root/include/linux/fscrypt.h

/* [<][>][^][v][top][bottom][index][help] */

INCLUDED FROM


DEFINITIONS

This source file includes following definitions.
  1. fscrypt_has_encryption_key
  2. fscrypt_dummy_context_enabled
  3. fscrypt_handle_d_move
  4. fscrypt_is_bounce_page
  5. fscrypt_pagecache_page
  6. fscrypt_free_filename
  7. fscrypt_match_name
  8. fscrypt_set_ops
  9. fscrypt_has_encryption_key
  10. fscrypt_dummy_context_enabled
  11. fscrypt_handle_d_move
  12. fscrypt_enqueue_decrypt_work
  13. fscrypt_get_ctx
  14. fscrypt_release_ctx
  15. fscrypt_encrypt_pagecache_blocks
  16. fscrypt_encrypt_block_inplace
  17. fscrypt_decrypt_pagecache_blocks
  18. fscrypt_decrypt_block_inplace
  19. fscrypt_is_bounce_page
  20. fscrypt_pagecache_page
  21. fscrypt_free_bounce_page
  22. fscrypt_ioctl_set_policy
  23. fscrypt_ioctl_get_policy
  24. fscrypt_ioctl_get_policy_ex
  25. fscrypt_has_permitted_context
  26. fscrypt_inherit_context
  27. fscrypt_sb_free
  28. fscrypt_ioctl_add_key
  29. fscrypt_ioctl_remove_key
  30. fscrypt_ioctl_remove_key_all_users
  31. fscrypt_ioctl_get_key_status
  32. fscrypt_get_encryption_info
  33. fscrypt_put_encryption_info
  34. fscrypt_free_inode
  35. fscrypt_drop_inode
  36. fscrypt_setup_filename
  37. fscrypt_free_filename
  38. fscrypt_fname_alloc_buffer
  39. fscrypt_fname_free_buffer
  40. fscrypt_fname_disk_to_usr
  41. fscrypt_match_name
  42. fscrypt_decrypt_bio
  43. fscrypt_enqueue_decrypt_bio
  44. fscrypt_zeroout_range
  45. fscrypt_file_open
  46. __fscrypt_prepare_link
  47. __fscrypt_prepare_rename
  48. __fscrypt_prepare_lookup
  49. __fscrypt_prepare_symlink
  50. __fscrypt_encrypt_symlink
  51. fscrypt_get_symlink
  52. fscrypt_set_ops
  53. fscrypt_require_key
  54. fscrypt_prepare_link
  55. fscrypt_prepare_rename
  56. fscrypt_prepare_lookup
  57. fscrypt_prepare_setattr
  58. fscrypt_prepare_symlink
  59. fscrypt_encrypt_symlink
  60. fscrypt_finalize_bounce_page

   1 /* SPDX-License-Identifier: GPL-2.0 */
   2 /*
   3  * fscrypt.h: declarations for per-file encryption
   4  *
   5  * Filesystems that implement per-file encryption must include this header
   6  * file.
   7  *
   8  * Copyright (C) 2015, Google, Inc.
   9  *
  10  * Written by Michael Halcrow, 2015.
  11  * Modified by Jaegeuk Kim, 2015.
