Commit | Line | Data |
---|---|---|
32190f0a | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
46f47e48 | 2 | /* |
734f0d24 DC |
3 | * fscrypt.h: declarations for per-file encryption |
4 | * | |
643fa961 CR |
5 | * Filesystems that implement per-file encryption must include this header |
6 | * file. | |
46f47e48 EB |
7 | * |
8 | * Copyright (C) 2015, Google, Inc. | |
9 | * | |
10 | * Written by Michael Halcrow, 2015. | |
11 | * Modified by Jaegeuk Kim, 2015. | |
12 | */ | |
734f0d24 DC |
13 | #ifndef _LINUX_FSCRYPT_H |
14 | #define _LINUX_FSCRYPT_H | |
46f47e48 | 15 | |
46f47e48 | 16 | #include <linux/fs.h> |
643fa961 CR |
17 | #include <linux/mm.h> |
18 | #include <linux/slab.h> | |
7af0ab0d | 19 | #include <uapi/linux/fscrypt.h> |
46f47e48 EB |
20 | |
21 | #define FS_CRYPTO_BLOCK_SIZE 16 | |
22 | ||
542060c0 | 23 | struct fscrypt_ctx; |
46f47e48 EB |
24 | struct fscrypt_info; |
25 | ||
46f47e48 EB |
26 | struct fscrypt_str { |
27 | unsigned char *name; | |
28 | u32 len; | |
29 | }; | |
30 | ||
31 | struct fscrypt_name { | |
32 | const struct qstr *usr_fname; | |
33 | struct fscrypt_str disk_name; | |
34 | u32 hash; | |
35 | u32 minor_hash; | |
36 | struct fscrypt_str crypto_buf; | |
b01531db | 37 | bool is_ciphertext_name; |
46f47e48 EB |
38 | }; |
39 | ||
40 | #define FSTR_INIT(n, l) { .name = n, .len = l } | |
41 | #define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len) | |
42 | #define fname_name(p) ((p)->disk_name.name) | |
43 | #define fname_len(p) ((p)->disk_name.len) | |
44 | ||
af65207c TE |
45 | /* Maximum value for the third parameter of fscrypt_operations.set_context(). */ |
46 | #define FSCRYPT_SET_CONTEXT_MAX_SIZE 28 | |
47 | ||
643fa961 CR |
48 | #ifdef CONFIG_FS_ENCRYPTION |
49 | /* | |
50 | * fscrypt superblock flags | |
51 | */ | |
52 | #define FS_CFLG_OWN_PAGES (1U << 1) | |
53 | ||
54 | /* | |
55 | * crypto operations for filesystems | |
56 | */ | |
57 | struct fscrypt_operations { | |
58 | unsigned int flags; | |
59 | const char *key_prefix; | |
60 | int (*get_context)(struct inode *, void *, size_t); | |
61 | int (*set_context)(struct inode *, const void *, size_t, void *); | |
62 | bool (*dummy_context)(struct inode *); | |
63 | bool (*empty_dir)(struct inode *); | |
64 | unsigned int max_namelen; | |
65 | }; | |
66 | ||
2a415a02 | 67 | /* Decryption work */ |
643fa961 CR |
68 | struct fscrypt_ctx { |
69 | union { | |
643fa961 CR |
70 | struct { |
71 | struct bio *bio; | |
72 | struct work_struct work; | |
2a415a02 | 73 | }; |
643fa961 CR |
74 | struct list_head free_list; /* Free list */ |
75 | }; | |
76 | u8 flags; /* Flags */ | |
77 | }; | |
78 | ||
79 | static inline bool fscrypt_has_encryption_key(const struct inode *inode) | |
80 | { | |
e37a784d EB |
81 | /* pairs with cmpxchg_release() in fscrypt_get_encryption_info() */ |
82 | return READ_ONCE(inode->i_crypt_info) != NULL; | |
643fa961 CR |
83 | } |
84 | ||
85 | static inline bool fscrypt_dummy_context_enabled(struct inode *inode) | |
86 | { | |
87 | return inode->i_sb->s_cop->dummy_context && | |
88 | inode->i_sb->s_cop->dummy_context(inode); | |
89 | } | |
90 | ||
0bf3d5c1 EB |
91 | /* |
92 | * When d_splice_alias() moves a directory's encrypted alias to its decrypted | |
93 | * alias as a result of the encryption key being added, DCACHE_ENCRYPTED_NAME | |
94 | * must be cleared. Note that we don't have to support arbitrary moves of this | |
95 | * flag because fscrypt doesn't allow encrypted aliases to be the source or | |
96 | * target of a rename(). | |
97 | */ | |
98 | static inline void fscrypt_handle_d_move(struct dentry *dentry) | |
99 | { | |
100 | dentry->d_flags &= ~DCACHE_ENCRYPTED_NAME; | |
101 | } | |
102 | ||
643fa961 CR |
103 | /* crypto.c */ |
104 | extern void fscrypt_enqueue_decrypt_work(struct work_struct *); | |
cd0265fc | 105 | extern struct fscrypt_ctx *fscrypt_get_ctx(gfp_t); |
643fa961 | 106 | extern void fscrypt_release_ctx(struct fscrypt_ctx *); |
