LXR linux/fs/ecryptfs/ecryptfs

   1/**
   2 * eCryptfs: Linux filesystem encryption layer
   3 * Kernel declarations.
   4 *
   5 * Copyright (C) 1997-2003 Erez Zadok
   6 * Copyright (C) 2001-2003 Stony Brook University
   7 * Copyright (C) 2004-2008 International Business Machines Corp.
   8 *   Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
   9 *              Trevor S. Highland <trevor.highland@gmail.com>
  10 *              Tyler Hicks <tyhicks@ou.edu>
  11 *
  12 * This program is free software; you can redistribute it and/or
  13 * modify it under the terms of the GNU General Public License as
  14 * published by the Free Software Foundation; either version 2 of the
  15 * License, or (at your option) any later version.
  16 *
  17 * This program is distributed in the hope that it will be useful, but
  18 * WITHOUT ANY WARRANTY; without even the implied warranty of
  19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  20 * General Public License for more details.
  21 *
  22 * You should have received a copy of the GNU General Public License
  23 * along with this program; if not, write to the Free Software
  24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
  25 * 02111-1307, USA.
  26 */
  27
  28#ifndef ECRYPTFS_KERNEL_H
  29#define ECRYPTFS_KERNEL_H
  30
  31#include <keys/user-type.h>
  32#include <linux/fs.h>
  33#include <linux/fs_stack.h>
  34#include <linux/namei.h>
  35#include <linux/scatterlist.h>
  36#include <linux/hash.h>
  37#include <linux/nsproxy.h>
  38
  39/* Version verification for shared data structures w/ userspace */
  40#define ECRYPTFS_VERSION_MAJOR 0x00
  41#define ECRYPTFS_VERSION_MINOR 0x04
  42#define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03
  43/* These flags indicate which features are supported by the kernel
  44 * module; userspace tools such as the mount helper read
  45 * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine
  46 * how to behave. */
  47#define ECRYPTFS_VERSIONING_PASSPHRASE            0x00000001
  48#define ECRYPTFS_VERSIONING_PUBKEY                0x00000002
  49#define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004
  50#define ECRYPTFS_VERSIONING_POLICY                0x00000008
  51#define ECRYPTFS_VERSIONING_XATTR                 0x00000010
  52#define ECRYPTFS_VERSIONING_MULTKEY               0x00000020
  53#define ECRYPTFS_VERSIONING_DEVMISC               0x00000040
  54#define ECRYPTFS_VERSIONING_HMAC                  0x00000080
  55#define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION   0x00000100
  56#define ECRYPTFS_VERSIONING_GCM                   0x00000200
  57#define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \
  58                                  | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \
  59                                  | ECRYPTFS_VERSIONING_PUBKEY \
  60                                  | ECRYPTFS_VERSIONING_XATTR \
  61                                  | ECRYPTFS_VERSIONING_MULTKEY \
  62                                  | ECRYPTFS_VERSIONING_DEVMISC \
  63                                  | ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION)
  64#define ECRYPTFS_MAX_PASSWORD_LENGTH 64
  65#define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH
  66#define ECRYPTFS_SALT_SIZE 8
  67#define ECRYPTFS_SALT_SIZE_HEX (ECRYPTFS_SALT_SIZE*2)
  68/* The original signature size is only for what is stored on disk; all
  69 * in-memory representations are expanded hex, so it better adapted to
  70 * be passed around or referenced on the command line */
  71#define ECRYPTFS_SIG_SIZE 8
  72#define ECRYPTFS_SIG_SIZE_HEX (ECRYPTFS_SIG_SIZE*2)
  73#define ECRYPTFS_PASSWORD_SIG_SIZE ECRYPTFS_SIG_SIZE_HEX
  74#define ECRYPTFS_MAX_KEY_BYTES 64
  75#define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512
  76#define ECRYPTFS_DEFAULT_IV_BYTES 16
  77#define ECRYPTFS_FILE_VERSION 0x03
  78#define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096
  79#define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192
  80#define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32
  81#define ECRYPTFS_DEFAULT_SEND_TIMEOUT HZ
  82#define ECRYPTFS_MAX_MSG_CTX_TTL (HZ*3)
  83#define ECRYPTFS_MAX_PKI_NAME_BYTES 16
  84#define ECRYPTFS_DEFAULT_NUM_USERS 4
  85#define ECRYPTFS_MAX_NUM_USERS 32768
  86#define ECRYPTFS_XATTR_NAME "user.ecryptfs"
  87
  88#define RFC2440_CIPHER_DES3_EDE 0x02
  89#define RFC2440_CIPHER_CAST_5 0x03
  90#define RFC2440_CIPHER_BLOWFISH 0x04
  91#define RFC2440_CIPHER_AES_128 0x07
  92#define RFC2440_CIPHER_AES_192 0x08
  93#define RFC2440_CIPHER_AES_256 0x09
  94#define RFC2440_CIPHER_TWOFISH 0x0a
  95#define RFC2440_CIPHER_CAST_6 0x0b
  96
  97#define RFC2440_CIPHER_RSA 0x01
  98
  99/**
 100 * For convenience, we may need to pass around the encrypted session
 101 * key between kernel and userspace because the authentication token
 102 * may not be extractable.  For example, the TPM may not release the
 103 * private key, instead requiring the encrypted data and returning the
 104 * decrypted data.
