]>
Commit | Line | Data |
---|---|---|
32190f0a | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
46f47e48 | 2 | /* |
734f0d24 DC |
3 | * fscrypt.h: declarations for per-file encryption |
4 | * | |
643fa961 CR |
5 | * Filesystems that implement per-file encryption must include this header |
6 | * file. | |
46f47e48 EB |
7 | * |
8 | * Copyright (C) 2015, Google, Inc. | |
9 | * | |
10 | * Written by Michael Halcrow, 2015. | |
11 | * Modified by Jaegeuk Kim, 2015. | |
12 | */ | |
734f0d24 DC |
13 | #ifndef _LINUX_FSCRYPT_H |
14 | #define _LINUX_FSCRYPT_H | |
46f47e48 | 15 | |
46f47e48 | 16 | #include <linux/fs.h> |
643fa961 CR |
17 | #include <linux/mm.h> |
18 | #include <linux/slab.h> | |
7af0ab0d | 19 | #include <uapi/linux/fscrypt.h> |
46f47e48 EB |
20 | |
21 | #define FS_CRYPTO_BLOCK_SIZE 16 | |
22 | ||
542060c0 | 23 | struct fscrypt_ctx; |
46f47e48 EB |
24 | struct fscrypt_info; |
25 | ||
46f47e48 EB |
26 | struct fscrypt_str { |
27 | unsigned char *name; | |
28 | u32 len; | |
29 | }; | |
30 | ||
31 | struct fscrypt_name { | |
32 | const struct qstr *usr_fname; | |
33 | struct fscrypt_str disk_name; | |
34 | u32 hash; | |
35 | u32 minor_hash; | |
36 | struct fscrypt_str crypto_buf; | |
b01531db | 37 | bool is_ciphertext_name; |
46f47e48 EB |
38 | }; |
39 | ||
40 | #define FSTR_INIT(n, l) { .name = n, .len = l } | |
41 | #define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len) | |
42 | #define fname_name(p) ((p)->disk_name.name) | |
43 | #define fname_len(p) ((p)->disk_name.len) | |
44 | ||
af65207c | 45 | /* Maximum value for the third parameter of fscrypt_operations.set_context(). */ |
5dae460c | 46 | #define FSCRYPT_SET_CONTEXT_MAX_SIZE 40 |
af65207c | 47 | |
643fa961 CR |
48 | #ifdef CONFIG_FS_ENCRYPTION |
49 | /* | |
50 | * fscrypt superblock flags | |
51 | */ | |
52 | #define FS_CFLG_OWN_PAGES (1U << 1) | |
53 | ||
54 | /* | |
55 | * crypto operations for filesystems | |
56 | */ | |
57 | struct fscrypt_operations { | |
58 | unsigned int flags; | |
59 | const char *key_prefix; | |
60 | int (*get_context)(struct inode *, void *, size_t); | |
61 | int (*set_context)(struct inode *, const void *, size_t, void *); | |
62 | bool (*dummy_context)(struct inode *); | |
63 | bool (*empty_dir)(struct inode *); | |
64 | unsigned int max_namelen; | |
65 | }; | |
66 | ||
2a415a02 | 67 | /* Decryption work */ |
643fa961 CR |
68 | struct fscrypt_ctx { |
69 | union { | |
643fa961 CR |
70 | struct { |
71 | struct bio *bio; | |
72 | struct work_struct work; | |
2a415a02 | 73 | }; |
643fa961 CR |
74 | struct list_head free_list; /* Free list */ |
75 | }; | |
76 | u8 flags; /* Flags */ | |
77 | }; | |
78 | ||
79 | static inline bool fscrypt_has_encryption_key(const struct inode *inode) | |
80 | { | |
e37a784d EB |
81 | /* pairs with cmpxchg_release() in fscrypt_get_encryption_info() */ |
82 | return READ_ONCE(inode->i_crypt_info) != NULL; | |
643fa961 CR |
83 | } |
84 | ||
85 | static inline bool fscrypt_dummy_context_enabled(struct inode *inode) | |
86 | { | |
87 | return inode->i_sb->s_cop->dummy_context && | |
88 | inode->i_sb->s_cop->dummy_context(inode); | |
89 | } | |
90 | ||
0bf3d5c1 EB |
91 | /* |
92 | * When d_splice_alias() moves a directory's encrypted alias to its decrypted | |
93 | * alias as a result of the encryption key being added, DCACHE_ENCRYPTED_NAME | |
94 | * must be cleared. Note that we don't have to support arbitrary moves of this | |
95 | * flag because fscrypt doesn't allow encrypted aliases to be the source or | |
96 | * target of a rename(). | |
97 | */ | |
98 | static inline void fscrypt_handle_d_move(struct dentry *dentry) | |
99 | { | |
100 | dentry->d_flags &= ~DCACHE_ENCRYPTED_NAME; | |
101 | } | |
102 | ||
7be91b86 EB |
103 | /** |
104 | * fscrypt_is_nokey_name() - test whether a dentry is a no-key name | |
105 | * @dentry: the dentry to check | |
106 | * | |
107 | * This returns true if the dentry is a no-key dentry. A no-key dentry is a | |
108 | * dentry that was created in an encrypted directory that hasn't had its | |
109 | * encryption key added yet. Such dentries may be either positive or negative. | |
110 | * | |
111 | * When a filesystem is asked to create a new filename in an encrypted directory | |
112 | * and the new filename's dentry is a no-key dentry, it must fail the operation | |