53bc1d85 EB |
107 | |
108 | extern struct page *fscrypt_encrypt_pagecache_blocks(struct page *page, | |
109 | unsigned int len, | |
110 | unsigned int offs, | |
111 | gfp_t gfp_flags); | |
03569f2f EB |
112 | extern int fscrypt_encrypt_block_inplace(const struct inode *inode, |
113 | struct page *page, unsigned int len, | |
114 | unsigned int offs, u64 lblk_num, | |
115 | gfp_t gfp_flags); | |
aa8bc1ac EB |
116 | |
117 | extern int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len, | |
118 | unsigned int offs); | |
41adbcb7 EB |
119 | extern int fscrypt_decrypt_block_inplace(const struct inode *inode, |
120 | struct page *page, unsigned int len, | |
121 | unsigned int offs, u64 lblk_num); | |
643fa961 | 122 | |
d2d0727b | 123 | static inline bool fscrypt_is_bounce_page(struct page *page) |
643fa961 | 124 | { |
d2d0727b | 125 | return page->mapping == NULL; |
643fa961 CR |
126 | } |
127 | ||
d2d0727b EB |
128 | static inline struct page *fscrypt_pagecache_page(struct page *bounce_page) |
129 | { | |
130 | return (struct page *)page_private(bounce_page); | |
131 | } | |
132 | ||
133 | extern void fscrypt_free_bounce_page(struct page *bounce_page); | |
643fa961 CR |
134 | |
135 | /* policy.c */ | |
136 | extern int fscrypt_ioctl_set_policy(struct file *, const void __user *); | |
137 | extern int fscrypt_ioctl_get_policy(struct file *, void __user *); | |
138 | extern int fscrypt_has_permitted_context(struct inode *, struct inode *); | |
139 | extern int fscrypt_inherit_context(struct inode *, struct inode *, | |
140 | void *, bool); | |
22d94f49 EB |
141 | /* keyring.c */ |
142 | extern void fscrypt_sb_free(struct super_block *sb); | |
143 | extern int fscrypt_ioctl_add_key(struct file *filp, void __user *arg); | |
b1c0ec35 | 144 | extern int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg); |
22d94f49 | 145 | |
feed8258 | 146 | /* keysetup.c */ |
643fa961 CR |
147 | extern int fscrypt_get_encryption_info(struct inode *); |
148 | extern void fscrypt_put_encryption_info(struct inode *); | |
2c58d548 | 149 | extern void fscrypt_free_inode(struct inode *); |
b1c0ec35 | 150 | extern int fscrypt_drop_inode(struct inode *inode); |
643fa961 CR |
151 | |
152 | /* fname.c */ | |
153 | extern int fscrypt_setup_filename(struct inode *, const struct qstr *, | |
154 | int lookup, struct fscrypt_name *); | |
155 | ||
156 | static inline void fscrypt_free_filename(struct fscrypt_name *fname) | |
157 | { | |
158 | kfree(fname->crypto_buf.name); | |
159 | } | |
160 | ||
161 | extern int fscrypt_fname_alloc_buffer(const struct inode *, u32, | |
162 | struct fscrypt_str *); | |
163 | extern void fscrypt_fname_free_buffer(struct fscrypt_str *); | |
164 | extern int fscrypt_fname_disk_to_usr(struct inode *, u32, u32, | |
165 | const struct fscrypt_str *, struct fscrypt_str *); | |
166 | ||
167 | #define FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE 32 | |
168 | ||
169 | /* Extracts the second-to-last ciphertext block; see explanation below */ | |
170 | #define FSCRYPT_FNAME_DIGEST(name, len) \ | |
171 | ((name) + round_down((len) - FS_CRYPTO_BLOCK_SIZE - 1, \ | |
172 | FS_CRYPTO_BLOCK_SIZE)) | |
173 | ||
174 | #define FSCRYPT_FNAME_DIGEST_SIZE FS_CRYPTO_BLOCK_SIZE | |
175 | ||
176 | /** | |
177 | * fscrypt_digested_name - alternate identifier for an on-disk filename | |
178 | * | |
179 | * When userspace lists an encrypted directory without access to the key, | |
180 | * filenames whose ciphertext is longer than FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE | |
181 | * bytes are shown in this abbreviated form (base64-encoded) rather than as the | |
182 | * full ciphertext (base64-encoded). This is necessary to allow supporting | |
183 | * filenames up to NAME_MAX bytes, since base64 encoding expands the length. | |
184 | * | |
185 | * To make it possible for filesystems to still find the correct directory entry | |
