From: Mike Halcrow <mhalcrow@us.ibm.com>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
Mike Halcrow <mhalcrow@us.ibm.com>,
Mike Halcrow <mike@halcrow.us>
Subject: [PATCH 6/12] Add ecryptfs_ prefix to mount options; key size parameter
Date: Tue, 20 Jun 2006 16:23:39 -0500 [thread overview]
Message-ID: <E1FsnhD-00079L-Tj@localhost.localdomain> (raw)
In-Reply-To: <20060620212134.GB18701@us.ibm.com>
Add ecryptfs_ prefix to ecryptfs-specific mount options to avoid
conflicts from changes to /bin/mount. Debian's addition of ``keybits''
in its mount program left us scratching our heads when we happened to
pick the exact same parameter name at first for this patch. This patch
includes an aptly-named parameter to set the number of key bytes.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
---
fs/ecryptfs/ecryptfs_kernel.h | 1 +
fs/ecryptfs/main.c | 36 +++++++++++++++++++++++++++++++++++-
2 files changed, 36 insertions(+), 1 deletions(-)
5488f5ad764088bb99ba1980d9967da3aeb2ff12
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 1fd6039..4dc95af 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -220,6 +220,7 @@ struct ecryptfs_mount_crypt_stat {
/* Pointers to memory we do not own, do not free these */
struct ecryptfs_auth_tok *global_auth_tok;
struct key *global_auth_tok_key;
+ unsigned int global_default_cipher_key_bits;
unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE
+ 1];
unsigned char global_auth_tok_sig[ECRYPTFS_SIG_SIZE_HEX + 1];
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 5cbc948..57bbce7 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -125,13 +125,19 @@ out:
return rc;
}
-enum { ecryptfs_opt_sig, ecryptfs_opt_debug, ecryptfs_opt_cipher,
+enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, ecryptfs_opt_debug,
+ ecryptfs_opt_ecryptfs_debug, ecryptfs_opt_cipher,
+ ecryptfs_opt_ecryptfs_cipher, ecryptfs_opt_ecryptfs_key_bytes,
ecryptfs_opt_err };
static match_table_t tokens = {
{ecryptfs_opt_sig, "sig=%s"},
+ {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"},
{ecryptfs_opt_debug, "debug=%u"},
+ {ecryptfs_opt_ecryptfs_debug, "ecryptfs_debug=%u"},
{ecryptfs_opt_cipher, "cipher=%s"},
+ {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"},
+ {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"},
{ecryptfs_opt_err, NULL}
};
@@ -192,6 +198,8 @@ static int ecryptfs_parse_options(struct
int rc = 0;
int sig_set = 0;
int cipher_name_set = 0;
+ int cipher_key_bytes;
+ int cipher_key_bytes_set = 0;
struct key *auth_tok_key = NULL;
struct ecryptfs_auth_tok *auth_tok = NULL;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
@@ -203,6 +211,7 @@ static int ecryptfs_parse_options(struct
char *debug_src;
char *cipher_name_dst;
char *cipher_name_src;
+ char *cipher_key_bytes_src;
int cipher_name_len;
if (!options) {
@@ -215,6 +224,7 @@ static int ecryptfs_parse_options(struct
token = match_token(p, tokens, args);
switch (token) {
case ecryptfs_opt_sig:
+ case ecryptfs_opt_ecryptfs_sig:
sig_src = args[0].from;
sig_dst =
mount_crypt_stat->global_auth_tok_sig;
@@ -227,6 +237,7 @@ static int ecryptfs_parse_options(struct
sig_set = 1;
break;
case ecryptfs_opt_debug:
+ case ecryptfs_opt_ecryptfs_debug:
debug_src = args[0].from;
ecryptfs_verbosity =
(int)simple_strtol(debug_src, &debug_src,
@@ -236,6 +247,7 @@ static int ecryptfs_parse_options(struct
ecryptfs_verbosity);
break;
case ecryptfs_opt_cipher:
+ case ecryptfs_opt_ecryptfs_cipher:
cipher_name_src = args[0].from;
cipher_name_dst =
mount_crypt_stat->
@@ -248,6 +260,20 @@ static int ecryptfs_parse_options(struct
"[%s]\n", cipher_name_dst);
cipher_name_set = 1;
break;
+ case ecryptfs_opt_ecryptfs_key_bytes:
+ cipher_key_bytes_src = args[0].from;
+ cipher_key_bytes =
+ (int)simple_strtol(cipher_key_bytes_src,
+ &cipher_key_bytes_src, 0);
+ mount_crypt_stat->global_default_cipher_key_bits =
+ cipher_key_bytes << 3;
+ ecryptfs_printk(KERN_DEBUG,
+ "The mount_crypt_stat "
+ "global_default_cipher_key_bits "
+ "set to: [%d]\n", mount_crypt_stat->
+ global_default_cipher_key_bits);
+ cipher_key_bytes_set = 1;
+ break;
case ecryptfs_opt_err:
default:
ecryptfs_printk(KERN_WARNING,
@@ -277,6 +303,14 @@ static int ecryptfs_parse_options(struct
mount_crypt_stat->global_default_cipher_name[cipher_name_len]
= '\0';
}
+ if (!cipher_key_bytes_set) {
+ mount_crypt_stat->global_default_cipher_key_bits =
+ ECRYPTFS_DEFAULT_KEY_BYTES << 3;
+ ecryptfs_printk(KERN_DEBUG, "Cipher key bits were not "
+ "specified. Defaulting to [%d]\n",
+ mount_crypt_stat->
+ global_default_cipher_key_bits);
+ }
ecryptfs_printk(KERN_DEBUG, "Requesting the key with description: "
"[%s]\n", mount_crypt_stat->global_auth_tok_sig);
/* The reference to this key is held until umount is done The
--
1.3.3
next prev parent reply other threads:[~2006-06-20 21:23 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-20 21:21 [PATCH 0/12] eCryptfs minor fixes; support for cipher/key size selection Michael Halcrow
2006-06-20 21:22 ` [PATCH 1/12] asm/scatterlist.h -> linux/scatterlist.h Mike Halcrow
2006-06-20 21:22 ` [PATCH 2/12] Support for larger maximum key size Mike Halcrow
2006-06-21 14:49 ` Timothy R. Chavez
2006-06-21 15:50 ` Michael Halcrow
2006-06-20 21:23 ` [PATCH 3/12] Add codes for additional ciphers Mike Halcrow
2006-06-21 15:08 ` Timothy R. Chavez
2006-06-20 21:23 ` [PATCH 4/12] Unencrypted key size based on encrypted key size Mike Halcrow
2006-06-20 21:23 ` [PATCH 5/12] Packet and key management update for variable " Mike Halcrow
2006-06-20 21:23 ` Mike Halcrow [this message]
2006-06-20 21:23 ` [PATCH 7/12] Set the key size from the default for the mount Mike Halcrow
2006-06-20 21:23 ` [PATCH 8/12] Check for weak keys Mike Halcrow
2006-06-20 21:24 ` [PATCH 9/12] Add #define values for cipher codes from RFC2440 (OpenPGP) Mike Halcrow
2006-06-20 21:24 ` [PATCH 10/12] Convert bits to bytes Mike Halcrow
2006-06-20 21:24 ` [PATCH 11/12] More elegant AES key size manipulation Mike Halcrow
2006-06-20 21:24 ` [PATCH 12/12] More intelligent use of TFM objects Mike Halcrow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1FsnhD-00079L-Tj@localhost.localdomain \
--to=mhalcrow@us.ibm.com \
--cc=akpm@osdl.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mike@halcrow.us \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).