113 | * with ENOKEY. This includes ->create(), ->mkdir(), ->mknod(), ->symlink(), | |
114 | * ->rename(), and ->link(). (However, ->rename() and ->link() are already | |
115 | * handled by fscrypt_prepare_rename() and fscrypt_prepare_link().) | |
116 | * | |
117 | * This is necessary because creating a filename requires the directory's | |
118 | * encryption key, but just checking for the key on the directory inode during | |
119 | * the final filesystem operation doesn't guarantee that the key was available | |
120 | * during the preceding dentry lookup. And the key must have already been | |
121 | * available during the dentry lookup in order for it to have been checked | |
122 | * whether the filename already exists in the directory and for the new file's | |
123 | * dentry not to be invalidated due to it incorrectly having the no-key flag. | |
124 | * | |
125 | * Return: %true if the dentry is a no-key name | |
126 | */ | |
127 | static inline bool fscrypt_is_nokey_name(const struct dentry *dentry) | |
128 | { | |
129 | return dentry->d_flags & DCACHE_ENCRYPTED_NAME; | |
130 | } | |
131 | ||
643fa961 CR |
132 | /* crypto.c */ |
133 | extern void fscrypt_enqueue_decrypt_work(struct work_struct *); | |
cd0265fc | 134 | extern struct fscrypt_ctx *fscrypt_get_ctx(gfp_t); |
643fa961 | 135 | extern void fscrypt_release_ctx(struct fscrypt_ctx *); |
53bc1d85 EB |
136 | |
137 | extern struct page *fscrypt_encrypt_pagecache_blocks(struct page *page, | |
138 | unsigned int len, | |
139 | unsigned int offs, | |
140 | gfp_t gfp_flags); | |
03569f2f EB |
141 | extern int fscrypt_encrypt_block_inplace(const struct inode *inode, |
142 | struct page *page, unsigned int len, | |
143 | unsigned int offs, u64 lblk_num, | |
144 | gfp_t gfp_flags); | |
aa8bc1ac EB |
145 | |
146 | extern int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len, | |
147 | unsigned int offs); | |
41adbcb7 EB |
148 | extern int fscrypt_decrypt_block_inplace(const struct inode *inode, |
149 | struct page *page, unsigned int len, | |
150 | unsigned int offs, u64 lblk_num); | |
643fa961 | 151 | |
d2d0727b | 152 | static inline bool fscrypt_is_bounce_page(struct page *page) |
643fa961 | 153 | { |
d2d0727b | 154 | return page->mapping == NULL; |
643fa961 CR |
155 | } |
156 | ||
d2d0727b EB |
157 | static inline struct page *fscrypt_pagecache_page(struct page *bounce_page) |
158 | { | |
159 | return (struct page *)page_private(bounce_page); | |
160 | } | |
161 | ||
162 | extern void fscrypt_free_bounce_page(struct page *bounce_page); | |
643fa961 CR |
163 | |
164 | /* policy.c */ | |
165 | extern int fscrypt_ioctl_set_policy(struct file *, const void __user *); | |
166 | extern int fscrypt_ioctl_get_policy(struct file *, void __user *); | |
5dae460c | 167 | extern int fscrypt_ioctl_get_policy_ex(struct file *, void __user *); |
643fa961 CR |
168 | extern int fscrypt_has_permitted_context(struct inode *, struct inode *); |
169 | extern int fscrypt_inherit_context(struct inode *, struct inode *, | |
170 | void *, bool); | |
22d94f49 EB |
171 | /* keyring.c */ |
172 | extern void fscrypt_sb_free(struct super_block *sb); | |
173 | extern int fscrypt_ioctl_add_key(struct file *filp, void __user *arg); | |
b1c0ec35 | 174 | extern int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg); |
78a1b96b EB |
175 | extern int fscrypt_ioctl_remove_key_all_users(struct file *filp, |
176 | void __user *arg); | |
5a7e2992 | 177 | extern int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg); |
22d94f49 | 178 | |
feed8258 | 179 | /* keysetup.c */ |
643fa961 CR |
180 | extern int fscrypt_get_encryption_info(struct inode *); |
181 | extern void fscrypt_put_encryption_info(struct inode *); | |
2c58d548 | 182 | extern void fscrypt_free_inode(struct inode *); |
b1c0ec35 | 183 | extern int fscrypt_drop_inode(struct inode *inode); |
643fa961 CR |
184 | |
185 | /* fname.c */ | |
186 | extern int fscrypt_setup_filename(struct inode *, const struct qstr *, | |
187 | int lookup, struct fscrypt_name *); | |
188 | ||
189 | static inline void fscrypt_free_filename(struct fscrypt_name *fname) | |
190 | { | |
191 | kfree(fname->crypto_buf.name); | |
192 | } | |
193 | ||
194 | extern int fscrypt_fname_alloc_buffer(const struct inode *, u32, | |
