Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
ecryptfs_kernel.h
Go to the documentation of this file.
1 
28 #ifndef ECRYPTFS_KERNEL_H
29 #define ECRYPTFS_KERNEL_H
30 
31 #include <keys/user-type.h>
32 #include <keys/encrypted-type.h>
33 #include <linux/fs.h>
34 #include <linux/fs_stack.h>
35 #include <linux/namei.h>
36 #include <linux/scatterlist.h>
37 #include <linux/hash.h>
38 #include <linux/nsproxy.h>
39 #include <linux/backing-dev.h>
40 #include <linux/ecryptfs.h>
41 
42 #define ECRYPTFS_DEFAULT_IV_BYTES 16
43 #define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096
44 #define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192
45 #define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32
46 #define ECRYPTFS_DEFAULT_SEND_TIMEOUT HZ
47 #define ECRYPTFS_MAX_MSG_CTX_TTL (HZ*3)
48 #define ECRYPTFS_DEFAULT_NUM_USERS 4
49 #define ECRYPTFS_MAX_NUM_USERS 32768
50 #define ECRYPTFS_XATTR_NAME "user.ecryptfs"
51 
52 void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok);
53 extern void ecryptfs_to_hex(char *dst, char *src, size_t src_size);
54 extern void ecryptfs_from_hex(char *dst, char *src, int dst_size);
55 
57  unsigned char type;
58  size_t enc_key_size;
59  unsigned char sig[ECRYPTFS_SIG_SIZE];
61 };
62 
65  struct list_head list;
66 };
67 
68 struct ecryptfs_crypt_stat;
70 
72  struct page *page;
73 #define ECRYPTFS_PREPARE_COMMIT_MODE 0
74 #define ECRYPTFS_WRITEPAGE_MODE 1
75  unsigned int mode;
76  union {
77  struct file *lower_file;
79  } param;
80 };
81 
82 #if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE)
83 static inline struct ecryptfs_auth_tok *
84 ecryptfs_get_encrypted_key_payload_data(struct key *key)
85 {
86  if (key->type == &key_type_encrypted)
87  return (struct ecryptfs_auth_tok *)
88  (&((struct encrypted_key_payload *)key->payload.data)->payload_data);
89  else
90  return NULL;
91 }
92 
93 static inline struct key *ecryptfs_get_encrypted_key(char *sig)
94 {
95  return request_key(&key_type_encrypted, sig, NULL);
96 }
97 
98 #else
99 static inline struct ecryptfs_auth_tok *
100 ecryptfs_get_encrypted_key_payload_data(struct key *key)
101 {
102  return NULL;
103 }
104 
105 static inline struct key *ecryptfs_get_encrypted_key(char *sig)
106 {
107  return ERR_PTR(-ENOKEY);
108 }
109 
110 #endif /* CONFIG_ENCRYPTED_KEYS */
111 
112 static inline struct ecryptfs_auth_tok *
113 ecryptfs_get_key_payload_data(struct key *key)
114 {
115  struct ecryptfs_auth_tok *auth_tok;
116 
117  auth_tok = ecryptfs_get_encrypted_key_payload_data(key);
118  if (!auth_tok)
119  return (struct ecryptfs_auth_tok *)
120  (((struct user_key_payload *)key->payload.data)->data);
121  else
122  return auth_tok;
123 }
124 
125 #define ECRYPTFS_MAX_KEYSET_SIZE 1024
126 #define ECRYPTFS_MAX_CIPHER_NAME_SIZE 32
127 #define ECRYPTFS_MAX_NUM_ENC_KEYS 64
128 #define ECRYPTFS_MAX_IV_BYTES 16 /* 128 bits */
129 #define ECRYPTFS_SALT_BYTES 2
130 #define MAGIC_ECRYPTFS_MARKER 0x3c81b7f5
131 #define MAGIC_ECRYPTFS_MARKER_SIZE_BYTES 8 /* 4*2 */
132 #define ECRYPTFS_FILE_SIZE_BYTES (sizeof(u64))
133 #define ECRYPTFS_SIZE_AND_MARKER_BYTES (ECRYPTFS_FILE_SIZE_BYTES \
134  + MAGIC_ECRYPTFS_MARKER_SIZE_BYTES)
135 #define ECRYPTFS_DEFAULT_CIPHER "aes"
136 #define ECRYPTFS_DEFAULT_KEY_BYTES 16
137 #define ECRYPTFS_DEFAULT_HASH "md5"
138 #define ECRYPTFS_TAG_70_DIGEST ECRYPTFS_DEFAULT_HASH
139 #define ECRYPTFS_TAG_1_PACKET_TYPE 0x01
140 #define ECRYPTFS_TAG_3_PACKET_TYPE 0x8C
141 #define ECRYPTFS_TAG_11_PACKET_TYPE 0xED
142 #define ECRYPTFS_TAG_64_PACKET_TYPE 0x40
143 #define ECRYPTFS_TAG_65_PACKET_TYPE 0x41
144 #define ECRYPTFS_TAG_66_PACKET_TYPE 0x42
145 #define ECRYPTFS_TAG_67_PACKET_TYPE 0x43
146 #define ECRYPTFS_TAG_70_PACKET_TYPE 0x46 /* FNEK-encrypted filename