186 | * despite not knowing the full on-disk name, we encode any filesystem-specific | |
187 | * 'hash' and/or 'minor_hash' which the filesystem may need for its lookups, | |
188 | * followed by the second-to-last ciphertext block of the filename. Due to the | |
189 | * use of the CBC-CTS encryption mode, the second-to-last ciphertext block | |
190 | * depends on the full plaintext. (Note that ciphertext stealing causes the | |
191 | * last two blocks to appear "flipped".) This makes accidental collisions very | |
192 | * unlikely: just a 1 in 2^128 chance for two filenames to collide even if they | |
193 | * share the same filesystem-specific hashes. | |
194 | * | |
195 | * However, this scheme isn't immune to intentional collisions, which can be | |
196 | * created by anyone able to create arbitrary plaintext filenames and view them | |
197 | * without the key. Making the "digest" be a real cryptographic hash like | |
198 | * SHA-256 over the full ciphertext would prevent this, although it would be | |
199 | * less efficient and harder to implement, especially since the filesystem would | |
200 | * need to calculate it for each directory entry examined during a search. | |
201 | */ | |
202 | struct fscrypt_digested_name { | |
203 | u32 hash; | |
204 | u32 minor_hash; | |
205 | u8 digest[FSCRYPT_FNAME_DIGEST_SIZE]; | |
206 | }; | |
207 | ||
208 | /** | |
209 | * fscrypt_match_name() - test whether the given name matches a directory entry | |
210 | * @fname: the name being searched for | |
211 | * @de_name: the name from the directory entry | |
212 | * @de_name_len: the length of @de_name in bytes | |
213 | * | |
214 | * Normally @fname->disk_name will be set, and in that case we simply compare | |
215 | * that to the name stored in the directory entry. The only exception is that | |
216 | * if we don't have the key for an encrypted directory and a filename in it is | |
217 | * very long, then we won't have the full disk_name and we'll instead need to | |
218 | * match against the fscrypt_digested_name. | |
219 | * | |
220 | * Return: %true if the name matches, otherwise %false. | |
221 | */ | |
222 | static inline bool fscrypt_match_name(const struct fscrypt_name *fname, | |
223 | const u8 *de_name, u32 de_name_len) | |
224 | { | |
225 | if (unlikely(!fname->disk_name.name)) { | |
226 | const struct fscrypt_digested_name *n = | |
227 | (const void *)fname->crypto_buf.name; | |
228 | if (WARN_ON_ONCE(fname->usr_fname->name[0] != '_')) | |
229 | return false; | |
230 | if (de_name_len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) | |
231 | return false; | |
232 | return !memcmp(FSCRYPT_FNAME_DIGEST(de_name, de_name_len), | |
233 | n->digest, FSCRYPT_FNAME_DIGEST_SIZE); | |
234 | } | |
235 | ||
236 | if (de_name_len != fname->disk_name.len) | |
237 | return false; | |
238 | return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len); | |
239 | } | |
240 | ||
241 | /* bio.c */ | |
242 | extern void fscrypt_decrypt_bio(struct bio *); | |
243 | extern void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx, | |
244 | struct bio *bio); | |
643fa961 CR |
245 | extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t, |
246 | unsigned int); | |
247 | ||
248 | /* hooks.c */ | |
249 | extern int fscrypt_file_open(struct inode *inode, struct file *filp); | |
968dd6d0 EB |
250 | extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, |
251 | struct dentry *dentry); | |
643fa961 CR |
252 | extern int __fscrypt_prepare_rename(struct inode *old_dir, |
253 | struct dentry *old_dentry, | |
254 | struct inode *new_dir, | |
255 | struct dentry *new_dentry, | |
256 | unsigned int flags); | |
b01531db EB |
257 | extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry, |
258 | struct fscrypt_name *fname); | |
643fa961 CR |
259 | extern int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len, |