 105 */
 106struct ecryptfs_session_key {
 107#define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT 0x00000001
 108#define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT 0x00000002
 109#define ECRYPTFS_CONTAINS_DECRYPTED_KEY 0x00000004
 110#define ECRYPTFS_CONTAINS_ENCRYPTED_KEY 0x00000008
 111        u32 flags;
 112        u32 encrypted_key_size;
 113        u32 decrypted_key_size;
 114        u8 encrypted_key[ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES];
 115        u8 decrypted_key[ECRYPTFS_MAX_KEY_BYTES];
 116};
 117
 118struct ecryptfs_password {
 119        u32 password_bytes;
 120        s32 hash_algo;
 121        u32 hash_iterations;
 122        u32 session_key_encryption_key_bytes;
 123#define ECRYPTFS_PERSISTENT_PASSWORD 0x01
 124#define ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET 0x02
 125        u32 flags;
 126        /* Iterated-hash concatenation of salt and passphrase */
 127        u8 session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
 128        u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
 129        /* Always in expanded hex */
 130        u8 salt[ECRYPTFS_SALT_SIZE];
 131};
 132
 133enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY};
 134
 135struct ecryptfs_private_key {
 136        u32 key_size;
 137        u32 data_len;
 138        u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
 139        char pki_type[ECRYPTFS_MAX_PKI_NAME_BYTES + 1];
 140        u8 data[];
 141};
 142
 143/* May be a password or a private key */
 144struct ecryptfs_auth_tok {
 145        u16 version; /* 8-bit major and 8-bit minor */
 146        u16 token_type;
 147#define ECRYPTFS_ENCRYPT_ONLY 0x00000001
 148        u32 flags;
 149        struct ecryptfs_session_key session_key;
 150        u8 reserved[32];
 151        union {
 152                struct ecryptfs_password password;
 153                struct ecryptfs_private_key private_key;
 154        } token;
 155} __attribute__ ((packed));
 156
 157void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok);
 158extern void ecryptfs_to_hex(char *dst, char *src, size_t src_size);
 159extern void ecryptfs_from_hex(char *dst, char *src, int dst_size);
 160
 161struct ecryptfs_key_record {
 162        unsigned char type;
 163        size_t enc_key_size;
 164        unsigned char sig[ECRYPTFS_SIG_SIZE];
 165        unsigned char enc_key[ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES];
 166};
 167
 168struct ecryptfs_auth_tok_list {
 169        struct ecryptfs_auth_tok *auth_tok;
 170        struct list_head list;
 171};
 172
 173struct ecryptfs_crypt_stat;
 174struct ecryptfs_mount_crypt_stat;
 175
 176struct ecryptfs_page_crypt_context {
 177        struct page *page;
 178#define ECRYPTFS_PREPARE_COMMIT_MODE 0
 179#define ECRYPTFS_WRITEPAGE_MODE      1
 180        unsigned int mode;
 181        union {
 182                struct file *lower_file;
 183                struct writeback_control *wbc;
 184        } param;
 185};
 186
 187static inline struct ecryptfs_auth_tok *
 188ecryptfs_get_key_payload_data(struct key *key)