195 | struct fscrypt_str *); | |
196 | extern void fscrypt_fname_free_buffer(struct fscrypt_str *); | |
197 | extern int fscrypt_fname_disk_to_usr(struct inode *, u32, u32, | |
198 | const struct fscrypt_str *, struct fscrypt_str *); | |
199 | ||
200 | #define FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE 32 | |
201 | ||
202 | /* Extracts the second-to-last ciphertext block; see explanation below */ | |
203 | #define FSCRYPT_FNAME_DIGEST(name, len) \ | |
204 | ((name) + round_down((len) - FS_CRYPTO_BLOCK_SIZE - 1, \ | |
205 | FS_CRYPTO_BLOCK_SIZE)) | |
206 | ||
207 | #define FSCRYPT_FNAME_DIGEST_SIZE FS_CRYPTO_BLOCK_SIZE | |
208 | ||
209 | /** | |
210 | * fscrypt_digested_name - alternate identifier for an on-disk filename | |
211 | * | |
212 | * When userspace lists an encrypted directory without access to the key, | |
213 | * filenames whose ciphertext is longer than FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE | |
214 | * bytes are shown in this abbreviated form (base64-encoded) rather than as the | |
215 | * full ciphertext (base64-encoded). This is necessary to allow supporting | |
216 | * filenames up to NAME_MAX bytes, since base64 encoding expands the length. | |
217 | * | |
218 | * To make it possible for filesystems to still find the correct directory entry | |
219 | * despite not knowing the full on-disk name, we encode any filesystem-specific | |
220 | * 'hash' and/or 'minor_hash' which the filesystem may need for its lookups, | |
221 | * followed by the second-to-last ciphertext block of the filename. Due to the | |
222 | * use of the CBC-CTS encryption mode, the second-to-last ciphertext block | |
223 | * depends on the full plaintext. (Note that ciphertext stealing causes the | |
224 | * last two blocks to appear "flipped".) This makes accidental collisions very | |
225 | * unlikely: just a 1 in 2^128 chance for two filenames to collide even if they | |
226 | * share the same filesystem-specific hashes. | |
227 | * | |
228 | * However, this scheme isn't immune to intentional collisions, which can be | |
229 | * created by anyone able to create arbitrary plaintext filenames and view them | |
230 | * without the key. Making the "digest" be a real cryptographic hash like | |
231 | * SHA-256 over the full ciphertext would prevent this, although it would be | |
232 | * less efficient and harder to implement, especially since the filesystem would | |
233 | * need to calculate it for each directory entry examined during a search. | |
234 | */ | |
235 | struct fscrypt_digested_name { | |
236 | u32 hash; | |
237 | u32 minor_hash; | |
238 | u8 digest[FSCRYPT_FNAME_DIGEST_SIZE]; | |
239 | }; | |
240 | ||
241 | /** | |
242 | * fscrypt_match_name() - test whether the given name matches a directory entry | |
243 | * @fname: the name being searched for | |
244 | * @de_name: the name from the directory entry | |
245 | * @de_name_len: the length of @de_name in bytes | |
246 | * | |
247 | * Normally @fname->disk_name will be set, and in that case we simply compare | |
248 | * that to the name stored in the directory entry. The only exception is that | |
249 | * if we don't have the key for an encrypted directory and a filename in it is | |
250 | * very long, then we won't have the full disk_name and we'll instead need to | |
251 | * match against the fscrypt_digested_name. | |
252 | * | |
253 | * Return: %true if the name matches, otherwise %false. | |
254 | */ | |
255 | static inline bool fscrypt_match_name(const struct fscrypt_name *fname, | |
256 | const u8 *de_name, u32 de_name_len) | |
257 | { | |
258 | if (unlikely(!fname->disk_name.name)) { | |
259 | const struct fscrypt_digested_name *n = | |
260 | (const void *)fname->crypto_buf.name; | |
261 | if (WARN_ON_ONCE(fname->usr_fname->name[0] != '_')) | |
262 | return false; | |
263 | if (de_name_len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) | |
264 | return false; | |
265 | return !memcmp(FSCRYPT_FNAME_DIGEST(de_name, de_name_len), | |
266 | n->digest, FSCRYPT_FNAME_DIGEST_SIZE); | |
267 | } | |
268 | ||
269 | if (de_name_len != fname->disk_name.len) | |
270 | return false; | |
271 | return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len); | |
272 | } | |
273 | ||
274 | /* bio.c */ | |
275 | extern void fscrypt_decrypt_bio(struct bio *); | |
