path: root/src/include/ecryptfs.h

/**
 * Header file for eCryptfs userspace tools.
 * 
 * Copyright (C) 2004-2008 International Business Machines Corp.
 *   Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
 *
 * The structs here are shared between kernel and userspace, so if you
 * are running a 64-bit kernel, you need to compile your userspace
 * applications as 64-bit binaries.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 * 02111-1307, USA.
 */

#ifndef ECRYTPFS_H
#define ECRYTPFS_H

#include <stdint.h>
#include <netdb.h>
#include <limits.h>
#include <termios.h>
#ifndef S_SPLINT_S
#include <stdio.h>
#include <syslog.h>
#endif
#include <pthread.h>
#include <unistd.h>
#ifndef S_SPLINT_S
#include <sys/types.h>
#include <linux/types.h>
#endif

/* Version verification for shared data structures w/ userspace */
#ifndef ECRYPTFS_VERSION_MAJOR
#define ECRYPTFS_VERSION_MAJOR 0x00
#endif
#ifndef ECRYPTFS_VERSION_MINOR
#define ECRYPTFS_VERSION_MINOR 0x04
#endif

#ifndef ECRYPTFS_SUPPORTED_FILE_VERSION
#define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03
#endif

/* These flags indicate which features are supported by the kernel
 * module; userspace tools such as the mount helper read from a sysfs
 * handle in order to determine how to behave. */
#define ECRYPTFS_VERSIONING_PASSPHRASE            0x00000001
#define ECRYPTFS_VERSIONING_PUBKEY                0x00000002
#define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004
#define ECRYPTFS_VERSIONING_POLICY                0x00000008
#define ECRYPTFS_VERSIONING_XATTR                 0x00000010
#define ECRYPTFS_VERSIONING_MULTKEY               0x00000020
#define ECRYPTFS_VERSIONING_MISCDEV               0x00000040
#define ECRYPTFS_VERSIONING_HMAC                  0x00000080
#define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION   0x00000100
#define ECRYPTFS_VERSIONING_GCM                   0x00000200

#define ECRYPTFS_MAX_PASSWORD_LENGTH 64
#define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH
#define ECRYPTFS_SALT_SIZE 8
#define ECRYPTFS_SALT_SIZE_HEX (ECRYPTFS_SALT_SIZE*2)
#define ECRYPTFS_DEFAULT_SALT_HEX "0011223344556677"
#define ECRYPTFS_DEFAULT_SALT_FNEK_HEX "9988776655443322"
/* The original signature size is only for what is stored on disk; all
 * in-memory representations are expanded hex, so it better adapted to
 * be passed around on the command line */
#define ECRYPTFS_SIG_SIZE 8
#define ECRYPTFS_SIG_SIZE_HEX (ECRYPTFS_SIG_SIZE*2)
#define ECRYPTFS_PASSWORD_SIG_SIZE ECRYPTFS_SIG_SIZE_HEX
#define ECRYPTFS_MAX_KEY_BYTES 64
#define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512
#define ECRYPTFS_DEFAULT_IV_BYTES 16
#define ECRYPTFS_FILE_VERSION 0x03
#define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192
#define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096
#define ECRPYTFS_STRING_LENGTH 128
#ifndef MAGIC_ECRYPTFS_MARKER_STR
#define MAGIC_ECRYPTFS_MARKER_STR "3c81b7f5"
#endif
#ifndef MAGIC_ECRYPTFS_MARKER
#define MAGIC_ECRYPTFS_MARKER 0x3c81b7f5
#define MAGIC_ECRYPTFS_MARKER_SIZE_BYTES 8	/* 4*2 */
#endif
#define MAX_NAME_SIZE 128
#define MAX_KEY_MOD_VALUE_SIZE 4096
#define ECRYPTFS_TAG_1_PACKET_TYPE 0x01
#define ECRYPTFS_TAG_3_PACKET_TYPE 0x8C
#define ECRYPTFS_TAG_11_PACKET_TYPE 0xED
#define ECRYPTFS_TAG_64_PACKET_TYPE 0x40
#define ECRYPTFS_TAG_65_PACKET_TYPE 0x41
#define ECRYPTFS_TAG_66_PACKET_TYPE 0x42
#define ECRYPTFS_TAG_67_PACKET_TYPE 0x43
#define ECRYPTFS_MSG_HELO 100
#define ECRYPTFS_MSG_QUIT 101
#define ECRYPTFS_MSG_REQUEST 102
#define ECRYPTFS_MSG_RESPONSE 103
#define ECRYPTFS_MSG_MAX_SIZE 1024
#define ECRYPTFS_MSG_ERROR_COUNT_THRESHOLD 8
#define ECRYPTFS_MAX_KEY_MOD_NAME_BYTES 16

