Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cc4e0df0 authored by Theodore Ts'o's avatar Theodore Ts'o
Browse files

fscrypt: move non-public structures and constants to fscrypt_private.h 



Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
Reviewed-by: default avatarEric Biggers <ebiggers@google.com>
parent b98701df

fs/crypto/crypto.c

+1 −1
Original line number Diff line number Diff line
@@ -27,7 +27,7 @@ 
#include <linux/bio.h>

#include <linux/dcache.h>

#include <linux/namei.h>

#include <linux/fscrypto.h>

#include "fscrypt_private.h"



static unsigned int num_prealloc_crypto_pages = 32;

static unsigned int num_prealloc_crypto_ctxs = 128;

fs/crypto/fscrypt_private.h

+71 −0
Original line number Diff line number Diff line
@@ -13,6 +13,77 @@ 


#include <linux/fscrypto.h>



#define FS_FNAME_CRYPTO_DIGEST_SIZE	32



/* Encryption parameters */

#define FS_XTS_TWEAK_SIZE		16

#define FS_AES_128_ECB_KEY_SIZE		16

#define FS_AES_256_GCM_KEY_SIZE		32

#define FS_AES_256_CBC_KEY_SIZE		32

#define FS_AES_256_CTS_KEY_SIZE		32

#define FS_AES_256_XTS_KEY_SIZE		64

#define FS_MAX_KEY_SIZE			64



#define FS_KEY_DESC_PREFIX		"fscrypt:"

#define FS_KEY_DESC_PREFIX_SIZE		8



#define FS_KEY_DERIVATION_NONCE_SIZE		16



/**

 * Encryption context for inode

 *

 * Protector format:

 *  1 byte: Protector format (1 = this version)

 *  1 byte: File contents encryption mode

 *  1 byte: File names encryption mode

 *  1 byte: Flags

 *  8 bytes: Master Key descriptor

 *  16 bytes: Encryption Key derivation nonce

 */

struct fscrypt_context {

	u8 format;

	u8 contents_encryption_mode;

	u8 filenames_encryption_mode;

	u8 flags;

	u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];

	u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];

} __packed;



#define FS_ENCRYPTION_CONTEXT_FORMAT_V1		1



/* This is passed in from userspace into the kernel keyring */

struct fscrypt_key {

	u32 mode;

	u8 raw[FS_MAX_KEY_SIZE];

	u32 size;

} __packed;



/*

 * A pointer to this structure is stored in the file system's in-core

 * representation of an inode.

 */

struct fscrypt_info {

	u8 ci_data_mode;

	u8 ci_filename_mode;

	u8 ci_flags;

	struct crypto_skcipher *ci_ctfm;

	struct key *ci_keyring_key;

	u8 ci_master_key[FS_KEY_DESCRIPTOR_SIZE];

};



#define FS_CTX_REQUIRES_FREE_ENCRYPT_FL		0x00000001

#define FS_WRITE_PATH_FL			0x00000002



struct fscrypt_completion_result {

	struct completion completion;

	int res;

};



#define DECLARE_FS_COMPLETION_RESULT(ecr) \

	struct fscrypt_completion_result ecr = { \

		COMPLETION_INITIALIZER((ecr).completion), 0 }





/* crypto.c */

int fscrypt_initialize(void);

fs/crypto/policy.c

+1 −1
Original line number Diff line number Diff line
@@ -10,8 +10,8 @@ 


#include <linux/random.h>

#include <linux/string.h>

#include <linux/fscrypto.h>

#include <linux/mount.h>

#include "fscrypt_private.h"



static int inode_has_encryption_context(struct inode *inode)

{

include/linux/fscrypto.h

+3 −65
Original line number Diff line number Diff line
@@ -18,9 +18,6 @@ 
#include <crypto/skcipher.h>

#include <uapi/linux/fs.h>



#define FS_KEY_DERIVATION_NONCE_SIZE		16

#define FS_ENCRYPTION_CONTEXT_FORMAT_V1		1



#define FS_POLICY_FLAGS_PAD_4		0x00

#define FS_POLICY_FLAGS_PAD_8		0x01

#define FS_POLICY_FLAGS_PAD_16		0x02
@@ -35,56 +32,10 @@ 
#define FS_ENCRYPTION_MODE_AES_256_CBC		3

#define FS_ENCRYPTION_MODE_AES_256_CTS		4



/**

 * Encryption context for inode

 *

 * Protector format:

 *  1 byte: Protector format (1 = this version)

 *  1 byte: File contents encryption mode

 *  1 byte: File names encryption mode

 *  1 byte: Flags

 *  8 bytes: Master Key descriptor

 *  16 bytes: Encryption Key derivation nonce

 */

struct fscrypt_context {

	u8 format;

	u8 contents_encryption_mode;

	u8 filenames_encryption_mode;

	u8 flags;

	u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];

	u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];

} __packed;



/* Encryption parameters */

#define FS_XTS_TWEAK_SIZE		16

#define FS_AES_128_ECB_KEY_SIZE		16

#define FS_AES_256_GCM_KEY_SIZE		32

#define FS_AES_256_CBC_KEY_SIZE		32

#define FS_AES_256_CTS_KEY_SIZE		32

#define FS_AES_256_XTS_KEY_SIZE		64

#define FS_MAX_KEY_SIZE			64



#define FS_KEY_DESC_PREFIX		"fscrypt:"

#define FS_KEY_DESC_PREFIX_SIZE		8



/* This is passed in from userspace into the kernel keyring */

struct fscrypt_key {

	u32 mode;

	u8 raw[FS_MAX_KEY_SIZE];

	u32 size;

} __packed;



struct fscrypt_info {

	u8 ci_data_mode;

	u8 ci_filename_mode;

	u8 ci_flags;

	struct crypto_skcipher *ci_ctfm;

	struct key *ci_keyring_key;

	u8 ci_master_key[FS_KEY_DESCRIPTOR_SIZE];

};

#define FS_CRYPTO_BLOCK_SIZE		16



#define FS_CTX_REQUIRES_FREE_ENCRYPT_FL		0x00000001

#define FS_WRITE_PATH_FL			0x00000002

struct fscrypt_info;

struct fscrypt_ctx;



struct fscrypt_ctx {

	union {
@@ -102,19 +53,6 @@ struct fscrypt_ctx { 
	u8 mode;				/* Encryption mode for tfm */

};



struct fscrypt_completion_result {

	struct completion completion;

	int res;

};



#define DECLARE_FS_COMPLETION_RESULT(ecr) \

	struct fscrypt_completion_result ecr = { \

		COMPLETION_INITIALIZER((ecr).completion), 0 }



#define FS_FNAME_NUM_SCATTER_ENTRIES	4

#define FS_CRYPTO_BLOCK_SIZE		16

#define FS_FNAME_CRYPTO_DIGEST_SIZE	32



/**

 * For encrypted symlinks, the ciphertext length is stored at the beginning

 * of the string in little-endian format.