  12  */
  13 #ifndef _LINUX_FSCRYPT_H
  14 #define _LINUX_FSCRYPT_H
  15 
  16 #include <linux/fs.h>
  17 #include <linux/mm.h>
  18 #include <linux/slab.h>
  19 #include <uapi/linux/fscrypt.h>
  20 
  21 #define FS_CRYPTO_BLOCK_SIZE            16
  22 
  23 struct fscrypt_ctx;
  24 struct fscrypt_info;
  25 
  26 struct fscrypt_str {
  27         unsigned char *name;
  28         u32 len;
  29 };
  30 
  31 struct fscrypt_name {
  32         const struct qstr *usr_fname;
  33         struct fscrypt_str disk_name;
  34         u32 hash;
  35         u32 minor_hash;
  36         struct fscrypt_str crypto_buf;
  37         bool is_ciphertext_name;
  38 };
  39 
  40 #define FSTR_INIT(n, l)         { .name = n, .len = l }
  41 #define FSTR_TO_QSTR(f)         QSTR_INIT((f)->name, (f)->len)
  42 #define fname_name(p)           ((p)->disk_name.name)
  43 #define fname_len(p)            ((p)->disk_name.len)
  44 
  45 /* Maximum value for the third parameter of fscrypt_operations.set_context(). */
  46 #define FSCRYPT_SET_CONTEXT_MAX_SIZE    40
  47 
  48 #ifdef CONFIG_FS_ENCRYPTION
  49 /*
  50  * fscrypt superblock flags
  51  */
  52 #define FS_CFLG_OWN_PAGES (1U << 1)
  53 
  54 /*
  55  * crypto operations for filesystems
  56  */
  57 struct fscrypt_operations {
  58         unsigned int flags;
  59         const char *key_prefix;
  60         int (*get_context)(struct inode *, void *, size_t);
  61         int (*set_context)(struct inode *, const void *, size_t, void *);
  62         bool (*dummy_context)(struct inode *);
  63         bool (*empty_dir)(struct inode *);
  64         unsigned int max_namelen;
  65 };
  66 
  67 /* Decryption work */
  68 struct fscrypt_ctx {
  69         union {
  70                 struct {
  71                         struct bio *bio;
  72                         struct work_struct work;
  73                 };
  74                 struct list_head free_list;     /* Free list */
  75         };
  76         u8 flags;                               /* Flags */
  77 };
  78 
  79 static inline bool fscrypt_has_encryption_key(const struct inode *inode)
  80 {
  81         /* pairs with cmpxchg_release() in fscrypt_get_encryption_info() */
  82         return READ_ONCE(inode->i_crypt_info) != NULL;
  83 }
  84 
  85 static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
  86 {
  87         return inode->i_sb->s_cop->dummy_context &&
  88                 inode->i_sb->s_cop->dummy_context(inode);
  89 }
  90 
  91 /*
  92  * When d_splice_alias() moves a directory's encrypted alias to its decrypted
  93  * alias as a result of the encryption key being added, DCACHE_ENCRYPTED_NAME
  94  * must be cleared.  Note that we don't have to support arbitrary moves of this
  95  * flag because fscrypt doesn't allow encrypted aliases to be the source or
  96  * target of a rename().
  97  */
  98 static inline void fscrypt_handle_d_move(struct dentry *dentry)
  99 {
 100         dentry->d_flags &= ~DCACHE_ENCRYPTED_NAME;
 101 }
 102 
 103 /* crypto.c */
 104 extern void fscrypt_enqueue_decrypt_work(struct work_struct *);
 105 extern struct fscrypt_ctx *fscrypt_get_ctx(gfp_t);
 106 extern void fscrypt_release_ctx(struct fscrypt_ctx *);
 107 
 108 extern struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
 109                                                      unsigned int len,
 110                                                      unsigned int offs,
 111                                                      gfp_t gfp_flags);
 112 extern int fscrypt_encrypt_block_inplace(const struct inode *inode,
 113                                          struct page *page, unsigned int len,
 114                                          unsigned int offs, u64 lblk_num,
 115                                          gfp_t gfp_flags);
 116 
 117 extern int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
 118                                             unsigned int offs);
 119 extern int fscrypt_decrypt_block_inplace(const struct inode *inode,
 120                                          struct page *page, unsigned int len,
 121                                          unsigned int offs, u64 lblk_num);
 122 
 123 static inline bool fscrypt_is_bounce_page(struct page *page)
 124 {
 125         return page->mapping == NULL;
 126 }
 127 
 128 static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
 129 {
 130         return (struct page *)page_private(bounce_page);
 131 }
 132 
 133 extern void fscrypt_free_bounce_page(struct page *bounce_page);
 134 
 135 /* policy.c */
 136 extern int fscrypt_ioctl_set_policy(struct file *, const void __user *);