#ifndef SHA512_DIGEST_LENGTH
#define SHA512_DIGEST_LENGTH 64
#endif

#ifndef SHA1_DIGEST_LENGTH
#define SHA1_DIGEST_LENGTH 20
#endif

#define PGP_DIGEST_ALGO_SHA512   10

/* TODO: Put this in configure.in, and make this ECRYPTFS_DEFAULT_KEY_MOD */
#define ECRYPTFS_KEY_MOD_OPENSSL "openssl"

#define ECRYPTFS_NOT_SALTLESS 0
#define ECRYPTFS_SALTLESS 1
/* Hash iterations are intended to make dictionary attacks more difficult */
#define ECRYPTFS_DEFAULT_NUM_HASH_ITERATIONS 65536

#define ECRYPTFS_FILE_SIZE_BYTES (sizeof(uint64_t))

#define ECRYPTFS_TAG_64_PACKET 0x40
#define ECRYPTFS_TAG_65_PACKET 0x41
#define ECRYPTFS_TAG_66_PACKET 0x42
#define ECRYPTFS_TAG_67_PACKET 0x43

#define ecryptfs_syslog(type, fmt, arg...) \
	syslog(type, "%s: " fmt, __FUNCTION__, ## arg);

#define ECRYPTFS_MAX_NUM_CIPHERS 64
#define ECRYPTFS_ECHO_ON 1
#define ECRYPTFS_ECHO_OFF 0

#define ECRYPTFS_AES_BLOCK_SIZE 16
#define ECRYPTFS_AES_KEY_BYTES 16

#define ECRYPTFS_DEFAULT_WRAPPED_PASSPHRASE_FILENAME "wrapped-passphrase"

#define ECRYPTFS_ERROR_INSERT_KEY "Error: Inserting key into the user session keyring failed"
#define ECRYPTFS_ERROR_UNWRAP "Error: Unwrapping passphrase failed"
#define ECRYPTFS_ERROR_UNWRAP_AND_INSERT "Error: Unwrapping passphrase and inserting into the user session keyring failed"
#define ECRYPTFS_ERROR_WRAP "Error: Wrapping passphrase failed"
#define ECRYPTFS_ERROR_FNEK_SUPPORT "Error: Your kernel does not support filename encryption"
#define ECRYPTFS_INFO_CHECK_LOG "Info: Check the system log for more information from libecryptfs"
#define ECRYPTFS_WARN_DEFAULT_SALT "Warning: Using default salt value (undefined in ~/.ecryptfsrc)"

extern int ecryptfs_verbosity;

/**
 * For convenience, we may need to pass around the encrypted session
 * key between kernel and userspace because the authentication token
 * may not be extractable.  For example, the TPM may not release the
 * private key, instead requiring the encrypted data and returning the
 * decrypted data.
 */
struct ecryptfs_session_key {
#define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT 0x00000001
#define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT 0x00000002
#define ECRYPTFS_CONTAINS_DECRYPTED_KEY 0x00000004
#define ECRYPTFS_CONTAINS_ENCRYPTED_KEY 0x00000008
	int32_t flags;
	int32_t encrypted_key_size;
	int32_t decrypted_key_size;
	uint8_t encrypted_key[ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES];
	uint8_t decrypted_key[ECRYPTFS_MAX_KEY_BYTES];
};

static const char common_salt[ECRYPTFS_SALT_SIZE] =
	{ (char)0x00, (char)0x11, (char)0x22, (char)0x33, (char)0x44,
	  (char)0x55, (char)0x66, (char)0x77 };

struct ecryptfs_password {
	int32_t password_bytes;
	int32_t hash_algo;
	int32_t hash_iterations;
	int32_t session_key_encryption_key_bytes;
#define ECRYPTFS_PERSISTENT_PASSWORD             0x01
#define ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET  0x02
	uint32_t flags;
	/* Iterated-hash concatenation of salt and passphrase */
	uint8_t session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
	uint8_t signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
	/* Always in expanded hex */
	uint8_t salt[ECRYPTFS_SALT_SIZE];
};

struct ecryptfs_private_key {
	uint32_t key_size;
	uint32_t data_len;
	uint8_t signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
	char key_mod_alias[ECRYPTFS_MAX_KEY_MOD_NAME_BYTES + 1];
	uint8_t data[];
};

enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY};



