, writing out zeros where necessary.

Returns zero on success; non-zero otherwise

Definition at line 109 of file read_write.c.

void ecryptfs_write_crypt_stat_flags ( char page_virt,
struct ecryptfs_crypt_stat crypt_stat,
size_t written 
)

Definition at line 1068 of file crypto.c.

void ecryptfs_write_header_metadata ( char virt,
struct ecryptfs_crypt_stat crypt_stat,
size_t written 
)

Definition at line 1181 of file crypto.c.

int ecryptfs_write_inode_size_to_metadata ( struct inode ecryptfs_inode)

Definition at line 455 of file mmap.c.

int ecryptfs_write_lower ( struct inode ecryptfs_inode,
char data,
loff_t  offset,
size_t  size 
)

eCryptfs: Linux filesystem encryption layer

Copyright (C) 2007 International Business Machines Corp. Author(s): Michael A. Halcrow mahal.nosp@m.cro@.nosp@m.us.ib.nosp@m.m.co.nosp@m.m

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ecryptfs_write_lower : The eCryptfs inode : Data to write : Byte offset in the lower file to which to write the data : Number of bytes from to write at in the lower file

Write data to the lower file.

Returns bytes written on success; less than zero on error

Definition at line 39 of file read_write.c.

int ecryptfs_write_lower_page_segment ( struct inode ecryptfs_inode,
struct page page_for_lower,
size_t  offset_in_page,
size_t  size 
)

ecryptfs_write_lower_page_segment : The eCryptfs inode : The page containing the data to be written to the lower file : The offset in the from which to start writing the data : The amount of data from to write to the lower file

Determines the byte offset in the file for the given page and offset within the page, maps the page, and makes the call to write the contents of to the lower inode.

Returns zero on success; non-zero otherwise

Definition at line 73 of file read_write.c.

int ecryptfs_write_metadata ( struct dentry ecryptfs_dentry,
struct inode ecryptfs_inode 
)

ecryptfs_write_metadata : The eCryptfs dentry, which should be negative : The newly created eCryptfs inode

Write the file headers out. This will likely involve a userspace callout, in which the session key is encrypted with one or more public keys and/or the passphrase necessary to do the encryption is retrieved via a prompt. Exactly what happens at this point should be policy-dependent.

Returns zero on success; non-zero on error

Definition at line 1312 of file crypto.c.

int ecryptfs_write_packet_length ( char dest,
size_t  size,
size_t packet_size_length 
)

ecryptfs_write_packet_length : The byte array target into which to write the length. Must have at least ECRYPTFS_MAX_PKT_LEN_SIZE bytes allocated. : The length to write. : The number of bytes used to encode the packet length is written to this address.

Returns zero on success; non-zero on error.

Definition at line 136 of file keystore.c.

int ecryptfs_write_tag_70_packet ( char dest,
size_t remaining_bytes,
size_t packet_size,
struct ecryptfs_mount_crypt_stat mount_crypt_stat,
char filename,
size_t  filename_size 
)

write_tag_70_packet - Write encrypted filename (EFN) packet against FNEK : NULL-terminated filename string

This is the simplest mechanism for achieving filename encryption in eCryptfs. It encrypts the given filename with the mount-wide filename encryption key (FNEK) and stores it in a packet to , which the callee will encode and write directly into the dentry name.

Definition at line 624 of file keystore.c.

int virt_to_scatterlist ( const void addr,
int  size,
struct scatterlist sg,
int  sg_size 
)

virt_to_scatterlist : Virtual address : Size of data; should be an even multiple of the block size : Pointer to scatterlist array; set to NULL to obtain only the number of scatterlist structs required in array : Max array size

Fills in a scatterlist array with page references for a passed virtual address.

Returns the number of scatterlist structs in array used

Definition at line 291 of file crypto.c.

Variable Documentation

Definition at line 547 of file mmap.c.

struct kmem_cache* ecryptfs_auth_tok_list_item_cache

Definition at line 1223 of file keystore.c.

struct mutex ecryptfs_daemon_hash_mux

Definition at line 33 of file messaging.c.

struct kmem_cache* ecryptfs_dentry_info_cache

Definition at line 69 of file dentry.c.

struct file_operations ecryptfs_dir_fops

Definition at line 341 of file file.c.

struct inode_operations ecryptfs_dir_iops

Definition at line 1135 of file inode.c.

struct dentry_operations ecryptfs_dops

Definition at line 90 of file dentry.c.

struct kmem_cache* ecryptfs_file_info_cache

Definition at line 141 of file file.c.

struct kmem_cache* ecryptfs_global_auth_tok_cache

Definition at line 2504 of file keystore.c.

struct kmem_cache* ecryptfs_header_cache

Definition at line 1197 of file crypto.c.

struct kmem_cache* ecryptfs_inode_info_cache

eCryptfs: Linux filesystem encryption layer

Copyright (C) 1997-2003 Erez Zadok Copyright (C) 2001-2003 Stony Brook University Copyright (C) 2004-2006 International Business Machines Corp. Author(s): Michael A. Halcrow mahal.nosp@m.cro@.nosp@m.us.ib.nosp@m.m.co.nosp@m.m Michael C. Thompson mctho.nosp@m.mps@.nosp@m.us.ib.nosp@m.m.co.nosp@m.m

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

Definition at line 37 of file super.c.

struct kmem_cache* ecryptfs_key_record_cache

Definition at line 2374 of file keystore.c.

struct kmem_cache* ecryptfs_key_sig_cache

Definition at line 2484 of file keystore.c.

struct kmem_cache* ecryptfs_key_tfm_cache

Definition at line 1767 of file crypto.c.

struct file_operations ecryptfs_main_fops

Definition at line 357 of file file.c.

struct inode_operations ecryptfs_main_iops

Definition at line 1153 of file inode.c.

unsigned int ecryptfs_message_buf_len

Module parameter that defines the number of message buffer elements

Definition at line 55 of file main.c.

signed long ecryptfs_message_wait_timeout

Module parameter that defines the maximum guaranteed amount of time to wait for a response from ecryptfsd. The actual sleep time will be, more than likely, a small amount greater than this specified value, but only less if the message successfully arrives.

Definition at line 67 of file main.c.

unsigned int ecryptfs_number_of_users

Module parameter that is an estimate of the maximum number of users that will be concurrently using eCryptfs. Set this to the right value to balance performance and memory use.

Definition at line 80 of file main.c.

struct kmem_cache* ecryptfs_sb_info_cache

Definition at line 482 of file main.c.

struct super_operations ecryptfs_sops

Definition at line 184 of file super.c.

struct inode_operations ecryptfs_symlink_iops

Definition at line 1122 of file inode.c.

int ecryptfs_verbosity

eCryptfs: Linux filesystem encryption layer

Copyright (C) 1997-2003 Erez Zadok Copyright (C) 2001-2003 Stony Brook University Copyright (C) 2004-2007 International Business Machines Corp. Author(s): Michael A. Halcrow mahal.nosp@m.cro@.nosp@m.us.ib.nosp@m.m.co.nosp@m.m Michael C. Thompson mctho.nosp@m.mps@.nosp@m.us.ib.nosp@m.m.co.nosp@m.m Tyler Hicks tyhic.nosp@m.ks@o.nosp@m.u.edu

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. Module parameter that defines the ecryptfs_verbosity level.

Definition at line 45 of file main.c.

struct kmem_cache* ecryptfs_xattr_cache

Definition at line 414 of file mmap.c.

struct mutex key_tfm_list_mutex

Definition at line 1769 of file crypto.c.