 137 extern int fscrypt_ioctl_get_policy(struct file *, void __user *);
 138 extern int fscrypt_ioctl_get_policy_ex(struct file *, void __user *);
 139 extern int fscrypt_has_permitted_context(struct inode *, struct inode *);
 140 extern int fscrypt_inherit_context(struct inode *, struct inode *,
 141                                         void *, bool);
 142 /* keyring.c */
 143 extern void fscrypt_sb_free(struct super_block *sb);
 144 extern int fscrypt_ioctl_add_key(struct file *filp, void __user *arg);
 145 extern int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg);
 146 extern int fscrypt_ioctl_remove_key_all_users(struct file *filp,
 147                                               void __user *arg);
 148 extern int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg);
 149 
 150 /* keysetup.c */
 151 extern int fscrypt_get_encryption_info(struct inode *);
 152 extern void fscrypt_put_encryption_info(struct inode *);
 153 extern void fscrypt_free_inode(struct inode *);
 154 extern int fscrypt_drop_inode(struct inode *inode);
 155 
 156 /* fname.c */
 157 extern int fscrypt_setup_filename(struct inode *, const struct qstr *,
 158                                 int lookup, struct fscrypt_name *);
 159 
 160 static inline void fscrypt_free_filename(struct fscrypt_name *fname)
 161 {
 162         kfree(fname->crypto_buf.name);
 163 }
 164 
 165 extern int fscrypt_fname_alloc_buffer(const struct inode *, u32,
 166                                 struct fscrypt_str *);
 167 extern void fscrypt_fname_free_buffer(struct fscrypt_str *);
 168 extern int fscrypt_fname_disk_to_usr(struct inode *, u32, u32,
 169                         const struct fscrypt_str *, struct fscrypt_str *);
 170 
 171 #define FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE       32
 172 
 173 /* Extracts the second-to-last ciphertext block; see explanation below */
 174 #define FSCRYPT_FNAME_DIGEST(name, len) \
 175         ((name) + round_down((len) - FS_CRYPTO_BLOCK_SIZE - 1, \
 176                              FS_CRYPTO_BLOCK_SIZE))
 177 
 178 #define FSCRYPT_FNAME_DIGEST_SIZE       FS_CRYPTO_BLOCK_SIZE
 179 
 180 /**
 181  * fscrypt_digested_name - alternate identifier for an on-disk filename
 182  *
 183  * When userspace lists an encrypted directory without access to the key,
 184  * filenames whose ciphertext is longer than FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE
 185  * bytes are shown in this abbreviated form (base64-encoded) rather than as the
 186  * full ciphertext (base64-encoded).  This is necessary to allow supporting
 187  * filenames up to NAME_MAX bytes, since base64 encoding expands the length.
 188  *
 189  * To make it possible for filesystems to still find the correct directory entry
 190  * despite not knowing the full on-disk name, we encode any filesystem-specific
 191  * 'hash' and/or 'minor_hash' which the filesystem may need for its lookups,
 192  * followed by the second-to-last ciphertext block of the filename.  Due to the
 193  * use of the CBC-CTS encryption mode, the second-to-last ciphertext block
 194  * depends on the full plaintext.  (Note that ciphertext stealing causes the
 195  * last two blocks to appear "flipped".)  This makes accidental collisions very
 196  * unlikely: just a 1 in 2^128 chance for two filenames to collide even if they
 197  * share the same filesystem-specific hashes.
 198  *
 199  * However, this scheme isn't immune to intentional collisions, which can be
 200  * created by anyone able to create arbitrary plaintext filenames and view them
 201  * without the key.  Making the "digest" be a real cryptographic hash like
 202  * SHA-256 over the full ciphertext would prevent this, although it would be
 203  * less efficient and harder to implement, especially since the filesystem would
 204  * need to calculate it for each directory entry examined during a search.
 205  */
 206 struct fscrypt_digested_name {
 207         u32 hash;
 208         u32 minor_hash;
 209         u8 digest[FSCRYPT_FNAME_DIGEST_SIZE];
 210 };
 211 
 212 /**
 213  * fscrypt_match_name() - test whether the given name matches a directory entry
 214  * @fname: the name being searched for
 215  * @de_name: the name from the directory entry
 216  * @de_name_len: the length of @de_name in bytes
 217  *
 218  * Normally @fname->disk_name will be set, and in that case we simply compare
 219  * that to the name stored in the directory entry.  The only exception is that
 220  * if we don't have the key for an encrypted directory and a filename in it is
 221  * very long, then we won't have the full disk_name and we'll instead need to
 222  * match against the fscrypt_digested_name.