276 | extern void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx, | |
277 | struct bio *bio); | |
643fa961 CR |
278 | extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t, |
279 | unsigned int); | |
280 | ||
281 | /* hooks.c */ | |
282 | extern int fscrypt_file_open(struct inode *inode, struct file *filp); | |
968dd6d0 EB |
283 | extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, |
284 | struct dentry *dentry); | |
643fa961 CR |
285 | extern int __fscrypt_prepare_rename(struct inode *old_dir, |
286 | struct dentry *old_dentry, | |
287 | struct inode *new_dir, | |
288 | struct dentry *new_dentry, | |
289 | unsigned int flags); | |
b01531db EB |
290 | extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry, |
291 | struct fscrypt_name *fname); | |
643fa961 CR |
292 | extern int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len, |
293 | unsigned int max_len, | |
294 | struct fscrypt_str *disk_link); | |
295 | extern int __fscrypt_encrypt_symlink(struct inode *inode, const char *target, | |
296 | unsigned int len, | |
297 | struct fscrypt_str *disk_link); | |
298 | extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, | |
299 | unsigned int max_size, | |
300 | struct delayed_call *done); | |
a2fe5aca | 301 | int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat); |
eea2c05d SH |
302 | static inline void fscrypt_set_ops(struct super_block *sb, |
303 | const struct fscrypt_operations *s_cop) | |
304 | { | |
305 | sb->s_cop = s_cop; | |
306 | } | |
643fa961 CR |
307 | #else /* !CONFIG_FS_ENCRYPTION */ |
308 | ||
309 | static inline bool fscrypt_has_encryption_key(const struct inode *inode) | |
310 | { | |
311 | return false; | |
312 | } | |
313 | ||
314 | static inline bool fscrypt_dummy_context_enabled(struct inode *inode) | |
315 | { | |
316 | return false; | |
317 | } | |
318 | ||
0bf3d5c1 EB |
319 | static inline void fscrypt_handle_d_move(struct dentry *dentry) |
320 | { | |
321 | } | |
322 | ||
7be91b86 EB |
323 | static inline bool fscrypt_is_nokey_name(const struct dentry *dentry) |
324 | { | |
325 | return false; | |
326 | } | |
327 | ||
643fa961 CR |
328 | /* crypto.c */ |
329 | static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work) | |
330 | { | |
331 | } | |
332 | ||
cd0265fc | 333 | static inline struct fscrypt_ctx *fscrypt_get_ctx(gfp_t gfp_flags) |
643fa961 CR |
334 | { |
335 | return ERR_PTR(-EOPNOTSUPP); | |
336 | } | |
337 | ||
338 | static inline void fscrypt_release_ctx(struct fscrypt_ctx *ctx) | |
339 | { | |
340 | return; | |
341 | } | |
342 | ||
53bc1d85 EB |
343 | static inline struct page *fscrypt_encrypt_pagecache_blocks(struct page *page, |
344 | unsigned int len, | |
345 | unsigned int offs, | |
346 | gfp_t gfp_flags) | |
643fa961 CR |
347 | { |
348 | return ERR_PTR(-EOPNOTSUPP); | |
349 | } | |
350 | ||
03569f2f EB |
351 | static inline int fscrypt_encrypt_block_inplace(const struct inode *inode, |
352 | struct page *page, | |
353 | unsigned int len, | |
354 | unsigned int offs, u64 lblk_num, | |
355 | gfp_t gfp_flags) | |
356 | { | |
357 | return -EOPNOTSUPP; | |
358 | } | |
359 | ||
aa8bc1ac EB |
360 | static inline int fscrypt_decrypt_pagecache_blocks(struct page *page, |
361 | unsigned int len, | |
362 | unsigned int offs) | |
643fa961 CR |
363 | { |
364 | return -EOPNOTSUPP; | |
365 | } | |
366 | ||
41adbcb7 EB |
367 | static inline int fscrypt_decrypt_block_inplace(const struct inode *inode, |
368 | struct page *page, | |
369 | unsigned int len, | |
370 | unsigned int offs, u64 lblk_num) | |
371 | { | |
372 | return -EOPNOTSUPP; | |
373 | } | |
374 | ||
d2d0727b EB |
375 | static inline bool fscrypt_is_bounce_page(struct page *page) |
376 | { | |
377 | return false; | |
378 | } | |
379 | ||
380 | static inline struct page *fscrypt_pagecache_page(struct page *bounce_page) | |
643fa961 CR |
381 | { |
382 | WARN_ON_ONCE(1); | |
383 | return ERR_PTR(-EINVAL); | |
384 | } | |
385 | ||
d2d0727b | 386 | static inline void fscrypt_free_bounce_page(struct page *bounce_page) |
643fa961 | 387 | { |
643fa961 CR |
388 | } |
389 | ||
390 | /* policy.c */ | |
391 | static inline int fscrypt_ioctl_set_policy(struct file *filp, | |
392 | const void __user *arg) | |
393 | { | |
394 | return -EOPNOTSUPP; | |
395 | } | |
396 | ||
