include/linux/fscrypto.h at v4.10 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / include / linux / fscrypto.h
at v4.10 8.6 kB view raw
  1/*
  2 * General per-file encryption definition
  3 *
  4 * Copyright (C) 2015, Google, Inc.
  5 *
  6 * Written by Michael Halcrow, 2015.
  7 * Modified by Jaegeuk Kim, 2015.
  8 */
  9
 10#ifndef _LINUX_FSCRYPTO_H
 11#define _LINUX_FSCRYPTO_H
 12
 13#include <linux/key.h>
 14#include <linux/fs.h>
 15#include <linux/mm.h>
 16#include <linux/bio.h>
 17#include <linux/dcache.h>
 18#include <crypto/skcipher.h>
 19#include <uapi/linux/fs.h>
 20
 21#define FS_CRYPTO_BLOCK_SIZE		16
 22
 23struct fscrypt_info;
 24
 25struct fscrypt_ctx {
 26	union {
 27		struct {
 28			struct page *bounce_page;	/* Ciphertext page */
 29			struct page *control_page;	/* Original page  */
 30		} w;
 31		struct {
 32			struct bio *bio;
 33			struct work_struct work;
 34		} r;
 35		struct list_head free_list;	/* Free list */
 36	};
 37	u8 flags;				/* Flags */
 38	u8 mode;				/* Encryption mode for tfm */
 39};
 40
 41/**
 42 * For encrypted symlinks, the ciphertext length is stored at the beginning
 43 * of the string in little-endian format.
 44 */
 45struct fscrypt_symlink_data {
 46	__le16 len;
 47	char encrypted_path[1];
 48} __packed;
 49
 50/**
 51 * This function is used to calculate the disk space required to
 52 * store a filename of length l in encrypted symlink format.
 53 */
 54static inline u32 fscrypt_symlink_data_len(u32 l)
 55{
 56	if (l < FS_CRYPTO_BLOCK_SIZE)
 57		l = FS_CRYPTO_BLOCK_SIZE;
 58	return (l + sizeof(struct fscrypt_symlink_data) - 1);
 59}
 60
 61struct fscrypt_str {
 62	unsigned char *name;
 63	u32 len;
 64};
 65
 66struct fscrypt_name {
 67	const struct qstr *usr_fname;
 68	struct fscrypt_str disk_name;
 69	u32 hash;
 70	u32 minor_hash;
 71	struct fscrypt_str crypto_buf;
 72};
 73
 74#define FSTR_INIT(n, l)		{ .name = n, .len = l }
 75#define FSTR_TO_QSTR(f)		QSTR_INIT((f)->name, (f)->len)
 76#define fname_name(p)		((p)->disk_name.name)
 77#define fname_len(p)		((p)->disk_name.len)
 78
 79/*
 80 * fscrypt superblock flags
 81 */
 82#define FS_CFLG_OWN_PAGES (1U << 1)
 83
 84/*
 85 * crypto opertions for filesystems
 86 */
 87struct fscrypt_operations {
 88	unsigned int flags;
 89	int (*get_context)(struct inode *, void *, size_t);
 90	int (*key_prefix)(struct inode *, u8 **);
 91	int (*prepare_context)(struct inode *);
 92	int (*set_context)(struct inode *, const void *, size_t, void *);
 93	int (*dummy_context)(struct inode *);
 94	bool (*is_encrypted)(struct inode *);
 95	bool (*empty_dir)(struct inode *);
 96	unsigned (*max_namelen)(struct inode *);
 97};
 98
 99static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
100{
101	if (inode->i_sb->s_cop->dummy_context &&
102				inode->i_sb->s_cop->dummy_context(inode))
103		return true;
104	return false;
105}
106
107static inline bool fscrypt_valid_contents_enc_mode(u32 mode)
108{
109	return (mode == FS_ENCRYPTION_MODE_AES_256_XTS);
110}
111
112static inline bool fscrypt_valid_filenames_enc_mode(u32 mode)
113{
114	return (mode == FS_ENCRYPTION_MODE_AES_256_CTS);
115}
116
117static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
118{
119	if (str->len == 1 && str->name[0] == '.')