260 | unsigned int max_len, | |
261 | struct fscrypt_str *disk_link); | |
262 | extern int __fscrypt_encrypt_symlink(struct inode *inode, const char *target, | |
263 | unsigned int len, | |
264 | struct fscrypt_str *disk_link); | |
265 | extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, | |
266 | unsigned int max_size, | |
267 | struct delayed_call *done); | |
eea2c05d SH |
268 | static inline void fscrypt_set_ops(struct super_block *sb, |
269 | const struct fscrypt_operations *s_cop) | |
270 | { | |
271 | sb->s_cop = s_cop; | |
272 | } | |
643fa961 CR |
273 | #else /* !CONFIG_FS_ENCRYPTION */ |
274 | ||
275 | static inline bool fscrypt_has_encryption_key(const struct inode *inode) | |
276 | { | |
277 | return false; | |
278 | } | |
279 | ||
280 | static inline bool fscrypt_dummy_context_enabled(struct inode *inode) | |
281 | { | |
282 | return false; | |
283 | } | |
284 | ||
0bf3d5c1 EB |
285 | static inline void fscrypt_handle_d_move(struct dentry *dentry) |
286 | { | |
287 | } | |
288 | ||
643fa961 CR |
289 | /* crypto.c */ |
290 | static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work) | |
291 | { | |
292 | } | |
293 | ||
cd0265fc | 294 | static inline struct fscrypt_ctx *fscrypt_get_ctx(gfp_t gfp_flags) |
643fa961 CR |
295 | { |
296 | return ERR_PTR(-EOPNOTSUPP); | |
297 | } | |
298 | ||
299 | static inline void fscrypt_release_ctx(struct fscrypt_ctx *ctx) | |
300 | { | |
301 | return; | |
302 | } | |
303 | ||
53bc1d85 EB |
304 | static inline struct page *fscrypt_encrypt_pagecache_blocks(struct page *page, |
305 | unsigned int len, | |
306 | unsigned int offs, | |
307 | gfp_t gfp_flags) | |
643fa961 CR |
308 | { |
309 | return ERR_PTR(-EOPNOTSUPP); | |
310 | } | |
311 | ||
03569f2f EB |
312 | static inline int fscrypt_encrypt_block_inplace(const struct inode *inode, |
313 | struct page *page, | |
314 | unsigned int len, | |
315 | unsigned int offs, u64 lblk_num, | |
316 | gfp_t gfp_flags) | |
317 | { | |
318 | return -EOPNOTSUPP; | |
319 | } | |
320 | ||
aa8bc1ac EB |
321 | static inline int fscrypt_decrypt_pagecache_blocks(struct page *page, |
322 | unsigned int len, | |
323 | unsigned int offs) | |
643fa961 CR |
324 | { |
325 | return -EOPNOTSUPP; | |
326 | } | |
327 | ||
41adbcb7 EB |
328 | static inline int fscrypt_decrypt_block_inplace(const struct inode *inode, |
329 | struct page *page, | |
330 | unsigned int len, | |
331 | unsigned int offs, u64 lblk_num) | |
332 | { | |
333 | return -EOPNOTSUPP; | |
334 | } | |
335 | ||
d2d0727b EB |
336 | static inline bool fscrypt_is_bounce_page(struct page *page) |
337 | { | |
338 | return false; | |
339 | } | |
340 | ||
341 | static inline struct page *fscrypt_pagecache_page(struct page *bounce_page) | |
643fa961 CR |
342 | { |
343 | WARN_ON_ONCE(1); | |
344 | return ERR_PTR(-EINVAL); | |
345 | } | |
346 | ||
d2d0727b | 347 | static inline void fscrypt_free_bounce_page(struct page *bounce_page) |
643fa961 | 348 | { |
643fa961 CR |
349 | } |
350 | ||
351 | /* policy.c */ | |
352 | static inline int fscrypt_ioctl_set_policy(struct file *filp, | |
353 | const void __user *arg) | |
354 | { | |
355 | return -EOPNOTSUPP; | |
356 | } | |
357 | ||
358 | static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg) | |
359 | { | |
360 | return -EOPNOTSUPP; | |
361 | } | |
362 | ||
363 | static inline int fscrypt_has_permitted_context(struct inode *parent, | |
364 | struct inode *child) | |
365 | { | |
366 | return 0; | |
367 | } | |
368 | ||
369 | static inline int fscrypt_inherit_context(struct inode *parent, | |
370 | struct inode *child, | |
371 | void *fs_data, bool preload) | |
372 | { | |
373 | return -EOPNOTSUPP; | |
374 | } | |
375 | ||
22d94f49 EB |
376 | /* keyring.c */ |
377 | static inline void fscrypt_sb_free(struct super_block *sb) | |
378 | { | |
379 | } | |
380 | ||
381 | static inline int fscrypt_ioctl_add_key(struct file *filp, void __user *arg) | |
382 | { | |