397 | static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg) | |
398 | { | |
399 | return -EOPNOTSUPP; | |
400 | } | |
401 | ||
5dae460c EB |
402 | static inline int fscrypt_ioctl_get_policy_ex(struct file *filp, |
403 | void __user *arg) | |
404 | { | |
405 | return -EOPNOTSUPP; | |
406 | } | |
407 | ||
643fa961 CR |
408 | static inline int fscrypt_has_permitted_context(struct inode *parent, |
409 | struct inode *child) | |
410 | { | |
411 | return 0; | |
412 | } | |
413 | ||
414 | static inline int fscrypt_inherit_context(struct inode *parent, | |
415 | struct inode *child, | |
416 | void *fs_data, bool preload) | |
417 | { | |
418 | return -EOPNOTSUPP; | |
419 | } | |
420 | ||
22d94f49 EB |
421 | /* keyring.c */ |
422 | static inline void fscrypt_sb_free(struct super_block *sb) | |
423 | { | |
424 | } | |
425 | ||
426 | static inline int fscrypt_ioctl_add_key(struct file *filp, void __user *arg) | |
427 | { | |
428 | return -EOPNOTSUPP; | |
429 | } | |
430 | ||
b1c0ec35 | 431 | static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg) |
78a1b96b EB |
432 | { |
433 | return -EOPNOTSUPP; | |
434 | } | |
435 | ||
436 | static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp, | |
437 | void __user *arg) | |
b1c0ec35 EB |
438 | { |
439 | return -EOPNOTSUPP; | |
440 | } | |
441 | ||
5a7e2992 EB |
442 | static inline int fscrypt_ioctl_get_key_status(struct file *filp, |
443 | void __user *arg) | |
444 | { | |
445 | return -EOPNOTSUPP; | |
446 | } | |
447 | ||
feed8258 | 448 | /* keysetup.c */ |
643fa961 CR |
449 | static inline int fscrypt_get_encryption_info(struct inode *inode) |
450 | { | |
451 | return -EOPNOTSUPP; | |
452 | } | |
453 | ||
454 | static inline void fscrypt_put_encryption_info(struct inode *inode) | |
455 | { | |
456 | return; | |
457 | } | |
458 | ||
2c58d548 EB |
459 | static inline void fscrypt_free_inode(struct inode *inode) |
460 | { | |
461 | } | |
462 | ||
b1c0ec35 EB |
463 | static inline int fscrypt_drop_inode(struct inode *inode) |
464 | { | |
465 | return 0; | |
466 | } | |
467 | ||
643fa961 CR |
468 | /* fname.c */ |
469 | static inline int fscrypt_setup_filename(struct inode *dir, | |
470 | const struct qstr *iname, | |
471 | int lookup, struct fscrypt_name *fname) | |
472 | { | |
473 | if (IS_ENCRYPTED(dir)) | |
474 | return -EOPNOTSUPP; | |
475 | ||
b01531db | 476 | memset(fname, 0, sizeof(*fname)); |
643fa961 CR |
477 | fname->usr_fname = iname; |
478 | fname->disk_name.name = (unsigned char *)iname->name; | |
479 | fname->disk_name.len = iname->len; | |
480 | return 0; | |
481 | } | |
482 | ||
483 | static inline void fscrypt_free_filename(struct fscrypt_name *fname) | |
484 | { | |
485 | return; | |
486 | } | |
487 | ||
488 | static inline int fscrypt_fname_alloc_buffer(const struct inode *inode, | |
489 | u32 max_encrypted_len, | |
490 | struct fscrypt_str *crypto_str) | |
491 | { | |
492 | return -EOPNOTSUPP; | |
493 | } | |
494 | ||
495 | static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str) | |
496 | { | |
497 | return; | |
498 | } | |
499 | ||
500 | static inline int fscrypt_fname_disk_to_usr(struct inode *inode, | |
501 | u32 hash, u32 minor_hash, | |
502 | const struct fscrypt_str *iname, | |
503 | struct fscrypt_str *oname) | |
504 | { | |
505 | return -EOPNOTSUPP; | |
506 | } | |
507 | ||
508 | static inline bool fscrypt_match_name(const struct fscrypt_name *fname, | |
509 | const u8 *de_name, u32 de_name_len) | |
510 | { | |
511 | /* Encryption support disabled; use standard comparison */ | |
512 | if (de_name_len != fname->disk_name.len) | |
513 | return false; | |
514 | return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len); | |
515 | } | |
516 | ||
517 | /* bio.c */ | |
518 | static inline void fscrypt_decrypt_bio(struct bio *bio) | |
519 | { | |
520 | } | |
521 | ||
522 | static inline void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx, | |
523 | struct bio *bio) | |
524 | { | |
525 | } | |
526 | ||
643fa961 CR |
527 | static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, |
528 | sector_t pblk, unsigned int len) | |
529 | { | |
530 | return -EOPNOTSUPP; | |
531 | } | |
532 | ||
533 | /* hooks.c */ | |
534 | ||
535 | static inline int fscrypt_file_open(struct inode *inode, struct file *filp) | |
536 | { | |