 189{
 190        return (struct ecryptfs_auth_tok *)
 191                (((struct user_key_payload*)key->payload.data)->data);
 192}
 193
 194#define ECRYPTFS_SUPER_MAGIC 0xf15f
 195#define ECRYPTFS_MAX_KEYSET_SIZE 1024
 196#define ECRYPTFS_MAX_CIPHER_NAME_SIZE 32
 197#define ECRYPTFS_MAX_NUM_ENC_KEYS 64
 198#define ECRYPTFS_MAX_IV_BYTES 16        /* 128 bits */
 199#define ECRYPTFS_SALT_BYTES 2
 200#define MAGIC_ECRYPTFS_MARKER 0x3c81b7f5
 201#define MAGIC_ECRYPTFS_MARKER_SIZE_BYTES 8      /* 4*2 */
 202#define ECRYPTFS_FILE_SIZE_BYTES (sizeof(u64))
 203#define ECRYPTFS_DEFAULT_CIPHER "aes"
 204#define ECRYPTFS_DEFAULT_KEY_BYTES 16
 205#define ECRYPTFS_DEFAULT_HASH "md5"
 206#define ECRYPTFS_TAG_70_DIGEST ECRYPTFS_DEFAULT_HASH
 207#define ECRYPTFS_TAG_1_PACKET_TYPE 0x01
 208#define ECRYPTFS_TAG_3_PACKET_TYPE 0x8C
 209#define ECRYPTFS_TAG_11_PACKET_TYPE 0xED
 210#define ECRYPTFS_TAG_64_PACKET_TYPE 0x40
 211#define ECRYPTFS_TAG_65_PACKET_TYPE 0x41
 212#define ECRYPTFS_TAG_66_PACKET_TYPE 0x42
 213#define ECRYPTFS_TAG_67_PACKET_TYPE 0x43
 214#define ECRYPTFS_TAG_70_PACKET_TYPE 0x46 /* FNEK-encrypted filename
 215                                          * as dentry name */
 216#define ECRYPTFS_TAG_71_PACKET_TYPE 0x47 /* FNEK-encrypted filename in
 217                                          * metadata */
 218#define ECRYPTFS_TAG_72_PACKET_TYPE 0x48 /* FEK-encrypted filename as
 219                                          * dentry name */
 220#define ECRYPTFS_TAG_73_PACKET_TYPE 0x49 /* FEK-encrypted filename as
 221                                          * metadata */
 222/* Constraint: ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES >=
 223 * ECRYPTFS_MAX_IV_BYTES */
 224#define ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES 16
 225#define ECRYPTFS_NON_NULL 0x42 /* A reasonable substitute for NULL */
 226#define MD5_DIGEST_SIZE 16
 227#define ECRYPTFS_TAG_70_DIGEST_SIZE MD5_DIGEST_SIZE
 228#define ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX "ECRYPTFS_FEK_ENCRYPTED."
 229#define ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX_SIZE 23
 230#define ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX "ECRYPTFS_FNEK_ENCRYPTED."
 231#define ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE 24
 232#define ECRYPTFS_ENCRYPTED_DENTRY_NAME_LEN (18 + 1 + 4 + 1 + 32)
 233
 234struct ecryptfs_key_sig {
 235        struct list_head crypt_stat_list;
 236        char keysig[ECRYPTFS_SIG_SIZE_HEX];
 237};
 238
 239struct ecryptfs_filename {
 240        struct list_head crypt_stat_list;
 241#define ECRYPTFS_FILENAME_CONTAINS_DECRYPTED 0x00000001
 242        u32 flags;
 243        u32 seq_no;
 244        char *filename;
 245        char *encrypted_filename;
 246        size_t filename_size;
 247        size_t encrypted_filename_size;
 248        char fnek_sig[ECRYPTFS_SIG_SIZE_HEX];
 249        char dentry_name[ECRYPTFS_ENCRYPTED_DENTRY_NAME_LEN + 1];
 250};
 251
 252/**
 253 * This is the primary struct associated with each encrypted file.
 254 *
 255 * TODO: cache align/pack?
