1
2
3
4
5
6
7
8
9
10
11
12
13#ifndef _LINUX_FSCRYPT_H
14#define _LINUX_FSCRYPT_H
15
16#include <linux/fs.h>
17#include <linux/mm.h>
18#include <linux/slab.h>
19
20#define FS_CRYPTO_BLOCK_SIZE 16
21
22struct fscrypt_ctx;
23struct fscrypt_info;
24
25struct fscrypt_str {
26 unsigned char *name;
27 u32 len;
28};
29
30struct fscrypt_name {
31 const struct qstr *usr_fname;
32 struct fscrypt_str disk_name;
33 u32 hash;
34 u32 minor_hash;
35 struct fscrypt_str crypto_buf;
36 bool is_ciphertext_name;
37};
38
39#define FSTR_INIT(n, l) { .name = n, .len = l }
40#define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len)
41#define fname_name(p) ((p)->disk_name.name)
42#define fname_len(p) ((p)->disk_name.len)
43
44
45#define FSCRYPT_SET_CONTEXT_MAX_SIZE 28
46
47#ifdef CONFIG_FS_ENCRYPTION
48
49
50
51#define FS_CFLG_OWN_PAGES (1U << 1)
52
53
54
55
56struct fscrypt_operations {
57 unsigned int flags;
58 const char *key_prefix;
59 int (*get_context)(struct inode *, void *, size_t);
60 int (*set_context)(struct inode *, const void *, size_t, void *);
61 bool (*dummy_context)(struct inode *);
62 bool (*empty_dir)(struct inode *);
63 unsigned int max_namelen;
64};
65
66
67struct fscrypt_ctx {
68 union {
69 struct {
70 struct bio *bio;
71 struct work_struct work;
72 };
73 struct list_head free_list;
74 };
75 u8 flags;
76};
77
78static inline bool fscrypt_has_encryption_key(const struct inode *inode)
79{
80
81 return READ_ONCE(inode->i_crypt_info) != NULL;
82}
83
84static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
85{
86 return inode->i_sb->s_cop->dummy_context &&
87 inode->i_sb->s_cop->dummy_context(inode);
88}
89
90
91
92
93
94
95
96
97static inline void fscrypt_handle_d_move(struct dentry *dentry)
98{
99 dentry->d_flags &= ~DCACHE_ENCRYPTED_NAME;
100}
101
102
103extern void fscrypt_enqueue_decrypt_work(struct work_struct *);
104extern struct fscrypt_ctx *fscrypt_get_ctx(gfp_t);
105extern void fscrypt_release_ctx(struct fscrypt_ctx *);
106
107extern struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
108 unsigned int len,
109 unsigned int offs,
110 gfp_t gfp_flags);
111extern int fscrypt_encrypt_block_inplace(const struct inode *inode,
112 struct page *page, unsigned int len,
113 unsigned int offs, u64 lblk_num,
114 gfp_t gfp_flags);
115
116extern int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
117 unsigned int offs);
118extern int fscrypt_decrypt_block_inplace(const struct inode *inode,
119 struct page *page, unsigned int len,
120 unsigned int offs, u64 lblk_num);
121
122static inline bool fscrypt_is_bounce_page(struct page *page)
123{
124 return page->mapping == NULL;
125}
126
127static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
128{
129 return (struct page *)page_private(bounce_page);
130}
131
132extern void fscrypt_free_bounce_page(struct page *bounce_page);
133
134
135extern int fscrypt_ioctl_set_policy(struct file *, const void __user *);
136extern int fscrypt_ioctl_get_policy(struct file *, void __user *);
137extern int fscrypt_has_permitted_context(struct inode *, struct inode *);
138extern int fscrypt_inherit_context(struct inode *, struct inode *,
139 void *, bool);
140
141extern int fscrypt_get_encryption_info(struct inode *);
142extern void fscrypt_put_encryption_info(struct inode *);
143extern void fscrypt_free_inode(struct inode *);
144
145
146extern int fscrypt_setup_filename(struct inode *, const struct qstr *,
147 int lookup, struct fscrypt_name *);
148
149static inline void fscrypt_free_filename(struct fscrypt_name *fname)
150{
151 kfree(fname->crypto_buf.name);
152}
153
