1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * The base64 encode/decode code was copied from fscrypt: 4 * Copyright (C) 2015, Google, Inc. 5 * Copyright (C) 2015, Motorola Mobility 6 * Written by Uday Savagaonkar, 2014. 7 * Modified by Jaegeuk Kim, 2015. 8 */ 9 #include <linux/ceph/ceph_debug.h> 10 #include <linux/xattr.h> 11 #include <linux/fscrypt.h> 12 #include <linux/ceph/striper.h> 13 14 #include "super.h" 15 #include "mds_client.h" 16 #include "crypto.h" 17 18 /* 19 * The base64url encoding used by fscrypt includes the '_' character, which may 20 * cause problems in snapshot names (which can not start with '_'). Thus, we 21 * used the base64 encoding defined for IMAP mailbox names (RFC 3501) instead, 22 * which replaces '-' and '_' by '+' and ','. 23 */ 24 static const char base64_table[65] = 25 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,"; 26 27 int ceph_base64_encode(const u8 *src, int srclen, char *dst) 28 { 29 u32 ac = 0; 30 int bits = 0; 31 int i; 32 char *cp = dst; 33 34 for (i = 0; i < srclen; i++) { 35 ac = (ac << 8) | src[i]; 36 bits += 8; 37 do { 38 bits -= 6; 39 *cp++ = base64_table[(ac >> bits) & 0x3f]; 40 } while (bits >= 6); 41 } 42 if (bits) 43 *cp++ = base64_table[(ac << (6 - bits)) & 0x3f]; 44 return cp - dst; 45 } 46 47 int ceph_base64_decode(const char *src, int srclen, u8 *dst) 48 { 49 u32 ac = 0; 50 int bits = 0; 51 int i; 52 u8 *bp = dst; 53 54 for (i = 0; i < srclen; i++) { 55 const char *p = strchr(base64_table, src[i]); 56 57 if (p == NULL || src[i] == 0) 58 return -1; 59 ac = (ac << 6) | (p - base64_table); 60 bits += 6; 61 if (bits >= 8) { 62 bits -= 8; 63 *bp++ = (u8)(ac >> bits); 64 } 65 } 66 if (ac & ((1 << bits) - 1)) 67 return -1; 68 return bp - dst; 69 } 70 71 static int ceph_crypt_get_context(struct inode *inode, void *ctx, size_t len) 72 { 73 struct ceph_inode_info *ci = ceph_inode(inode); 74 struct ceph_fscrypt_auth *cfa = (struct ceph_fscrypt_auth *)ci->fscrypt_auth; 75 u32 ctxlen; 76 77 /* Non existent or too short? */ 78 if (!cfa || (ci->fscrypt_auth_len < (offsetof(struct ceph_fscrypt_auth, cfa_blob) + 1))) 79 return -ENOBUFS; 80 81 /* Some format we don't recognize? */ 82 if (le32_to_cpu(cfa->cfa_version) != CEPH_FSCRYPT_AUTH_VERSION) 83 return -ENOBUFS; 84 85 ctxlen = le32_to_cpu(cfa->cfa_blob_len); 86 if (len < ctxlen) 87 return -ERANGE; 88 89 memcpy(ctx, cfa->cfa_blob, ctxlen); 90 return ctxlen; 91 } 92 93 static int ceph_crypt_set_context(struct inode *inode, const void *ctx, 94 size_t len, void *fs_data) 95 { 96 int ret; 97 struct iattr attr = { }; 98 struct ceph_iattr cia = { }; 99 struct ceph_fscrypt_auth *cfa; 100 101 WARN_ON_ONCE(fs_data); 102 103 if (len > FSCRYPT_SET_CONTEXT_MAX_SIZE) 104 return -EINVAL; 105 106 cfa = kzalloc(sizeof(*cfa), GFP_KERNEL); 107 if (!cfa) 108 return -ENOMEM; 109 110 cfa->cfa_version = cpu_to_le32(CEPH_FSCRYPT_AUTH_VERSION); 111 cfa->cfa_blob_len = cpu_to_le32(len); 112 memcpy(cfa->cfa_blob, ctx, len); 113 114 cia.fscrypt_auth = cfa; 115 116 ret = __ceph_setattr(inode, &attr, &cia); 117 if (ret == 0) 118 inode_set_flags(inode, S_ENCRYPTED, S_ENCRYPTED); 119 kfree(cia.fscrypt_auth); 120 return ret; 121 } 122 123 static bool ceph_crypt_empty_dir(struct inode *inode) 124 { 125 struct ceph_inode_info *ci = ceph_inode(inode); 126 127 return ci->i_rsubdirs + ci->i_rfiles == 1; 128 } 129 130 static const union fscrypt_policy *ceph_get_dummy_policy(struct super_block *sb) 131 { 132 return ceph_sb_to_client(sb)->fsc_dummy_enc_policy.policy; 133 } 134 135 static struct fscrypt_operations ceph_fscrypt_ops = { 136 .needs_bounce_pages = 1, 137 .get_context = ceph_crypt_get_context, 138 .set_context = ceph_crypt_set_context, 139 .get_dummy_policy = ceph_get_dummy_policy, 140 .empty_dir = ceph_crypt_empty_dir, 141 }; 142 143 void ceph_fscrypt_set_ops(struct super_block *sb) 144 { 145 fscrypt_set_ops(sb, &ceph_fscrypt_ops); 146 } 147 148 void ceph_fscrypt_free_dummy_policy(struct ceph_fs_client *fsc) 149 { 150 fscrypt_free_dummy_policy(&fsc->fsc_dummy_enc_policy); 151 } 152 153 int ceph_fscrypt_prepare_context(struct inode *dir, struct inode *inode, 154 struct ceph_acl_sec_ctx *as) 155 { 156 int ret, ctxsize; 157 bool encrypted = false; 158 struct ceph_inode_info *ci = ceph_inode(inode); 159 160 ret = fscrypt_prepare_new_inode(dir, inode, &encrypted); 161 if (ret) 162 return ret; 163 if (!encrypted) 164 return 0; 165 166 as->fscrypt_auth = kzalloc(sizeof(*as->fscrypt_auth), GFP_KERNEL); 167 if (!as->fscrypt_auth) 168 return -ENOMEM; 169 170 ctxsize = fscrypt_context_for_new_inode(as->fscrypt_auth->cfa_blob, 171 inode); 172 if (ctxsize < 0) 173 return ctxsize; 174 175 as->fscrypt_auth->cfa_version = cpu_to_le32(CEPH_FSCRYPT_AUTH_VERSION); 176 as->fscrypt_auth->cfa_blob_len = cpu_to_le32(ctxsize); 177 178 WARN_ON_ONCE(ci->fscrypt_auth); 179 kfree(ci->fscrypt_auth); 180 ci->fscrypt_auth_len = ceph_fscrypt_auth_len(as->fscrypt_auth); 181 ci->fscrypt_auth = kmemdup(as->fscrypt_auth, ci->fscrypt_auth_len, 182 GFP_KERNEL); 183 if (!ci->fscrypt_auth) 184 return -ENOMEM; 185 186 inode->i_flags |= S_ENCRYPTED; 187 188 return 0; 189 } 190 191 void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req, 192 struct ceph_acl_sec_ctx *as) 193 { 194 swap(req->r_fscrypt_auth, as->fscrypt_auth); 195 } 196 197 /* 198 * User-created snapshots can't start with '_'. Snapshots that start with this 199 * character are special (hint: there aren't real snapshots) and use the 200 * following format: 201 * 202 * _<SNAPSHOT-NAME>_<INODE-NUMBER> 203 * 204 * where: 205 * - <SNAPSHOT-NAME> - the real snapshot name that may need to be decrypted, 206 * - <INODE-NUMBER> - the inode number (in decimal) for the actual snapshot 207 * 208 * This function parses these snapshot names and returns the inode 209 * <INODE-NUMBER>. 'name_len' will also bet set with the <SNAPSHOT-NAME> 210 * length. 211 */ 212 static struct inode *parse_longname(const struct inode *parent, 213 const char *name, int *name_len) 214 { 215 struct inode *dir = NULL; 216 struct ceph_vino vino = { .snap = CEPH_NOSNAP }; 217 char *inode_number; 218 char *name_end; 219 int orig_len = *name_len; 220 int ret = -EIO; 221 222 /* Skip initial '_' */ 223 name++; 224 name_end = strrchr(name, '_'); 225 if (!name_end) { 226 dout("Failed to parse long snapshot name: %s\n", name); 227 return ERR_PTR(-EIO); 228 } 229 *name_len = (name_end - name); 230 if (*name_len <= 0) { 231 pr_err("Failed to parse long snapshot