537 | if (IS_ENCRYPTED(inode)) | |
538 | return -EOPNOTSUPP; | |
539 | return 0; | |
540 | } | |
541 | ||
968dd6d0 EB |
542 | static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, |
543 | struct dentry *dentry) | |
643fa961 CR |
544 | { |
545 | return -EOPNOTSUPP; | |
546 | } | |
547 | ||
548 | static inline int __fscrypt_prepare_rename(struct inode *old_dir, | |
549 | struct dentry *old_dentry, | |
550 | struct inode *new_dir, | |
551 | struct dentry *new_dentry, | |
552 | unsigned int flags) | |
553 | { | |
554 | return -EOPNOTSUPP; | |
555 | } | |
556 | ||
557 | static inline int __fscrypt_prepare_lookup(struct inode *dir, | |
b01531db EB |
558 | struct dentry *dentry, |
559 | struct fscrypt_name *fname) | |
643fa961 CR |
560 | { |
561 | return -EOPNOTSUPP; | |
562 | } | |
563 | ||
564 | static inline int __fscrypt_prepare_symlink(struct inode *dir, | |
565 | unsigned int len, | |
566 | unsigned int max_len, | |
567 | struct fscrypt_str *disk_link) | |
568 | { | |
569 | return -EOPNOTSUPP; | |
570 | } | |
571 | ||
572 | ||
573 | static inline int __fscrypt_encrypt_symlink(struct inode *inode, | |
574 | const char *target, | |
575 | unsigned int len, | |
576 | struct fscrypt_str *disk_link) | |
577 | { | |
578 | return -EOPNOTSUPP; | |
579 | } | |
580 | ||
581 | static inline const char *fscrypt_get_symlink(struct inode *inode, | |
582 | const void *caddr, | |
583 | unsigned int max_size, | |
584 | struct delayed_call *done) | |
585 | { | |
586 | return ERR_PTR(-EOPNOTSUPP); | |
587 | } | |
eea2c05d | 588 | |
a2fe5aca EB |
589 | static inline int fscrypt_symlink_getattr(const struct path *path, |
590 | struct kstat *stat) | |
591 | { | |
592 | return -EOPNOTSUPP; | |
593 | } | |
594 | ||
eea2c05d SH |
595 | static inline void fscrypt_set_ops(struct super_block *sb, |
596 | const struct fscrypt_operations *s_cop) | |
597 | { | |
598 | } | |
599 | ||
643fa961 | 600 | #endif /* !CONFIG_FS_ENCRYPTION */ |
734f0d24 | 601 | |
d293c3e4 EB |
602 | /** |
603 | * fscrypt_require_key - require an inode's encryption key | |
604 | * @inode: the inode we need the key for | |
605 | * | |
606 | * If the inode is encrypted, set up its encryption key if not already done. | |
607 | * Then require that the key be present and return -ENOKEY otherwise. | |
608 | * | |
609 | * No locks are needed, and the key will live as long as the struct inode --- so | |
610 | * it won't go away from under you. | |
611 | * | |
612 | * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code | |
613 | * if a problem occurred while setting up the encryption key. | |
614 | */ | |
615 | static inline int fscrypt_require_key(struct inode *inode) | |
616 | { | |
617 | if (IS_ENCRYPTED(inode)) { | |
618 | int err = fscrypt_get_encryption_info(inode); | |
619 | ||
620 | if (err) | |
621 | return err; | |
622 | if (!fscrypt_has_encryption_key(inode)) | |
623 | return -ENOKEY; | |
624 | } | |
625 | return 0; | |
626 | } | |
734f0d24 | 627 | |
0ea87a96 EB |
628 | /** |
629 | * fscrypt_prepare_link - prepare to link an inode into a possibly-encrypted directory | |
630 | * @old_dentry: an existing dentry for the inode being linked | |
631 | * @dir: the target directory | |
632 | * @dentry: negative dentry for the target filename | |
633 | * | |
634 | * A new link can only be added to an encrypted directory if the directory's | |
635 | * encryption key is available --- since otherwise we'd have no way to encrypt | |
636 | * the filename. Therefore, we first set up the directory's encryption key (if | |
637 | * not already done) and return an error if it's unavailable. | |
638 | * | |
639 | * We also verify that the link will not violate the constraint that all files | |
640 | * in an encrypted directory tree use the same encryption policy. | |
641 | * | |
642 | * Return: 0 on success, -ENOKEY if the directory's encryption key is missing, | |
f5e55e77 | 643 | * -EXDEV if the link would result in an inconsistent encryption policy, or |
0ea87a96 EB |
644 | * another -errno code. |
645 | */ | |
646 | static inline int fscrypt_prepare_link(struct dentry *old_dentry, | |
647 | struct inode *dir, | |
648 | struct dentry *dentry) | |
649 | { | |
650 | if (IS_ENCRYPTED(dir)) | |
968dd6d0 | 651 | return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry); |
