Back to home page

OSCL-LXR
 
 

     

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 #ifndef _LINUX_ECRYPTFS_H
0003 #define _LINUX_ECRYPTFS_H
0004 
0005 /* Version verification for shared data structures w/ userspace */
0006 #define ECRYPTFS_VERSION_MAJOR 0x00
0007 #define ECRYPTFS_VERSION_MINOR 0x04
0008 #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03
0009 /* These flags indicate which features are supported by the kernel
0010  * module; userspace tools such as the mount helper read the feature
0011  * bits from a sysfs handle in order to determine how to behave. */
0012 #define ECRYPTFS_VERSIONING_PASSPHRASE            0x00000001
0013 #define ECRYPTFS_VERSIONING_PUBKEY                0x00000002
0014 #define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004
0015 #define ECRYPTFS_VERSIONING_POLICY                0x00000008
0016 #define ECRYPTFS_VERSIONING_XATTR                 0x00000010
0017 #define ECRYPTFS_VERSIONING_MULTKEY               0x00000020
0018 #define ECRYPTFS_VERSIONING_DEVMISC               0x00000040
0019 #define ECRYPTFS_VERSIONING_HMAC                  0x00000080
0020 #define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION   0x00000100
0021 #define ECRYPTFS_VERSIONING_GCM                   0x00000200
0022 #define ECRYPTFS_MAX_PASSWORD_LENGTH 64
0023 #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH
0024 #define ECRYPTFS_SALT_SIZE 8
0025 #define ECRYPTFS_SALT_SIZE_HEX (ECRYPTFS_SALT_SIZE*2)
0026 /* The original signature size is only for what is stored on disk; all
0027  * in-memory representations are expanded hex, so it better adapted to
0028  * be passed around or referenced on the command line */
0029 #define ECRYPTFS_SIG_SIZE 8
0030 #define ECRYPTFS_SIG_SIZE_HEX (ECRYPTFS_SIG_SIZE*2)
0031 #define ECRYPTFS_PASSWORD_SIG_SIZE ECRYPTFS_SIG_SIZE_HEX
0032 #define ECRYPTFS_MAX_KEY_BYTES 64
0033 #define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512
0034 #define ECRYPTFS_FILE_VERSION 0x03
0035 #define ECRYPTFS_MAX_PKI_NAME_BYTES 16
0036 
0037 #define RFC2440_CIPHER_DES3_EDE 0x02
0038 #define RFC2440_CIPHER_CAST_5 0x03
0039 #define RFC2440_CIPHER_BLOWFISH 0x04
0040 #define RFC2440_CIPHER_AES_128 0x07
0041 #define RFC2440_CIPHER_AES_192 0x08
0042 #define RFC2440_CIPHER_AES_256 0x09
0043 #define RFC2440_CIPHER_TWOFISH 0x0a
0044 #define RFC2440_CIPHER_CAST_6 0x0b
0045 
0046 #define RFC2440_CIPHER_RSA 0x01
0047 
0048 /**
0049  * For convenience, we may need to pass around the encrypted session
0050  * key between kernel and userspace because the authentication token
0051  * may not be extractable.  For example, the TPM may not release the
0052  * private key, instead requiring the encrypted data and returning the
0053  * decrypted data.
0054  */
0055 struct ecryptfs_session_key {
0056 #define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT 0x00000001
0057 #define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT 0x00000002
0058 #define ECRYPTFS_CONTAINS_DECRYPTED_KEY 0x00000004
0059 #define ECRYPTFS_CONTAINS_ENCRYPTED_KEY 0x00000008
0060     u32 flags;
0061     u32 encrypted_key_size;
0062     u32 decrypted_key_size;
0063     u8 encrypted_key[ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES];
0064     u8 decrypted_key[ECRYPTFS_MAX_KEY_BYTES];
0065 };
0066 
0067 struct ecryptfs_password {
0068     u32 password_bytes;
0069     s32 hash_algo;
0070     u32 hash_iterations;
0071     u32 session_key_encryption_key_bytes;
0072 #define ECRYPTFS_PERSISTENT_PASSWORD 0x01
0073 #define ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET 0x02
0074     u32 flags;
0075     /* Iterated-hash concatenation of salt and passphrase */
0076     u8 session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
0077     u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
0078     /* Always in expanded hex */
0079     u8 salt[ECRYPTFS_SALT_SIZE];
0080 };
0081 
0082 enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY};
0083 
0084 struct ecryptfs_private_key {
0085     u32 key_size;
0086     u32 data_len;
0087     u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
0088     char pki_type[ECRYPTFS_MAX_PKI_NAME_BYTES + 1];
0089     u8 data[];
0090 };
0091 
0092 /* May be a password or a private key */
0093 struct ecryptfs_auth_tok {
0094     u16 version; /* 8-bit major and 8-bit minor */
0095     u16 token_type;
0096 #define ECRYPTFS_ENCRYPT_ONLY 0x00000001
0097     u32 flags;
0098     struct ecryptfs_session_key session_key;
0099     u8 reserved[32];
0100     union {
0101         struct ecryptfs_password password;
0102         struct ecryptfs_private_key private_key;
0103     } token;
0104 } __attribute__ ((packed));
0105 
0106 #endif /* _LINUX_ECRYPTFS_H */
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!