120		return true;
121
122	if (str->len == 2 && str->name[0] == '.' && str->name[1] == '.')
123		return true;
124
125	return false;
126}
127
128static inline struct page *fscrypt_control_page(struct page *page)
129{
130#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
131	return ((struct fscrypt_ctx *)page_private(page))->w.control_page;
132#else
133	WARN_ON_ONCE(1);
134	return ERR_PTR(-EINVAL);
135#endif
136}
137
138static inline int fscrypt_has_encryption_key(const struct inode *inode)
139{
140#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
141	return (inode->i_crypt_info != NULL);
142#else
143	return 0;
144#endif
145}
146
147static inline void fscrypt_set_encrypted_dentry(struct dentry *dentry)
148{
149#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
150	spin_lock(&dentry->d_lock);
151	dentry->d_flags |= DCACHE_ENCRYPTED_WITH_KEY;
152	spin_unlock(&dentry->d_lock);
153#endif
154}
155
156#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
157extern const struct dentry_operations fscrypt_d_ops;
158#endif
159
160static inline void fscrypt_set_d_op(struct dentry *dentry)
161{
162#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
163	d_set_d_op(dentry, &fscrypt_d_ops);
164#endif
165}
166
167#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
168/* crypto.c */
169extern struct kmem_cache *fscrypt_info_cachep;
170extern struct fscrypt_ctx *fscrypt_get_ctx(const struct inode *, gfp_t);
171extern void fscrypt_release_ctx(struct fscrypt_ctx *);
172extern struct page *fscrypt_encrypt_page(const struct inode *, struct page *,
173						unsigned int, unsigned int,
174						u64, gfp_t);
175extern int fscrypt_decrypt_page(const struct inode *, struct page *, unsigned int,
176				unsigned int, u64);
177extern void fscrypt_decrypt_bio_pages(struct fscrypt_ctx *, struct bio *);
178extern void fscrypt_pullback_bio_page(struct page **, bool);
179extern void fscrypt_restore_control_page(struct page *);
180extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t,
181						unsigned int);
182/* policy.c */
183extern int fscrypt_ioctl_set_policy(struct file *, const void __user *);
184extern int fscrypt_ioctl_get_policy(struct file *, void __user *);
185extern int fscrypt_has_permitted_context(struct inode *, struct inode *);
186extern int fscrypt_inherit_context(struct inode *, struct inode *,
187					void *, bool);
188/* keyinfo.c */
189extern int fscrypt_get_encryption_info(struct inode *);
190extern void fscrypt_put_encryption_info(struct inode *, struct fscrypt_info *);
191
192/* fname.c */
193extern int fscrypt_setup_filename(struct inode *, const struct qstr *,
194				int lookup, struct fscrypt_name *);
195extern void fscrypt_free_filename(struct fscrypt_name *);
196extern u32 fscrypt_fname_encrypted_size(const struct inode *, u32);
197extern int fscrypt_fname_alloc_buffer(const struct inode *, u32,
198				struct fscrypt_str *);
199extern void fscrypt_fname_free_buffer(struct fscrypt_str *);
200extern int fscrypt_fname_disk_to_usr(struct inode *, u32, u32,
201			const struct fscrypt_str *, struct fscrypt_str *);
202extern int fscrypt_fname_usr_to_disk(struct inode *, const struct qstr *,
203			struct fscrypt_str *);
204#endif
205
206/* crypto.c */
207static inline struct fscrypt_ctx *fscrypt_notsupp_get_ctx(const struct inode *i,
208							gfp_t f)