/* This struct must be identical to that as defined in the kernel. */
struct ecryptfs_auth_tok {
	uint16_t version; /* 8-bit major and 8-bit minor */
	uint16_t token_type;
#define ECRYPTFS_ENCRYPT_ONLY 0x00000001
	uint32_t flags;
	struct ecryptfs_session_key session_key;
	uint8_t reserved[32];
	union {
		struct ecryptfs_password password;
		struct ecryptfs_private_key private_key;
	} token;
}  __attribute__ ((packed));

struct ecryptfs_auth_tok_list {
	struct ecryptfs_auth_tok *auth_tok;
	struct ecryptfs_auth_tok_list *next;
};

struct ecryptfs_name_val_pair {
#define ECRYPTFS_DEFAULT_VALUE_SET	0x00000004
#define ECRYPTFS_PROCESSED      	0x00000008
#define ECRYPTFS_NO_ECHO		0x00000010
	uint32_t flags;
	char *name;
	char *value;
	struct ecryptfs_name_val_pair *parent;
#define NV_MAX_CHILDREN 16
	struct ecryptfs_name_val_pair *children[NV_MAX_CHILDREN];
	struct ecryptfs_name_val_pair *next;
};

void dump_auth_tok( struct ecryptfs_auth_tok *auth_tok );
extern void to_hex( char *dst, char *src, int src_size );
extern void from_hex( char *dst, char *src, int dst_size );
extern int generate_version_from_string(unsigned char *major,
					unsigned char *minor,
					char *version);

struct ecryptfs_daemon_info {
	char socket_file_full_path[PATH_MAX];
};

struct ecryptfs_message {
	uint32_t index;
	uint32_t data_len;
	uint8_t data[];
};

struct transition_node;

/**
 * @id: Internal (to the key module) identifier for this module
 *      parameter. The key module will use the key_mod_param id to
 *      match the given value for this parameter
 * @val: The value provided
 */
struct key_mod_param_val {
	int id;
	char *val;
};

/**
 * @id: Internal (to the key module) identifier for this module
 *      parameter. The key module will use the key_mod_param_val id to
 *      match the given value for this parameter
 * @option: The parameter option
 * @description: A long text description of the parameter option
 * @suggested_val: The value that will presented to the user as the
 *                 one to select
 * @default_val: The value that will be assigned by default if none is
 *               given
 * @val: Pointer to the struct key_mod_param_val provided for this
 *       struct key_mod_param. This is matched based on @id
 */
struct key_mod_param {
	int id;
	uint32_t flags;
	char *option;
	char *description;
	char *suggested_val;
	char *default_val;
	struct key_mod_param_val *val;
};

#define ECRYPTFS_BLOB_TYPE_BLOB 0
#define ECRYPTFS_BLOB_TYPE_HINT 1

#define ECRYPTFS_KEY_MOD_SUCCESS             0
#define ECRYPTFS_KEY_MOD_BADPARAM            1
#define ECRYPTFS_KEY_MOD_BUFTOOSMALL         2
#define ECRYPTFS_KEY_MOD_INSUFFICIENT_PARAMS 3
#define ECRYPTFS_KEY_MOD_DATA_TOO_LARGE      4
#define ECRYPTFS_KEY_MOD_ENCRYPT_FAILED      5
#define ECRYPTFS_KEY_MOD_DECRYPT_FAILED      6
#define ECRYPTFS_KEY_MOD_NO_SUCH_KEY         7
#define ECRYPTFS_KEY_MOD_HINT_INSUFFICIENT   8

struct ecryptfs_ctx_ops {
	int (*prompt)(char *prompt_type, char *prompt, char *input,
		      int input_size);
};

