1
2
3
4
5
6
7
8
9
10
11
12
13#ifndef _LINUX_FSCRYPT_H
14#define _LINUX_FSCRYPT_H
15
16#include <linux/fs.h>
17#include <linux/mm.h>
18#include <linux/slab.h>
19
20#define FS_CRYPTO_BLOCK_SIZE 16
21
22struct fscrypt_ctx;
23struct fscrypt_info;
24
25struct fscrypt_str {
26 unsigned char *name;
27 u32 len;
28};
29
30struct fscrypt_name {
31 const struct qstr *usr_fname;
32 struct fscrypt_str disk_name;
33 u32 hash;
34 u32 minor_hash;
35 struct fscrypt_str crypto_buf;
36 bool is_ciphertext_name;
37};
38
39#define FSTR_INIT(n, l) { .name = n, .len = l }
40#define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len)
41#define fname_name(p) ((p)->disk_name.name)
42#define fname_len(p) ((p)->disk_name.len)
43
44
45#define FSCRYPT_SET_CONTEXT_MAX_SIZE 28
46
47#ifdef CONFIG_FS_ENCRYPTION
48
49
50
51#define FS_CFLG_OWN_PAGES (1U << 1)
52
53
54
55
56struct fscrypt_operations {
57 unsigned int flags;
58 const char *key_prefix;
59 int (*get_context)(struct inode *, void *, size_t);
60 int (*set_context)(struct inode *, const void *, size_t, void *);
61 bool (*dummy_context)(struct inode *);
62 bool (*empty_dir)(struct inode *);
63 unsigned int max_namelen;
64};
65
66struct fscrypt_ctx {
67 union {
68 struct {
69 struct page *bounce_page;
70 struct page *control_page;
71 } w;
72 struct {
73 struct bio *bio;
74 struct work_struct work;
75 } r;
76 struct list_head free_list;
77 };
78 u8 flags;
79};
80
81static inline bool fscrypt_has_encryption_key(const struct inode *inode)
82{
83
84 return READ_ONCE(inode->i_crypt_info) != NULL;
85}
86
87static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
88{
89 return inode->i_sb->s_cop->dummy_context &&
90 inode->i_sb->s_cop->dummy_context(inode);
91}
92
93
94
95
96
97
98
99
100static inline void fscrypt_handle_d_move(struct dentry *dentry)
101{
102 dentry->d_flags &= ~DCACHE_ENCRYPTED_NAME;
103}
104
105
106extern void fscrypt_enqueue_decrypt_work(struct work_struct *);
107extern struct fscrypt_ctx *fscrypt_get_ctx(gfp_t);
108extern void fscrypt_release_ctx(struct fscrypt_ctx *);
109extern struct page *fscrypt_encrypt_page(const struct inode *, struct page *,
110 unsigned int, unsigned int,
111 u64, gfp_t);
112extern int fscrypt_decrypt_page(const struct inode *, struct page *, unsigned int,
113 unsigned int, u64);
114
115static inline struct page *fscrypt_control_page(struct page *page)
116{
117 return ((struct fscrypt_ctx *)page_private(page))->w.control_page;
118}
119
120extern void fscrypt_restore_control_page(struct page *);
121
122
123extern int fscrypt_ioctl_set_policy(struct file *, const void __user *);
124extern int fscrypt_ioctl_get_policy(struct file *, void __user *);
125extern int fscrypt_has_permitted_context(struct inode *, struct inode *);
126extern int fscrypt_inherit_context(struct inode *, struct inode *,
127 void *, bool);
128
129extern int fscrypt_get_encryption_info(struct inode *);
130extern void fscrypt_put_encryption_info(struct inode *);
131extern void fscrypt_free_inode(struct inode *);
132
133
134extern int fscrypt_setup_filename(struct inode *, const struct qstr *,
135 int lookup, struct fscrypt_name *);
136
137static inline void fscrypt_free_filename(struct fscrypt_name *fname)
138{
139 kfree(fname->crypto_buf.name);
140}
141
142extern int fscrypt_fname_alloc_buffer(const struct inode *, u32,
143 struct fscrypt_str *);
144extern void fscrypt_fname_free_buffer(struct fscrypt_str *);
145extern int fscrypt_fname_disk_to_usr(struct inode *, u32, u32,
146 const struct fscrypt_str *, struct fscrypt_str *);
147
148#define FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE 32
149
150
151#define FSCRYPT_FNAME_DIGEST(name, len) \
152 ((name) + round_down((len) - FS_CRYPTO_BLOCK_SIZE - 1, \
153 FS_CRYPTO_BLOCK_SIZE))
154
155#define FSCRYPT_FNAME_DIGEST_SIZE FS_CRYPTO_BLOCK_SIZE
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183struct fscrypt_digested_name {
184 u32 hash;
185 u32 minor_hash;
186 u8 digest[FSCRYPT_FNAME_DIGEST_SIZE];
187};
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
204 const u8 *de_name, u32 de_name_len)
205{
206 if (unlikely(!fname->disk_name.name)) {
207 const struct fscrypt_digested_name *n =
208 (const void *)fname->crypto_buf.name;
209 if (WARN_ON_ONCE(fname->usr_fname->name[0] != '_'))
210 return false;
211 if (de_name_len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE)
212 return false;
213 return !memcmp(FSCRYPT_FNAME_DIGEST(de_name, de_name_len),
214 n->digest, FSCRYPT_FNAME_DIGEST_SIZE);
215 }
216
217 if (de_name_len != fname->disk_name.len)