 223  *
 224  * Return: %true if the name matches, otherwise %false.
 225  */
 226 static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
 227                                       const u8 *de_name, u32 de_name_len)
 228 {
 229         if (unlikely(!fname->disk_name.name)) {
 230                 const struct fscrypt_digested_name *n =
 231                         (const void *)fname->crypto_buf.name;
 232                 if (WARN_ON_ONCE(fname->usr_fname->name[0] != '_'))
 233                         return false;
 234                 if (de_name_len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE)
 235                         return false;
 236                 return !memcmp(FSCRYPT_FNAME_DIGEST(de_name, de_name_len),
 237                                n->digest, FSCRYPT_FNAME_DIGEST_SIZE);
 238         }
 239 
 240         if (de_name_len != fname->disk_name.len)
 241                 return false;
 242         return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
 243 }
 244 
 245 /* bio.c */
 246 extern void fscrypt_decrypt_bio(struct bio *);
 247 extern void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx,
 248                                         struct bio *bio);
 249 extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t,
 250                                  unsigned int);
 251 
 252 /* hooks.c */
 253 extern int fscrypt_file_open(struct inode *inode, struct file *filp);
 254 extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
 255                                   struct dentry *dentry);
 256 extern int __fscrypt_prepare_rename(struct inode *old_dir,
 257                                     struct dentry *old_dentry,
 258                                     struct inode *new_dir,
 259                                     struct dentry *new_dentry,
 260                                     unsigned int flags);
 261 extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
 262                                     struct fscrypt_name *fname);
 263 extern int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len,
 264                                      unsigned int max_len,
 265                                      struct fscrypt_str *disk_link);
 266 extern int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
 267                                      unsigned int len,
 268                                      struct fscrypt_str *disk_link);
 269 extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
 270                                        unsigned int max_size,
 271                                        struct delayed_call *done);
 272 static inline void fscrypt_set_ops(struct super_block *sb,
 273                                    const struct fscrypt_operations *s_cop)
 274 {
 275         sb->s_cop = s_cop;
 276 }
 277 #else  /* !CONFIG_FS_ENCRYPTION */
 278 
 279 static inline bool fscrypt_has_encryption_key(const struct inode *inode)
 280 {
 281         return false;
 282 }
 283 
 284 static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
 285 {
 286         return false;
 287 }
 288 
 289 static inline void fscrypt_handle_d_move(struct dentry *dentry)
 290 {
 291 }
 292 
 293 /* crypto.c */
 294 static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work)
 295 {
 296 }
 297 
 298 static inline struct fscrypt_ctx *fscrypt_get_ctx(gfp_t gfp_flags)
 299 {
 300         return ERR_PTR(-EOPNOTSUPP);
 301 }
 302 
 303 static inline void fscrypt_release_ctx(struct fscrypt_ctx *ctx)
 304 {
 305         return;
 306 }
 307 
 308 static inline struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
 309                                                             unsigned int len,
 310                                                             unsigned int offs,
 311                                                             gfp_t gfp_flags)
 312 {
 313         return ERR_PTR(-EOPNOTSUPP);
 314 }
 315 
 316 static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
 317                                                 struct page *page,
 318                                                 unsigned int len,
 319                                                 unsigned int offs, u64 lblk_num,
 320                                                 gfp_t gfp_flags)
 321 {
 322         return -EOPNOTSUPP;
 323 }
 324 
 325 static inline int fscrypt_decrypt_pagecache_blocks(struct page *page,
 326                                                    unsigned int len,
 327                                                    unsigned int offs)
 328 {
 329         return -EOPNOTSUPP;
 330 }
 331 