/**
 * @init: Allocates memory on the heap and sets the alias into that
 *        memory; callee will free
 * @get_params:
 * @get_key_data: The first uint32_t (big-endian) bytes indicate the
 *                key type. If key_data_len is 0, then libecryptfs
 *                will call get_key_sig() so that the key module can
 *                generate its own sig.
 * @get_key_sig: Optional. Allows the key module to generate its own
 *               key signature. Used in cases where libecryptfs does
 *               not know about the key type, so @get_key_data is of
 *               no use. @get_key_sig is not called if @get_key_data
 *               returns valid key data.
 * @encrypt: If to is NULL, only fill in to_size with the amount
 *           that the callee needs to allocate.
 * @decrypt: If to is NULL, only fill in to_size with the amount
 *           that the callee needs to allocate.
 * @finalize: Call when the entire key module is shutting down
 */
struct ecryptfs_key_mod_ops {
	int (*init)(char **alias);
	int (*get_gen_key_params)(struct key_mod_param **params,
				  uint32_t *num_params);
	int (*get_gen_key_subgraph_trans_node)(struct transition_node **trans,
					       uint32_t version);
	int (*get_params)(struct key_mod_param **params, uint32_t *num_params);
	int (*get_param_subgraph_trans_node)(struct transition_node **trans,
					     uint32_t version);
	int (*get_blob)(unsigned char *blob, size_t *blob_size,
			struct key_mod_param_val *param_vals,
			uint32_t num_param_vals);
	int (*get_key_data)(unsigned char *key_data, size_t *key_data_len,
			    unsigned char *blob);
	int (*get_key_sig)(unsigned char *sig, unsigned char *blob);
	int (*get_key_hint)(unsigned char *hint, size_t *hint_len,
			    unsigned char *blob);
	int (*encrypt)(char *to, size_t *to_size, char *from, size_t from_size,
		       unsigned char *blob, int blob_type);
	int (*decrypt)(char *to, size_t *to_size, char *from, size_t from_size,
		       unsigned char *blob, int blob_type);
	int (*destroy)(unsigned char *blob);
	int (*finalize)(void);
};

/**
 * @lib_handle:
 * @alias:
 * @lib_path:
 * @trans_into_mod_subgraph:
 * @ops:
 * @param_vals:
 * @num_param_vals:
 * @nvp_head:
 * @next:
 */
struct ecryptfs_key_mod {
	void *lib_handle;
	char *alias;
	char *lib_path;
	struct transition_node *trans_into_mod_subgraph;
	struct transition_node *trans_into_mod_key_gen_subgraph;
	struct ecryptfs_key_mod_ops *ops;
	struct key_mod_param_val *param_vals;
	uint32_t num_param_vals;
	char *blob;
	size_t blob_size;
	struct ecryptfs_key_mod *next;
};

struct ecryptfs_ctx {
	void *ctx_mutex;
	struct ecryptfs_key_mod key_mod_list_head;
	int verbosity;
	int (*get_string)(char **val, char *prompt, int echo);
	FILE *file_in;
	FILE *file_out;
	struct ecryptfs_name_val_pair *nvp_head;
};

enum main_menu_enum {
	MME_NULL,
	MME_MOUNT_PASSPHRASE,
	MME_MOUNT_PUBKEY,
	MME_GEN_PUBKEY,
	MME_ABORT
};

struct val_node;
struct param_node;

struct ecryptfs_nl_ctx {
	int socket_fd;
};

#define ECRYPTFS_DEFAULT_MISCDEV_FULLPATH_0 "/dev/ecryptfs"
#define ECRYPTFS_DEFAULT_MISCDEV_FULLPATH_1 "/dev/misc/ecryptfs"

struct ecryptfs_miscdev_ctx {
	char *miscdev_filename;
	int miscdev_fd;
};

struct ecryptfs_messaging_ctx {
#define ECRYPTFS_MESSAGING_TYPE_NETLINK 0x00000001 /* No longer supported */
#define ECRYPTFS_MESSAGING_TYPE_MISCDEV 0x00000002
	uint32_t type;
#define ECRYPTFS_MESSAGING_STATE_LISTENING 0x00000001
	uint32_t state;
	union {
		struct ecryptfs_miscdev_ctx miscdev_ctx;
		struct ecryptfs_nl_ctx nl_ctx;
	} ctx;
};

struct ecryptfs_crypt_stat_user {
#define ECRYPTFS_STRUCT_INITIALIZED 0x00000001
#define ECRYPTFS_POLICY_APPLIED     0x00000002
#define ECRYPTFS_NEW_FILE           0x00000004
#define ECRYPTFS_ENCRYPTED          0x00000008
#define ECRYPTFS_SECURITY_WARNING   0x00000010
#define ECRYPTFS_ENABLE_HMAC        0x00000020
#define ECRYPTFS_ENCRYPT_IV_PAGES   0x00000040
#define ECRYPTFS_KEY_VALID          0x00000080
#define ECRYPTFS_METADATA_IN_XATTR  0x00000100
#define ECRYPTFS_VIEW_AS_ENCRYPTED  0x00000200
#define ECRYPTFS_KEY_SET            0x00000400
	uint32_t flags;
	unsigned int file_version;
	uint64_t file_size;
	size_t iv_bytes;
	size_t num_header_bytes_at_front;
	size_t extent_size;
	size_t key_size;
	struct ecryptfs_auth_tok_list *ptr_to_auth_tok_list_head;
};

