From: Mike Halcrow <mhalcrow@us.ibm.com>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
Mike Halcrow <mhalcrow@us.ibm.com>,
Mike Halcrow <mike@halcrow.us>
Subject: [PATCH 6/12] Add ecryptfs_ prefix to mount options; key size parameter
Date: Tue, 20 Jun 2006 16:23:39 -0500 [thread overview]
Message-ID: <E1FsnhD-00079L-Tj@localhost.localdomain> (raw)
In-Reply-To: <20060620212134.GB18701@us.ibm.com>
Add ecryptfs_ prefix to ecryptfs-specific mount options to avoid
conflicts from changes to /bin/mount. Debian's addition of ``keybits''
in its mount program left us scratching our heads when we happened to
pick the exact same parameter name at first for this patch. This patch
includes an aptly-named parameter to set the number of key bytes.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
---
fs/ecryptfs/ecryptfs_kernel.h | 1 +
fs/ecryptfs/main.c | 36 +++++++++++++++++++++++++++++++++++-
2 files changed, 36 insertions(+), 1 deletions(-)
5488f5ad764088bb99ba1980d9967da3aeb2ff12
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 1fd6039..4dc95af 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -220,6 +220,7 @@ struct ecryptfs_mount_crypt_stat {
/* Pointers to memory we do not own, do not free these */
struct ecryptfs_auth_tok *global_auth_tok;
struct key *global_auth_tok_key;
+ unsigned int global_default_cipher_key_bits;
unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE
+ 1];
unsigned char global_auth_tok_sig[ECRYPTFS_SIG_SIZE_HEX + 1];
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 5cbc948..57bbce7 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -125,13 +125,19 @@ out:
return rc;
}
-enum { ecryptfs_opt_sig, ecryptfs_opt_debug, ecryptfs_opt_cipher,
+enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, ecryptfs_opt_debug,
+ ecryptfs_opt_ecryptfs_debug, ecryptfs_opt_cipher,
+ ecryptfs_opt_ecryptfs_cipher, ecryptfs_opt_ecryptfs_key_bytes,
ecryptfs_opt_err };
static match_table_t tokens = {
{ecryptfs_opt_sig, "sig=%s"},
+ {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"},
{ecryptfs_opt_debug, "debug=%u"},
+ {ecryptfs_opt_ecryptfs_debug, "ecryptfs_debug=%u"},
{ecryptfs_opt_cipher, "cipher=%s"},
+ {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"},
+ {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"},
{ecryptfs_opt_err, NULL}
};
@@ -192,6 +198,8 @@ static int ecryptfs_parse_options(struct
int rc = 0;
int sig_set = 0;
int cipher_name_set = 0;
+ int cipher_key_bytes;
+ int cipher_key_bytes_set = 0;
struct key *auth_tok_key = NULL;
struct ecryptfs_auth_tok *auth_tok = NULL;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
@@ -203,6 +211,7 @@ static int ecryptfs_parse_options(struct
char *debug_src;
char *cipher_name_dst;
char *cipher_name_src;
+ char *cipher_key_bytes_src;
int cipher_name_len;
if (!options) {
@@ -215,6 +224,7 @@ static int ecryptfs_parse_options(struct
token = match_token(p, tokens, args);
switch (token) {
case ecryptfs_opt_sig:
+ case ecryptfs_opt_ecryptfs_sig:
sig_src = args[0].from;
sig_dst =
mount_crypt_stat->global_auth_tok_sig;
@@ -227,6 +237,7 @@ static int ecryptfs_parse_options(struct
sig_set = 1;
break;
case ecryptfs_opt_debug:
+ case ecryptfs_opt_ecryptfs_debug:
debug_src = args[0].from;
ecryptfs_verbosity =
(int)simple_strtol(debug_src, &debug_src,
@@ -236,6 +247,7 @@ static int ecryptfs_parse_options(struct
ecryptfs_verbosity);
break;
case ecryptfs_opt_cipher:
+ case ecryptfs_opt_ecryptfs_cipher:
cipher_name_src = args[0].from;
cipher_name_dst =
mount_crypt_stat->
@@ -248,6 +260,20 @@ static int ecryptfs_parse_options(struct
"[%s]\n", cipher_name_dst);
cipher_name_set = 1;
break;
+ case ecryptfs_opt_ecryptfs_key_bytes:
+ cipher_key_bytes_src = args[0].from;
+ cipher_key_bytes =
+ (int)simple_strtol(cipher_key_bytes_src,
+ &cipher_key_bytes_src, 0);
+ mount_crypt_stat->global_default_cipher_key_bits =
+ cipher_key_bytes << 3;
+ ecryptfs_printk(KERN_DEBUG,
+ "The mount_crypt_stat "
+ "global_default_cipher_key_bits "
+ "set to: [%d]\n", mount_crypt_stat->
+ global_default_cipher_key_bits);
+ cipher_key_bytes_set = 1;
+ break;
case ecryptfs_opt_err:
default:
ecryptfs_printk(KERN_WARNING,
@@ -277,6 +303,14 @@ static int ecryptfs_parse_options(struct
mount_crypt_stat->global_default_cipher_name[cipher_name_len]
= '\0';
}
+ if (!cipher_key_bytes_set) {
+ mount_crypt_stat->global_default_cipher_key_bits =
+ ECRYPTFS_DEFAULT_KEY_BYTES << 3;
+ ecryptfs_printk(KERN_DEBUG, "Cipher key bits were not "
+ "specified. Defaulting to [%d]\n",
+ mount_crypt_stat->
+ global_default_cipher_key_bits);
+ }
ecryptfs_printk(KERN_DEBUG, "Requesting the key with description: "
"[%s]\n", mount_crypt_stat->global_auth_tok_sig);
/* The reference to this key is held until umount is done The
--
1.3.3
next prev parent reply other threads:[~2006-06-20 21:23 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-20 21:21 [PATCH 0/12] eCryptfs minor fixes; support for cipher/key size selection Michael Halcrow
2006-06-20 21:22 ` [PATCH 1/12] asm/scatterlist.h -> linux/scatterlist.h Mike Halcrow
2006-06-20 21:22 ` [PATCH 2/12] Support for larger maximum key size Mike Halcrow
2006-06-21 14:49 ` Timothy R. Chavez
2006-06-21 15:50 ` Michael Halcrow
2006-06-20 21:23 ` [PATCH 3/12] Add codes for additional ciphers Mike Halcrow
2006-06-21 15:08 ` Timothy R. Chavez
2006-06-20 21:23 ` [PATCH 4/12] Unencrypted key size based on encrypted key size Mike Halcrow
2006-06-20 21:23 ` [PATCH 5/12] Packet and key management update for variable " Mike Halcrow
2006-06-20 21:23 ` Mike Halcrow [this message]
2006-06-20 21:23 ` [PATCH 7/12] Set the key size from the default for the mount Mike Halcrow
2006-06-20 21:23 ` [PATCH 8/12] Check for weak keys Mike Halcrow
2006-06-20 21:24 ` [PATCH 9/12] Add #define values for cipher codes from RFC2440 (OpenPGP) Mike Halcrow
2006-06-20 21:24 ` [PATCH 10/12] Convert bits to bytes Mike Halcrow
2006-06-20 21:24 ` [PATCH 11/12] More elegant AES key size manipulation Mike Halcrow
2006-06-20 21:24 ` [PATCH 12/12] More intelligent use of TFM objects Mike Halcrow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1FsnhD-00079L-Tj@localhost.localdomain \
--to=mhalcrow@us.ibm.com \
--cc=akpm@osdl.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mike@halcrow.us \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.