154extern int fscrypt_fname_alloc_buffer(const struct inode *, u32,
155 struct fscrypt_str *);
156extern void fscrypt_fname_free_buffer(struct fscrypt_str *);
157extern int fscrypt_fname_disk_to_usr(struct inode *, u32, u32,
158 const struct fscrypt_str *, struct fscrypt_str *);
159
160#define FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE 32
161
162
163#define FSCRYPT_FNAME_DIGEST(name, len) \
164 ((name) + round_down((len) - FS_CRYPTO_BLOCK_SIZE - 1, \
165 FS_CRYPTO_BLOCK_SIZE))
166
167#define FSCRYPT_FNAME_DIGEST_SIZE FS_CRYPTO_BLOCK_SIZE
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195struct fscrypt_digested_name {
196 u32 hash;
197 u32 minor_hash;
198 u8 digest[FSCRYPT_FNAME_DIGEST_SIZE];
199};
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
216 const u8 *de_name, u32 de_name_len)
217{
218 if (unlikely(!fname->disk_name.name)) {
219 const struct fscrypt_digested_name *n =
220 (const void *)fname->crypto_buf.name;
221 if (WARN_ON_ONCE(fname->usr_fname->name[0] != '_'))
222 return false;
223 if (de_name_len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE)
224 return false;
225 return !memcmp(FSCRYPT_FNAME_DIGEST(de_name, de_name_len),
226 n->digest, FSCRYPT_FNAME_DIGEST_SIZE);
227 }
228
229 if (de_name_len != fname->disk_name.len)
230 return false;
231 return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
232}
233
234
235extern void fscrypt_decrypt_bio(struct bio *);
236extern void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx,
237 struct bio *bio);
238extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t,
239 unsigned int);
240
241
242extern int fscrypt_file_open(struct inode *inode, struct file *filp);
243extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
244 struct dentry *dentry);
245extern int __fscrypt_prepare_rename(struct inode *old_dir,
246 struct dentry *old_dentry,
247 struct inode *new_dir,
248 struct dentry *new_dentry,
249 unsigned int flags);
250extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
251 struct fscrypt_name *fname);
252extern int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len,
253 unsigned int max_len,
254 struct fscrypt_str *disk_link);
255extern int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
256 unsigned int len,
257 struct fscrypt_str *disk_link);
258extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
259 unsigned int max_size,
260 struct delayed_call *done);
261static inline void fscrypt_set_ops(struct super_block *sb,
262 const struct fscrypt_operations *s_cop)
263{
264 sb->s_cop = s_cop;
265}
266#else
267
268static inline bool fscrypt_has_encryption_key(const struct inode *inode)
269{
270 return false;
271}
272
273static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
274{
275 return false;
276}
277
278static inline void fscrypt_handle_d_move(struct dentry *dentry)
279{
280}
281
282
283static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work)
284{
285}
286
287static inline struct fscrypt_ctx *fscrypt_get_ctx(gfp_t gfp_flags)
288{
289 return ERR_PTR(-EOPNOTSUPP);
290}
291
292static inline void fscrypt_release_ctx(struct fscrypt_ctx *ctx)
293{
294 return;
295}
296
297static inline struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
298 unsigned int len,
299 unsigned int offs,
300 gfp_t gfp_flags)
301{
302 return ERR_PTR(-EOPNOTSUPP);
303}
304
305static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
306 struct page *page,
307 unsigned int len,
308 unsigned int offs, u64 lblk_num,
309 gfp_t gfp_flags)
310{
311 return -EOPNOTSUPP;
312}
313
314static inline int fscrypt_decrypt_pagecache_blocks(struct page *page,