name\n"); 232 return ERR_PTR(-EIO); 233 } 234 235 /* Get the inode number */ 236 inode_number = kmemdup_nul(name_end + 1, 237 orig_len - *name_len - 2, 238 GFP_KERNEL); 239 if (!inode_number) 240 return ERR_PTR(-ENOMEM); 241 ret = kstrtou64(inode_number, 10, &vino.ino); 242 if (ret) { 243 dout("Failed to parse inode number: %s\n", name); 244 dir = ERR_PTR(ret); 245 goto out; 246 } 247 248 /* And finally the inode */ 249 dir = ceph_find_inode(parent->i_sb, vino); 250 if (!dir) { 251 /* This can happen if we're not mounting cephfs on the root */ 252 dir = ceph_get_inode(parent->i_sb, vino, NULL); 253 if (IS_ERR(dir)) 254 dout("Can't find inode %s (%s)\n", inode_number, name); 255 } 256 257 out: 258 kfree(inode_number); 259 return dir; 260 } 261 262 int ceph_encode_encrypted_dname(struct inode *parent, struct qstr *d_name, 263 char *buf) 264 { 265 struct inode *dir = parent; 266 struct qstr iname; 267 u32 len; 268 int name_len; 269 int elen; 270 int ret; 271 u8 *cryptbuf = NULL; 272 273 iname.name = d_name->name; 274 name_len = d_name->len; 275 276 /* Handle the special case of snapshot names that start with '_' */ 277 if ((ceph_snap(dir) == CEPH_SNAPDIR) && (name_len > 0) && 278 (iname.name[0] == '_')) { 279 dir = parse_longname(parent, iname.name, &name_len); 280 if (IS_ERR(dir)) 281 return PTR_ERR(dir); 282 iname.name++; /* skip initial '_' */ 283 } 284 iname.len = name_len; 285 286 if (!fscrypt_has_encryption_key(dir)) { 287 memcpy(buf, d_name->name, d_name->len); 288 elen = d_name->len; 289 goto out; 290 } 291 292 /* 293 * Convert cleartext d_name to ciphertext. If result is longer than 294 * CEPH_NOHASH_NAME_MAX, sha256 the remaining bytes 295 * 296 * See: fscrypt_setup_filename 297 */ 298 if (!fscrypt_fname_encrypted_size(dir, iname.len, NAME_MAX, &len)) { 299 elen = -ENAMETOOLONG; 300 goto out; 301 } 302 303 /* Allocate a buffer appropriate to hold the result */ 304 cryptbuf = kmalloc(len > CEPH_NOHASH_NAME_MAX ? NAME_MAX : len, 305 GFP_KERNEL); 306 if (!cryptbuf) { 307 elen = -ENOMEM; 308 goto out; 309 } 310 311 ret = fscrypt_fname_encrypt(dir, &iname, cryptbuf, len); 312 if (ret) { 313 elen = ret; 314 goto out; 315 } 316 317 /* hash the end if the name is long enough */ 318 if (len > CEPH_NOHASH_NAME_MAX) { 319 u8 hash[SHA256_DIGEST_SIZE]; 320 u8 *extra = cryptbuf + CEPH_NOHASH_NAME_MAX; 321 322 /* 323 * hash the extra bytes and overwrite crypttext beyond that 324 * point with it 325 */ 326 sha256(extra, len - CEPH_NOHASH_NAME_MAX, hash); 327 memcpy(extra, hash, SHA256_DIGEST_SIZE); 328 len = CEPH_NOHASH_NAME_MAX + SHA256_DIGEST_SIZE; 329 } 330 331 /* base64 encode the encrypted name */ 332 elen = ceph_base64_encode(cryptbuf, len, buf); 333 dout("base64-encoded ciphertext name = %.*s\n", elen, buf); 334 335 /* To understand the 240 limit, see CEPH_NOHASH_NAME_MAX comments */ 336 WARN_ON(elen > 240); 337 if ((elen > 0) && (dir != parent)) { 338 char tmp_buf[NAME_MAX]; 339 340 elen = snprintf(tmp_buf, sizeof(tmp_buf), "_%.