218 return false;
219 return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
220}
221
222
223extern void fscrypt_decrypt_bio(struct bio *);
224extern void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx,
225 struct bio *bio);
226extern void fscrypt_pullback_bio_page(struct page **, bool);
227extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t,
228 unsigned int);
229
230
231extern int fscrypt_file_open(struct inode *inode, struct file *filp);
232extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
233 struct dentry *dentry);
234extern int __fscrypt_prepare_rename(struct inode *old_dir,
235 struct dentry *old_dentry,
236 struct inode *new_dir,
237 struct dentry *new_dentry,
238 unsigned int flags);
239extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
240 struct fscrypt_name *fname);
241extern int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len,
242 unsigned int max_len,
243 struct fscrypt_str *disk_link);
244extern int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
245 unsigned int len,
246 struct fscrypt_str *disk_link);
247extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
248 unsigned int max_size,
249 struct delayed_call *done);
250static inline void fscrypt_set_ops(struct super_block *sb,
251 const struct fscrypt_operations *s_cop)
252{
253 sb->s_cop = s_cop;
254}
255#else
256
257static inline bool fscrypt_has_encryption_key(const struct inode *inode)
258{
259 return false;
260}
261
262static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
263{
264 return false;
265}
266
267static inline void fscrypt_handle_d_move(struct dentry *dentry)
268{
269}
270
271
272static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work)
273{
274}
275
276static inline struct fscrypt_ctx *fscrypt_get_ctx(gfp_t gfp_flags)
277{
278 return ERR_PTR(-EOPNOTSUPP);
279}
280
281static inline void fscrypt_release_ctx(struct fscrypt_ctx *ctx)
282{
283 return;
284}
285
286static inline struct page *fscrypt_encrypt_page(const struct inode *inode,
287 struct page *page,
288 unsigned int len,
289 unsigned int offs,
290 u64 lblk_num, gfp_t gfp_flags)
291{
292 return ERR_PTR(-EOPNOTSUPP);
293}
294
295static inline int fscrypt_decrypt_page(const struct inode *inode,
296 struct page *page,
297 unsigned int len, unsigned int offs,
298 u64 lblk_num)
299{
300 return -EOPNOTSUPP;
301}
302
303static inline struct page *fscrypt_control_page(struct page *page)
304{
305 WARN_ON_ONCE(1);
306 return ERR_PTR(-EINVAL);
307}
308
309static inline void fscrypt_restore_control_page(struct page *page)
310{
311 return;
312}
313
314
315static inline int fscrypt_ioctl_set_policy(struct file *filp,
316 const void __user *arg)
317{
318 return -EOPNOTSUPP;
319}
320
321static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg)
322{
323 return -EOPNOTSUPP;
324}
325
326static inline int fscrypt_has_permitted_context(struct inode *parent,
327 struct inode *child)
328{
329 return 0;
330}
331
332static inline int fscrypt_inherit_context(struct inode *parent,
333 struct inode *child,
334 void *fs_data, bool preload)
335{
336 return -EOPNOTSUPP;
337}
338
339
340static inline int fscrypt_get_encryption_info(struct inode *inode)
341{
342 return -EOPNOTSUPP;
343}
344
345static inline void fscrypt_put_encryption_info(struct inode *inode)
346{
347 return;
348}
349
350static inline void fscrypt_free_inode(struct inode *inode)
351{
352}
353
354
355static inline int fscrypt_setup_filename(struct inode *dir,
356 const struct qstr *iname,
357 int lookup, struct fscrypt_name *fname)
358{
359 if (IS_ENCRYPTED(dir))
360 return -EOPNOTSUPP;
361
362 memset(fname, 0, sizeof(*fname));
363 fname->usr_fname = iname;
364 fname->disk_name.name = (unsigned char *)iname->name;
365 fname->disk_name.len = iname->len;
366 return 0;
367}
368
369static inline void fscrypt_free_filename(struct fscrypt_name *fname)
370{
371 return;
372}
373
374static inline int fscrypt_fname_alloc_buffer(const struct inode *inode,
375 u32 max_encrypted_len,
376 struct fscrypt_str *crypto_str)
377{
378 return -EOPNOTSUPP;
379}
380
381static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
382{
383 return;
384}
385
386static inline int fscrypt_fname_disk_to_usr(struct inode *inode,
387 u32 hash, u32 minor_hash,
388 const struct fscrypt_str *iname,
389 struct fscrypt_str *oname)
390{
391 return -EOPNOTSUPP;
392}
393
394static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
395 const u8 *de_name, u32 de_name_len)
396{
397
398 if (de_name_len != fname->disk_name.len)
