1 /*
2 * fscrypt.h: declarations for per-file encryption
3 *
4 * Filesystems that implement per-file encryption include this header
5 * file with the __FS_HAS_ENCRYPTION set according to whether that filesystem
6 * is being built with encryption support or not.
7 *
8 * Copyright (C) 2015, Google, Inc.
9 *
10 * Written by Michael Halcrow, 2015.
11 * Modified by Jaegeuk Kim, 2015.
12 */
13 #ifndef _LINUX_FSCRYPT_H
14 #define _LINUX_FSCRYPT_H
15
16 #include <linux/key.h>
17 #include <linux/fs.h>
18 #include <linux/mm.h>
19 #include <linux/bio.h>
20 #include <linux/dcache.h>
21 #include <crypto/skcipher.h>
22 #include <uapi/linux/fs.h>
23
24 #define FS_CRYPTO_BLOCK_SIZE 16
25
26 struct fscrypt_info;
27
28 struct fscrypt_ctx {
29 union {
30 struct {
31 struct page *bounce_page; /* Ciphertext page */
32 struct page *control_page; /* Original page */
33 } w;
34 struct {
35 struct bio *bio;
36 struct work_struct work;
37 } r;
38 struct list_head free_list; /* Free list */
39 };
40 u8 flags; /* Flags */
41 };
42
43 /**
44 * For encrypted symlinks, the ciphertext length is stored at the beginning
45 * of the string in little-endian format.
46 */
47 struct fscrypt_symlink_data {
48 __le16 len;
49 char encrypted_path[1];
50 } __packed;
51
52 struct fscrypt_str {
53 unsigned char *name;
54 u32 len;
55 };
56
57 struct fscrypt_name {
58 const struct qstr *usr_fname;
59 struct fscrypt_str disk_name;
60 u32 hash;
61 u32 minor_hash;
62 struct fscrypt_str crypto_buf;
63 };
64
65 #define FSTR_INIT(n, l) { .name = n, .len = l }
66 #define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len)
67 #define fname_name(p) ((p)->disk_name.name)
68 #define fname_len(p) ((p)->disk_name.len)
69
70 /*
71 * fscrypt superblock flags
72 */
73 #define FS_CFLG_OWN_PAGES (1U << 1)
74
75 /*
76 * crypto opertions for filesystems
77 */
78 struct fscrypt_operations {
79 unsigned int flags;
80 const char *key_prefix;
81 int (*get_context)(struct inode *, void *, size_t);
82 int (*set_context)(struct inode *, const void *, size_t, void *);
83 bool (*dummy_context)(struct inode *);
84 bool (*empty_dir)(struct inode *);
85 unsigned (*max_namelen)(struct inode *);
86 };
87
fscrypt_dummy_context_enabled(struct inode * inode)88 static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
89 {
90 if (inode->i_sb->s_cop->dummy_context &&
91 inode->i_sb->s_cop->dummy_context(inode))
92 return true;
93 return false;
94 }
95
fscrypt_valid_enc_modes(u32 contents_mode,u32 filenames_mode)96 static inline bool fscrypt_valid_enc_modes(u32 contents_mode,
97 u32 filenames_mode)
98 {
99 if (contents_mode == FS_ENCRYPTION_MODE_AES_128_CBC &&
100 filenames_mode == FS_ENCRYPTION_MODE_AES_128_CTS)
101 return true;
102
103 if (contents_mode == FS_ENCRYPTION_MODE_AES_256_XTS &&
104 filenames_mode == FS_ENCRYPTION_MODE_AES_256_CTS)
105 return true;
106
107 return false;
108 }
109
fscrypt_is_dot_dotdot(const struct qstr * str)110 static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
111 {
112 if (str->len == 1 && str->name[0] == '.')
113 return true;
114
115 if (str->len == 2 && str->name[0] == '.' && str->name[1] == '.')
116 return true;
117
118 return false;
119 }
120
121 #if __FS_HAS_ENCRYPTION
122
fscrypt_control_page(struct page * page)123 static inline struct page *fscrypt_control_page(struct page *page)
124 {
125 return ((struct fscrypt_ctx *)page_private(page))->w.control_page;
126 }
127
fscrypt_has_encryption_key(const struct inode * inode)128 static inline bool fscrypt_has_encryption_key(const struct inode *inode)
129 {
130 return (inode->i_crypt_info != NULL);
131 }
132
133 #include <linux/fscrypt_supp.h>
134
135 #else /* !__FS_HAS_ENCRYPTION */
136
fscrypt_control_page(struct page * page)137 static inline struct page *fscrypt_control_page(struct page *page)
138 {
139 WARN_ON_ONCE(1);
140 return ERR_PTR(-EINVAL);
141 }
142
fscrypt_has_encryption_key(const struct inode * inode)143 static inline bool fscrypt_has_encryption_key(const struct inode *inode)
144 {
145 return 0;
146 }
147
148 #include <linux/fscrypt_notsupp.h>
149 #endif /* __FS_HAS_ENCRYPTION */
150
151 /**
152 * fscrypt_require_key - require an inode's encryption key
153 * @inode: the inode we need the key for
154 *
155 * If the inode is encrypted, set up its encryption key if not already done.
156 * Then require that the key be present and return -ENOKEY otherwise.
157 *
158 * No locks are needed, and the key will live as long as the struct inode --- so
159 * it won't go away from under you.
160 *
161 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
162 * if a problem occurred while setting up the encryption key.