209{
210	return ERR_PTR(-EOPNOTSUPP);
211}
212
213static inline void fscrypt_notsupp_release_ctx(struct fscrypt_ctx *c)
214{
215	return;
216}
217
218static inline struct page *fscrypt_notsupp_encrypt_page(const struct inode *i,
219						struct page *p,
220						unsigned int len,
221						unsigned int offs,
222						u64 lblk_num, gfp_t f)
223{
224	return ERR_PTR(-EOPNOTSUPP);
225}
226
227static inline int fscrypt_notsupp_decrypt_page(const struct inode *i, struct page *p,
228						unsigned int len, unsigned int offs,
229						u64 lblk_num)
230{
231	return -EOPNOTSUPP;
232}
233
234static inline void fscrypt_notsupp_decrypt_bio_pages(struct fscrypt_ctx *c,
235						struct bio *b)
236{
237	return;
238}
239
240static inline void fscrypt_notsupp_pullback_bio_page(struct page **p, bool b)
241{
242	return;
243}
244
245static inline void fscrypt_notsupp_restore_control_page(struct page *p)
246{
247	return;
248}
249
250static inline int fscrypt_notsupp_zeroout_range(const struct inode *i, pgoff_t p,
251					sector_t s, unsigned int f)
252{
253	return -EOPNOTSUPP;
254}
255
256/* policy.c */
257static inline int fscrypt_notsupp_ioctl_set_policy(struct file *f,
258				const void __user *arg)
259{
260	return -EOPNOTSUPP;
261}
262
263static inline int fscrypt_notsupp_ioctl_get_policy(struct file *f,
264				void __user *arg)
265{
266	return -EOPNOTSUPP;
267}
268
269static inline int fscrypt_notsupp_has_permitted_context(struct inode *p,
270				struct inode *i)
271{
272	return 0;
273}
274
275static inline int fscrypt_notsupp_inherit_context(struct inode *p,
276				struct inode *i, void *v, bool b)
277{
278	return -EOPNOTSUPP;
279}
280
281/* keyinfo.c */
282static inline int fscrypt_notsupp_get_encryption_info(struct inode *i)
283{
284	return -EOPNOTSUPP;
285}
286
287static inline void fscrypt_notsupp_put_encryption_info(struct inode *i,
288					struct fscrypt_info *f)
289{
290	return;
291}
292
293 /* fname.c */
294static inline int fscrypt_notsupp_setup_filename(struct inode *dir,
295			const struct qstr *iname,
296			int lookup, struct fscrypt_name *fname)
297{
298	if (dir->i_sb->s_cop->is_encrypted(dir))
299		return -EOPNOTSUPP;
300
301	memset(fname, 0, sizeof(struct fscrypt_name));
302	fname->usr_fname = iname;
303	fname->disk_name.name = (unsigned char *)iname->name;
304	fname->disk_name.len = iname->len;
305	return 0;
306}
307
308static inline void fscrypt_notsupp_free_filename(struct fscrypt_name *fname)
309{
310	return;
311}
312
313static inline u32 fscrypt_notsupp_fname_encrypted_size(struct inode *i, u32 s)
314{
315	/* never happens */
316	WARN_ON(1);
317	return 0;
318}
319
320static inline int fscrypt_notsupp_fname_alloc_buffer(struct inode *inode,
321				u32 ilen, struct fscrypt_str *crypto_str)
322{
323	return -EOPNOTSUPP;
324}
325
326static inline void fscrypt_notsupp_fname_free_buffer(struct fscrypt_str *c)
327{
328	return;
329}
330
331static inline int fscrypt_notsupp_fname_disk_to_usr(struct inode *inode,
332			u32 hash, u32 minor_hash,
333			const struct fscrypt_str *iname,
334			struct fscrypt_str *oname)
335{
336	return -EOPNOTSUPP;
337}
338
339static inline int fscrypt_notsupp_fname_usr_to_disk(struct inode *inode,
340			const struct qstr *iname,
341			struct fscrypt_str *oname)
342{
343	return -EOPNOTSUPP;
344}
345#endif	/* _LINUX_FSCRYPTO_H */