 332 static inline int fscrypt_decrypt_block_inplace(const struct inode *inode,
 333                                                 struct page *page,
 334                                                 unsigned int len,
 335                                                 unsigned int offs, u64 lblk_num)
 336 {
 337         return -EOPNOTSUPP;
 338 }
 339 
 340 static inline bool fscrypt_is_bounce_page(struct page *page)
 341 {
 342         return false;
 343 }
 344 
 345 static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
 346 {
 347         WARN_ON_ONCE(1);
 348         return ERR_PTR(-EINVAL);
 349 }
 350 
 351 static inline void fscrypt_free_bounce_page(struct page *bounce_page)
 352 {
 353 }
 354 
 355 /* policy.c */
 356 static inline int fscrypt_ioctl_set_policy(struct file *filp,
 357                                            const void __user *arg)
 358 {
 359         return -EOPNOTSUPP;
 360 }
 361 
 362 static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg)
 363 {
 364         return -EOPNOTSUPP;
 365 }
 366 
 367 static inline int fscrypt_ioctl_get_policy_ex(struct file *filp,
 368                                               void __user *arg)
 369 {
 370         return -EOPNOTSUPP;
 371 }
 372 
 373 static inline int fscrypt_has_permitted_context(struct inode *parent,
 374                                                 struct inode *child)
 375 {
 376         return 0;
 377 }
 378 
 379 static inline int fscrypt_inherit_context(struct inode *parent,
 380                                           struct inode *child,
 381                                           void *fs_data, bool preload)
 382 {
 383         return -EOPNOTSUPP;
 384 }
 385 
 386 /* keyring.c */
 387 static inline void fscrypt_sb_free(struct super_block *sb)
 388 {
 389 }
 390 
 391 static inline int fscrypt_ioctl_add_key(struct file *filp, void __user *arg)
 392 {
 393         return -EOPNOTSUPP;
 394 }
 395 
 396 static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg)
 397 {
 398         return -EOPNOTSUPP;
 399 }
 400 
 401 static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp,
 402                                                      void __user *arg)
 403 {
 404         return -EOPNOTSUPP;
 405 }
 406 
 407 static inline int fscrypt_ioctl_get_key_status(struct file *filp,
 408                                                void __user *arg)
 409 {
 410         return -EOPNOTSUPP;
 411 }
 412 
 413 /* keysetup.c */
 414 static inline int fscrypt_get_encryption_info(struct inode *inode)
 415 {
 416         return -EOPNOTSUPP;
 417 }
 418 
 419 static inline void fscrypt_put_encryption_info(struct inode *inode)
 420 {
 421         return;
 422 }
 423 
 424 static inline void fscrypt_free_inode(struct inode *inode)
 425 {
 426 }
 427 
 428 static inline int fscrypt_drop_inode(struct inode *inode)
 429 {
 430         return 0;
 431 }
 432 
 433  /* fname.c */
 434 static inline int fscrypt_setup_filename(struct inode *dir,
 435                                          const struct qstr *iname,
 436                                          int lookup, struct fscrypt_name *fname)
 437 {
 438         if (IS_ENCRYPTED(dir))
 439                 return -EOPNOTSUPP;
 440 
 441         memset(fname, 0, sizeof(*fname));
 442         fname->usr_fname = iname;
 443         fname->disk_name.name = (unsigned char *)iname->name;
 444         fname->disk_name.len = iname->len;
 445         return 0;
 446 }
 447 
 448 static inline void fscrypt_free_filename(struct fscrypt_name *fname)
 449 {
 450         return;
 451 }
 452 
 453 static inline int fscrypt_fname_alloc_buffer(const struct inode *inode,
 454                                              u32 max_encrypted_len,
 455                                              struct fscrypt_str *crypto_str)
 456 {
 457         return -EOPNOTSUPP;
 458 }
 459 
 460 static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
 461 {
 462         return;
 463 }
 464 
 465 static inline int fscrypt_fname_disk_to_usr(struct inode *inode,
 466                                             u32 hash, u32 minor_hash,
 467                                             const struct fscrypt_str *iname,
 468                                             struct fscrypt_str *oname)
 469 {
 470         return -EOPNOTSUPP;
 471 }
 472 
 473 static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
 474                                       const u8 *de_name, u32 de_name_len)
 475 {
 476         /* Encryption support disabled; use standard comparison */
 477         if (de_name_len != fname->disk_name.len)
 478                 return false;
