1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * fscrypt.h: declarations for per-file encryption 4 * 5 * Filesystems that implement per-file encryption must include this header 6 * file. 7 * 8 * Copyright (C) 2015, Google, Inc. 9 * 10 * Written by Michael Halcrow, 2015. 11 * Modified by Jaegeuk Kim, 2015. 12 */ 13 #ifndef _LINUX_FSCRYPT_H 14 #define _LINUX_FSCRYPT_H 15 16 #include <linux/fs.h> 17 #include <linux/mm.h> 18 #include <linux/slab.h> 19 20 #define FS_CRYPTO_BLOCK_SIZE 16 21 22 struct fscrypt_ctx; 23 struct fscrypt_info; 24 25 struct fscrypt_str { 26 unsigned char *name; 27 u32 len; 28 }; 29 30 struct fscrypt_name { 31 const struct qstr *usr_fname; 32 struct fscrypt_str disk_name; 33 u32 hash; 34 u32 minor_hash; 35 struct fscrypt_str crypto_buf; 36 }; 37 38 #define FSTR_INIT(n, l) { .name = n, .len = l } 39 #define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len) 40 #define fname_name(p) ((p)->disk_name.name) 41 #define fname_len(p) ((p)->disk_name.len) 42 43 /* Maximum value for the third parameter of fscrypt_operations.set_context(). */ 44 #define FSCRYPT_SET_CONTEXT_MAX_SIZE 28 45 46 #ifdef CONFIG_FS_ENCRYPTION 47 /* 48 * fscrypt superblock flags 49 */ 50 #define FS_CFLG_OWN_PAGES (1U << 1) 51 52 /* 53 * crypto operations for filesystems 54 */ 55 struct fscrypt_operations { 56 unsigned int flags; 57 const char *key_prefix; 58 int (*get_context)(struct inode *, void *, size_t); 59 int (*set_context)(struct inode *, const void *, size_t, void *); 60 bool (*dummy_context)(struct inode *); 61 bool (*empty_dir)(struct inode *); 62 unsigned int max_namelen; 63 }; 64 65 struct fscrypt_ctx { 66 union { 67 struct { 68 struct page *bounce_page; /* Ciphertext page */ 69 struct page *control_page; /* Original page */ 70 } w; 71 struct { 72 struct bio *bio; 73 struct work_struct work; 74 } r; 75 struct list_head free_list; /* Free list */ 76 }; 77 u8 flags; /* Flags */ 78 }; 79 80 static inline bool fscrypt_has_encryption_key(const struct inode *inode) 81 { 82 return (inode->i_crypt_info != NULL); 83 } 84 85 static inline bool fscrypt_dummy_context_enabled(struct inode *inode) 86 { 87 return inode->i_sb->s_cop->dummy_context && 88 inode->i_sb->s_cop->dummy_context(inode); 89 } 90 91 /* crypto.c */ 92 extern void fscrypt_enqueue_decrypt_work(struct work_struct *); 93 extern struct fscrypt_ctx *fscrypt_get_ctx(const struct inode *, gfp_t); 94 extern void fscrypt_release_ctx(struct fscrypt_ctx *); 95 extern struct page *fscrypt_encrypt_page(const struct inode *, struct page *, 96 unsigned int, unsigned int, 97 u64, gfp_t); 98 extern int fscrypt_decrypt_page(const struct inode *, struct page *, unsigned int, 99 unsigned int, u64); 100 101 static inline struct page *fscrypt_control_page(struct page *page) 102 { 103 return ((struct fscrypt_ctx *)page_private(page))->w.control_page; 104 } 105 106 extern void fscrypt_restore_control_page(struct page *); 107 108 /* policy.c */ 109 extern int fscrypt_ioctl_set_policy(struct file *, const void __user *); 110 extern int fscrypt_ioctl_get_policy(struct file *, void __user *); 111 extern int fscrypt_has_permitted_context(struct inode *, struct inode *); 112 extern int fscrypt_inherit_context(struct inode *, struct inode *, 113 void *, bool); 114 /* keyinfo.c */ 115 extern int fscrypt_get_encryption_info(struct inode *); 116 extern void fscrypt_put_encryption_info(struct inode *); 117 118 /* fname.c */ 119 extern int fscrypt_setup_filename(struct inode *, const struct qstr *, 120 int lookup, struct fscrypt_name *); 121 122 static inline void fscrypt_free_filename(struct fscrypt_name *fname) 123 { 124 kfree(fname->crypto_buf.name); 125 } 126 127 extern int fscrypt_fname_alloc_buffer(const struct inode *, u32, 128 