~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/include/linux/ecryptfs.h

Version: ~ [ linux-5.2 ] ~ [ linux-5.1.16 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.57 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.132 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.184 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.184 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.69 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.39.4 ] ~ [ linux-2.6.38.8 ] ~ [ linux-2.6.37.6 ] ~ [ linux-2.6.36.4 ] ~ [ linux-2.6.35.14 ] ~ [ linux-2.6.34.15 ] ~ [ linux-2.6.33.20 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* SPDX-License-Identifier: GPL-2.0 */
  2 #ifndef _LINUX_ECRYPTFS_H
  3 #define _LINUX_ECRYPTFS_H
  4 
  5 /* Version verification for shared data structures w/ userspace */
  6 #define ECRYPTFS_VERSION_MAJOR 0x00
  7 #define ECRYPTFS_VERSION_MINOR 0x04
  8 #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03
  9 /* These flags indicate which features are supported by the kernel
 10  * module; userspace tools such as the mount helper read the feature
 11  * bits from a sysfs handle in order to determine how to behave. */
 12 #define ECRYPTFS_VERSIONING_PASSPHRASE            0x00000001
 13 #define ECRYPTFS_VERSIONING_PUBKEY                0x00000002
 14 #define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004
 15 #define ECRYPTFS_VERSIONING_POLICY                0x00000008
 16 #define ECRYPTFS_VERSIONING_XATTR                 0x00000010
 17 #define ECRYPTFS_VERSIONING_MULTKEY               0x00000020
 18 #define ECRYPTFS_VERSIONING_DEVMISC               0x00000040
 19 #define ECRYPTFS_VERSIONING_HMAC                  0x00000080
 20 #define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION   0x00000100
 21 #define ECRYPTFS_VERSIONING_GCM                   0x00000200
 22 #define ECRYPTFS_MAX_PASSWORD_LENGTH 64
 23 #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH
 24 #define ECRYPTFS_SALT_SIZE 8
 25 #define ECRYPTFS_SALT_SIZE_HEX (ECRYPTFS_SALT_SIZE*2)
 26 /* The original signature size is only for what is stored on disk; all
 27  * in-memory representations are expanded hex, so it better adapted to
 28  * be passed around or referenced on the command line */
 29 #define ECRYPTFS_SIG_SIZE 8
 30 #define ECRYPTFS_SIG_SIZE_HEX (ECRYPTFS_SIG_SIZE*2)
 31 #define ECRYPTFS_PASSWORD_SIG_SIZE ECRYPTFS_SIG_SIZE_HEX
 32 #define ECRYPTFS_MAX_KEY_BYTES 64
 33 #define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512
 34 #define ECRYPTFS_FILE_VERSION 0x03
 35 #define ECRYPTFS_MAX_PKI_NAME_BYTES 16
 36 
 37 #define RFC2440_CIPHER_DES3_EDE 0x02
 38 #define RFC2440_CIPHER_CAST_5 0x03
 39 #define RFC2440_CIPHER_BLOWFISH 0x04
 40 #define RFC2440_CIPHER_AES_128 0x07
 41 #define RFC2440_CIPHER_AES_192 0x08
 42 #define RFC2440_CIPHER_AES_256 0x09
 43 #define RFC2440_CIPHER_TWOFISH 0x0a
 44 #define RFC2440_CIPHER_CAST_6 0x0b
 45 
 46 #define RFC2440_CIPHER_RSA 0x01
 47 
 48 /**
 49  * For convenience, we may need to pass around the encrypted session
 50  * key between kernel and userspace because the authentication token
 51  * may not be extractable.  For example, the TPM may not release the
 52  * private key, instead requiring the encrypted data and returning the
 53  * decrypted data.
 54  */
 55 struct ecryptfs_session_key {
 56 #define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT 0x00000001
 57 #define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT 0x00000002
 58 #define ECRYPTFS_CONTAINS_DECRYPTED_KEY 0x00000004
 59 #define ECRYPTFS_CONTAINS_ENCRYPTED_KEY 0x00000008
 60         u32 flags;
 61         u32 encrypted_key_size;
 62         u32 decrypted_key_size;
 63         u8 encrypted_key[ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES];
 64         u8 decrypted_key[ECRYPTFS_MAX_KEY_BYTES];
 65 };
 66 
 67 struct ecryptfs_password {
 68         u32 password_bytes;
 69         s32 hash_algo;
 70         u32 hash_iterations;
 71         u32 session_key_encryption_key_bytes;
 72 #define ECRYPTFS_PERSISTENT_PASSWORD 0x01
 73 #define ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET 0x02
 74         u32 flags;
 75         /* Iterated-hash concatenation of salt and passphrase */
 76         u8 session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
 77         u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
 78         /* Always in expanded hex */
 79         u8 salt[ECRYPTFS_SALT_SIZE];
 80 };
 81 
 82 enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY};
 83 
 84 struct ecryptfs_private_key {
 85         u32 key_size;
 86         u32 data_len;
 87         u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
 88         char pki_type[ECRYPTFS_MAX_PKI_NAME_BYTES + 1];
 89         u8 data[];
 90 };
 91 
 92 /* May be a password or a private key */
 93 struct ecryptfs_auth_tok {
 94         u16 version; /* 8-bit major and 8-bit minor */
 95         u16 token_type;
 96 #define ECRYPTFS_ENCRYPT_ONLY 0x00000001
 97         u32 flags;
 98         struct ecryptfs_session_key session_key;
 99         u8 reserved[32];
100         union {
101                 struct ecryptfs_password password;
102                 struct ecryptfs_private_key private_key;
103         } token;
104 } __attribute__ ((packed));
105 
106 #endif /* _LINUX_ECRYPTFS_H */
107 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp