From patchwork Mon Oct 23 21:40:34 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 829654 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="JbL7E3Bu"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="glzQYSNs"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yLVHk37gCz9sPt for ; Tue, 24 Oct 2017 08:42:42 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=1tKLtPGlbLKk3VULsIzy/vWULmfdWIj/vNkrOrHFMkk=; b=JbL7E3Bunvygp0bLYN4KJQo2GB wlI+1kz1h8JI/Ag9o/nV3iR7N6P6aSjPS2XaGhnPM8o/l037VkUKBoyWdHNrhZ3k1zwyuAiyZ+Hc3 hBAdhTkpvDHIg5BCcquyLSevC8uNiQlOo5Dz3TRb8FxOshHfV+WCnuiWDpYSwL6jnXJ7SwqLwBuOp +NqQQVsROhI+3X6e7S7StyTp4VpzFRT83PY79OksjhOFOOooU7RQCfUzKZD8bCr5R1hqJ5Itv9BaU hdw3tcqkEJhaohW14q76IaJugBHfe2Woc3X/D37wZzLG3hukbq1rI2Dwcy6AW3b0voF+NlJPlZLlX /NkiCSMA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1e6kUV-0004kK-Tf; Mon, 23 Oct 2017 21:42:36 +0000 Received: from mail-io0-x242.google.com ([2607:f8b0:4001:c06::242]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1e6kUR-0004fL-Pn for linux-mtd@lists.infradead.org; Mon, 23 Oct 2017 21:42:34 +0000 Received: by mail-io0-x242.google.com with SMTP id n137so21760645iod.6 for ; Mon, 23 Oct 2017 14:42:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=RWzr6AEc1Y+08Sc6Z5TXghPCExRxgnlcGUvUgvGnKio=; b=glzQYSNsSBDLDE/nk4frqeg3HNva3bS7lXX45otUIZry+TOorx2ur4YhytLLdHBboa nJYL8OmAh+KT1AQsBTAT0fm8lCRzjhZF2x9JMNSiF0L8qXHirwRaFbyqAfX6NfP0ojSr i3Iv6kdyHr3Mefd8shSvkh/OQUdlZeXsGUElN5vr6CgmMk3vgpTsZs4djk1VxxORTn/j h/Hs07C+BkkGu3SuSJlcBJyb6ltNjLSveyGHUHiRBkvJ8jtiI1LFPvcrpOzspGUW9AIU Sa/fy7U9zAzOYj+MazmfPukQbaclsIAGVWqvEa8B4+6CJzUjrhVvvk3vzDl9TQtrnbCd 4E+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=RWzr6AEc1Y+08Sc6Z5TXghPCExRxgnlcGUvUgvGnKio=; b=riMXmV0th/GRFLlE5znbHFySk/3TDcckzpzIcdzxmcsjVmQdSPszu4i3vttmsw/+z6 K3rhgme++jVe+0OF1WwNTSt6/3g5bbS9Xyv9FUx+fpCJ3H9FIDlnqOPZMjNVWIhrbpv7 9LU/3J8g8ajIFYtA0PKlSnCsQJWnMcAlmeb8tqDjVtxbq3KeeS2kPHL+6bls3DyL8UzJ CS6u6d9KaLFso51P3hCRq8wtXbc6mmu4vPBMZrWFonhWDpFvIvIPfqGTOhfsoUbfZuPe 7wffUSpb4MCbyLqzKEokDidND23PIYa+FaMQAxg8J6J6zjrrGTu32ZVRfiuOeshsONpN ZhWA== X-Gm-Message-State: AMCzsaWCKdSHTWXabEQfa6d4suwAsn07OofNatFXrEDIBuT0tsNYt1At nLceQkRSM+g8XiGKHgOisXk= X-Google-Smtp-Source: ABhQp+SkwdGNYgYLIZc75kQ10EaSGMzOQA0keAn+yXuFTLWSYti8dpoKFAj2BVpivHhmCf6mtFoV5w== X-Received: by 10.107.29.73 with SMTP id d70mr18396373iod.201.1508794930798; Mon, 23 Oct 2017 14:42:10 -0700 (PDT) Received: from ebiggers-linuxstation.kir.corp.google.com ([100.66.175.88]) by smtp.gmail.com with ESMTPSA id i63sm3558482ioi.68.2017.10.23.14.42.