Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Data Structures | Macros | Functions | Variables
crypto.c File Reference
#include <linux/fs.h>
#include <linux/mount.h>
#include <linux/pagemap.h>
#include <linux/random.h>
#include <linux/compiler.h>
#include <linux/key.h>
#include <linux/namei.h>
#include <linux/crypto.h>
#include <linux/file.h>
#include <linux/scatterlist.h>
#include <linux/slab.h>
#include <asm/unaligned.h>
#include "ecryptfs_kernel.h"

Go to the source code of this file.

Data Structures

struct  ecryptfs_flag_map_elem
 
struct  ecryptfs_cipher_code_str_map_elem
 

Macros

#define ECRYPTFS_MAX_SCATTERLIST_LEN   4
 
#define ECRYPTFS_DONT_VALIDATE_HEADER_SIZE   0
 
#define ECRYPTFS_VALIDATE_HEADER_SIZE   1
 

Functions

void ecryptfs_to_hex (char *dst, char *src, size_t src_size)
 
void ecryptfs_from_hex (char *dst, char *src, int dst_size)
 
int ecryptfs_derive_iv (char *iv, struct ecryptfs_crypt_stat *crypt_stat, loff_t offset)
 
void ecryptfs_init_crypt_stat (struct ecryptfs_crypt_stat *crypt_stat)
 
void ecryptfs_destroy_crypt_stat (struct ecryptfs_crypt_stat *crypt_stat)
 
void ecryptfs_destroy_mount_crypt_stat (struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
 
int virt_to_scatterlist (const void *addr, int size, struct scatterlist *sg, int sg_size)
 
int ecryptfs_encrypt_page (struct page *page)
 
int ecryptfs_decrypt_page (struct page *page)
 
int ecryptfs_init_crypt_ctx (struct ecryptfs_crypt_stat *crypt_stat)
 
void ecryptfs_set_default_sizes (struct ecryptfs_crypt_stat *crypt_stat)
 
int ecryptfs_compute_root_iv (struct ecryptfs_crypt_stat *crypt_stat)
 
int ecryptfs_new_file_context (struct inode *ecryptfs_inode)
 
void ecryptfs_write_crypt_stat_flags (char *page_virt, struct ecryptfs_crypt_stat *crypt_stat, size_t *written)
 
u8 ecryptfs_code_for_cipher_string (char *cipher_name, size_t key_bytes)
 
int ecryptfs_cipher_code_to_string (char *str, u8 cipher_code)
 
int ecryptfs_read_and_validate_header_region (struct inode *inode)
 
void ecryptfs_write_header_metadata (char *virt, struct ecryptfs_crypt_stat *crypt_stat, size_t *written)
 
int ecryptfs_write_metadata (struct dentry *ecryptfs_dentry, struct inode *ecryptfs_inode)
 
void ecryptfs_i_size_init (const char *page_virt, struct inode *inode)
 
int ecryptfs_read_xattr_region (char *page_virt, struct inode *ecryptfs_inode)
 
int ecryptfs_read_and_validate_xattr_region (struct dentry *dentry, struct inode *inode)
 
int ecryptfs_read_metadata (struct dentry *ecryptfs_dentry)
 
int __init ecryptfs_init_crypto (void)
 
int ecryptfs_destroy_crypto (void)
 
int ecryptfs_add_new_key_tfm (struct ecryptfs_key_tfm **key_tfm, char *cipher_name, size_t key_size)
 
int ecryptfs_tfm_exists (char *cipher_name, struct ecryptfs_key_tfm **key_tfm)
 
int ecryptfs_get_tfm_and_mutex_for_cipher_name (struct crypto_blkcipher **tfm, struct mutex **tfm_mutex, char *cipher_name)
 
void ecryptfs_encode_for_filename (unsigned char *dst, size_t *dst_size, unsigned char *src, size_t src_size)
 
: The plaintext name

ecryptfs_encrypt_and_encode_filename - converts a plaintext file name to cipher text : The crypt_stat struct associated with the file anem to encode

: The length of the plaintext : The encypted name

Encrypts and encodes a filename into something that constitutes a valid filename for a filesystem, with printable characters.

We assume that we have a properly initialized crypto context, pointed to by crypt_stat->tfm.

Returns zero on success; non-zero on otherwise

int ecryptfs_encrypt_and_encode_filename (char **encoded_name, size_t *encoded_name_size, struct ecryptfs_crypt_stat *crypt_stat, struct ecryptfs_mount_crypt_stat *mount_crypt_stat, const char *name, size_t name_size)
 

Variables

struct kmem_cacheecryptfs_header_cache
 
struct kmem_cacheecryptfs_key_tfm_cache
 
struct mutex key_tfm_list_mutex
 

: The filename in cipher text

ecryptfs_decode_and_decrypt_filename - converts the encoded cipher text name to decoded plaintext : The plaintext name : The plaintext name size : eCryptfs directory dentry

: The cipher text name size

Decrypts and decodes the filename.