147  * as dentry name */
148 #define ECRYPTFS_TAG_71_PACKET_TYPE 0x47 /* FNEK-encrypted filename in
149  * metadata */
150 #define ECRYPTFS_TAG_72_PACKET_TYPE 0x48 /* FEK-encrypted filename as
151  * dentry name */
152 #define ECRYPTFS_TAG_73_PACKET_TYPE 0x49 /* FEK-encrypted filename as
153  * metadata */
154 #define ECRYPTFS_MIN_PKT_LEN_SIZE 1 /* Min size to specify packet length */
155 #define ECRYPTFS_MAX_PKT_LEN_SIZE 2 /* Pass at least this many bytes to
156  * ecryptfs_parse_packet_length() and
157  * ecryptfs_write_packet_length()
158  */
159 /* Constraint: ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES >=
160  * ECRYPTFS_MAX_IV_BYTES */
161 #define ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES 16
162 #define ECRYPTFS_NON_NULL 0x42 /* A reasonable substitute for NULL */
163 #define MD5_DIGEST_SIZE 16
164 #define ECRYPTFS_TAG_70_DIGEST_SIZE MD5_DIGEST_SIZE
165 #define ECRYPTFS_TAG_70_MIN_METADATA_SIZE (1 + ECRYPTFS_MIN_PKT_LEN_SIZE \
166  + ECRYPTFS_SIG_SIZE + 1 + 1)
167 #define ECRYPTFS_TAG_70_MAX_METADATA_SIZE (1 + ECRYPTFS_MAX_PKT_LEN_SIZE \
168  + ECRYPTFS_SIG_SIZE + 1 + 1)
169 #define ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX "ECRYPTFS_FEK_ENCRYPTED."
170 #define ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX_SIZE 23
171 #define ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX "ECRYPTFS_FNEK_ENCRYPTED."
172 #define ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE 24
173 #define ECRYPTFS_ENCRYPTED_DENTRY_NAME_LEN (18 + 1 + 4 + 1 + 32)
178 };
182 #define ECRYPTFS_FILENAME_CONTAINS_DECRYPTED 0x00000001
184  u32 seq_no;
185  char *filename;
186  char *encrypted_filename;
187  size_t filename_size;
191 };
199 #define ECRYPTFS_STRUCT_INITIALIZED 0x00000001
200 #define ECRYPTFS_POLICY_APPLIED 0x00000002
201 #define ECRYPTFS_ENCRYPTED 0x00000004
202 #define ECRYPTFS_SECURITY_WARNING 0x00000008
203 #define ECRYPTFS_ENABLE_HMAC 0x00000010
204 #define ECRYPTFS_ENCRYPT_IV_PAGES 0x00000020
205 #define ECRYPTFS_KEY_VALID 0x00000040
206 #define ECRYPTFS_METADATA_IN_XATTR 0x00000080
207 #define ECRYPTFS_VIEW_AS_ENCRYPTED 0x00000100
208 #define ECRYPTFS_KEY_SET 0x00000200
209 #define ECRYPTFS_ENCRYPT_FILENAMES 0x00000400
210 #define ECRYPTFS_ENCFN_USE_MOUNT_FNEK 0x00000800
211 #define ECRYPTFS_ENCFN_USE_FEK 0x00001000
212 #define ECRYPTFS_UNLINK_SIGS 0x00002000
213 #define ECRYPTFS_I_SIZE_INITIALIZED 0x00004000
215  unsigned int file_version;
216  size_t iv_bytes;
218  size_t extent_size; /* Data extent size; default is 4096 */
219  size_t key_size;
220  size_t extent_shift;
221  unsigned int extent_mask;
224  struct crypto_hash *hash_tfm; /* Crypto context for generating
225  * the initialization vectors */
227  unsigned char key[ECRYPTFS_MAX_KEY_BYTES];
228  unsigned char root_iv[ECRYPTFS_MAX_IV_BYTES];
229  struct list_head keysig_list;
233  struct mutex cs_mutex;
234 };
236 /* inode private data. */
237 struct ecryptfs_inode_info {
238  struct inode vfs_inode;
239  struct inode *wii_inode;
240  struct mutex lower_file_mutex;
242  struct file *lower_file;
244 };
245 
246 /* dentry private data. Each dentry must keep track of a lower
247  * vfsmount too. */
248 struct ecryptfs_dentry_info {
249  struct path lower_path;
251 };
252 
273 #define ECRYPTFS_AUTH_TOK_INVALID 0x00000001
274 #define ECRYPTFS_AUTH_TOK_FNEK 0x00000002
275  u32 flags;
277  struct key *global_auth_tok_key;
278  unsigned char sig[ECRYPTFS_SIG_SIZE_HEX + 1];
279 };
280 
295 struct ecryptfs_key_tfm {
296  struct crypto_blkcipher *key_tfm;
297  size_t key_size;
298  struct mutex key_tfm_mutex;
299  struct list_head key_tfm_list;
300  unsigned char cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1];
301 };