 256 */
 257struct ecryptfs_crypt_stat {
 258#define ECRYPTFS_STRUCT_INITIALIZED   0x00000001
 259#define ECRYPTFS_POLICY_APPLIED       0x00000002
 260#define ECRYPTFS_NEW_FILE             0x00000004
 261#define ECRYPTFS_ENCRYPTED            0x00000008
 262#define ECRYPTFS_SECURITY_WARNING     0x00000010
 263#define ECRYPTFS_ENABLE_HMAC          0x00000020
 264#define ECRYPTFS_ENCRYPT_IV_PAGES     0x00000040
 265#define ECRYPTFS_KEY_VALID            0x00000080
 266#define ECRYPTFS_METADATA_IN_XATTR    0x00000100
 267#define ECRYPTFS_VIEW_AS_ENCRYPTED    0x00000200
 268#define ECRYPTFS_KEY_SET              0x00000400
 269#define ECRYPTFS_ENCRYPT_FILENAMES    0x00000800
 270#define ECRYPTFS_ENCFN_USE_MOUNT_FNEK 0x00001000
 271#define ECRYPTFS_ENCFN_USE_FEK        0x00002000
 272#define ECRYPTFS_UNLINK_SIGS          0x00004000
 273        u32 flags;
 274        unsigned int file_version;
 275        size_t iv_bytes;
 276        size_t num_header_bytes_at_front;
 277        size_t extent_size; /* Data extent size; default is 4096 */
 278        size_t key_size;
 279        size_t extent_shift;
 280        unsigned int extent_mask;
 281        struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
 282        struct crypto_blkcipher *tfm;
 283        struct crypto_hash *hash_tfm; /* Crypto context for generating
 284                                       * the initialization vectors */
 285        unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE];
 286        unsigned char key[ECRYPTFS_MAX_KEY_BYTES];
 287        unsigned char root_iv[ECRYPTFS_MAX_IV_BYTES];
 288        struct list_head keysig_list;
 289        struct mutex keysig_list_mutex;
 290        struct mutex cs_tfm_mutex;
 291        struct mutex cs_hash_tfm_mutex;
 292        struct mutex cs_mutex;
 293};
 294
 295/* inode private data. */
 296struct ecryptfs_inode_info {
 297        struct inode vfs_inode;
 298        struct inode *wii_inode;
 299        struct file *lower_file;
 300        struct mutex lower_file_mutex;
 301        struct ecryptfs_crypt_stat crypt_stat;
 302};
 303
 304/* dentry private data. Each dentry must keep track of a lower
 305 * vfsmount too. */
 306struct ecryptfs_dentry_info {
 307        struct path lower_path;
 308        struct ecryptfs_crypt_stat *crypt_stat;
 309};
 310
 311/**
 312 * ecryptfs_global_auth_tok - A key used to encrypt all new files under the mountpoint
 313 * @flags: Status flags
 314 * @mount_crypt_stat_list: These auth_toks hang off the mount-wide
 315 *                         cryptographic context. Every time a new
 316 *                         inode comes into existence, eCryptfs copies
 317 *                         the auth_toks on that list to the set of
 318 *                         auth_toks on the inode's crypt_stat
 319 * @global_auth_tok_key: The key from the user's keyring for the sig
 320 * @global_auth_tok: The key contents
 321 * @sig: The key identifier
 322 *
 323 * ecryptfs_global_auth_tok structs refer to authentication token keys
 324 * in the user keyring that apply to newly created files. A list of
 325 * these objects hangs off of the mount_crypt_stat struct for any
 326 * given eCryptfs mount. This struct maintains a reference to both the
 327 * key contents and the key itself so that the key can be put on
 328 * unmount.
 329 */
 330struct ecryptfs_global_auth_tok {
 331#define ECRYPTFS_AUTH_TOK_INVALID 0x00000001
 332#define ECRYPTFS_AUTH_TOK_FNEK    0x00000002
 333        u32 flags;
 334        struct list_head mount_crypt_stat_list;
 335        struct key *global_auth_tok_key;
 336        struct ecryptfs_auth_tok *global_auth_tok;
 337        unsigned char sig[ECRYPTFS_SIG_SIZE_HEX + 1];
 338};
 339
 340/**
 341 * ecryptfs_key_tfm - Persistent key tfm
 342 * @key_tfm: crypto API handle to the key
 343 * @key_size: Key size in bytes
 344 * @key_tfm_mutex: Mutex to ensure only one operation in eCryptfs is
 345 *                 using the persistent TFM at any point in time
 346 * @key_tfm_list: Handle to hang this off the module-wide TFM list
 347 * @cipher_name: String name for the cipher for this TFM
 348 *
 349 * Typically, eCryptfs will use the same ciphers repeatedly throughout
 350 * the course of its operations. In order to avoid unnecessarily
 351 * destroying and initializing the same cipher repeatedly, eCryptfs
 352 * keeps a list of crypto API contexts around to use when needed.