Returns zero on error; non-zero otherwise

#define ENC_NAME_MAX_BLOCKLEN_8_OR_16   143
 
int ecryptfs_decode_and_decrypt_filename (char **plaintext_name, size_t *plaintext_name_size, struct dentry *ecryptfs_dir_dentry, const char *name, size_t name_size)
 
int ecryptfs_set_f_namelen (long *namelen, long lower_namelen, struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
 

Macro Definition Documentation

#define ECRYPTFS_DONT_VALIDATE_HEADER_SIZE   0

Definition at line 1369 of file crypto.c.

#define ECRYPTFS_MAX_SCATTERLIST_LEN   4

Definition at line 718 of file crypto.c.

#define ECRYPTFS_VALIDATE_HEADER_SIZE   1

Definition at line 1370 of file crypto.c.

#define ENC_NAME_MAX_BLOCKLEN_8_OR_16   143

Definition at line 2248 of file crypto.c.

Function Documentation

int ecryptfs_add_new_key_tfm ( struct ecryptfs_key_tfm **  key_tfm,
char cipher_name,
size_t  key_size 
)

Definition at line 1800 of file crypto.c.

int ecryptfs_cipher_code_to_string ( char str,
u8  cipher_code 
)

ecryptfs_cipher_code_to_string : Destination to write out the cipher name : The code to convert to cipher name string

Returns zero on success

Definition at line 1147 of file crypto.c.

u8 ecryptfs_code_for_cipher_string ( char cipher_name,
size_t  key_bytes 
)

ecryptfs_code_for_cipher_string : The string alias for the cipher : Length of key in bytes; used for AES code selection

Returns zero on no match, or the cipher code on match

Definition at line 1112 of file crypto.c.

int ecryptfs_compute_root_iv ( struct ecryptfs_crypt_stat crypt_stat)

ecryptfs_compute_root_iv

On error, sets the root IV to all 0's.

Definition at line 811 of file crypto.c.

int ecryptfs_decode_and_decrypt_filename ( char **  plaintext_name,
size_t plaintext_name_size,
struct dentry ecryptfs_dir_dentry,
const char name,
size_t  name_size 
)

Definition at line 2186 of file crypto.c.

int ecryptfs_decrypt_page ( struct page page)

Definition at line 560 of file crypto.c.

int ecryptfs_derive_iv ( char iv,
struct ecryptfs_crypt_stat crypt_stat,
loff_t  offset 
)

ecryptfs_derive_iv : destination for the derived iv vale : Pointer to crypt_stat struct for the current inode : Offset of the extent whose IV we are to derive

Generate the initialization vector from the given root IV and page offset.

Returns zero on success; non-zero on error.

Definition at line 179 of file crypto.c.

void ecryptfs_destroy_crypt_stat ( struct ecryptfs_crypt_stat crypt_stat)

ecryptfs_destroy_crypt_stat : Pointer to the crypt_stat struct to initialize.

Releases all memory associated with a crypt_stat struct.

Definition at line 241 of file crypto.c.

int ecryptfs_destroy_crypto ( void  )

ecryptfs_destroy_crypto - free all cached key_tfms on key_tfm_list

Called only at module unload time

Definition at line 1783 of file crypto.c.

void ecryptfs_destroy_mount_crypt_stat ( struct ecryptfs_mount_crypt_stat mount_crypt_stat)

Definition at line 257 of file crypto.c.

void ecryptfs_encode_for_filename ( unsigned char dst,
size_t dst_size,
unsigned char src,
size_t  src_size 
)

ecryptfs_encode_for_filename : Destination location for encoded filename : Size of the encoded filename in bytes : Source location for the filename to encode : Size of the source in bytes

Definition at line 1938 of file crypto.c.

int ecryptfs_encrypt_and_encode_filename ( char **  encoded_name,
size_t encoded_name_size,
struct ecryptfs_crypt_stat crypt_stat,
struct ecryptfs_mount_crypt_stat mount_crypt_stat,
const char name,
size_t  name_size 
)

Definition at line 2073 of file crypto.c.

int ecryptfs_encrypt_page ( struct page page)

Definition at line 452 of file crypto.c.

void ecryptfs_from_hex ( char dst,
char src,
int  dst_size 
)

ecryptfs_from_hex : Buffer to take the bytes from src hex; must be at least of size (src_size / 2) : Buffer to be converted from a hex string respresentation to raw value : size of dst buffer, or number of hex characters pairs to convert

Definition at line 73 of file crypto.c.

int ecryptfs_get_tfm_and_mutex_for_cipher_name ( struct crypto_blkcipher **  tfm,
struct mutex **  tfm_mutex,
char cipher_name 
)

ecryptfs_get_tfm_and_mutex_for_cipher_name

: set to cached tfm found, or new tfm created : set to mutex for cached tfm found, or new tfm created : the name of the cipher to search for and/or add

Sets pointers to & matching . Searches for cached item first, and creates new if not found. Returns 0 on success, non-zero if adding new cipher failed

Definition at line 1878 of file crypto.c.

void ecryptfs_i_size_init ( const char page_virt,
struct inode inode 
)

Definition at line 1408 of file crypto.c.

int ecryptfs_init_crypt_ctx ( struct ecryptfs_crypt_stat crypt_stat)

ecryptfs_init_crypt_ctx : Uninitialized crypt stats structure

Initialize the crypto context.