302 
303 extern struct mutex key_tfm_list_mutex;
312  /* Pointers to memory we do not own, do not free these */
313 #define ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED 0x00000001
314 #define ECRYPTFS_XATTR_METADATA_ENABLED 0x00000002
315 #define ECRYPTFS_ENCRYPTED_VIEW_ENABLED 0x00000004
316 #define ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED 0x00000008
317 #define ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES 0x00000010
318 #define ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK 0x00000020
319 #define ECRYPTFS_GLOBAL_ENCFN_USE_FEK 0x00000040
320 #define ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY 0x00000080
321  u32 flags;
327  + 1];
331 };
332 
333 /* superblock private data. */
337  struct backing_dev_info bdi;
338 };
339 
340 /* file private data. */
342  struct file *wfi_file;
344 };
345 
346 /* auth_tok <=> encrypted_session_key mappings */
349  struct list_head list;
350  struct ecryptfs_auth_tok auth_tok;
351 };
353 struct ecryptfs_message {
354  /* Can never be greater than ecryptfs_message_buf_len */
355  /* Used to find the parent msg_ctx */
356  /* Inherits from msg_ctx->index */
359  u8 data[];
360 };
363 #define ECRYPTFS_MSG_CTX_STATE_FREE 0x01
364 #define ECRYPTFS_MSG_CTX_STATE_PENDING 0x02
365 #define ECRYPTFS_MSG_CTX_STATE_DONE 0x03
366 #define ECRYPTFS_MSG_CTX_STATE_NO_REPLY 0x04
367  u8 state;
368 #define ECRYPTFS_MSG_HELO 100
369 #define ECRYPTFS_MSG_QUIT 101
370 #define ECRYPTFS_MSG_REQUEST 102
371 #define ECRYPTFS_MSG_RESPONSE 103
374  /* Counter converts to a sequence number. Each message sent
375  * out for which we expect a response has an associated
376  * sequence number. The response must have the same sequence
377  * number as the counter for the msg_stc for the message to be
378  * valid. */
379  u32 counter;
380  size_t msg_size;
382  struct task_struct *task;
383  struct list_head node;
385  struct mutex mux;
386 };
389 #define ECRYPTFS_DAEMON_IN_READ 0x00000001
390 #define ECRYPTFS_DAEMON_IN_POLL 0x00000002
391 #define ECRYPTFS_DAEMON_ZOMBIE 0x00000004
392 #define ECRYPTFS_DAEMON_MISCDEV_OPEN 0x00000008
393  u32 flags;
395  struct file *file;
396  struct mutex mux;
399  struct hlist_node euid_chain;
400 };
401 
402 extern struct mutex ecryptfs_daemon_hash_mux;
403 
404 static inline size_t
405 ecryptfs_lower_header_size(struct ecryptfs_crypt_stat *crypt_stat)
406 {
407  if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
408  return 0;
409  return crypt_stat->metadata_size;
410 }
411 
412 static inline struct ecryptfs_file_info *
413 ecryptfs_file_to_private(struct file *file)
414 {
415  return file->private_data;
416 }
417 
418 static inline void
419 ecryptfs_set_file_private(struct file *file,
420  struct ecryptfs_file_info *file_info)
421 {
422  file->private_data = file_info;
423 }
424 
425 static inline struct file *ecryptfs_file_to_lower(struct file *file)
426 {
427  return ((struct ecryptfs_file_info *)file->private_data)->wfi_file;
428 }
429 
430 static inline void
431 ecryptfs_set_file_lower(struct file *file, struct file *lower_file)
432 {
433  ((struct ecryptfs_file_info *)file->private_data)->wfi_file =
434  lower_file;
435 }
436 
437 static inline struct ecryptfs_inode_info *
438 ecryptfs_inode_to_private(struct inode *inode)
439 {
440  return container_of(inode, struct ecryptfs_inode_info, vfs_inode);
441 }
442 
443 static inline struct inode *ecryptfs_inode_to_lower(struct inode *inode)
444 {
445  return ecryptfs_inode_to_private(inode)->wii_inode;
446 }
447 
448 static inline void
449 ecryptfs_set_inode_lower(struct inode *inode, struct inode *lower_inode)
450 {
451  ecryptfs_inode_to_private(inode)->wii_inode = lower_inode;
452 }
453 
