Blame view

kernel/linux-imx6_3.14.28/include/linux/ecryptfs.h 3.79 KB
6b13f685e   김민수   BSP 최초 추가
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
  #ifndef _LINUX_ECRYPTFS_H
  #define _LINUX_ECRYPTFS_H
  
  /* Version verification for shared data structures w/ userspace */
  #define ECRYPTFS_VERSION_MAJOR 0x00
  #define ECRYPTFS_VERSION_MINOR 0x04
  #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03
  /* These flags indicate which features are supported by the kernel
   * module; userspace tools such as the mount helper read the feature
   * bits from a sysfs handle in order to determine how to behave. */
  #define ECRYPTFS_VERSIONING_PASSPHRASE            0x00000001
  #define ECRYPTFS_VERSIONING_PUBKEY                0x00000002
  #define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004
  #define ECRYPTFS_VERSIONING_POLICY                0x00000008
  #define ECRYPTFS_VERSIONING_XATTR                 0x00000010
  #define ECRYPTFS_VERSIONING_MULTKEY               0x00000020
  #define ECRYPTFS_VERSIONING_DEVMISC               0x00000040
  #define ECRYPTFS_VERSIONING_HMAC                  0x00000080
  #define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION   0x00000100
  #define ECRYPTFS_VERSIONING_GCM                   0x00000200
  #define ECRYPTFS_MAX_PASSWORD_LENGTH 64
  #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH
  #define ECRYPTFS_SALT_SIZE 8
  #define ECRYPTFS_SALT_SIZE_HEX (ECRYPTFS_SALT_SIZE*2)
  /* The original signature size is only for what is stored on disk; all
   * in-memory representations are expanded hex, so it better adapted to
   * be passed around or referenced on the command line */
  #define ECRYPTFS_SIG_SIZE 8
  #define ECRYPTFS_SIG_SIZE_HEX (ECRYPTFS_SIG_SIZE*2)
  #define ECRYPTFS_PASSWORD_SIG_SIZE ECRYPTFS_SIG_SIZE_HEX
  #define ECRYPTFS_MAX_KEY_BYTES 64
  #define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512
  #define ECRYPTFS_FILE_VERSION 0x03
  #define ECRYPTFS_MAX_PKI_NAME_BYTES 16
  
  #define RFC2440_CIPHER_DES3_EDE 0x02
  #define RFC2440_CIPHER_CAST_5 0x03
  #define RFC2440_CIPHER_BLOWFISH 0x04
  #define RFC2440_CIPHER_AES_128 0x07
  #define RFC2440_CIPHER_AES_192 0x08
  #define RFC2440_CIPHER_AES_256 0x09
  #define RFC2440_CIPHER_TWOFISH 0x0a
  #define RFC2440_CIPHER_CAST_6 0x0b
  
  #define RFC2440_CIPHER_RSA 0x01
  
  /**
   * For convenience, we may need to pass around the encrypted session
   * key between kernel and userspace because the authentication token
   * may not be extractable.  For example, the TPM may not release the
   * private key, instead requiring the encrypted data and returning the
   * decrypted data.
   */
  struct ecryptfs_session_key {
  #define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT 0x00000001
  #define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT 0x00000002
  #define ECRYPTFS_CONTAINS_DECRYPTED_KEY 0x00000004
  #define ECRYPTFS_CONTAINS_ENCRYPTED_KEY 0x00000008
  	u32 flags;
  	u32 encrypted_key_size;
  	u32 decrypted_key_size;
  	u8 encrypted_key[ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES];
  	u8 decrypted_key[ECRYPTFS_MAX_KEY_BYTES];
  };
  
  struct ecryptfs_password {
  	u32 password_bytes;
  	s32 hash_algo;
  	u32 hash_iterations;
  	u32 session_key_encryption_key_bytes;
  #define ECRYPTFS_PERSISTENT_PASSWORD 0x01
  #define ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET 0x02
  	u32 flags;
  	/* Iterated-hash concatenation of salt and passphrase */
  	u8 session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
  	u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
  	/* Always in expanded hex */
  	u8 salt[ECRYPTFS_SALT_SIZE];
  };
  
  enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY};
  
  struct ecryptfs_private_key {
  	u32 key_size;
  	u32 data_len;
  	u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
  	char pki_type[ECRYPTFS_MAX_PKI_NAME_BYTES + 1];
  	u8 data[];
  };
  
  /* May be a password or a private key */
  struct ecryptfs_auth_tok {
  	u16 version; /* 8-bit major and 8-bit minor */
  	u16 token_type;
  #define ECRYPTFS_ENCRYPT_ONLY 0x00000001
  	u32 flags;
  	struct ecryptfs_session_key session_key;
  	u8 reserved[32];
  	union {
  		struct ecryptfs_password password;
  		struct ecryptfs_private_key private_key;
  	} token;
  } __attribute__ ((packed));
  
  #endif /* _LINUX_ECRYPTFS_H */