TODO: Performance: Keep a cache of initialized cipher contexts; only init if needed

Definition at line 729 of file crypto.c.

void ecryptfs_init_crypt_stat ( struct ecryptfs_crypt_stat crypt_stat)

ecryptfs_init_crypt_stat : Pointer to the crypt_stat struct to initialize.

Initialize the crypt_stat structure.

Definition at line 224 of file crypto.c.

int __init ecryptfs_init_crypto ( void  )

Definition at line 1771 of file crypto.c.

int ecryptfs_new_file_context ( struct inode ecryptfs_inode)

ecryptfs_new_file_context : The eCryptfs inode

If the crypto context for the file has not yet been established, this is where we do that. Establishing a new crypto context involves the following decisions:

  • What cipher to use?
  • What set of authentication tokens to use? Here we just worry about getting enough information into the authentication tokens so that we know that they are available. We associate the available authentication tokens with the new file via the set of signatures in the crypt_stat struct. Later, when the headers are actually written out, we may again defer to userspace to perform the encryption of the session key; for the foreseeable future, this will be the case with public key packets.

Returns zero on success; non-zero otherwise

Definition at line 947 of file crypto.c.

int ecryptfs_read_and_validate_header_region ( struct inode inode)

Definition at line 1164 of file crypto.c.

int ecryptfs_read_and_validate_xattr_region ( struct dentry dentry,
struct inode inode 
)

Definition at line 1521 of file crypto.c.

int ecryptfs_read_metadata ( struct dentry ecryptfs_dentry)

ecryptfs_read_metadata

Common entry point for reading file metadata. From here, we could retrieve the header information from the header region of the file, the xattr region of the file, or some other repostory that is stored separately from the file itself. The current implementation supports retrieving the metadata information from the file contents and from the xattr region.

Returns zero if valid headers found and parsed; non-zero otherwise

Definition at line 1551 of file crypto.c.

int ecryptfs_read_xattr_region ( char page_virt,
struct inode ecryptfs_inode 
)

ecryptfs_read_xattr_region : The vitual address into which to read the xattr data : The eCryptfs inode

Attempts to read the crypto metadata from the extended attribute region of the lower file.

Returns zero on success; non-zero on error

Definition at line 1500 of file crypto.c.

void ecryptfs_set_default_sizes ( struct ecryptfs_crypt_stat crypt_stat)

Definition at line 787 of file crypto.c.

int ecryptfs_set_f_namelen ( long namelen,
long  lower_namelen,
struct ecryptfs_mount_crypt_stat mount_crypt_stat 
)

Definition at line 2250 of file crypto.c.

int ecryptfs_tfm_exists ( char cipher_name,
struct ecryptfs_key_tfm **  key_tfm 
)

ecryptfs_tfm_exists - Search for existing tfm for cipher_name. : the name of the cipher to search for : set to corresponding tfm if found

Searches for cached key_tfm matching Must be called with &key_tfm_list_mutex held Returns 1 if found, with set Returns 0 if not found, with set to NULL

Definition at line 1849 of file crypto.c.

void ecryptfs_to_hex ( char dst,
char src,
size_t  src_size 
)

ecryptfs_to_hex : Buffer to take hex character representation of contents of src; must be at least of size (src_size * 2) : Buffer to be converted to a hex string respresentation : number of bytes to convert

Definition at line 58 of file crypto.c.

void ecryptfs_write_crypt_stat_flags ( char page_virt,
struct ecryptfs_crypt_stat crypt_stat,
size_t written 
)

Definition at line 1068 of file crypto.c.

void ecryptfs_write_header_metadata ( char virt,
struct ecryptfs_crypt_stat crypt_stat,
size_t written 
)

Definition at line 1181 of file crypto.c.

int ecryptfs_write_metadata ( struct dentry ecryptfs_dentry,
struct inode ecryptfs_inode 
)

ecryptfs_write_metadata : The eCryptfs dentry, which should be negative : The newly created eCryptfs inode

Write the file headers out. This will likely involve a userspace callout, in which the session key is encrypted with one or more public keys and/or the passphrase necessary to do the encryption is retrieved via a prompt. Exactly what happens at this point should be policy-dependent.

Returns zero on success; non-zero on error

Definition at line 1312 of file crypto.c.

int virt_to_scatterlist ( const void addr,
int  size,
struct scatterlist sg,
int  sg_size 
)

virt_to_scatterlist : Virtual address : Size of data; should be an even multiple of the block size : Pointer to scatterlist array; set to NULL to obtain only the number of scatterlist structs required in array : Max array size

Fills in a scatterlist array with page references for a passed virtual address.

Returns the number of scatterlist structs in array used

Definition at line 291 of file crypto.c.

Variable Documentation

struct kmem_cache* ecryptfs_header_cache

Definition at line 1197 of file crypto.c.

struct kmem_cache* ecryptfs_key_tfm_cache

Definition at line 1767 of file crypto.c.

struct mutex key_tfm_list_mutex

Definition at line 1769 of file crypto.c.