 479         return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
 480 }
 481 
 482 /* bio.c */
 483 static inline void fscrypt_decrypt_bio(struct bio *bio)
 484 {
 485 }
 486 
 487 static inline void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx,
 488                                                struct bio *bio)
 489 {
 490 }
 491 
 492 static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
 493                                         sector_t pblk, unsigned int len)
 494 {
 495         return -EOPNOTSUPP;
 496 }
 497 
 498 /* hooks.c */
 499 
 500 static inline int fscrypt_file_open(struct inode *inode, struct file *filp)
 501 {
 502         if (IS_ENCRYPTED(inode))
 503                 return -EOPNOTSUPP;
 504         return 0;
 505 }
 506 
 507 static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
 508                                          struct dentry *dentry)
 509 {
 510         return -EOPNOTSUPP;
 511 }
 512 
 513 static inline int __fscrypt_prepare_rename(struct inode *old_dir,
 514                                            struct dentry *old_dentry,
 515                                            struct inode *new_dir,
 516                                            struct dentry *new_dentry,
 517                                            unsigned int flags)
 518 {
 519         return -EOPNOTSUPP;
 520 }
 521 
 522 static inline int __fscrypt_prepare_lookup(struct inode *dir,
 523                                            struct dentry *dentry,
 524                                            struct fscrypt_name *fname)
 525 {
 526         return -EOPNOTSUPP;
 527 }
 528 
 529 static inline int __fscrypt_prepare_symlink(struct inode *dir,
 530                                             unsigned int len,
 531                                             unsigned int max_len,
 532                                             struct fscrypt_str *disk_link)
 533 {
 534         return -EOPNOTSUPP;
 535 }
 536 
 537 
 538 static inline int __fscrypt_encrypt_symlink(struct inode *inode,
 539                                             const char *target,
 540                                             unsigned int len,
 541                                             struct fscrypt_str *disk_link)
 542 {
 543         return -EOPNOTSUPP;
 544 }
 545 
 546 static inline const char *fscrypt_get_symlink(struct inode *inode,
 547                                               const void *caddr,
 548                                               unsigned int max_size,
 549                                               struct delayed_call *done)
 550 {
 551         return ERR_PTR(-EOPNOTSUPP);
 552 }
 553 
 554 static inline void fscrypt_set_ops(struct super_block *sb,
 555                                    const struct fscrypt_operations *s_cop)
 556 {
 557 }
 558 
 559 #endif  /* !CONFIG_FS_ENCRYPTION */
 560 
 561 /**
 562  * fscrypt_require_key - require an inode's encryption key
 563  * @inode: the inode we need the key for
 564  *
 565  * If the inode is encrypted, set up its encryption key if not already done.
 566  * Then require that the key be present and return -ENOKEY otherwise.
 567  *
 568  * No locks are needed, and the key will live as long as the struct inode --- so
 569  * it won't go away from under you.
 570  *
 571  * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
 572  * if a problem occurred while setting up the encryption key.
 573  */
 574 static inline int fscrypt_require_key(struct inode *inode)
 575 {
 576         if (IS_ENCRYPTED(inode)) {
 577                 int err = fscrypt_get_encryption_info(inode);
 578 
 579                 if (err)
 580                         return err;
 581                 if (!fscrypt_has_encryption_key(inode))
 582                         return -ENOKEY;
 583         }
 584         return 0;
 585 }
 586 
 587 /**
 588  * fscrypt_prepare_link - prepare to link an inode into a possibly-encrypted directory
 589  * @old_dentry: an existing dentry for the inode being linked
 590  * @dir: the target directory
 591  * @dentry: negative dentry for the target filename
 592  *
 593  * A new link can only be added to an encrypted directory if the directory's
 594  * encryption key is available --- since otherwise we'd have no way to encrypt
 595  * the filename.  Therefore, we first set up the directory's encryption key (if
 596  * not already done) and return an error if it's unavailable.
 597  *
 598  * We also verify that the link will not violate the constraint that all files
 599  * in an encrypted directory tree use the same encryption policy.
 600  *
 601  * Return: 0 on success, -ENOKEY if the directory's encryption key is missing,
 602  * -EXDEV if the link would result in an inconsistent encryption policy, or
 603  * another -errno code.
 604  */
 605 static inline int fscrypt_prepare_link(struct dentry *old_dentry,
 606                                        struct inode *dir,
 607                                        struct dentry *dentry)
 608 {
 609         if (IS_ENCRYPTED(dir))
 610                 return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry);
 611         return 0;
 612 }
 613 
 614 /**
 615  * fscrypt_prepare_rename - prepare for a rename between possibly-encrypted directories
 616  * @old_dir: source directory
 617  * @old_dentry: dentry for source file
 618  * @new_dir: target directory
 619  * @new_dentry: dentry for target location (may be negative unless exchanging)
 620  * @flags: rename flags (we care at least about %RENAME_EXCHANGE)
 621  *
 622  * Prepare for ->rename() where the source and/or target directories may be
 623  * encrypted.  A new link can only be added to an encrypted directory if the
 624  * directory's encryption key is available --- since otherwise we'd have no way
 625  * to encrypt the filename.  A rename to an existing name, on the other hand,
 626  * *is* cryptographically possible without the key.  However, we take the more
 627  * conservative approach and just forbid all no-key renames.
 628  *
 629  * We also verify that the rename will not violate the constraint that all files
 630  * in an encrypted directory tree use the same encryption policy.
 631  *
 632  * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the
 633  * rename would cause inconsistent encryption policies, or another -errno code.
 634  */
 635 static inline int fscrypt_prepare_rename(struct inode *old_dir,
 636                                          struct dentry *old_dentry,
 637                                          struct inode *new_dir,
 638                                          struct dentry *new_dentry,
 639                                          unsigned int flags)
 640 {
 641         if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
 642                 return __fscrypt_prepare_rename(old_dir, old_dentry,
 643                                                 new_dir, new_dentry, flags);
 644         return 0;
 645 }
 646 
 647 /**
 648  * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory
 649  * @dir: directory being searched
 650  * @dentry: filename being looked up
 651  * @fname: (output) the name to use to search the on-disk directory
 652  *
 653  * Prepare for ->lookup() in a directory which may be encrypted by determining
 654  * the name that will actually be used to search the directory on-disk.  Lookups
 655  * can be done with or without the directory's encryption key; without the key,
 656  * filenames are presented in encrypted form.  Therefore, we'll try to set up
 657  * the directory's encryption key, but even without it the lookup can continue.
 658  *
 659  * This also installs a custom ->d_revalidate() method which will invalidate the
 660  * dentry if it was created without the key and the key is later added.
 661  *
 662  * Return: 0 on success; -ENOENT if key is unavailable but the filename isn't a
 663  * correctly formed encoded ciphertext name, so a negative dentry should be
 664  * created; or another -errno code.
 665  */
 666 static inline int fscrypt_prepare_lookup(struct inode *dir,
 667                                          struct dentry *dentry,
 668                                          struct fscrypt_name *fname)
 669 {
 670         if (IS_ENCRYPTED(dir))
 671                 return __fscrypt_prepare_lookup(dir, dentry, fname);
 672 
 673         memset(fname, 0, sizeof(*fname));
 674         fname->usr_fname = &dentry->d_name;
 675         fname->disk_name.name = (unsigned char *)dentry->d_name.name;
 676         fname->disk_name.len = dentry->d_name.len;
 677         return 0;
 678 }
 679 
 680 /**
 681  * fscrypt_prepare_setattr - prepare to change a possibly-encrypted inode's attributes
 682  * @dentry: dentry through which the inode is being changed
 683  * @attr: attributes to change
 684  *
 685  * Prepare for ->setattr() on a possibly-encrypted inode.  On an encrypted file,
 686  * most attribute changes are allowed even without the encryption key.  However,
 687  * without the encryption key we do have to forbid truncates.  This is needed
 688  * because the size being truncated to may not be a multiple of the filesystem
 689  * block size, and in that case we'd have to decrypt the final block, zero the
 690  * portion past i_size, and re-encrypt it.  (We *could* allow truncating to a
 691  * filesystem block boundary, but it's simpler to just forbid all truncates ---
 692  * and we already forbid all other contents modifications without the key.)
