diff mbox

[v2] fscrypt: Move key structure and constants to uapi

Message ID 20170406231405.153919-1-joerichey94@gmail.com (mailing list archive)
State Accepted
Headers show

Commit Message

Joe Richey April 6, 2017, 11:14 p.m. UTC 
From: Joe Richey <joerichey@google.com>

This commit exposes the necessary constants and structures for a
userspace program to pass filesystem encryption keys into the keyring.
The fscrypt_key structure was already part of the kernel ABI, this
change just makes it so programs no longer have to redeclare these
structures (like e4crypt in e2fsprogs currently does).

Note that we do not expose the other FS_*_KEY_SIZE constants as they are
not necessary. Only XTS is supported for contents_encryption_mode, so
currently FS_MAX_KEY_SIZE bytes of key material must always be passed to
the kernel.

This commit also removes __packed from fscrypt_key as it does not
contain any implicit padding and does not refer to an on-disk structure.

Signed-off-by: Joe Richey <joerichey@google.com>
---
 fs/crypto/fscrypt_private.h | 11 -----------
 include/uapi/linux/fs.h     | 13 +++++++++++++
 2 files changed, 13 insertions(+), 11 deletions(-)

Comments

Theodore Ts'o April 30, 2017, 6:16 a.m. UTC | #1 
On Thu, Apr 06, 2017 at 04:14:05PM -0700, Joe Richey wrote:
> From: Joe Richey <joerichey@google.com>
> 
> This commit exposes the necessary constants and structures for a
> userspace program to pass filesystem encryption keys into the keyring.
> The fscrypt_key structure was already part of the kernel ABI, this
> change just makes it so programs no longer have to redeclare these
> structures (like e4crypt in e2fsprogs currently does).
> 
> Note that we do not expose the other FS_*_KEY_SIZE constants as they are
> not necessary. Only XTS is supported for contents_encryption_mode, so
> currently FS_MAX_KEY_SIZE bytes of key material must always be passed to
> the kernel.
> 
> This commit also removes __packed from fscrypt_key as it does not
> contain any implicit padding and does not refer to an on-disk structure.
> 
> Signed-off-by: Joe Richey <joerichey@google.com>

Thanks, applied.

					- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-fscrypt" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h
index e39696e64494..e08ca6d1ca0f 100644
--- a/fs/crypto/fscrypt_private.h
+++ b/fs/crypto/fscrypt_private.h
@@ -22,10 +22,6 @@ 
 #define FS_AES_256_CBC_KEY_SIZE		32
 #define FS_AES_256_CTS_KEY_SIZE		32
 #define FS_AES_256_XTS_KEY_SIZE		64
-#define FS_MAX_KEY_SIZE			64
-
-#define FS_KEY_DESC_PREFIX		"fscrypt:"
-#define FS_KEY_DESC_PREFIX_SIZE		8
 
 #define FS_KEY_DERIVATION_NONCE_SIZE		16
 
@@ -51,13 +47,6 @@  struct fscrypt_context {
 
 #define FS_ENCRYPTION_CONTEXT_FORMAT_V1		1
 
-/* This is passed in from userspace into the kernel keyring */
-struct fscrypt_key {
-	u32 mode;
-	u8 raw[FS_MAX_KEY_SIZE];
-	u32 size;
-} __packed;
-
 /*
  * A pointer to this structure is stored in the file system's in-core
  * representation of an inode.
diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h
index 048a85e9f017..9691fda01245 100644
--- a/include/uapi/linux/fs.h
+++ b/include/uapi/linux/fs.h
@@ -285,6 +285,19 @@  struct fscrypt_policy {
 #define FS_IOC_GET_ENCRYPTION_PWSALT	_IOW('f', 20, __u8[16])
 #define FS_IOC_GET_ENCRYPTION_POLICY	_IOW('f', 21, struct fscrypt_policy)
 
+/* Parameters for passing an encryption key into the kernel keyring */
+#define FS_KEY_DESC_PREFIX		"fscrypt:"
+#define FS_KEY_DESC_PREFIX_SIZE		8
+
+/* Structure that userspace passes to the kernel keyring */
+#define FS_MAX_KEY_SIZE			64
+
+struct fscrypt_key {
+	__u32 mode;
+	__u8 raw[FS_MAX_KEY_SIZE];
+	__u32 size;
+};
+
 /*
  * Inode flags (FS_IOC_GETFLAGS / FS_IOC_SETFLAGS)
  *