 353 */
 354struct ecryptfs_key_tfm {
 355        struct crypto_blkcipher *key_tfm;
 356        size_t key_size;
 357        struct mutex key_tfm_mutex;
 358        struct list_head key_tfm_list;
 359        unsigned char cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1];
 360};
 361
 362extern struct mutex key_tfm_list_mutex;
 363
 364/**
 365 * This struct is to enable a mount-wide passphrase/salt combo. This
 366 * is more or less a stopgap to provide similar functionality to other
 367 * crypto filesystems like EncFS or CFS until full policy support is
 368 * implemented in eCryptfs.
 369 */
 370struct ecryptfs_mount_crypt_stat {
 371        /* Pointers to memory we do not own, do not free these */
 372#define ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED 0x00000001
 373#define ECRYPTFS_XATTR_METADATA_ENABLED        0x00000002
 374#define ECRYPTFS_ENCRYPTED_VIEW_ENABLED        0x00000004
 375#define ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED  0x00000008
 376#define ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES      0x00000010
 377#define ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK   0x00000020
 378#define ECRYPTFS_GLOBAL_ENCFN_USE_FEK          0x00000040
 379        u32 flags;
 380        struct list_head global_auth_tok_list;
 381        struct mutex global_auth_tok_list_mutex;
 382        size_t num_global_auth_toks;
 383        size_t global_default_cipher_key_size;
 384        size_t global_default_fn_cipher_key_bytes;
 385        unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE
 386                                                 + 1];
 387        unsigned char global_default_fn_cipher_name[
 388                ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1];
 389        char global_default_fnek_sig[ECRYPTFS_SIG_SIZE_HEX + 1];
 390};
 391
 392/* superblock private data. */
 393struct ecryptfs_sb_info {
 394        struct super_block *wsi_sb;
 395        struct ecryptfs_mount_crypt_stat mount_crypt_stat;
 396};
 397
 398/* file private data. */
 399struct ecryptfs_file_info {
 400        struct file *wfi_file;
 401        struct ecryptfs_crypt_stat *crypt_stat;
 402};
 403
 404/* auth_tok <=> encrypted_session_key mappings */
 405struct ecryptfs_auth_tok_list_item {
 406        unsigned char encrypted_session_key[ECRYPTFS_MAX_KEY_BYTES];
 407        struct list_head list;
 408        struct ecryptfs_auth_tok auth_tok;
 409};
 410
 411struct ecryptfs_message {
 412        /* Can never be greater than ecryptfs_message_buf_len */
 413        /* Used to find the parent msg_ctx */
 414        /* Inherits from msg_ctx->index */
 415        u32 index;
 416        u32 data_len;
 417        u8 data[];
 418};
 419
 420struct ecryptfs_msg_ctx {
 421#define ECRYPTFS_MSG_CTX_STATE_FREE     0x01
 422#define ECRYPTFS_MSG_CTX_STATE_PENDING  0x02
 423#define ECRYPTFS_MSG_CTX_STATE_DONE     0x03
 424#define ECRYPTFS_MSG_CTX_STATE_NO_REPLY 0x04
 425        u8 state;
 426#define ECRYPTFS_MSG_HELO 100
 427#define ECRYPTFS_MSG_QUIT 101
 428#define ECRYPTFS_MSG_REQUEST 102
 429#define ECRYPTFS_MSG_RESPONSE 103
 430        u8 type;
 431        u32 index;
 432        /* Counter converts to a sequence number. Each message sent
 433         * out for which we expect a response has an associated
 434         * sequence number. The response must have the same sequence
 435         * number as the counter for the msg_stc for the message to be
 436         * valid. */
 437        u32 counter;
 438        size_t msg_size;
 439        struct ecryptfs_message *msg;
 440        struct task_struct *task;
 441        struct list_head node;
 442        struct list_head daemon_out_list;
 443        struct mutex mux;
 444};
 445
 446struct ecryptfs_daemon;
 447
 448struct ecryptfs_daemon {
 449#define ECRYPTFS_DAEMON_IN_READ      0x00000001
 450#define ECRYPTFS_DAEMON_IN_POLL      0x00000002
 451#define ECRYPTFS_DAEMON_ZOMBIE       0x00000004
 452#define ECRYPTFS_DAEMON_MISCDEV_OPEN 0x00000008
 453        u32 flags;
 454        u32 num_queued_msg_ctx;
 455        struct pid *pid;
 456        uid_t euid;
 457        struct user_namespace *user_ns;
 458        struct task_struct *task;
 459        struct mutex mux;
 460        struct list_head msg_ctx_out_queue;
 461        wait_queue_head_t wait;
 462        struct hlist_node euid_chain;
 463};
 464
 465extern struct mutex ecryptfs_daemon_hash_mux;
 466
 467static inline struct ecryptfs_file_info *
 468ecryptfs_file_to_private(struct file *file)
 469{
 470        return (struct ecryptfs_file_info *)file->private_data;
 471}
 472
 473static inline void
 474ecryptfs_set_file_private(struct file *file,
