1 fscrypt: move non-public structures and constants to fscrypt_private.h
3 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
4 Reviewed-by: Eric Biggers <ebiggers@google.com>
6 fs/crypto/crypto.c | 2 +-
7 fs/crypto/fscrypt_private.h | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
8 fs/crypto/policy.c | 2 +-
9 include/linux/fscrypto.h | 68 +++---------------------------------------------------
10 4 files changed, 76 insertions(+), 67 deletions(-)
12 diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
13 index 56f98f45cece..4d9d221b1d60 100644
14 --- a/fs/crypto/crypto.c
15 +++ b/fs/crypto/crypto.c
17 #include <linux/bio.h>
18 #include <linux/dcache.h>
19 #include <linux/namei.h>
20 -#include <linux/fscrypto.h>
21 +#include "fscrypt_private.h"
23 static unsigned int num_prealloc_crypto_pages = 32;
24 static unsigned int num_prealloc_crypto_ctxs = 128;
25 diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h
26 index bb92f0c0961b..c98b2a7fb6d3 100644
27 --- a/fs/crypto/fscrypt_private.h
28 +++ b/fs/crypto/fscrypt_private.h
31 #include <linux/fscrypto.h>
33 +#define FS_FNAME_CRYPTO_DIGEST_SIZE 32
35 +/* Encryption parameters */
36 +#define FS_XTS_TWEAK_SIZE 16
37 +#define FS_AES_128_ECB_KEY_SIZE 16
38 +#define FS_AES_256_GCM_KEY_SIZE 32
39 +#define FS_AES_256_CBC_KEY_SIZE 32
40 +#define FS_AES_256_CTS_KEY_SIZE 32
41 +#define FS_AES_256_XTS_KEY_SIZE 64
42 +#define FS_MAX_KEY_SIZE 64
44 +#define FS_KEY_DESC_PREFIX "fscrypt:"
45 +#define FS_KEY_DESC_PREFIX_SIZE 8
47 +#define FS_KEY_DERIVATION_NONCE_SIZE 16
50 + * Encryption context for inode
53 + * 1 byte: Protector format (1 = this version)
54 + * 1 byte: File contents encryption mode
55 + * 1 byte: File names encryption mode
57 + * 8 bytes: Master Key descriptor
58 + * 16 bytes: Encryption Key derivation nonce
60 +struct fscrypt_context {
62 + u8 contents_encryption_mode;
63 + u8 filenames_encryption_mode;
65 + u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];
66 + u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
69 +#define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1
71 +/* This is passed in from userspace into the kernel keyring */
74 + u8 raw[FS_MAX_KEY_SIZE];
79 + * A pointer to this structure is stored in the file system's in-core
80 + * representation of an inode.
82 +struct fscrypt_info {
84 + u8 ci_filename_mode;
86 + struct crypto_skcipher *ci_ctfm;
87 + struct key *ci_keyring_key;
88 + u8 ci_master_key[FS_KEY_DESCRIPTOR_SIZE];
91 +#define FS_CTX_REQUIRES_FREE_ENCRYPT_FL 0x00000001
92 +#define FS_WRITE_PATH_FL 0x00000002
94 +struct fscrypt_completion_result {
95 + struct completion completion;
99 +#define DECLARE_FS_COMPLETION_RESULT(ecr) \
100 + struct fscrypt_completion_result ecr = { \
101 + COMPLETION_INITIALIZER((ecr).completion), 0 }
105 int fscrypt_initialize(void);
107 diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
108 index b96a10e3cf78..6ed7c2eebeec 100644
109 --- a/fs/crypto/policy.c
110 +++ b/fs/crypto/policy.c
113 #include <linux/random.h>
114 #include <linux/string.h>
115 -#include <linux/fscrypto.h>
116 #include <linux/mount.h>
117 +#include "fscrypt_private.h"
119 static int inode_has_encryption_context(struct inode *inode)
121 diff --git a/include/linux/fscrypto.h b/include/linux/fscrypto.h
122 index ce2ebdee6a89..71e8a20711ec 100644
123 --- a/include/linux/fscrypto.h
124 +++ b/include/linux/fscrypto.h
126 #include <crypto/skcipher.h>
127 #include <uapi/linux/fs.h>
129 -#define FS_KEY_DERIVATION_NONCE_SIZE 16
130 -#define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1
132 #define FS_POLICY_FLAGS_PAD_4 0x00
133 #define FS_POLICY_FLAGS_PAD_8 0x01
134 #define FS_POLICY_FLAGS_PAD_16 0x02
136 #define FS_ENCRYPTION_MODE_AES_256_CBC 3
137 #define FS_ENCRYPTION_MODE_AES_256_CTS 4
140 - * Encryption context for inode
142 - * Protector format:
143 - * 1 byte: Protector format (1 = this version)
144 - * 1 byte: File contents encryption mode
145 - * 1 byte: File names encryption mode
147 - * 8 bytes: Master Key descriptor
148 - * 16 bytes: Encryption Key derivation nonce
150 -struct fscrypt_context {
152 - u8 contents_encryption_mode;
153 - u8 filenames_encryption_mode;
155 - u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];
156 - u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
159 -/* Encryption parameters */
160 -#define FS_XTS_TWEAK_SIZE 16
161 -#define FS_AES_128_ECB_KEY_SIZE 16
162 -#define FS_AES_256_GCM_KEY_SIZE 32
163 -#define FS_AES_256_CBC_KEY_SIZE 32
164 -#define FS_AES_256_CTS_KEY_SIZE 32
165 -#define FS_AES_256_XTS_KEY_SIZE 64
166 -#define FS_MAX_KEY_SIZE 64
168 -#define FS_KEY_DESC_PREFIX "fscrypt:"
169 -#define FS_KEY_DESC_PREFIX_SIZE 8
171 -/* This is passed in from userspace into the kernel keyring */
172 -struct fscrypt_key {
174 - u8 raw[FS_MAX_KEY_SIZE];
178 -struct fscrypt_info {
180 - u8 ci_filename_mode;
182 - struct crypto_skcipher *ci_ctfm;
183 - struct key *ci_keyring_key;
184 - u8 ci_master_key[FS_KEY_DESCRIPTOR_SIZE];
186 +#define FS_CRYPTO_BLOCK_SIZE 16
188 -#define FS_CTX_REQUIRES_FREE_ENCRYPT_FL 0x00000001
189 -#define FS_WRITE_PATH_FL 0x00000002
190 +struct fscrypt_info;
195 @@ -102,19 +53,6 @@ struct fscrypt_ctx {
196 u8 mode; /* Encryption mode for tfm */
199 -struct fscrypt_completion_result {
200 - struct completion completion;
204 -#define DECLARE_FS_COMPLETION_RESULT(ecr) \
205 - struct fscrypt_completion_result ecr = { \
206 - COMPLETION_INITIALIZER((ecr).completion), 0 }
208 -#define FS_FNAME_NUM_SCATTER_ENTRIES 4
209 -#define FS_CRYPTO_BLOCK_SIZE 16
210 -#define FS_FNAME_CRYPTO_DIGEST_SIZE 32
213 * For encrypted symlinks, the ciphertext length is stored at the beginning
214 * of the string in little-endian format.