383 | return -EOPNOTSUPP; | |
384 | } | |
385 | ||
b1c0ec35 EB |
386 | static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg) |
387 | { | |
388 | return -EOPNOTSUPP; | |
389 | } | |
390 | ||
feed8258 | 391 | /* keysetup.c */ |
643fa961 CR |
392 | static inline int fscrypt_get_encryption_info(struct inode *inode) |
393 | { | |
394 | return -EOPNOTSUPP; | |
395 | } | |
396 | ||
397 | static inline void fscrypt_put_encryption_info(struct inode *inode) | |
398 | { | |
399 | return; | |
400 | } | |
401 | ||
2c58d548 EB |
402 | static inline void fscrypt_free_inode(struct inode *inode) |
403 | { | |
404 | } | |
405 | ||
b1c0ec35 EB |
406 | static inline int fscrypt_drop_inode(struct inode *inode) |
407 | { | |
408 | return 0; | |
409 | } | |
410 | ||
643fa961 CR |
411 | /* fname.c */ |
412 | static inline int fscrypt_setup_filename(struct inode *dir, | |
413 | const struct qstr *iname, | |
414 | int lookup, struct fscrypt_name *fname) | |
415 | { | |
416 | if (IS_ENCRYPTED(dir)) | |
417 | return -EOPNOTSUPP; | |
418 | ||
b01531db | 419 | memset(fname, 0, sizeof(*fname)); |
643fa961 CR |
420 | fname->usr_fname = iname; |
421 | fname->disk_name.name = (unsigned char *)iname->name; | |
422 | fname->disk_name.len = iname->len; | |
423 | return 0; | |
424 | } | |
425 | ||
426 | static inline void fscrypt_free_filename(struct fscrypt_name *fname) | |
427 | { | |
428 | return; | |
429 | } | |
430 | ||
431 | static inline int fscrypt_fname_alloc_buffer(const struct inode *inode, | |
432 | u32 max_encrypted_len, | |
433 | struct fscrypt_str *crypto_str) | |
434 | { | |
435 | return -EOPNOTSUPP; | |
436 | } | |
437 | ||
438 | static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str) | |
439 | { | |
440 | return; | |
441 | } | |
442 | ||
443 | static inline int fscrypt_fname_disk_to_usr(struct inode *inode, | |
444 | u32 hash, u32 minor_hash, | |
445 | const struct fscrypt_str *iname, | |
446 | struct fscrypt_str *oname) | |
447 | { | |
448 | return -EOPNOTSUPP; | |
449 | } | |
450 | ||
451 | static inline bool fscrypt_match_name(const struct fscrypt_name *fname, | |
452 | const u8 *de_name, u32 de_name_len) | |
453 | { | |
454 | /* Encryption support disabled; use standard comparison */ | |
455 | if (de_name_len != fname->disk_name.len) | |
456 | return false; | |
457 | return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len); | |
458 | } | |
459 | ||
460 | /* bio.c */ | |
461 | static inline void fscrypt_decrypt_bio(struct bio *bio) | |
462 | { | |
463 | } | |
464 | ||
465 | static inline void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx, | |
466 | struct bio *bio) | |
467 | { | |
468 | } | |
469 | ||
643fa961 CR |
470 | static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, |
471 | sector_t pblk, unsigned int len) | |
472 | { | |
473 | return -EOPNOTSUPP; | |
474 | } | |
475 | ||
476 | /* hooks.c */ | |
477 | ||
478 | static inline int fscrypt_file_open(struct inode *inode, struct file *filp) | |
479 | { | |
480 | if (IS_ENCRYPTED(inode)) | |
481 | return -EOPNOTSUPP; | |
482 | return 0; | |
483 | } | |
484 | ||
968dd6d0 EB |
485 | static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, |
486 | struct dentry *dentry) | |
643fa961 CR |
487 | { |
488 | return -EOPNOTSUPP; | |
489 | } | |
490 | ||
491 | static inline int __fscrypt_prepare_rename(struct inode *old_dir, | |
492 | struct dentry *old_dentry, | |
493 | struct inode *new_dir, | |
494 | struct dentry *new_dentry, | |
495 | unsigned int flags) | |
496 | { | |
497 | return -EOPNOTSUPP; | |
498 | } | |
499 | ||
500 | static inline int __fscrypt_prepare_lookup(struct inode *dir, | |
b01531db EB |
501 | struct dentry *dentry, |
502 | struct fscrypt_name *fname) | |
643fa961 CR |
503 | { |
504 | return -EOPNOTSUPP; | |
505 | } | |
506 | ||
507 | static inline int __fscrypt_prepare_symlink(struct inode *dir, | |
508 | unsigned int len, | |
509 | unsigned int max_len, | |