 475                          struct ecryptfs_file_info *file_info)
 476{
 477        file->private_data = file_info;
 478}
 479
 480static inline struct file *ecryptfs_file_to_lower(struct file *file)
 481{
 482        return ((struct ecryptfs_file_info *)file->private_data)->wfi_file;
 483}
 484
 485static inline void
 486ecryptfs_set_file_lower(struct file *file, struct file *lower_file)
 487{
 488        ((struct ecryptfs_file_info *)file->private_data)->wfi_file =
 489                lower_file;
 490}
 491
 492static inline struct ecryptfs_inode_info *
 493ecryptfs_inode_to_private(struct inode *inode)
 494{
 495        return container_of(inode, struct ecryptfs_inode_info, vfs_inode);
 496}
 497
 498static inline struct inode *ecryptfs_inode_to_lower(struct inode *inode)
 499{
 500        return ecryptfs_inode_to_private(inode)->wii_inode;
 501}
 502
 503static inline void
 504ecryptfs_set_inode_lower(struct inode *inode, struct inode *lower_inode)
 505{
 506        ecryptfs_inode_to_private(inode)->wii_inode = lower_inode;
 507}
 508
 509static inline struct ecryptfs_sb_info *
 510ecryptfs_superblock_to_private(struct super_block *sb)
 511{
 512        return (struct ecryptfs_sb_info *)sb->s_fs_info;
 513}
 514
 515static inline void
 516ecryptfs_set_superblock_private(struct super_block *sb,
 517                                struct ecryptfs_sb_info *sb_info)
 518{
 519        sb->s_fs_info = sb_info;
 520}
 521
 522static inline struct super_block *
 523ecryptfs_superblock_to_lower(struct super_block *sb)
 524{
 525        return ((struct ecryptfs_sb_info *)sb->s_fs_info)->wsi_sb;
 526}
 527
 528static inline void
 529ecryptfs_set_superblock_lower(struct super_block *sb,
 530                              struct super_block *lower_sb)
 531{
 532        ((struct ecryptfs_sb_info *)sb->s_fs_info)->wsi_sb = lower_sb;
 533}
 534
 535static inline struct ecryptfs_dentry_info *
 536ecryptfs_dentry_to_private(struct dentry *dentry)
 537{
 538        return (struct ecryptfs_dentry_info *)dentry->d_fsdata;
 539}
 540
 541static inline void
 542ecryptfs_set_dentry_private(struct dentry *dentry,
 543                            struct ecryptfs_dentry_info *dentry_info)
 544{
 545        dentry->d_fsdata = dentry_info;
 546}
 547
 548static inline struct dentry *
 549ecryptfs_dentry_to_lower(struct dentry *dentry)
 550{
 551        return ((struct ecryptfs_dentry_info *)dentry->d_fsdata)->lower_path.dentry;
 552}
 553
 554static inline void
 555ecryptfs_set_dentry_lower(struct dentry *dentry, struct dentry *lower_dentry)
 556{
 557        ((struct ecryptfs_dentry_info *)dentry->d_fsdata)->lower_path.dentry =
 558                lower_dentry;
 559}
 560
 561static inline struct vfsmount *
 562ecryptfs_dentry_to_lower_mnt(struct dentry *dentry)
 563{
 564        return ((struct ecryptfs_dentry_info *)dentry->d_fsdata)->lower_path.mnt;
 565}
 566
 567static inline void
 568ecryptfs_set_dentry_lower_mnt(struct dentry *dentry, struct vfsmount *lower_mnt)
 569{
 570        ((struct ecryptfs_dentry_info *)dentry->d_fsdata)->lower_path.mnt =
 571                lower_mnt;
 572}
 573
 574#define ecryptfs_printk(type, fmt, arg...) \
 575        __ecryptfs_printk(type "%s: " fmt, __func__, ## arg);
 576void __ecryptfs_printk(const char *fmt, ...);
 577
 578extern const struct file_operations ecryptfs_main_fops;
 579extern const struct file_operations ecryptfs_dir_fops;
 580extern const struct inode_operations ecryptfs_main_iops;
 581extern const struct inode_operations ecryptfs_dir_iops;
 582extern const struct inode_operations ecryptfs_symlink_iops;
 583extern const struct super_operations ecryptfs_sops;
 584extern const struct dentry_operations ecryptfs_dops;
 585extern const struct address_space_operations ecryptfs_aops;
 586extern int ecryptfs_verbosity;
 587extern unsigned int ecryptfs_message_buf_len;
 588extern signed long ecryptfs_message_wait_timeout;
 589extern unsigned int ecryptfs_number_of_users;
 590
 591extern struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
 592extern struct kmem_cache *ecryptfs_file_info_cache;
 593extern struct kmem_cache *ecryptfs_dentry_info_cache;
 594extern struct kmem_cache *ecryptfs_inode_info_cache;
 595extern struct kmem_cache *ecryptfs_sb_info_cache;
 596extern struct kmem_cache *ecryptfs_header_cache_1;
 597extern struct kmem_cache *ecryptfs_header_cache_2;
 598extern struct kmem_cache *ecryptfs_xattr_cache;
 599extern struct kmem_cache *ecryptfs_key_record_cache;
 600extern struct kmem_cache *ecryptfs_key_sig_cache;
 601extern struct kmem_cache *ecryptfs_global_auth_tok_cache;
 602extern struct kmem_cache *ecryptfs_key_tfm_cache;