0ea87a96 EB |
652 | return 0; |
653 | } | |
654 | ||
94b26f36 EB |
655 | /** |
656 | * fscrypt_prepare_rename - prepare for a rename between possibly-encrypted directories | |
657 | * @old_dir: source directory | |
658 | * @old_dentry: dentry for source file | |
659 | * @new_dir: target directory | |
660 | * @new_dentry: dentry for target location (may be negative unless exchanging) | |
661 | * @flags: rename flags (we care at least about %RENAME_EXCHANGE) | |
662 | * | |
663 | * Prepare for ->rename() where the source and/or target directories may be | |
664 | * encrypted. A new link can only be added to an encrypted directory if the | |
665 | * directory's encryption key is available --- since otherwise we'd have no way | |
666 | * to encrypt the filename. A rename to an existing name, on the other hand, | |
667 | * *is* cryptographically possible without the key. However, we take the more | |
668 | * conservative approach and just forbid all no-key renames. | |
669 | * | |
670 | * We also verify that the rename will not violate the constraint that all files | |
671 | * in an encrypted directory tree use the same encryption policy. | |
672 | * | |
f5e55e77 | 673 | * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the |
94b26f36 EB |
674 | * rename would cause inconsistent encryption policies, or another -errno code. |
675 | */ | |
676 | static inline int fscrypt_prepare_rename(struct inode *old_dir, | |
677 | struct dentry *old_dentry, | |
678 | struct inode *new_dir, | |
679 | struct dentry *new_dentry, | |
680 | unsigned int flags) | |
681 | { | |
682 | if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir)) | |
683 | return __fscrypt_prepare_rename(old_dir, old_dentry, | |
684 | new_dir, new_dentry, flags); | |
685 | return 0; | |
686 | } | |
687 | ||
32c3cf02 EB |
688 | /** |
689 | * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory | |
690 | * @dir: directory being searched | |
691 | * @dentry: filename being looked up | |
b01531db | 692 | * @fname: (output) the name to use to search the on-disk directory |
32c3cf02 | 693 | * |
b01531db EB |
694 | * Prepare for ->lookup() in a directory which may be encrypted by determining |
695 | * the name that will actually be used to search the directory on-disk. Lookups | |
696 | * can be done with or without the directory's encryption key; without the key, | |
32c3cf02 EB |
697 | * filenames are presented in encrypted form. Therefore, we'll try to set up |
698 | * the directory's encryption key, but even without it the lookup can continue. | |
699 | * | |
6cc24868 EB |
700 | * This also installs a custom ->d_revalidate() method which will invalidate the |
701 | * dentry if it was created without the key and the key is later added. | |
32c3cf02 | 702 | * |
b01531db EB |
703 | * Return: 0 on success; -ENOENT if key is unavailable but the filename isn't a |
704 | * correctly formed encoded ciphertext name, so a negative dentry should be | |
705 | * created; or another -errno code. | |
32c3cf02 EB |
706 | */ |
707 | static inline int fscrypt_prepare_lookup(struct inode *dir, | |
708 | struct dentry *dentry, | |
b01531db | 709 | struct fscrypt_name *fname) |
32c3cf02 EB |
710 | { |
711 | if (IS_ENCRYPTED(dir)) | |
b01531db EB |
712 | return __fscrypt_prepare_lookup(dir, dentry, fname); |
713 | ||
714 | memset(fname, 0, sizeof(*fname)); | |
715 | fname->usr_fname = &dentry->d_name; | |
716 | fname->disk_name.name = (unsigned char *)dentry->d_name.name; | |
717 | fname->disk_name.len = dentry->d_name.len; | |
32c3cf02 EB |
718 | return 0; |
719 | } | |
720 | ||
815dac33 EB |
721 | /** |
722 | * fscrypt_prepare_setattr - prepare to change a possibly-encrypted inode's attributes | |
723 | * @dentry: dentry through which the inode is being changed | |
724 | * @attr: attributes to change | |
725 | * | |
726 | * Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file, | |
727 | * most attribute changes are allowed even without the encryption key. However, | |
728 | * without the encryption key we do have to forbid truncates. This is needed | |
729 | * because the size being truncated to may not be a multiple of the filesystem | |
730 | * block size, and in that case we'd have to decrypt the final block, zero the | |