 693  *
 694  * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
 695  * if a problem occurred while setting up the encryption key.
 696  */
 697 static inline int fscrypt_prepare_setattr(struct dentry *dentry,
 698                                           struct iattr *attr)
 699 {
 700         if (attr->ia_valid & ATTR_SIZE)
 701                 return fscrypt_require_key(d_inode(dentry));
 702         return 0;
 703 }
 704 
 705 /**
 706  * fscrypt_prepare_symlink - prepare to create a possibly-encrypted symlink
 707  * @dir: directory in which the symlink is being created
 708  * @target: plaintext symlink target
 709  * @len: length of @target excluding null terminator
 710  * @max_len: space the filesystem has available to store the symlink target
 711  * @disk_link: (out) the on-disk symlink target being prepared
 712  *
 713  * This function computes the size the symlink target will require on-disk,
 714  * stores it in @disk_link->len, and validates it against @max_len.  An
 715  * encrypted symlink may be longer than the original.
 716  *
 717  * Additionally, @disk_link->name is set to @target if the symlink will be
 718  * unencrypted, but left NULL if the symlink will be encrypted.  For encrypted
 719  * symlinks, the filesystem must call fscrypt_encrypt_symlink() to create the
 720  * on-disk target later.  (The reason for the two-step process is that some
 721  * filesystems need to know the size of the symlink target before creating the
 722  * inode, e.g. to determine whether it will be a "fast" or "slow" symlink.)
 723  *
 724  * Return: 0 on success, -ENAMETOOLONG if the symlink target is too long,
 725  * -ENOKEY if the encryption key is missing, or another -errno code if a problem
 726  * occurred while setting up the encryption key.
 727  */
 728 static inline int fscrypt_prepare_symlink(struct inode *dir,
 729                                           const char *target,
 730                                           unsigned int len,
 731                                           unsigned int max_len,
 732                                           struct fscrypt_str *disk_link)
 733 {
 734         if (IS_ENCRYPTED(dir) || fscrypt_dummy_context_enabled(dir))
 735                 return __fscrypt_prepare_symlink(dir, len, max_len, disk_link);
 736 
 737         disk_link->name = (unsigned char *)target;
 738         disk_link->len = len + 1;
 739         if (disk_link->len > max_len)
 740                 return -ENAMETOOLONG;
 741         return 0;
 742 }
 743 
 744 /**
 745  * fscrypt_encrypt_symlink - encrypt the symlink target if needed
 746  * @inode: symlink inode
 747  * @target: plaintext symlink target
 748  * @len: length of @target excluding null terminator
 749  * @disk_link: (in/out) the on-disk symlink target being prepared
 750  *
 751  * If the symlink target needs to be encrypted, then this function encrypts it
 752  * into @disk_link->name.  fscrypt_prepare_symlink() must have been called
 753  * previously to compute @disk_link->len.  If the filesystem did not allocate a
 754  * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one
 755  * will be kmalloc()'ed and the filesystem will be responsible for freeing it.
 756  *
 757  * Return: 0 on success, -errno on failure
 758  */
 759 static inline int fscrypt_encrypt_symlink(struct inode *inode,
 760                                           const char *target,
 761                                           unsigned int len,
 762                                           struct fscrypt_str *disk_link)
 763 {
 764         if (IS_ENCRYPTED(inode))
 765                 return __fscrypt_encrypt_symlink(inode, target, len, disk_link);
 766         return 0;
 767 }
 768 
 769 /* If *pagep is a bounce page, free it and set *pagep to the pagecache page */
 770 static inline void fscrypt_finalize_bounce_page(struct page **pagep)
 771 {
 772         struct page *page = *pagep;
 773 
 774         if (fscrypt_is_bounce_page(page)) {
 775                 *pagep = fscrypt_pagecache_page(page);
 776                 fscrypt_free_bounce_page(page);
 777         }
 778 }
 779 
 780 #endif  /* _LINUX_FSCRYPT_H */

/* [<][>][^][v][top][bottom][index][help] */