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 23 Oct 2017 14:42:10 -0700 (PDT) From: Eric Biggers To: linux-fscrypt@vger.kernel.org Subject: [RFC PATCH 01/25] fs, fscrypt: move uapi definitions to new header Date: Mon, 23 Oct 2017 14:40:34 -0700 Message-Id: <20171023214058.128121-2-ebiggers3@gmail.com> X-Mailer: git-send-email 2.15.0.rc0.271.g36b669edcc-goog In-Reply-To: <20171023214058.128121-1-ebiggers3@gmail.com> References: <20171023214058.128121-1-ebiggers3@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20171023_144231_941930_3779E807 X-CRM114-Status: GOOD ( 16.59 ) X-Spam-Score: -1.8 (-) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-1.8 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2607:f8b0:4001:c06:0:0:0:242 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (ebiggers3[at]gmail.com) 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (ebiggers3[at]gmail.com) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ryo Hashimoto , Gwendal Grignou , "Theodore Y . Ts'o" , Eric Biggers , linux-api@vger.kernel.org, Nick Desaulniers , linux-f2fs-devel@lists.sourceforge.net, keyrings@vger.kernel.org, linux-mtd@lists.infradead.org, Michael Halcrow , Sarthak Kukreti , linux-fsdevel@vger.kernel.org, Jaegeuk Kim , linux-ext4@vger.kernel.org MIME-Version: 1.0 Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Eric Biggers There are going to be more filesystem encryption definitions added, and we don't want to use a disproportionate amount of space in for filesystem encryption stuff. So move the fscrypt definitions to a new header . For compatibility with existing userspace programs which may be including , still includes the new header. (It's debatable whether we really need this, though; the filesystem encryption API is new enough that most if not all programs that are using it have to declare it themselves anyway.) Signed-off-by: Eric Biggers Reviewed-by: Michael Halcrow --- include/linux/fscrypt.h | 2 +- include/uapi/linux/fs.h | 50 +++-------------------------------------- include/uapi/linux/fscrypt.h | 53 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 57 insertions(+), 48 deletions(-) create mode 100644 include/uapi/linux/fscrypt.h diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 53437bfdfcbc..f7aa7d62e235 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -19,7 +19,7 @@ #include #include #include -#include +#include #define FS_CRYPTO_BLOCK_SIZE 16 diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h index 56235dddea7d..6ecd3ee9960c 100644 --- a/include/uapi/linux/fs.h +++ b/include/uapi/linux/fs.h @@ -12,6 +12,9 @@ #include #include #include +#ifndef __KERNEL__ +#include +#endif /* * It's silly to have NR_OPEN bigger than NR_FILE, but you can change @@ -253,53 +256,6 @@ struct fsxattr { #define FS_IOC_FSGETXATTR _IOR ('X', 31, struct fsxattr) #define FS_IOC_FSSETXATTR _IOW ('X', 32, struct fsxattr) -/* - * File system encryption support - */ -/* Policy provided via an ioctl on the topmost directory */ -#define FS_KEY_DESCRIPTOR_SIZE 8 - -#define FS_POLICY_FLAGS_PAD_4 0x00 -#define FS_POLICY_FLAGS_PAD_8 0x01 -#define FS_POLICY_FLAGS_PAD_16 0x02 -#define FS_POLICY_FLAGS_PAD_32 0x03 -#define FS_POLICY_FLAGS_PAD_MASK 