*s_%ld", 341 elen, buf, dir->i_ino); 342 memcpy(buf, tmp_buf, elen); 343 } 344 345 out: 346 kfree(cryptbuf); 347 if (dir != parent) { 348 if ((dir->i_state & I_NEW)) 349 discard_new_inode(dir); 350 else 351 iput(dir); 352 } 353 return elen; 354 } 355 356 int ceph_encode_encrypted_fname(struct inode *parent, struct dentry *dentry, 357 char *buf) 358 { 359 WARN_ON_ONCE(!fscrypt_has_encryption_key(parent)); 360 361 return ceph_encode_encrypted_dname(parent, &dentry->d_name, buf); 362 } 363 364 /** 365 * ceph_fname_to_usr - convert a filename for userland presentation 366 * @fname: ceph_fname to be converted 367 * @tname: temporary name buffer to use for conversion (may be NULL) 368 * @oname: where converted name should be placed 369 * @is_nokey: set to true if key wasn't available during conversion (may be NULL) 370 * 371 * Given a filename (usually from the MDS), format it for presentation to 372 * userland. If @parent is not encrypted, just pass it back as-is. 373 * 374 * Otherwise, base64 decode the string, and then ask fscrypt to format it 375 * for userland presentation. 376 * 377 * Returns 0 on success or negative error code on error. 378 */ 379 int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname, 380 struct fscrypt_str *oname, bool *is_nokey) 381 { 382 struct inode *dir = fname->dir; 383 struct fscrypt_str _tname = FSTR_INIT(NULL, 0); 384 struct fscrypt_str iname; 385 char *name = fname->name; 386 int name_len = fname->name_len; 387 int ret; 388 389 /* Sanity check that the resulting name will fit in the buffer */ 390 if (fname->name_len > NAME_MAX || fname->ctext_len > NAME_MAX) 391 return -EIO; 392 393 /* Handle the special case of snapshot names that start with '_' */ 394 if ((ceph_snap(dir) == CEPH_SNAPDIR) && (name_len > 0) && 395 (name[0] == '_')) { 396 dir = parse_longname(dir, name, &name_len); 397 if (IS_ERR(dir)) 398 return PTR_ERR(dir); 399 name++; /* skip initial '_' */ 400 } 401 402 if (!IS_ENCRYPTED(dir)) { 403 oname->name = fname->name; 404 oname->len = fname->name_len; 405 ret = 0; 406 goto out_inode; 407 } 408 409 ret = ceph_fscrypt_prepare_readdir(dir); 410 if (ret) 411 goto out_inode; 412 413 /* 414 * Use the raw dentry name as sent by the MDS instead of 415 * generating a nokey name via fscrypt. 416 */ 417 if (!fscrypt_has_encryption_key(dir)) { 418 if (fname->no_copy) 419 oname->name = fname->name; 420 else 421 memcpy(oname->name, fname->name, fname->name_len); 422 oname->len = fname->name_len; 423 if (is_nokey) 424 *is_nokey = true; 425 ret = 0; 426 goto out_inode; 427 } 428 429 if (fname->ctext_len == 0) { 430 int declen; 431 432 if (!tname) { 433 ret = fscrypt_fname_alloc_buffer(NAME_MAX, &_tname); 434 if (ret) 435 goto out_inode; 436 tname = &_tname; 437 } 438 439 declen = ceph_base64_decode(name, name_len, tname->name); 440 if (declen <= 0) { 441 ret = -EIO; 442 goto out; 443 } 444 iname.name = tname->name; 445 iname.len = declen; 446 } else { 447 iname.name = fname->ctext; 448 iname.len = fname->ctext_len; 449 } 450 451 ret = fscrypt_fname_disk_to_usr(dir, 0, 0, &iname, oname); 452 if (!ret && (dir != fname->dir)) { 453 char tmp_buf[CEPH_BASE64_CHARS(NAME_MAX)]; 454 455 name_len = snprintf(tmp_buf, sizeof(tmp_buf), "_%.