struct fscrypt_str *); 129 extern void fscrypt_fname_free_buffer(struct fscrypt_str *); 130 extern int fscrypt_fname_disk_to_usr(struct inode *, u32, u32, 131 const struct fscrypt_str *, struct fscrypt_str *); 132 133 #define FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE 32 134 135 /* Extracts the second-to-last ciphertext block; see explanation below */ 136 #define FSCRYPT_FNAME_DIGEST(name, len) \ 137 ((name) + round_down((len) - FS_CRYPTO_BLOCK_SIZE - 1, \ 138 FS_CRYPTO_BLOCK_SIZE)) 139 140 #define FSCRYPT_FNAME_DIGEST_SIZE FS_CRYPTO_BLOCK_SIZE 141 142 /** 143 * fscrypt_digested_name - alternate identifier for an on-disk filename 144 * 145 * When userspace lists an encrypted directory without access to the key, 146 * filenames whose ciphertext is longer than FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE 147 * bytes are shown in this abbreviated form (base64-encoded) rather than as the 148 * full ciphertext (base64-encoded). This is necessary to allow supporting 149 * filenames up to NAME_MAX bytes, since base64 encoding expands the length. 150 * 151 * To make it possible for filesystems to still find the correct directory entry 152 * despite not knowing the full on-disk name, we encode any filesystem-specific 153 * 'hash' and/or 'minor_hash' which the filesystem may need for its lookups, 154 * followed by the second-to-last ciphertext block of the filename. Due to the 155 * use of the CBC-CTS encryption mode, the second-to-last ciphertext block 156 * depends on the full plaintext. (Note that ciphertext stealing causes the 157 * last two blocks to appear "flipped".) This makes accidental collisions very 158 * unlikely: just a 1 in 2^128 chance for two filenames to collide even if they 159 * share the same filesystem-specific hashes. 160 * 161 * However, this scheme isn't immune to intentional collisions, which can be 162 * created by anyone able to create arbitrary plaintext filenames and view them 163 * without the key. Making the "digest" be a real cryptographic hash like 164 * SHA-256 over the full ciphertext would prevent this, although it would be 165 * less efficient and harder to implement, especially since the filesystem would 166 * need to calculate it for each directory entry examined during a search. 167 */ 168 struct fscrypt_digested_name { 169 u32 hash; 170 u32 minor_hash; 171 u8 digest[FSCRYPT_FNAME_DIGEST_SIZE]; 172 }; 173 174 /** 175 * fscrypt_match_name() - test whether the given name matches a directory entry 176 * @fname: the name being searched for 177 * @de_name: the name from the directory entry 178 * @de_name_len: the length of @de_name in bytes 179 * 180 * Normally @fname->disk_name will be set, and in that case we simply compare 181 * that to the name stored in the directory entry. The only exception is that 182 * if we don't have the key for an encrypted directory and a filename in it is 183 * very long, then we won't have the full disk_name and we'll instead need to 184 * match against the fscrypt_digested_name. 185 * 186 * Return: %true if the name matches, otherwise %false. 187 */ 188 static inline bool fscrypt_match_name(const struct fscrypt_name *fname, 189 const u8 *de_name, u32 de_name_len) 190 { 191 if (unlikely(!fname->disk_name.name)) { 192 const struct fscrypt_digested_name *n = 193 (const void *)fname->crypto_buf.name; 194 if (WARN_ON_ONCE(fname->usr_fname->name[0] != '_')) 195 return false; 196 if (de_name_len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) 197 return false; 198 return !memcmp(FSCRYPT_FNAME_DIGEST(de_name, de_name_len), 199 n->digest, FSCRYPT_FNAME_DIGEST_SIZE); 200 } 201 202 if (de_name_len != fname->disk_name.len) 203 return false; 204 return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len); 