315 unsigned int len,
316 unsigned int offs)
317{
318 return -EOPNOTSUPP;
319}
320
321static inline int fscrypt_decrypt_block_inplace(const struct inode *inode,
322 struct page *page,
323 unsigned int len,
324 unsigned int offs, u64 lblk_num)
325{
326 return -EOPNOTSUPP;
327}
328
329static inline bool fscrypt_is_bounce_page(struct page *page)
330{
331 return false;
332}
333
334static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
335{
336 WARN_ON_ONCE(1);
337 return ERR_PTR(-EINVAL);
338}
339
340static inline void fscrypt_free_bounce_page(struct page *bounce_page)
341{
342}
343
344
345static inline int fscrypt_ioctl_set_policy(struct file *filp,
346 const void __user *arg)
347{
348 return -EOPNOTSUPP;
349}
350
351static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg)
352{
353 return -EOPNOTSUPP;
354}
355
356static inline int fscrypt_has_permitted_context(struct inode *parent,
357 struct inode *child)
358{
359 return 0;
360}
361
362static inline int fscrypt_inherit_context(struct inode *parent,
363 struct inode *child,
364 void *fs_data, bool preload)
365{
366 return -EOPNOTSUPP;
367}
368
369
370static inline int fscrypt_get_encryption_info(struct inode *inode)
371{
372 return -EOPNOTSUPP;
373}
374
375static inline void fscrypt_put_encryption_info(struct inode *inode)
376{
377 return;
378}
379
380static inline void fscrypt_free_inode(struct inode *inode)
381{
382}
383
384
385static inline int fscrypt_setup_filename(struct inode *dir,
386 const struct qstr *iname,
387 int lookup, struct fscrypt_name *fname)
388{
389 if (IS_ENCRYPTED(dir))
390 return -EOPNOTSUPP;
391
392 memset(fname, 0, sizeof(*fname));
393 fname->usr_fname = iname;
394 fname->disk_name.name = (unsigned char *)iname->name;
395 fname->disk_name.len = iname->len;
396 return 0;
397}
398
399static inline void fscrypt_free_filename(struct fscrypt_name *fname)
400{
401 return;
402}
403
404static inline int fscrypt_fname_alloc_buffer(const struct inode *inode,
405 u32 max_encrypted_len,
406 struct fscrypt_str *crypto_str)
407{
408 return -EOPNOTSUPP;
409}
410
411static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
412{
413 return;
414}
415
416static inline int fscrypt_fname_disk_to_usr(struct inode *inode,
417 u32 hash, u32 minor_hash,
418 const struct fscrypt_str *iname,
419 struct fscrypt_str *oname)
420{
421 return -EOPNOTSUPP;
422}
423
424static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
425 const u8 *de_name, u32 de_name_len)
426{
427
428 if (de_name_len != fname->disk_name.len)
429 return false;
430 return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
431}
432
433
434static inline void fscrypt_decrypt_bio(struct bio *bio)
435{
436}
437
438static inline void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx,
439 struct bio *bio)
440{
441}
442
443static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
444 sector_t pblk, unsigned int len)
445{
446 return -EOPNOTSUPP;
447}
448
449
450
451static inline int fscrypt_file_open(struct inode *inode, struct file *filp)
452{
453 if (IS_ENCRYPTED(inode))
454 return -EOPNOTSUPP;
455 return 0;
456}
457
458static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
459 struct dentry *dentry)
460{
461 return -EOPNOTSUPP;
462}
463
464static inline int __fscrypt_prepare_rename(struct inode *old_dir,
465 struct dentry *old_dentry,
466 struct inode *new_dir,
467 struct dentry *new_dentry,
468 unsigned int flags)
469{
470 return -EOPNOTSUPP;
471}
472
473static inline int __fscrypt_prepare_lookup(struct inode *dir,
474 struct dentry *dentry,
475 struct fscrypt_name *fname)
476{