510 | struct fscrypt_str *disk_link) | |
511 | { | |
512 | return -EOPNOTSUPP; | |
513 | } | |
514 | ||
515 | ||
516 | static inline int __fscrypt_encrypt_symlink(struct inode *inode, | |
517 | const char *target, | |
518 | unsigned int len, | |
519 | struct fscrypt_str *disk_link) | |
520 | { | |
521 | return -EOPNOTSUPP; | |
522 | } | |
523 | ||
524 | static inline const char *fscrypt_get_symlink(struct inode *inode, | |
525 | const void *caddr, | |
526 | unsigned int max_size, | |
527 | struct delayed_call *done) | |
528 | { | |
529 | return ERR_PTR(-EOPNOTSUPP); | |
530 | } | |
eea2c05d SH |
531 | |
532 | static inline void fscrypt_set_ops(struct super_block *sb, | |
533 | const struct fscrypt_operations *s_cop) | |
534 | { | |
535 | } | |
536 | ||
643fa961 | 537 | #endif /* !CONFIG_FS_ENCRYPTION */ |
734f0d24 | 538 | |
d293c3e4 EB |
539 | /** |
540 | * fscrypt_require_key - require an inode's encryption key | |
541 | * @inode: the inode we need the key for | |
542 | * | |
543 | * If the inode is encrypted, set up its encryption key if not already done. | |
544 | * Then require that the key be present and return -ENOKEY otherwise. | |
545 | * | |
546 | * No locks are needed, and the key will live as long as the struct inode --- so | |
547 | * it won't go away from under you. | |
548 | * | |
549 | * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code | |
550 | * if a problem occurred while setting up the encryption key. | |
551 | */ | |
552 | static inline int fscrypt_require_key(struct inode *inode) | |
553 | { | |
554 | if (IS_ENCRYPTED(inode)) { | |
555 | int err = fscrypt_get_encryption_info(inode); | |
556 | ||
557 | if (err) | |
558 | return err; | |
559 | if (!fscrypt_has_encryption_key(inode)) | |
560 | return -ENOKEY; | |
561 | } | |
562 | return 0; | |
563 | } | |
734f0d24 | 564 | |
0ea87a96 EB |
565 | /** |
566 | * fscrypt_prepare_link - prepare to link an inode into a possibly-encrypted directory | |
567 | * @old_dentry: an existing dentry for the inode being linked | |
568 | * @dir: the target directory | |
569 | * @dentry: negative dentry for the target filename | |
570 | * | |
571 | * A new link can only be added to an encrypted directory if the directory's | |
572 | * encryption key is available --- since otherwise we'd have no way to encrypt | |
573 | * the filename. Therefore, we first set up the directory's encryption key (if | |
574 | * not already done) and return an error if it's unavailable. | |
575 | * | |
576 | * We also verify that the link will not violate the constraint that all files | |
577 | * in an encrypted directory tree use the same encryption policy. | |
578 | * | |
579 | * Return: 0 on success, -ENOKEY if the directory's encryption key is missing, | |
f5e55e77 | 580 | * -EXDEV if the link would result in an inconsistent encryption policy, or |
0ea87a96 EB |
581 | * another -errno code. |
582 | */ | |
583 | static inline int fscrypt_prepare_link(struct dentry *old_dentry, | |
584 | struct inode *dir, | |
585 | struct dentry *dentry) | |
586 | { | |
587 | if (IS_ENCRYPTED(dir)) | |
968dd6d0 | 588 | return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry); |
0ea87a96 EB |
589 | return 0; |
590 | } | |
591 | ||
94b26f36 EB |
592 | /** |
593 | * fscrypt_prepare_rename - prepare for a rename between possibly-encrypted directories | |
594 | * @old_dir: source directory | |
595 | * @old_dentry: dentry for source file | |
596 | * @new_dir: target directory | |
597 | * @new_dentry: dentry for target location (may be negative unless exchanging) | |
598 | * @flags: rename flags (we care at least about %RENAME_EXCHANGE) | |
599 | * | |
600 | * Prepare for ->rename() where the source and/or target directories may be | |
601 | * encrypted. A new link can only be added to an encrypted directory if the | |
602 | * directory's encryption key is available --- since otherwise we'd have no way | |