205 } 206 207 /* bio.c */ 208 extern void fscrypt_decrypt_bio(struct bio *); 209 extern void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx, 210 struct bio *bio); 211 extern void fscrypt_pullback_bio_page(struct page **, bool); 212 extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t, 213 unsigned int); 214 215 /* hooks.c */ 216 extern int fscrypt_file_open(struct inode *inode, struct file *filp); 217 extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir); 218 extern int __fscrypt_prepare_rename(struct inode *old_dir, 219 struct dentry *old_dentry, 220 struct inode *new_dir, 221 struct dentry *new_dentry, 222 unsigned int flags); 223 extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry); 224 extern int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len, 225 unsigned int max_len, 226 struct fscrypt_str *disk_link); 227 extern int __fscrypt_encrypt_symlink(struct inode *inode, const char *target, 228 unsigned int len, 229 struct fscrypt_str *disk_link); 230 extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, 231 unsigned int max_size, 232 struct delayed_call *done); 233 #else /* !CONFIG_FS_ENCRYPTION */ 234 235 static inline bool fscrypt_has_encryption_key(const struct inode *inode) 236 { 237 return false; 238 } 239 240 static inline bool fscrypt_dummy_context_enabled(struct inode *inode) 241 { 242 return false; 243 } 244 245 /* crypto.c */ 246 static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work) 247 { 248 } 249 250 static inline struct fscrypt_ctx *fscrypt_get_ctx(const struct inode *inode, 251 gfp_t gfp_flags) 252 { 253 return ERR_PTR(-EOPNOTSUPP); 254 } 255 256 static inline void fscrypt_release_ctx(struct fscrypt_ctx *ctx) 257 { 258 return; 259 } 260 261 static inline struct page *fscrypt_encrypt_page(const struct inode *inode, 262 struct page *page, 263 unsigned int len, 264 unsigned int offs, 265 u64 lblk_num, gfp_t gfp_flags) 266 { 267 return ERR_PTR(-EOPNOTSUPP); 268 } 269 270 static inline int fscrypt_decrypt_page(const struct inode *inode, 271 struct page *page, 272 unsigned int len, unsigned int offs, 273 u64 lblk_num) 274 { 275 return -EOPNOTSUPP; 276 } 277 278 static inline struct page *fscrypt_control_page(struct page *page) 279 { 280 WARN_ON_ONCE(1); 281 return ERR_PTR(-EINVAL); 282 } 283 284 static inline void fscrypt_restore_control_page(struct page *page) 285 { 286 return; 287 } 288 289 /* policy.c */ 290 static inline int fscrypt_ioctl_set_policy(struct file *filp, 291 const void __user *arg) 292 { 293 return -EOPNOTSUPP; 294 } 295 296 static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg) 297 { 298 return -EOPNOTSUPP; 299 } 300 301 static inline int fscrypt_has_permitted_context(struct inode *parent, 302 struct inode *child) 303 { 304 return 0; 305 } 306 307 static inline int fscrypt_inherit_context(struct inode *parent, 308 struct inode *child, 309 void *fs_data, bool preload) 310 { 311 return -EOPNOTSUPP; 312 } 313 314 /* keyinfo.c */ 315 static inline int fscrypt_get_encryption_info(struct inode *inode) 316 { 317 return -EOPNOTSUPP; 318 } 319 320 static inline void fscrypt_put_encryption_info(struct inode *inode) 321 { 322 return; 323 } 324 325 /* fname.c */ 326 static inline int fscrypt_setup_filename(struct inode *dir, 327 const struct qstr *iname, 328 int lookup, struct fscrypt_name *fname) 329 { 330 if (IS_ENCRYPTED(dir)) 331 return -EOPNOTSUPP; 332 333 memset(fname, 0, sizeof(struct fscrypt_name)); 334 fname->usr_fname = iname; 335 fname->disk_name.name = (unsigned char *)iname->name; 336 fname->disk_name.len = iname->len; 337 return 0; 338 } 339 340 static inline void fscrypt_free_filename(struct fscrypt_name *fname) 341 { 342 return; 343 } 344 345 static inline