typedef struct binary_data {
	int size;
	unsigned char *data;
} binary_data;

int ecryptfs_get_version(uint32_t *version);
int ecryptfs_supports_passphrase(uint32_t version);
int ecryptfs_supports_pubkey(uint32_t version);
int ecryptfs_supports_plaintext_passthrough(uint32_t version);
int ecryptfs_supports_hmac(uint32_t version);
int ecryptfs_supports_filename_encryption(uint32_t version);
int ecryptfs_supports_policy(uint32_t version);
int ecryptfs_supports_xattr(uint32_t version);
#define ECRYPTFS_ASK_FOR_ALL_MOUNT_OPTIONS 0
#define ECRYPTFS_KEY_MODULE_ONLY 1
int ecryptfs_process_decision_graph(struct ecryptfs_ctx *ctx,
                                    struct val_node **head, uint32_t version,
                                    char *opts_str, int key_module_only);
int ecryptfs_process_key_gen_decision_graph(struct ecryptfs_ctx *ctx,
					    uint32_t version);
int get_string(char *val, int len, int echo);
int get_string_stdin(char **val, char *prompt, int echo);
int stack_pop(struct val_node **head);
int stack_pop_val(struct val_node **head, void **val);
int stack_push(struct val_node **head, void *val);
int ecryptfs_get_key_mod_list(struct ecryptfs_ctx* ctx);
int ecryptfs_parse_rc_file(struct ecryptfs_name_val_pair *nvp_list_head);
int ecryptfs_parse_options(char *opts, struct ecryptfs_name_val_pair *head);
int ecryptfs_eval_decision_graph(struct ecryptfs_ctx *ctx,
				 struct val_node **head,
				 struct param_node *root_node,
				 struct ecryptfs_name_val_pair *nvp_head);
int ecryptfs_add_passphrase_key_to_keyring(char *auth_tok_sig, char *passphrase,
					   char *salt);
int ecryptfs_add_key_module_key_to_keyring(char *auth_tok_sig,
					   struct ecryptfs_key_mod *key_mod);
int ecryptfs_read_salt_hex_from_rc(char *salt_hex);
int ecryptfs_generate_key(void);
int ecryptfs_free_key_mod_list(struct ecryptfs_ctx *ctx);
int create_default_dir(char *home, struct ecryptfs_key_mod *key_mod);
int
create_subdirectory(char *file, char *home, struct ecryptfs_key_mod *key_mod);
int parse_packet(struct ecryptfs_ctx *ctx,
		 struct ecryptfs_message *emsg,
		 struct ecryptfs_message **reply);
int ecryptfs_find_key_mod(struct ecryptfs_key_mod **key_mod,
			  struct ecryptfs_ctx *ctx, char *key_mod_alias);
int generate_passphrase_sig(char *passphrase_sig, char *fekek, char *salt,
			    char *passphrase);
int
generate_payload(struct ecryptfs_auth_tok *auth_tok, char *passphrase_sig,
		 char *salt, char *session_key_encryption_key);
int
ecryptfs_generate_key_payload(struct ecryptfs_auth_tok *auth_tok,
			      struct ecryptfs_key_mod *key_mod, char *sig,
			      size_t blob_size);
int parse_options_file(int fd, struct ecryptfs_name_val_pair *head);
int free_name_val_pairs(struct ecryptfs_name_val_pair *pair);
int ecryptfs_init_messaging(struct ecryptfs_messaging_ctx *mctx, uint32_t type);
int ecryptfs_messaging_exit(struct ecryptfs_messaging_ctx *mctx);
int ecryptfs_nvp_list_union(struct ecryptfs_name_val_pair *dst,
			    struct ecryptfs_name_val_pair *src,
			    struct ecryptfs_name_val_pair *allowed_duplicates);
int ecryptfs_read_salt_hex_from_rc(char *salt_hex);
#define ECRYPTFS_SIG_FLAG_NOENT 0x00000001
int ecryptfs_check_sig(char *auth_tok_sig, char *sig_cache_filename,
		       int *flags);
int ecryptfs_append_sig(char *auth_tok_sig, char *sig_cache_filename);
