On Wed, Apr 5, 2017 at 12:39 AM, Joe Richey <joerichey94@xxxxxxxxx> wrote:
> From: Joe Richey <joerichey@xxxxxxxxxx>
>
> This commit exposes the necessary constants and structures for a
> userspace program to pass filesystem encryption keys into the keyring.
> The fscrypt_key structure was already part of the kernel ABI, this
> change just makes it so programs no longer have to redeclare these
> structures (like e4crypt in e2fsprogs currently does).
>
> Note that we do not expose the other FS_*_KEY_SIZE constants as they are
> not necessary. Only XTS is supported for contents_encryption_mode, so
> currently FS_MAX_KEY_SIZE bytes of key material must always be passed to
> the kernel.
>
> This commit also removes __packed from fscrypt_key as it does not
> contain any implicit padding and does not refer to an on-disk structure.
>
> Change-Id: Iafc7d0f2127a5521a4566e59f2ed1ffc1526a62b
Same here. :)
> Signed-off-by: Joe Richey <joerichey@xxxxxxxxxx>
> ---
> fs/crypto/fscrypt_private.h | 11 -----------
> include/uapi/linux/fs.h | 13 +++++++++++++
> 2 files changed, 13 insertions(+), 11 deletions(-)
>
> diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h
> index e39696e64494..e08ca6d1ca0f 100644
> --- a/fs/crypto/fscrypt_private.h
> +++ b/fs/crypto/fscrypt_private.h
> @@ -22,10 +22,6 @@
> #define FS_AES_256_CBC_KEY_SIZE 32
> #define FS_AES_256_CTS_KEY_SIZE 32
> #define FS_AES_256_XTS_KEY_SIZE 64
> -#define FS_MAX_KEY_SIZE 64
> -
> -#define FS_KEY_DESC_PREFIX "fscrypt:"
> -#define FS_KEY_DESC_PREFIX_SIZE 8
>
> #define FS_KEY_DERIVATION_NONCE_SIZE 16
>
> @@ -51,13 +47,6 @@ struct fscrypt_context {
>
> #define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1
>
> -/* This is passed in from userspace into the kernel keyring */
> -struct fscrypt_key {
> - u32 mode;
> - u8 raw[FS_MAX_KEY_SIZE];
> - u32 size;
> -} __packed;
> -
> /*
> * A pointer to this structure is stored in the file system's in-core
> * representation of an inode.
> diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h
> index 048a85e9f017..9691fda01245 100644
> --- a/include/uapi/linux/fs.h
> +++ b/include/uapi/linux/fs.h
> @@ -285,6 +285,19 @@ struct fscrypt_policy {
> #define FS_IOC_GET_ENCRYPTION_PWSALT _IOW('f', 20, __u8[16])
> #define FS_IOC_GET_ENCRYPTION_POLICY _IOW('f', 21, struct fscrypt_policy)
>
> +/* Parameters for passing an encryption key into the kernel keyring */
> +#define FS_KEY_DESC_PREFIX "fscrypt:"
> +#define FS_KEY_DESC_PREFIX_SIZE 8
> +
> +/* Structure that userspace passes to the kernel keyring */
> +#define FS_MAX_KEY_SIZE 64
> +
> +struct fscrypt_key {
> + __u32 mode;
> + __u8 raw[FS_MAX_KEY_SIZE];
> + __u32 size;
> +};
> +
Reviewed-by: Richard Weinberger <richard@xxxxxx>
--
Thanks,
//richard