int fscrypt_fname_alloc_buffer(const struct inode *inode, 346 u32 max_encrypted_len, 347 struct fscrypt_str *crypto_str) 348 { 349 return -EOPNOTSUPP; 350 } 351 352 static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str) 353 { 354 return; 355 } 356 357 static inline int fscrypt_fname_disk_to_usr(struct inode *inode, 358 u32 hash, u32 minor_hash, 359 const struct fscrypt_str *iname, 360 struct fscrypt_str *oname) 361 { 362 return -EOPNOTSUPP; 363 } 364 365 static inline bool fscrypt_match_name(const struct fscrypt_name *fname, 366 const u8 *de_name, u32 de_name_len) 367 { 368 /* Encryption support disabled; use standard comparison */ 369 if (de_name_len != fname->disk_name.len) 370 return false; 371 return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len); 372 } 373 374 /* bio.c */ 375 static inline void fscrypt_decrypt_bio(struct bio *bio) 376 { 377 } 378 379 static inline void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx, 380 struct bio *bio) 381 { 382 } 383 384 static inline void fscrypt_pullback_bio_page(struct page **page, bool restore) 385 { 386 return; 387 } 388 389 static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, 390 sector_t pblk, unsigned int len) 391 { 392 return -EOPNOTSUPP; 393 } 394 395 /* hooks.c */ 396 397 static inline int fscrypt_file_open(struct inode *inode, struct file *filp) 398 { 399 if (IS_ENCRYPTED(inode)) 400 return -EOPNOTSUPP; 401 return 0; 402 } 403 404 static inline int __fscrypt_prepare_link(struct inode *inode, 405 struct inode *dir) 406 { 407 return -EOPNOTSUPP; 408 } 409 410 static inline int __fscrypt_prepare_rename(struct inode *old_dir, 411 struct dentry *old_dentry, 412 struct inode *new_dir, 413 struct dentry *new_dentry, 414 unsigned int flags) 415 { 416 return -EOPNOTSUPP; 417 } 418 419 static inline int __fscrypt_prepare_lookup(struct inode *dir, 420 struct dentry *dentry) 421 { 422 return -EOPNOTSUPP; 423 } 424 425 static inline int __fscrypt_prepare_symlink(struct inode *dir, 426 unsigned int len, 427 unsigned int max_len, 428 struct fscrypt_str *disk_link) 429 { 430 return -EOPNOTSUPP; 431 } 432 433 434 static inline int __fscrypt_encrypt_symlink(struct inode *inode, 435 const char *target, 436 unsigned int len, 437 struct fscrypt_str *disk_link) 438 { 439 return -EOPNOTSUPP; 440 } 441 442 static inline const char *fscrypt_get_symlink(struct inode *inode, 443 const void *caddr, 444 unsigned int max_size, 445 struct delayed_call *done) 446 { 447 return ERR_PTR(-EOPNOTSUPP); 448 } 449 #endif /* !CONFIG_FS_ENCRYPTION */ 450 451 /** 452 * fscrypt_require_key - require an inode's encryption key 453 * @inode: the inode we need the key for 454 * 455 * If the inode is encrypted, set up its encryption key if not already done. 456 * Then require that the key be present and return -ENOKEY otherwise. 457 * 458 * No locks are needed, and the key will live as long as the struct inode --- so 459 * it won't go away from under you. 460 * 461 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code 462 * if a problem occurred while setting up the encryption key. 463 */ 464 static inline int fscrypt_require_key(struct inode *inode) 465 { 466 if (IS_ENCRYPTED(inode)) { 467 int err = fscrypt_get_encryption_info(inode); 468 469 if (err) 470 return err; 471 if (!fscrypt_has_encryption_key(inode)) 472 return -ENOKEY; 473 } 474 return 0; 475 } 476 477 /** 478 * fscrypt_prepare_link - prepare to link an inode into a possibly-encrypted directory 479 * @old_dentry: an existing dentry for the inode being linked 480 * @dir: the target directory 481 * @dentry: negative dentry for the target filename 482 * 483 * A new link can only be added to an encrypted directory if the directory's 484 * encryption key is available --- since otherwise we'd have no way to encrypt 485 * the filename. Therefore, we first set up the directory's encryption key (if 486 * not already done) and return an error if it's unavailable. 