163 */
fscrypt_require_key(struct inode * inode)164 static inline int fscrypt_require_key(struct inode *inode)
165 {
166 if (IS_ENCRYPTED(inode)) {
167 int err = fscrypt_get_encryption_info(inode);
168
169 if (err)
170 return err;
171 if (!fscrypt_has_encryption_key(inode))
172 return -ENOKEY;
173 }
174 return 0;
175 }
176
177 /**
178 * fscrypt_prepare_link - prepare to link an inode into a possibly-encrypted directory
179 * @old_dentry: an existing dentry for the inode being linked
180 * @dir: the target directory
181 * @dentry: negative dentry for the target filename
182 *
183 * A new link can only be added to an encrypted directory if the directory's
184 * encryption key is available --- since otherwise we'd have no way to encrypt
185 * the filename. Therefore, we first set up the directory's encryption key (if
186 * not already done) and return an error if it's unavailable.
187 *
188 * We also verify that the link will not violate the constraint that all files
189 * in an encrypted directory tree use the same encryption policy.
190 *
191 * Return: 0 on success, -ENOKEY if the directory's encryption key is missing,
192 * -EPERM if the link would result in an inconsistent encryption policy, or
193 * another -errno code.
194 */
fscrypt_prepare_link(struct dentry * old_dentry,struct inode * dir,struct dentry * dentry)195 static inline int fscrypt_prepare_link(struct dentry *old_dentry,
196 struct inode *dir,
197 struct dentry *dentry)
198 {
199 if (IS_ENCRYPTED(dir))
200 return __fscrypt_prepare_link(d_inode(old_dentry), dir);
201 return 0;
202 }
203
204 /**
205 * fscrypt_prepare_rename - prepare for a rename between possibly-encrypted directories
206 * @old_dir: source directory
207 * @old_dentry: dentry for source file
208 * @new_dir: target directory
209 * @new_dentry: dentry for target location (may be negative unless exchanging)
210 * @flags: rename flags (we care at least about %RENAME_EXCHANGE)
211 *
212 * Prepare for ->rename() where the source and/or target directories may be
213 * encrypted. A new link can only be added to an encrypted directory if the
214 * directory's encryption key is available --- since otherwise we'd have no way
215 * to encrypt the filename. A rename to an existing name, on the other hand,
216 * *is* cryptographically possible without the key. However, we take the more
217 * conservative approach and just forbid all no-key renames.
218 *
219 * We also verify that the rename will not violate the constraint that all files
220 * in an encrypted directory tree use the same encryption policy.
221 *
222 * Return: 0 on success, -ENOKEY if an encryption key is missing, -EPERM if the
223 * rename would cause inconsistent encryption policies, or another -errno code.
224 */
fscrypt_prepare_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)225 static inline int fscrypt_prepare_rename(struct inode *old_dir,
226 struct dentry *old_dentry,
227 struct inode *new_dir,
228 struct dentry *new_dentry,
229 unsigned int flags)
230 {
231 if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
232 return __fscrypt_prepare_rename(old_dir, old_dentry,
233 new_dir, new_dentry, flags);
234 return 0;
235 }
236
237 /**
238 * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory
239 * @dir: directory being searched
240 * @dentry: filename being looked up
241 * @flags: lookup flags
242 *
243 * Prepare for ->lookup() in a directory which may be encrypted. Lookups can be
244 * done with or without the directory's encryption key; without the key,
245 * filenames are presented in encrypted form. Therefore, we'll try to set up
246 * the directory's encryption key, but even without it the lookup can continue.
247 *
248 * To allow invalidating stale dentries if the directory's encryption key is
249 * added later, we also install a custom ->d_revalidate() method and use the
250 * DCACHE_ENCRYPTED_WITH_KEY flag to indicate whether a given dentry is a
251 * plaintext name (flag set) or a ciphertext name (flag cleared).
252 *
253 * Return: 0 on success, -errno if a problem occurred while setting up the
254 * encryption key
255 */
fscrypt_prepare_lookup(struct inode * dir,struct dentry * dentry,unsigned int flags)256 static inline int fscrypt_prepare_lookup(struct inode *dir,
257 struct dentry *dentry,
258 unsigned int flags)
259 {
260 if (IS_ENCRYPTED(dir))
261 return __fscrypt_prepare_lookup(dir, dentry);
262 return 0;
263 }
264
265 /**
266 * fscrypt_prepare_setattr - prepare to change a possibly-encrypted inode's attributes
267 * @dentry: dentry through which the inode is being changed
268 * @attr: attributes to change
269 *
270 * Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file,
271 * most attribute changes are allowed even without the encryption key. However,
272 * without the encryption key we do have to forbid truncates. This is needed
273 * because the size being truncated to may not be a multiple of the filesystem
274 * block size, and in that case we'd have to decrypt the final block, zero the
275 * portion past i_size, and re-encrypt it. (We *could* allow truncating to a
276 * filesystem block boundary, but it's simpler to just forbid all truncates ---
277 * and we already forbid all other contents modifications without the key.)
278 *
279 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
280 * if a problem occurred while setting up the encryption key.
281 */
fscrypt_prepare_setattr(struct dentry * dentry,struct iattr * attr)282 static inline int fscrypt_prepare_setattr(struct dentry *dentry,
283 struct iattr *attr)
284 {
285 if (attr->ia_valid & ATTR_SIZE)
286 return fscrypt_require_key(d_inode(dentry));
287 return 0;
288 }
289
290 #endif /* _LINUX_FSCRYPT_H */
291