 603extern struct kmem_cache *ecryptfs_open_req_cache;
 604
 605struct ecryptfs_open_req {
 606#define ECRYPTFS_REQ_PROCESSED 0x00000001
 607#define ECRYPTFS_REQ_DROPPED   0x00000002
 608#define ECRYPTFS_REQ_ZOMBIE    0x00000004
 609        u32 flags;
 610        struct file **lower_file;
 611        struct dentry *lower_dentry;
 612        struct vfsmount *lower_mnt;
 613        wait_queue_head_t wait;
 614        struct mutex mux;
 615        struct list_head kthread_ctl_list;
 616};
 617
 618#define ECRYPTFS_INTERPOSE_FLAG_D_ADD                 0x00000001
 619int ecryptfs_interpose(struct dentry *hidden_dentry,
 620                       struct dentry *this_dentry, struct super_block *sb,
 621                       u32 flags);
 622int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry,
 623                                        struct dentry *lower_dentry,
 624                                        struct inode *ecryptfs_dir_inode,
 625                                        struct nameidata *ecryptfs_nd);
 626int ecryptfs_decode_and_decrypt_filename(char **decrypted_name,
 627                                         size_t *decrypted_name_size,
 628                                         struct dentry *ecryptfs_dentry,
 629                                         const char *name, size_t name_size);
 630int ecryptfs_fill_zeros(struct file *file, loff_t new_length);
 631int ecryptfs_encrypt_and_encode_filename(
 632        char **encoded_name,
 633        size_t *encoded_name_size,
 634        struct ecryptfs_crypt_stat *crypt_stat,
 635        struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
 636        const char *name, size_t name_size);
 637struct dentry *ecryptfs_lower_dentry(struct dentry *this_dentry);
 638void ecryptfs_dump_hex(char *data, int bytes);
 639int virt_to_scatterlist(const void *addr, int size, struct scatterlist *sg,
 640                        int sg_size);
 641int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat);
 642void ecryptfs_rotate_iv(unsigned char *iv);
 643void ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat);
 644void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat);
 645void ecryptfs_destroy_mount_crypt_stat(
 646        struct ecryptfs_mount_crypt_stat *mount_crypt_stat);
 647int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat);
 648int ecryptfs_write_inode_size_to_metadata(struct inode *ecryptfs_inode);
 649int ecryptfs_encrypt_page(struct page *page);
 650int ecryptfs_decrypt_page(struct page *page);
 651int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry);
 652int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry);
 653int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry);
 654int ecryptfs_read_and_validate_header_region(char *data,
 655                                             struct inode *ecryptfs_inode);
 656int ecryptfs_read_and_validate_xattr_region(char *page_virt,
 657                                            struct dentry *ecryptfs_dentry);
 658u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes);
 659int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code);
 660void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat);
 661int ecryptfs_generate_key_packet_set(char *dest_base,
 662                                     struct ecryptfs_crypt_stat *crypt_stat,
 663                                     struct dentry *ecryptfs_dentry,
 664                                     size_t *len, size_t max);
 665int
 666ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
 667                          unsigned char *src, struct dentry *ecryptfs_dentry);
 668int ecryptfs_truncate(struct dentry *dentry, loff_t new_length);
 669int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode);
 670int ecryptfs_inode_set(struct inode *inode, void *lower_inode);
 671void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode);
 672ssize_t
 673ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name,
 674                        void *value, size_t size);
 675int
 676ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
 677                  size_t size, int flags);
 678int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode);
 679int ecryptfs_process_helo(uid_t euid, struct user_namespace *user_ns,
 680                          struct pid *pid);
 681int ecryptfs_process_quit(uid_t euid, struct user_namespace *user_ns,
 682                          struct pid *pid);
 683int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
 684                              struct user_namespace *user_ns, struct pid *pid,
 685                              u32 seq);