399 return false;
400 return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
401}
402
403
404static inline void fscrypt_decrypt_bio(struct bio *bio)
405{
406}
407
408static inline void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx,
409 struct bio *bio)
410{
411}
412
413static inline void fscrypt_pullback_bio_page(struct page **page, bool restore)
414{
415 return;
416}
417
418static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
419 sector_t pblk, unsigned int len)
420{
421 return -EOPNOTSUPP;
422}
423
424
425
426static inline int fscrypt_file_open(struct inode *inode, struct file *filp)
427{
428 if (IS_ENCRYPTED(inode))
429 return -EOPNOTSUPP;
430 return 0;
431}
432
433static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
434 struct dentry *dentry)
435{
436 return -EOPNOTSUPP;
437}
438
439static inline int __fscrypt_prepare_rename(struct inode *old_dir,
440 struct dentry *old_dentry,
441 struct inode *new_dir,
442 struct dentry *new_dentry,
443 unsigned int flags)
444{
445 return -EOPNOTSUPP;
446}
447
448static inline int __fscrypt_prepare_lookup(struct inode *dir,
449 struct dentry *dentry,
450 struct fscrypt_name *fname)
451{
452 return -EOPNOTSUPP;
453}
454
455static inline int __fscrypt_prepare_symlink(struct inode *dir,
456 unsigned int len,
457 unsigned int max_len,
458 struct fscrypt_str *disk_link)
459{
460 return -EOPNOTSUPP;
461}
462
463
464static inline int __fscrypt_encrypt_symlink(struct inode *inode,
465 const char *target,
466 unsigned int len,
467 struct fscrypt_str *disk_link)
468{
469 return -EOPNOTSUPP;
470}
471
472static inline const char *fscrypt_get_symlink(struct inode *inode,
473 const void *caddr,
474 unsigned int max_size,
475 struct delayed_call *done)
476{
477 return ERR_PTR(-EOPNOTSUPP);
478}
479
480static inline void fscrypt_set_ops(struct super_block *sb,
481 const struct fscrypt_operations *s_cop)
482{
483}
484
485#endif
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500static inline int fscrypt_require_key(struct inode *inode)
501{
502 if (IS_ENCRYPTED(inode)) {
503 int err = fscrypt_get_encryption_info(inode);
504
505 if (err)
506 return err;
507 if (!fscrypt_has_encryption_key(inode))
508 return -ENOKEY;
509 }
510 return 0;
511}
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531static inline int fscrypt_prepare_link(struct dentry *old_dentry,
532 struct inode *dir,
533 struct dentry *dentry)
534{
535 if (IS_ENCRYPTED(dir))
536 return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry);
537 return 0;
538}
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561static inline int fscrypt_prepare_rename(struct inode *old_dir,
562 struct dentry *old_dentry,
563 struct inode *new_dir,
564 struct dentry *new_dentry,
565 unsigned int flags)
566{
567 if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
568 return __fscrypt_prepare_rename(old_dir, old_dentry,
569 new_dir, new_dentry, flags);
570 return 0;
571}
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592static inline int fscrypt_prepare_lookup(struct inode *dir,
593 struct dentry *dentry,
594 struct fscrypt_name *fname)
595{
596 if (IS_ENCRYPTED(dir))
597 return __fscrypt_prepare_lookup(dir, dentry, fname);
598
599 memset(fname, 0, sizeof(*fname));
600 fname->usr_fname = &dentry->d_name;
601 fname->disk_name.name = (unsigned char *)dentry->d_name.name;
602 fname->disk_name.len = dentry->d_name.len;
603 return 0;
604}
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623static inline int fscrypt_prepare_setattr(struct dentry *dentry,
624 struct iattr *attr)
625{
626 if (attr->ia_valid & ATTR_SIZE)
627 return fscrypt_require_key(d_inode(dentry));
628 return 0;
629}
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654static inline int fscrypt_prepare_symlink(struct inode *dir,
655 const char *target,
656 unsigned int len,
657 unsigned int max_len,
658 struct fscrypt_str *disk_link)
659{
660 if (IS_ENCRYPTED(dir) || fscrypt_dummy_context_enabled(dir))
661 return __fscrypt_prepare_symlink(dir, len, max_len, disk_link);
662
663 disk_link->name = (unsigned char *)target;
664 disk_link->len = len + 1;
665 if (disk_link->len > max_len)
666 return -ENAMETOOLONG;
667 return 0;
668}
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685static inline int fscrypt_encrypt_symlink(struct inode *inode,
686 const char *target,
687 unsigned int len,
688 struct fscrypt_str *disk_link)
689{
690 if (IS_ENCRYPTED(inode))
691 return __fscrypt_encrypt_symlink(inode, target, len, disk_link);
692 return 0;
693}
694
695#endif
696