454 static inline struct ecryptfs_sb_info *
455 ecryptfs_superblock_to_private(struct super_block *sb)
456 {
457  return (struct ecryptfs_sb_info *)sb->s_fs_info;
458 }
459 
460 static inline void
461 ecryptfs_set_superblock_private(struct super_block *sb,
462  struct ecryptfs_sb_info *sb_info)
463 {
464  sb->s_fs_info = sb_info;
465 }
466 
467 static inline struct super_block *
468 ecryptfs_superblock_to_lower(struct super_block *sb)
469 {
470  return ((struct ecryptfs_sb_info *)sb->s_fs_info)->wsi_sb;
471 }
472 
473 static inline void
474 ecryptfs_set_superblock_lower(struct super_block *sb,
475  struct super_block *lower_sb)
476 {
477  ((struct ecryptfs_sb_info *)sb->s_fs_info)->wsi_sb = lower_sb;
478 }
479 
480 static inline struct ecryptfs_dentry_info *
481 ecryptfs_dentry_to_private(struct dentry *dentry)
482 {
483  return (struct ecryptfs_dentry_info *)dentry->d_fsdata;
484 }
485 
486 static inline void
487 ecryptfs_set_dentry_private(struct dentry *dentry,
488  struct ecryptfs_dentry_info *dentry_info)
489 {
490  dentry->d_fsdata = dentry_info;
491 }
492 
493 static inline struct dentry *
494 ecryptfs_dentry_to_lower(struct dentry *dentry)
495 {
496  return ((struct ecryptfs_dentry_info *)dentry->d_fsdata)->lower_path.dentry;
497 }
498 
499 static inline void
500 ecryptfs_set_dentry_lower(struct dentry *dentry, struct dentry *lower_dentry)
501 {
502  ((struct ecryptfs_dentry_info *)dentry->d_fsdata)->lower_path.dentry =
503  lower_dentry;
504 }
505 
506 static inline struct vfsmount *
507 ecryptfs_dentry_to_lower_mnt(struct dentry *dentry)
508 {
509  return ((struct ecryptfs_dentry_info *)dentry->d_fsdata)->lower_path.mnt;
510 }
511 
512 static inline void
513 ecryptfs_set_dentry_lower_mnt(struct dentry *dentry, struct vfsmount *lower_mnt)
514 {
515  ((struct ecryptfs_dentry_info *)dentry->d_fsdata)->lower_path.mnt =
516  lower_mnt;
517 }
518 
519 #define ecryptfs_printk(type, fmt, arg...) \
520  __ecryptfs_printk(type "%s: " fmt, __func__, ## arg);
521 __printf(1, 2)
522 void __ecryptfs_printk(const char *fmt, ...);
523 
532 extern int ecryptfs_verbosity;
533 extern unsigned int ecryptfs_message_buf_len;
534 extern signed long ecryptfs_message_wait_timeout;
535 extern unsigned int ecryptfs_number_of_users;
536 
548 
550  struct super_block *sb);
551 void ecryptfs_i_size_init(const char *page_virt, struct inode *inode);
552 int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
553  struct inode *ecryptfs_inode);
554 int ecryptfs_decode_and_decrypt_filename(char **decrypted_name,
555  size_t *decrypted_name_size,
556  struct dentry *ecryptfs_dentry,
557  const char *name, size_t name_size);
558 int ecryptfs_fill_zeros(struct file *file, loff_t new_length);
560  char **encoded_name,
561  size_t *encoded_name_size,
562  struct ecryptfs_crypt_stat *crypt_stat,
563  struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
564  const char *name, size_t name_size);
565 struct dentry *ecryptfs_lower_dentry(struct dentry *this_dentry);
566 void ecryptfs_dump_hex(char *data, int bytes);
568  int sg_size);
570 void ecryptfs_rotate_iv(unsigned char *iv);
574  struct ecryptfs_mount_crypt_stat *mount_crypt_stat);
576 int ecryptfs_write_inode_size_to_metadata(struct inode *ecryptfs_inode);
578 int ecryptfs_decrypt_page(struct page *page);
579 int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry,
580  struct inode *ecryptfs_inode);
581 int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry);
582 int ecryptfs_new_file_context(struct inode *ecryptfs_inode);
583 void ecryptfs_write_crypt_stat_flags(char *page_virt,
584  struct ecryptfs_crypt_stat *crypt_stat,
585  size_t *written);
588  struct inode *inode);
589 u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes);