487 * 488 * We also verify that the link will not violate the constraint that all files 489 * in an encrypted directory tree use the same encryption policy. 490 * 491 * Return: 0 on success, -ENOKEY if the directory's encryption key is missing, 492 * -EXDEV if the link would result in an inconsistent encryption policy, or 493 * another -errno code. 494 */ 495 static inline int fscrypt_prepare_link(struct dentry *old_dentry, 496 struct inode *dir, 497 struct dentry *dentry) 498 { 499 if (IS_ENCRYPTED(dir)) 500 return __fscrypt_prepare_link(d_inode(old_dentry), dir); 501 return 0; 502 } 503 504 /** 505 * fscrypt_prepare_rename - prepare for a rename between possibly-encrypted directories 506 * @old_dir: source directory 507 * @old_dentry: dentry for source file 508 * @new_dir: target directory 509 * @new_dentry: dentry for target location (may be negative unless exchanging) 510 * @flags: rename flags (we care at least about %RENAME_EXCHANGE) 511 * 512 * Prepare for ->rename() where the source and/or target directories may be 513 * encrypted. A new link can only be added to an encrypted directory if the 514 * directory's encryption key is available --- since otherwise we'd have no way 515 * to encrypt the filename. A rename to an existing name, on the other hand, 516 * *is* cryptographically possible without the key. However, we take the more 517 * conservative approach and just forbid all no-key renames. 518 * 519 * We also verify that the rename will not violate the constraint that all files 520 * in an encrypted directory tree use the same encryption policy. 521 * 522 * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the 523 * rename would cause inconsistent encryption policies, or another -errno code. 524 */ 525 static inline int fscrypt_prepare_rename(struct inode *old_dir, 526 struct dentry *old_dentry, 527 struct inode *new_dir, 528 struct dentry *new_dentry, 529 unsigned int flags) 530 { 531 if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir)) 532 return __fscrypt_prepare_rename(old_dir, old_dentry, 533 new_dir, new_dentry, flags); 534 return 0; 535 } 536 537 /** 538 * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory 539 * @dir: directory being searched 540 * @dentry: filename being looked up 541 * @flags: lookup flags 542 * 543 * Prepare for ->lookup() in a directory which may be encrypted. Lookups can be 544 * done with or without the directory's encryption key; without the key, 545 * filenames are presented in encrypted form. Therefore, we'll try to set up 546 * the directory's encryption key, but even without it the lookup can continue. 547 * 548 * To allow invalidating stale dentries if the directory's encryption key is 549 * added later, we also install a custom ->d_revalidate() method and use the 550 * DCACHE_ENCRYPTED_WITH_KEY flag to indicate whether a given dentry is a 551 * plaintext name (flag set) or a ciphertext name (flag cleared). 552 * 553 * Return: 0 on success, -errno if a problem occurred while setting up the 554 * encryption key 555 */ 556 static inline int fscrypt_prepare_lookup(struct inode *dir, 557 struct dentry *dentry, 558 unsigned int flags) 559 { 560 if (IS_ENCRYPTED(dir)) 561 return __fscrypt_prepare_lookup(dir, dentry); 562 return 0; 563 } 564 565 /** 566 * fscrypt_prepare_setattr - prepare to change a possibly-encrypted inode's attributes 567 * @dentry: dentry through which the inode is being changed 568 * @attr: attributes to change 569 * 570 * Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file, 571 * most