 686int ecryptfs_send_message(char *data, int data_len,
 687                          struct ecryptfs_msg_ctx **msg_ctx);
 688int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx,
 689                               struct ecryptfs_message **emsg);
 690int ecryptfs_init_messaging(void);
 691void ecryptfs_release_messaging(void);
 692
 693void
 694ecryptfs_write_header_metadata(char *virt,
 695                               struct ecryptfs_crypt_stat *crypt_stat,
 696                               size_t *written);
 697int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig);
 698int
 699ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
 700                           char *sig, u32 global_auth_tok_flags);
 701int ecryptfs_get_global_auth_tok_for_sig(
 702        struct ecryptfs_global_auth_tok **global_auth_tok,
 703        struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig);
 704int
 705ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,
 706                         size_t key_size);
 707int ecryptfs_init_crypto(void);
 708int ecryptfs_destroy_crypto(void);
 709int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm);
 710int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm,
 711                                               struct mutex **tfm_mutex,
 712                                               char *cipher_name);
 713int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
 714                                      struct ecryptfs_auth_tok **auth_tok,
 715                                      char *sig);
 716int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data,
 717                         loff_t offset, size_t size);
 718int ecryptfs_write_lower_page_segment(struct inode *ecryptfs_inode,
 719                                      struct page *page_for_lower,
 720                                      size_t offset_in_page, size_t size);
 721int ecryptfs_write(struct file *ecryptfs_file, char *data, loff_t offset,
 722                   size_t size);
 723int ecryptfs_read_lower(char *data, loff_t offset, size_t size,
 724                        struct inode *ecryptfs_inode);
 725int ecryptfs_read_lower_page_segment(struct page *page_for_ecryptfs,
 726                                     pgoff_t page_index,
 727                                     size_t offset_in_page, size_t size,
 728                                     struct inode *ecryptfs_inode);
 729struct page *ecryptfs_get_locked_page(struct file *file, loff_t index);
 730int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon);
 731int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon, uid_t euid,
 732                                 struct user_namespace *user_ns);
 733int ecryptfs_parse_packet_length(unsigned char *data, size_t *size,
 734                                 size_t *length_size);
 735int ecryptfs_write_packet_length(char *dest, size_t size,
 736                                 size_t *packet_size_length);
 737int ecryptfs_init_ecryptfs_miscdev(void);
 738void ecryptfs_destroy_ecryptfs_miscdev(void);
 739int ecryptfs_send_miscdev(char *data, size_t data_size,
 740                          struct ecryptfs_msg_ctx *msg_ctx, u8 msg_type,
 741                          u16 msg_flags, struct ecryptfs_daemon *daemon);
 742void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx);
 743int
 744ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, uid_t euid,
 745                      struct user_namespace *user_ns, struct pid *pid);
 746int ecryptfs_init_kthread(void);
 747void ecryptfs_destroy_kthread(void);
 748int ecryptfs_privileged_open(struct file **lower_file,
 749                             struct dentry *lower_dentry,
 750                             struct vfsmount *lower_mnt,
 751                             const struct cred *cred);
 752int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry);
 753int
 754ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
 755                             size_t *packet_size,
 756                             struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
 757                             char *filename, size_t filename_size);
 758int
 759ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
 760                             size_t *packet_size,
 761                             struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
 762                             char *data, size_t max_packet_size);
 763int ecryptfs_derive_iv(char *iv, struct ecryptfs_crypt_stat *crypt_stat,
 764                       loff_t offset);
 765
 766#endif /* #ifndef ECRYPTFS_KERNEL_H */
 767