590 int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code);
592 int ecryptfs_generate_key_packet_set(char *dest_base,
593  struct ecryptfs_crypt_stat *crypt_stat,
594  struct dentry *ecryptfs_dentry,
595  size_t *len, size_t max);
596 int
598  unsigned char *src, struct dentry *ecryptfs_dentry);
599 int ecryptfs_truncate(struct dentry *dentry, loff_t new_length);
600 ssize_t
601 ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name,
602  void *value, size_t size);
603 int
604 ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
605  size_t size, int flags);
606 int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode);
609 int ecryptfs_send_message(char *data, int data_len,
610  struct ecryptfs_msg_ctx **msg_ctx);
612  struct ecryptfs_message **emsg);
613 int ecryptfs_init_messaging(void);
614 void ecryptfs_release_messaging(void);
615 
616 void
618  struct ecryptfs_crypt_stat *crypt_stat,
619  size_t *written);
620 int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig);
621 int
623  char *sig, u32 global_auth_tok_flags);
625  struct ecryptfs_global_auth_tok **global_auth_tok,
626  struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig);
627 int
628 ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,
629  size_t key_size);
630 int ecryptfs_init_crypto(void);
631 int ecryptfs_destroy_crypto(void);
632 int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm);
634  struct mutex **tfm_mutex,
635  char *cipher_name);
636 int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
637  struct ecryptfs_auth_tok **auth_tok,
638  char *sig);
639 int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data,
640  loff_t offset, size_t size);
641 int ecryptfs_write_lower_page_segment(struct inode *ecryptfs_inode,
642  struct page *page_for_lower,
643  size_t offset_in_page, size_t size);
644 int ecryptfs_write(struct inode *inode, char *data, loff_t offset, size_t size);
645 int ecryptfs_read_lower(char *data, loff_t offset, size_t size,
646  struct inode *ecryptfs_inode);
647 int ecryptfs_read_lower_page_segment(struct page *page_for_ecryptfs,
648  pgoff_t page_index,
649  size_t offset_in_page, size_t size,
650  struct inode *ecryptfs_inode);
651 struct page *ecryptfs_get_locked_page(struct inode *inode, loff_t index);
654 int ecryptfs_parse_packet_length(unsigned char *data, size_t *size,
655  size_t *length_size);
656 int ecryptfs_write_packet_length(char *dest, size_t size,
657  size_t *packet_size_length);
660 int ecryptfs_send_miscdev(char *data, size_t data_size,
662  u16 msg_flags, struct ecryptfs_daemon *daemon);
664 int
665 ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, struct file *file);
666 int ecryptfs_init_kthread(void);
667 void ecryptfs_destroy_kthread(void);
668 int ecryptfs_privileged_open(struct file **lower_file,
669  struct dentry *lower_dentry,
670  struct vfsmount *lower_mnt,
671  const struct cred *cred);
672 int ecryptfs_get_lower_file(struct dentry *dentry, struct inode *inode);
673 void ecryptfs_put_lower_file(struct inode *inode);
674 int
675 ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
676  size_t *packet_size,
677  struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
678  char *filename, size_t filename_size);
679 int
680 ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
681  size_t *packet_size,
682  struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
683  char *data, size_t max_packet_size);
684 int ecryptfs_set_f_namelen(long *namelen, long lower_namelen,
685  struct ecryptfs_mount_crypt_stat *mount_crypt_stat);
686 int ecryptfs_derive_iv(char *iv, struct ecryptfs_crypt_stat *crypt_stat,
687  loff_t offset);
688 
689 #endif /* #ifndef ECRYPTFS_KERNEL_H */