731 | * portion past i_size, and re-encrypt it. (We *could* allow truncating to a | |
732 | * filesystem block boundary, but it's simpler to just forbid all truncates --- | |
733 | * and we already forbid all other contents modifications without the key.) | |
734 | * | |
735 | * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code | |
736 | * if a problem occurred while setting up the encryption key. | |
737 | */ | |
738 | static inline int fscrypt_prepare_setattr(struct dentry *dentry, | |
739 | struct iattr *attr) | |
740 | { | |
741 | if (attr->ia_valid & ATTR_SIZE) | |
742 | return fscrypt_require_key(d_inode(dentry)); | |
743 | return 0; | |
744 | } | |
745 | ||
76e81d6d EB |
746 | /** |
747 | * fscrypt_prepare_symlink - prepare to create a possibly-encrypted symlink | |
748 | * @dir: directory in which the symlink is being created | |
749 | * @target: plaintext symlink target | |
750 | * @len: length of @target excluding null terminator | |
751 | * @max_len: space the filesystem has available to store the symlink target | |
752 | * @disk_link: (out) the on-disk symlink target being prepared | |
753 | * | |
754 | * This function computes the size the symlink target will require on-disk, | |
755 | * stores it in @disk_link->len, and validates it against @max_len. An | |
756 | * encrypted symlink may be longer than the original. | |
757 | * | |
758 | * Additionally, @disk_link->name is set to @target if the symlink will be | |
759 | * unencrypted, but left NULL if the symlink will be encrypted. For encrypted | |
760 | * symlinks, the filesystem must call fscrypt_encrypt_symlink() to create the | |
761 | * on-disk target later. (The reason for the two-step process is that some | |
762 | * filesystems need to know the size of the symlink target before creating the | |
763 | * inode, e.g. to determine whether it will be a "fast" or "slow" symlink.) | |
764 | * | |
765 | * Return: 0 on success, -ENAMETOOLONG if the symlink target is too long, | |
766 | * -ENOKEY if the encryption key is missing, or another -errno code if a problem | |
767 | * occurred while setting up the encryption key. | |
768 | */ | |
769 | static inline int fscrypt_prepare_symlink(struct inode *dir, | |
770 | const char *target, | |
771 | unsigned int len, | |
772 | unsigned int max_len, | |
773 | struct fscrypt_str *disk_link) | |
774 | { | |
775 | if (IS_ENCRYPTED(dir) || fscrypt_dummy_context_enabled(dir)) | |
776 | return __fscrypt_prepare_symlink(dir, len, max_len, disk_link); | |
777 | ||
778 | disk_link->name = (unsigned char *)target; | |
779 | disk_link->len = len + 1; | |
780 | if (disk_link->len > max_len) | |
781 | return -ENAMETOOLONG; | |
782 | return 0; | |
783 | } | |
784 | ||
785 | /** | |
786 | * fscrypt_encrypt_symlink - encrypt the symlink target if needed | |
787 | * @inode: symlink inode | |
788 | * @target: plaintext symlink target | |
789 | * @len: length of @target excluding null terminator | |
790 | * @disk_link: (in/out) the on-disk symlink target being prepared | |
791 | * | |
792 | * If the symlink target needs to be encrypted, then this function encrypts it | |
793 | * into @disk_link->name. fscrypt_prepare_symlink() must have been called | |
794 | * previously to compute @disk_link->len. If the filesystem did not allocate a | |
795 | * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one | |
796 | * will be kmalloc()'ed and the filesystem will be responsible for freeing it. | |
797 | * | |
798 | * Return: 0 on success, -errno on failure | |
799 | */ | |
800 | static inline int fscrypt_encrypt_symlink(struct inode *inode, | |
801 | const char *target, | |
802 | unsigned int len, | |
803 | struct fscrypt_str *disk_link) | |
804 | { | |
805 | if (IS_ENCRYPTED(inode)) | |
806 | return __fscrypt_encrypt_symlink(inode, target, len, disk_link); | |
807 | return 0; | |
808 | } | |
809 | ||
d2d0727b EB |
810 | /* If *pagep is a bounce page, free it and set *pagep to the pagecache page */ |
811 | static inline void fscrypt_finalize_bounce_page(struct page **pagep) | |
812 | { | |
813 | struct page *page = *pagep; | |
814 | ||
815 | if (fscrypt_is_bounce_page(page)) { | |
816 | *pagep = fscrypt_pagecache_page(page); | |
817 | fscrypt_free_bounce_page(page); | |
818 | } | |
819 | } | |
820 | ||
734f0d24 | 821 | #endif /* _LINUX_FSCRYPT_H */ |