0x03 -#define FS_POLICY_FLAGS_VALID 0x03 - -/* Encryption algorithms */ -#define FS_ENCRYPTION_MODE_INVALID 0 -#define FS_ENCRYPTION_MODE_AES_256_XTS 1 -#define FS_ENCRYPTION_MODE_AES_256_GCM 2 -#define FS_ENCRYPTION_MODE_AES_256_CBC 3 -#define FS_ENCRYPTION_MODE_AES_256_CTS 4 -#define FS_ENCRYPTION_MODE_AES_128_CBC 5 -#define FS_ENCRYPTION_MODE_AES_128_CTS 6 - -struct fscrypt_policy { - __u8 version; - __u8 contents_encryption_mode; - __u8 filenames_encryption_mode; - __u8 flags; - __u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE]; -}; - -#define FS_IOC_SET_ENCRYPTION_POLICY _IOR('f', 19, struct fscrypt_policy) -#define FS_IOC_GET_ENCRYPTION_PWSALT _IOW('f', 20, __u8[16]) -#define FS_IOC_GET_ENCRYPTION_POLICY _IOW('f', 21, struct fscrypt_policy) - -/* Parameters for passing an encryption key into the kernel keyring */ -#define FS_KEY_DESC_PREFIX "fscrypt:" -#define FS_KEY_DESC_PREFIX_SIZE 8 - -/* Structure that userspace passes to the kernel keyring */ -#define FS_MAX_KEY_SIZE 64 - -struct fscrypt_key { - __u32 mode; - __u8 raw[FS_MAX_KEY_SIZE]; - __u32 size; -}; - /* * Inode flags (FS_IOC_GETFLAGS / FS_IOC_SETFLAGS) * diff --git a/include/uapi/linux/fscrypt.h b/include/uapi/linux/fscrypt.h new file mode 100644 index 000000000000..c09209fc42ea --- /dev/null +++ b/include/uapi/linux/fscrypt.h @@ -0,0 +1,53 @@ +#ifndef _UAPI_LINUX_FSCRYPT_H +#define _UAPI_LINUX_FSCRYPT_H + +#include + +/* + * File system encryption support + */ +/* Policy provided via an ioctl on the topmost directory */ +#define FS_KEY_DESCRIPTOR_SIZE 8 + +#define FS_POLICY_FLAGS_PAD_4 0x00 +#define FS_POLICY_FLAGS_PAD_8 0x01 +#define FS_POLICY_FLAGS_PAD_16 0x02 +#define FS_POLICY_FLAGS_PAD_32 0x03 +#define FS_POLICY_FLAGS_PAD_MASK 0x03 +#define FS_POLICY_FLAGS_VALID 0x03 + +/* Encryption algorithms */ +#define FS_ENCRYPTION_MODE_INVALID 0 +#define FS_ENCRYPTION_MODE_AES_256_XTS 1 +#define FS_ENCRYPTION_MODE_AES_256_GCM 2 +#define FS_ENCRYPTION_MODE_AES_256_CBC 3 +#define FS_ENCRYPTION_MODE_AES_256_CTS 4 +#define FS_ENCRYPTION_MODE_AES_128_CBC 5 +#define FS_ENCRYPTION_MODE_AES_128_CTS 6 + +struct fscrypt_policy { + __u8 version; + __u8 contents_encryption_mode; + __u8 filenames_encryption_mode; + __u8 flags; + __u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE]; +}; + +#define FS_IOC_SET_ENCRYPTION_POLICY _IOR('f', 19, struct fscrypt_policy) +#define FS_IOC_GET_ENCRYPTION_PWSALT _IOW('f', 20, __u8[16]) +#define FS_IOC_GET_ENCRYPTION_POLICY _IOW('f', 21, struct fscrypt_policy) + +/* Parameters for passing an encryption key into the kernel keyring */ +#define FS_KEY_DESC_PREFIX "fscrypt:" +#define FS_KEY_DESC_PREFIX_SIZE 8 + +/* Structure that userspace passes to the kernel keyring */ +#define FS_MAX_KEY_SIZE 64 + +struct fscrypt_key { + __u32 mode; + __u8 raw[FS_MAX_KEY_SIZE]; + __u32 size; +}; + +#endif /* _UAPI_LINUX_FSCRYPT_H */