603 | * to encrypt the filename. A rename to an existing name, on the other hand, | |
604 | * *is* cryptographically possible without the key. However, we take the more | |
605 | * conservative approach and just forbid all no-key renames. | |
606 | * | |
607 | * We also verify that the rename will not violate the constraint that all files | |
608 | * in an encrypted directory tree use the same encryption policy. | |
609 | * | |
f5e55e77 | 610 | * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the |
94b26f36 EB |
611 | * rename would cause inconsistent encryption policies, or another -errno code. |
612 | */ | |
613 | static inline int fscrypt_prepare_rename(struct inode *old_dir, | |
614 | struct dentry *old_dentry, | |
615 | struct inode *new_dir, | |
616 | struct dentry *new_dentry, | |
617 | unsigned int flags) | |
618 | { | |
619 | if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir)) | |
620 | return __fscrypt_prepare_rename(old_dir, old_dentry, | |
621 | new_dir, new_dentry, flags); | |
622 | return 0; | |
623 | } | |
624 | ||
32c3cf02 EB |
625 | /** |
626 | * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory | |
627 | * @dir: directory being searched | |
628 | * @dentry: filename being looked up | |
b01531db | 629 | * @fname: (output) the name to use to search the on-disk directory |
32c3cf02 | 630 | * |
b01531db EB |
631 | * Prepare for ->lookup() in a directory which may be encrypted by determining |
632 | * the name that will actually be used to search the directory on-disk. Lookups | |
633 | * can be done with or without the directory's encryption key; without the key, | |
32c3cf02 EB |
634 | * filenames are presented in encrypted form. Therefore, we'll try to set up |
635 | * the directory's encryption key, but even without it the lookup can continue. | |
636 | * | |
6cc24868 EB |
637 | * This also installs a custom ->d_revalidate() method which will invalidate the |
638 | * dentry if it was created without the key and the key is later added. | |
32c3cf02 | 639 | * |
b01531db EB |
640 | * Return: 0 on success; -ENOENT if key is unavailable but the filename isn't a |
641 | * correctly formed encoded ciphertext name, so a negative dentry should be | |
642 | * created; or another -errno code. | |
32c3cf02 EB |
643 | */ |
644 | static inline int fscrypt_prepare_lookup(struct inode *dir, | |
645 | struct dentry *dentry, | |
b01531db | 646 | struct fscrypt_name *fname) |
32c3cf02 EB |
647 | { |
648 | if (IS_ENCRYPTED(dir)) | |
b01531db EB |
649 | return __fscrypt_prepare_lookup(dir, dentry, fname); |
650 | ||
651 | memset(fname, 0, sizeof(*fname)); | |
652 | fname->usr_fname = &dentry->d_name; | |
653 | fname->disk_name.name = (unsigned char *)dentry->d_name.name; | |
654 | fname->disk_name.len = dentry->d_name.len; | |
32c3cf02 EB |
655 | return 0; |
656 | } | |
657 | ||
815dac33 EB |
658 | /** |
659 | * fscrypt_prepare_setattr - prepare to change a possibly-encrypted inode's attributes | |
660 | * @dentry: dentry through which the inode is being changed | |
661 | * @attr: attributes to change | |
662 | * | |
663 | * Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file, | |
664 | * most attribute changes are allowed even without the encryption key. However, | |
665 | * without the encryption key we do have to forbid truncates. This is needed | |
666 | * because the size being truncated to may not be a multiple of the filesystem | |
667 | * block size, and in that case we'd have to decrypt the final block, zero the | |
668 | * portion past i_size, and re-encrypt it. (We *could* allow truncating to a | |
669 | * filesystem block boundary, but it's simpler to just forbid all truncates --- | |
670 | * and we already forbid all other contents modifications without the key.) | |
671 | * | |
672 | * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code | |
673 | * if a problem occurred while setting up the encryption key. | |