*s_%ld", 456 oname->len, oname->name, dir->i_ino); 457 memcpy(oname->name, tmp_buf, name_len); 458 oname->len = name_len; 459 } 460 461 out: 462 fscrypt_fname_free_buffer(&_tname); 463 out_inode: 464 if (dir != fname->dir) { 465 if ((dir->i_state & I_NEW)) 466 discard_new_inode(dir); 467 else 468 iput(dir); 469 } 470 return ret; 471 } 472 473 /** 474 * ceph_fscrypt_prepare_readdir - simple __fscrypt_prepare_readdir() wrapper 475 * @dir: directory inode for readdir prep 476 * 477 * Simple wrapper around __fscrypt_prepare_readdir() that will mark directory as 478 * non-complete if this call results in having the directory unlocked. 479 * 480 * Returns: 481 * 1 - if directory was locked and key is now loaded (i.e. dir is unlocked) 482 * 0 - if directory is still locked 483 * < 0 - if __fscrypt_prepare_readdir() fails 484 */ 485 int ceph_fscrypt_prepare_readdir(struct inode *dir) 486 { 487 bool had_key = fscrypt_has_encryption_key(dir); 488 int err; 489 490 if (!IS_ENCRYPTED(dir)) 491 return 0; 492 493 err = __fscrypt_prepare_readdir(dir); 494 if (err) 495 return err; 496 if (!had_key && fscrypt_has_encryption_key(dir)) { 497 /* directory just got unlocked, mark it as not complete */ 498 ceph_dir_clear_complete(dir); 499 return 1; 500 } 501 return 0; 502 } 503 504 int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode, 505 struct page *page, unsigned int len, 506 unsigned int offs, u64 lblk_num) 507 { 508 dout("%s: len %u offs %u blk %llu\n", __func__, len, offs, lblk_num); 509 return fscrypt_decrypt_block_inplace(inode, page, len, offs, lblk_num); 510 } 511 512 int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode, 513 struct page *page, unsigned int len, 514 unsigned int offs, u64 lblk_num, 515 gfp_t gfp_flags) 516 { 517 dout("%s: len %u offs %u blk %llu\n", __func__, len, offs, lblk_num); 518 return fscrypt_encrypt_block_inplace(inode, page, len, offs, lblk_num, 519 gfp_flags); 520 } 521 522 /** 523 * ceph_fscrypt_decrypt_pages - decrypt an array of pages 524 * @inode: pointer to inode associated with these pages 525 * @page: pointer to page array 526 * @off: offset into the file that the read data starts 527 * @len: max length to decrypt 528 * 529 * Decrypt an array of fscrypt'ed pages and return the amount of 530 * data decrypted. Any data in the page prior to the start of the 531 * first complete block in the read is ignored. Any incomplete 532 * crypto blocks at the end of the array are ignored (and should 533 * probably be zeroed by the caller). 534 * 535 * Returns the length of the decrypted data or a negative errno. 536 */ 537 int ceph_fscrypt_decrypt_pages(struct inode *inode, struct page **page, 538 u64 off, int len) 539 { 540 int i, num_blocks; 541 u64 baseblk = off >> CEPH_FSCRYPT_BLOCK_SHIFT; 542 int ret = 0; 543 544 /* 545 * We can't deal with partial blocks on an encrypted file, so mask off 546 * the last bit. 547 */ 548 num_blocks = ceph_fscrypt_blocks(off, len & CEPH_FSCRYPT_BLOCK_MASK); 549 550 /* Decrypt each block */ 551 for (i = 0; i < num_blocks; ++i) { 552 int blkoff = i << CEPH_FSCRYPT_BLOCK_SHIFT; 553 int pgidx = blkoff >> PAGE_SHIFT; 554 unsigned int pgoffs = offset_in_page(blkoff); 555 int fret; 556 557 fret = ceph_fscrypt_decrypt_block_inplace(inode, page[pgidx], 558 CEPH_FSCRYPT_BLOCK_SIZE, pgoffs, 559 baseblk + i); 560 if (fret < 0) { 561 if (ret == 0) 562 ret = fret; 563 break; 564 } 565 ret += CEPH_FSCRYPT_BLOCK_SIZE; 566 } 567 return ret; 568 } 569 570 /** 571 * ceph_fscrypt_decrypt_extents: decrypt received extents in given buffer 572 * @inode: inode associated with pages being decrypted 573 * @page: pointer to page array 574 * @off: offset into the file that the data in page[0] starts 575 * @map: pointer to extent array 576 * @ext_cnt: length of extent array 577 * 578 * Given an extent map and a page array, decrypt the received data in-place, 579 * skipping holes. Returns the offset into buffer of end of last decrypted 580 * block. 