int __ecryptfs_detect_wrapped_passphrase_file_version(const char *filename,
						      uint8_t *version);
int ecryptfs_wrap_passphrase_file(char *dest, char *wrapping_passphrase,
 			     char *wrapping_salt, char *src);
int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase,
			     char *unused, char *decrypted_passphrase);
int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename,
			       char *wrapping_passphrase, char *wrapping_salt);
int ecryptfs_insert_wrapped_passphrase_into_keyring(
	char *auth_tok_sig, char *filename, char *wrapping_passphrase,
	char *salt);
char *ecryptfs_get_wrapped_passphrase_filename();
struct ecryptfs_key_mod_ops *passphrase_get_key_mod_ops(void);
int ecryptfs_validate_keyring(void);
#define ECRYPTFS_SHM_KEY 0x3c81b7f5
#define ECRYPTFS_SEM_KEY 0x3c81b7f6
#define ECRYPTFS_SHM_SIZE 4096
#define ECRYPTFS_ZOMBIE_SLEEP_SECONDS 300
int ecryptfs_set_zombie_session_placeholder(void);
int ecryptfs_kill_and_clear_zombie_session_placeholder(void);
int ecryptfs_list_zombie_session_placeholders(void);
int ecryptfs_build_linear_subgraph_from_nvp(struct transition_node **trans_node,
					    struct ecryptfs_key_mod *key_mod);
int ecryptfs_build_linear_subgraph(struct transition_node **trans_node,
				   struct ecryptfs_key_mod *key_mod);
int ecryptfs_generate_sig_from_key_data(unsigned char *sig,
					unsigned char *key_data,
					size_t key_data_len);
int ecryptfs_fill_in_dummy_ops(struct ecryptfs_key_mod_ops *key_mod_ops);
int ecryptfs_register_key_modules(struct ecryptfs_ctx* ctx);
int ecryptfs_write_packet_length(char *dest, size_t size,
				 size_t *packet_size_length);
int ecryptfs_parse_packet_length(unsigned char *data, size_t *size,
				 size_t *length_size);
int ecryptfs_get_proc_mount_point(char **proc_mount_point);
int ecryptfs_send_message(struct ecryptfs_messaging_ctx *mctx,
			  struct ecryptfs_message *msg,
			  unsigned char msg_type, uint16_t msg_flags,
			  uint32_t msg_seq);
int ecryptfs_init_miscdev(struct ecryptfs_miscdev_ctx *miscdev_ctx);
int ecryptfs_send_miscdev(struct ecryptfs_miscdev_ctx *miscdev_ctx,
			  struct ecryptfs_message *msg, uint8_t msg_type,
			  uint16_t msg_flags, uint32_t msg_seq);
void ecryptfs_release_miscdev(struct ecryptfs_miscdev_ctx *miscdev_ctx);
int ecryptfs_run_miscdev_daemon(struct ecryptfs_miscdev_ctx *miscdev_ctx);
struct ecryptfs_ctx_ops *cryptfs_get_ctx_opts(void);
int ecryptfs_parse_stat(struct ecryptfs_crypt_stat_user *crypt_stat, char *buf,
			size_t buf_size);
binary_data ecryptfs_passphrase_blob(char *salt, char *passphrase);
binary_data ecryptfs_passphrase_sig_from_blob(char *blob);
int ecryptfs_add_passphrase_blob_to_keyring(char *blob, char *sig);
int ecryptfs_remove_auth_tok_from_keyring(char *auth_tok_sig);
int ecryptfs_add_auth_tok_to_keyring(struct ecryptfs_auth_tok *auth_tok,
				     char *auth_tok_sig);
int ecryptfs_add_blob_to_keyring(char *blob, char *sig);

int ecryptfs_disable_echo(struct termios *saved_settings);
int ecryptfs_enable_echo(struct termios *saved_settings);
char *ecryptfs_get_passphrase(char *prompt);
int ecryptfs_run_daemon(struct ecryptfs_messaging_ctx *mctx);

#define ECRYPTFS_PRIVATE_DIR "Private"
char *ecryptfs_fetch_private_mnt(char *pw_dir);
int ecryptfs_private_is_mounted(char *dev, char *mnt, char *sig, int mounting);

#endif