674 | */ | |
675 | static inline int fscrypt_prepare_setattr(struct dentry *dentry, | |
676 | struct iattr *attr) | |
677 | { | |
678 | if (attr->ia_valid & ATTR_SIZE) | |
679 | return fscrypt_require_key(d_inode(dentry)); | |
680 | return 0; | |
681 | } | |
682 | ||
76e81d6d EB |
683 | /** |
684 | * fscrypt_prepare_symlink - prepare to create a possibly-encrypted symlink | |
685 | * @dir: directory in which the symlink is being created | |
686 | * @target: plaintext symlink target | |
687 | * @len: length of @target excluding null terminator | |
688 | * @max_len: space the filesystem has available to store the symlink target | |
689 | * @disk_link: (out) the on-disk symlink target being prepared | |
690 | * | |
691 | * This function computes the size the symlink target will require on-disk, | |
692 | * stores it in @disk_link->len, and validates it against @max_len. An | |
693 | * encrypted symlink may be longer than the original. | |
694 | * | |
695 | * Additionally, @disk_link->name is set to @target if the symlink will be | |
696 | * unencrypted, but left NULL if the symlink will be encrypted. For encrypted | |
697 | * symlinks, the filesystem must call fscrypt_encrypt_symlink() to create the | |
698 | * on-disk target later. (The reason for the two-step process is that some | |
699 | * filesystems need to know the size of the symlink target before creating the | |
700 | * inode, e.g. to determine whether it will be a "fast" or "slow" symlink.) | |
701 | * | |
702 | * Return: 0 on success, -ENAMETOOLONG if the symlink target is too long, | |
703 | * -ENOKEY if the encryption key is missing, or another -errno code if a problem | |
704 | * occurred while setting up the encryption key. | |
705 | */ | |
706 | static inline int fscrypt_prepare_symlink(struct inode *dir, | |
707 | const char *target, | |
708 | unsigned int len, | |
709 | unsigned int max_len, | |
710 | struct fscrypt_str *disk_link) | |
711 | { | |
712 | if (IS_ENCRYPTED(dir) || fscrypt_dummy_context_enabled(dir)) | |
713 | return __fscrypt_prepare_symlink(dir, len, max_len, disk_link); | |
714 | ||
715 | disk_link->name = (unsigned char *)target; | |
716 | disk_link->len = len + 1; | |
717 | if (disk_link->len > max_len) | |
718 | return -ENAMETOOLONG; | |
719 | return 0; | |
720 | } | |
721 | ||
722 | /** | |
723 | * fscrypt_encrypt_symlink - encrypt the symlink target if needed | |
724 | * @inode: symlink inode | |
725 | * @target: plaintext symlink target | |
726 | * @len: length of @target excluding null terminator | |
727 | * @disk_link: (in/out) the on-disk symlink target being prepared | |
728 | * | |
729 | * If the symlink target needs to be encrypted, then this function encrypts it | |
730 | * into @disk_link->name. fscrypt_prepare_symlink() must have been called | |
731 | * previously to compute @disk_link->len. If the filesystem did not allocate a | |
732 | * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one | |
733 | * will be kmalloc()'ed and the filesystem will be responsible for freeing it. | |
734 | * | |
735 | * Return: 0 on success, -errno on failure | |
736 | */ | |
737 | static inline int fscrypt_encrypt_symlink(struct inode *inode, | |
738 | const char *target, | |
739 | unsigned int len, | |
740 | struct fscrypt_str *disk_link) | |
741 | { | |
742 | if (IS_ENCRYPTED(inode)) | |
743 | return __fscrypt_encrypt_symlink(inode, target, len, disk_link); | |
744 | return 0; | |
745 | } | |
746 | ||
d2d0727b EB |
747 | /* If *pagep is a bounce page, free it and set *pagep to the pagecache page */ |
748 | static inline void fscrypt_finalize_bounce_page(struct page **pagep) | |
749 | { | |
750 | struct page *page = *pagep; | |
751 | ||
752 | if (fscrypt_is_bounce_page(page)) { | |
753 | *pagep = fscrypt_pagecache_page(page); | |
754 | fscrypt_free_bounce_page(page); | |
755 | } | |
756 | } | |
757 | ||
734f0d24 | 758 | #endif /* _LINUX_FSCRYPT_H */ |