477 return -EOPNOTSUPP;
478}
479
480static inline int __fscrypt_prepare_symlink(struct inode *dir,
481 unsigned int len,
482 unsigned int max_len,
483 struct fscrypt_str *disk_link)
484{
485 return -EOPNOTSUPP;
486}
487
488
489static inline int __fscrypt_encrypt_symlink(struct inode *inode,
490 const char *target,
491 unsigned int len,
492 struct fscrypt_str *disk_link)
493{
494 return -EOPNOTSUPP;
495}
496
497static inline const char *fscrypt_get_symlink(struct inode *inode,
498 const void *caddr,
499 unsigned int max_size,
500 struct delayed_call *done)
501{
502 return ERR_PTR(-EOPNOTSUPP);
503}
504
505static inline void fscrypt_set_ops(struct super_block *sb,
506 const struct fscrypt_operations *s_cop)
507{
508}
509
510#endif
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525static inline int fscrypt_require_key(struct inode *inode)
526{
527 if (IS_ENCRYPTED(inode)) {
528 int err = fscrypt_get_encryption_info(inode);
529
530 if (err)
531 return err;
532 if (!fscrypt_has_encryption_key(inode))
533 return -ENOKEY;
534 }
535 return 0;
536}
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556static inline int fscrypt_prepare_link(struct dentry *old_dentry,
557 struct inode *dir,
558 struct dentry *dentry)
559{
560 if (IS_ENCRYPTED(dir))
561 return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry);
562 return 0;
563}
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586static inline int fscrypt_prepare_rename(struct inode *old_dir,
587 struct dentry *old_dentry,
588 struct inode *new_dir,
589 struct dentry *new_dentry,
590 unsigned int flags)
591{
592 if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
593 return __fscrypt_prepare_rename(old_dir, old_dentry,
594 new_dir, new_dentry, flags);
595 return 0;
596}
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617static inline int fscrypt_prepare_lookup(struct inode *dir,
618 struct dentry *dentry,
619 struct fscrypt_name *fname)
620{
621 if (IS_ENCRYPTED(dir))
622 return __fscrypt_prepare_lookup(dir, dentry, fname);
623
624 memset(fname, 0, sizeof(*fname));
625 fname->usr_fname = &dentry->d_name;
626 fname->disk_name.name = (unsigned char *)dentry->d_name.name;
627 fname->disk_name.len = dentry->d_name.len;
628 return 0;
629}
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648static inline int fscrypt_prepare_setattr(struct dentry *dentry,
649 struct iattr *attr)
650{
651 if (attr->ia_valid & ATTR_SIZE)
652 return fscrypt_require_key(d_inode(dentry));
653 return 0;
654}
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679static inline int fscrypt_prepare_symlink(struct inode *dir,
680 const char *target,
681 unsigned int len,
682 unsigned int max_len,
683 struct fscrypt_str *disk_link)
684{
685 if (IS_ENCRYPTED(dir) || fscrypt_dummy_context_enabled(dir))
686 return __fscrypt_prepare_symlink(dir, len, max_len, disk_link);
687
688 disk_link->name = (unsigned char *)target;
689 disk_link->len = len + 1;
690 if (disk_link->len > max_len)
691 return -ENAMETOOLONG;
692 return 0;
693}
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710static inline int fscrypt_encrypt_symlink(struct inode *inode,
711 const char *target,
712 unsigned int len,
713 struct fscrypt_str *disk_link)
714{
715 if (IS_ENCRYPTED(inode))
716 return __fscrypt_encrypt_symlink(inode, target, len, disk_link);
717 return 0;
718}
719
720
721static inline void fscrypt_finalize_bounce_page(struct page **pagep)
722{
723 struct page *page = *pagep;
724
725 if (fscrypt_is_bounce_page(page)) {
726 *pagep = fscrypt_pagecache_page(page);
727 fscrypt_free_bounce_page(page);
728 }
729}
730
731#endif
732