attribute changes are allowed even without the encryption key. However, 572 * without the encryption key we do have to forbid truncates. This is needed 573 * because the size being truncated to may not be a multiple of the filesystem 574 * block size, and in that case we'd have to decrypt the final block, zero the 575 * portion past i_size, and re-encrypt it. (We *could* allow truncating to a 576 * filesystem block boundary, but it's simpler to just forbid all truncates --- 577 * and we already forbid all other contents modifications without the key.) 578 * 579 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code 580 * if a problem occurred while setting up the encryption key. 581 */ 582 static inline int fscrypt_prepare_setattr(struct dentry *dentry, 583 struct iattr *attr) 584 { 585 if (attr->ia_valid & ATTR_SIZE) 586 return fscrypt_require_key(d_inode(dentry)); 587 return 0; 588 } 589 590 /** 591 * fscrypt_prepare_symlink - prepare to create a possibly-encrypted symlink 592 * @dir: directory in which the symlink is being created 593 * @target: plaintext symlink target 594 * @len: length of @target excluding null terminator 595 * @max_len: space the filesystem has available to store the symlink target 596 * @disk_link: (out) the on-disk symlink target being prepared 597 * 598 * This function computes the size the symlink target will require on-disk, 599 * stores it in @disk_link->len, and validates it against @max_len. An 600 * encrypted symlink may be longer than the original. 601 * 602 * Additionally, @disk_link->name is set to @target if the symlink will be 603 * unencrypted, but left NULL if the symlink will be encrypted. For encrypted 604 * symlinks, the filesystem must call fscrypt_encrypt_symlink() to create the 605 * on-disk target later. (The reason for the two-step process is that some 606 * filesystems need to know the size of the symlink target before creating the 607 * inode, e.g. to determine whether it will be a "fast" or "slow" symlink.) 608 * 609 * Return: 0 on success, -ENAMETOOLONG if the symlink target is too long, 610 * -ENOKEY if the encryption key is missing, or another -errno code if a problem 611 * occurred while setting up the encryption key. 612 */ 613 static inline int fscrypt_prepare_symlink(struct inode *dir, 614 const char *target, 615 unsigned int len, 616 unsigned int max_len, 617 struct fscrypt_str *disk_link) 618 { 619 if (IS_ENCRYPTED(dir) || fscrypt_dummy_context_enabled(dir)) 620 return __fscrypt_prepare_symlink(dir, len, max_len, disk_link); 621 622 disk_link->name = (unsigned char *)target; 623 disk_link->len = len + 1; 624 if (disk_link->len > max_len) 625 return -ENAMETOOLONG; 626 return 0; 627 } 628 629 /** 630 * fscrypt_encrypt_symlink - encrypt the symlink target if needed 631 * @inode: symlink inode 632 * @target: plaintext symlink target 633 * @len: length of @target excluding null terminator 634 * @disk_link: (in/out) the on-disk symlink target being prepared 635 * 636 * If the symlink target needs to be encrypted, then this function encrypts it 637 * into @disk_link->name. fscrypt_prepare_symlink() must have been called 638 * previously to compute @disk_link->len. If the filesystem did not allocate a 639 * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one 640 * will be kmalloc()'ed and the filesystem will be responsible for freeing it. 641 * 642 * Return: 0 on success, -errno on failure 643 */ 644 static inline int fscrypt_encrypt_symlink(struct inode *inode, 645 const char *target, 646 unsigned int len, 647 struct fscrypt_str *disk_link) 648 { 649 if (IS_ENCRYPTED(inode)) 650 return __fscrypt_encrypt_symlink(inode, target, len, disk_link); 651 return 0; 652 } 653 654 #endif /* _LINUX_FSCRYPT_H */ 655