581 */ 582 int ceph_fscrypt_decrypt_extents(struct inode *inode, struct page **page, 583 u64 off, struct ceph_sparse_extent *map, 584 u32 ext_cnt) 585 { 586 int i, ret = 0; 587 struct ceph_inode_info *ci = ceph_inode(inode); 588 u64 objno, objoff; 589 u32 xlen; 590 591 /* Nothing to do for empty array */ 592 if (ext_cnt == 0) { 593 dout("%s: empty array, ret 0\n", __func__); 594 return 0; 595 } 596 597 ceph_calc_file_object_mapping(&ci->i_layout, off, map[0].len, 598 &objno, &objoff, &xlen); 599 600 for (i = 0; i < ext_cnt; ++i) { 601 struct ceph_sparse_extent *ext = &map[i]; 602 int pgsoff = ext->off - objoff; 603 int pgidx = pgsoff >> PAGE_SHIFT; 604 int fret; 605 606 if ((ext->off | ext->len) & ~CEPH_FSCRYPT_BLOCK_MASK) { 607 pr_warn("%s: bad encrypted sparse extent idx %d off %llx len %llx\n", 608 __func__, i, ext->off, ext->len); 609 return -EIO; 610 } 611 fret = ceph_fscrypt_decrypt_pages(inode, &page[pgidx], 612 off + pgsoff, ext->len); 613 dout("%s: [%d] 0x%llx~0x%llx fret %d\n", __func__, i, 614 ext->off, ext->len, fret); 615 if (fret < 0) { 616 if (ret == 0) 617 ret = fret; 618 break; 619 } 620 ret = pgsoff + fret; 621 } 622 dout("%s: ret %d\n", __func__, ret); 623 return ret; 624 } 625 626 /** 627 * ceph_fscrypt_encrypt_pages - encrypt an array of pages 628 * @inode: pointer to inode associated with these pages 629 * @page: pointer to page array 630 * @off: offset into the file that the data starts 631 * @len: max length to encrypt 632 * @gfp: gfp flags to use for allocation 633 * 634 * Decrypt an array of cleartext pages and return the amount of 635 * data encrypted. Any data in the page prior to the start of the 636 * first complete block in the read is ignored. Any incomplete 637 * crypto blocks at the end of the array are ignored. 638 * 639 * Returns the length of the encrypted data or a negative errno. 640 */ 641 int ceph_fscrypt_encrypt_pages(struct inode *inode, struct page **page, u64 off, 642 int len, gfp_t gfp) 643 { 644 int i, num_blocks; 645 u64 baseblk = off >> CEPH_FSCRYPT_BLOCK_SHIFT; 646 int ret = 0; 647 648 /* 649 * We can't deal with partial blocks on an encrypted file, so mask off 650 * the last bit. 651 */ 652 num_blocks = ceph_fscrypt_blocks(off, len & CEPH_FSCRYPT_BLOCK_MASK); 653 654 /* Encrypt each block */ 655 for (i = 0; i < num_blocks; ++i) { 656 int blkoff = i << CEPH_FSCRYPT_BLOCK_SHIFT; 657 int pgidx = blkoff >> PAGE_SHIFT; 658 unsigned int pgoffs = offset_in_page(blkoff); 659 int fret; 660 661 fret = ceph_fscrypt_encrypt_block_inplace(inode, page[pgidx], 662 CEPH_FSCRYPT_BLOCK_SIZE, pgoffs, 663 baseblk + i, gfp); 664 if (fret < 0) { 665 if (ret == 0) 666 ret = fret; 667 break; 668 } 669 ret += CEPH_FSCRYPT_BLOCK_SIZE; 670 } 671 return ret; 672 } 673