1 /* SPDX-License-Identifier: GPL-2.0 */
3 * fscrypt.h: declarations for per-file encryption
5 * Filesystems that implement per-file encryption include this header
6 * file with the __FS_HAS_ENCRYPTION set according to whether that filesystem
7 * is being built with encryption support or not.
9 * Copyright (C) 2015, Google, Inc.
11 * Written by Michael Halcrow, 2015.
12 * Modified by Jaegeuk Kim, 2015.
14 #ifndef _LINUX_FSCRYPT_H
15 #define _LINUX_FSCRYPT_H
17 #include <linux/key.h>
20 #include <linux/bio.h>
21 #include <linux/dcache.h>
22 #include <crypto/skcipher.h>
23 #include <uapi/linux/fs.h>
25 #define FS_CRYPTO_BLOCK_SIZE 16
32 struct page
*bounce_page
; /* Ciphertext page */
33 struct page
*control_page
; /* Original page */
37 struct work_struct work
;
39 struct list_head free_list
; /* Free list */
45 * For encrypted symlinks, the ciphertext length is stored at the beginning
46 * of the string in little-endian format.
48 struct fscrypt_symlink_data
{
50 char encrypted_path
[1];
59 const struct qstr
*usr_fname
;
60 struct fscrypt_str disk_name
;
63 struct fscrypt_str crypto_buf
;
66 #define FSTR_INIT(n, l) { .name = n, .len = l }
67 #define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len)
68 #define fname_name(p) ((p)->disk_name.name)
69 #define fname_len(p) ((p)->disk_name.len)
72 * fscrypt superblock flags
74 #define FS_CFLG_OWN_PAGES (1U << 1)
77 * crypto opertions for filesystems
79 struct fscrypt_operations
{
81 const char *key_prefix
;
82 int (*get_context
)(struct inode
*, void *, size_t);
83 int (*set_context
)(struct inode
*, const void *, size_t, void *);
84 bool (*dummy_context
)(struct inode
*);
85 bool (*empty_dir
)(struct inode
*);
86 unsigned (*max_namelen
)(struct inode
*);
89 /* Maximum value for the third parameter of fscrypt_operations.set_context(). */
90 #define FSCRYPT_SET_CONTEXT_MAX_SIZE 28
92 static inline bool fscrypt_dummy_context_enabled(struct inode
*inode
)
94 if (inode
->i_sb
->s_cop
->dummy_context
&&
95 inode
->i_sb
->s_cop
->dummy_context(inode
))
100 static inline bool fscrypt_valid_enc_modes(u32 contents_mode
,
103 if (contents_mode
== FS_ENCRYPTION_MODE_AES_128_CBC
&&
104 filenames_mode
== FS_ENCRYPTION_MODE_AES_128_CTS
)
107 if (contents_mode
== FS_ENCRYPTION_MODE_AES_256_XTS
&&
108 filenames_mode
== FS_ENCRYPTION_MODE_AES_256_CTS
)
114 static inline bool fscrypt_is_dot_dotdot(const struct qstr
*str
)
116 if (str
->len
== 1 && str
->name
[0] == '.')
119 if (str
->len
== 2 && str
->name
[0] == '.' && str
->name
[1] == '.')
125 #if __FS_HAS_ENCRYPTION
127 static inline struct page
*fscrypt_control_page(struct page
*page
)
129 return ((struct fscrypt_ctx
*)page_private(page
))->w
.control_page
;
132 static inline bool fscrypt_has_encryption_key(const struct inode
*inode
)
134 return (inode
->i_crypt_info
!= NULL
);
137 #include <linux/fscrypt_supp.h>
139 #else /* !__FS_HAS_ENCRYPTION */
141 static inline struct page
*fscrypt_control_page(struct page
*page
)
144 return ERR_PTR(-EINVAL
);
147 static inline bool fscrypt_has_encryption_key(const struct inode
*inode
)
152 #include <linux/fscrypt_notsupp.h>
153 #endif /* __FS_HAS_ENCRYPTION */
156 * fscrypt_require_key - require an inode's encryption key
157 * @inode: the inode we need the key for
159 * If the inode is encrypted, set up its encryption key if not already done.
160 * Then require that the key be present and return -ENOKEY otherwise.
162 * No locks are needed, and the key will live as long as the struct inode --- so
163 * it won't go away from under you.
165 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
166 * if a problem occurred while setting up the encryption key.
168 static inline int fscrypt_require_key(struct inode
*inode
)
170 if (IS_ENCRYPTED(inode
)) {
171 int err
= fscrypt_get_encryption_info(inode
);
175 if (!fscrypt_has_encryption_key(inode
))
182 * fscrypt_prepare_link - prepare to link an inode into a possibly-encrypted directory
183 * @old_dentry: an existing dentry for the inode being linked
184 * @dir: the target directory
185 * @dentry: negative dentry for the target filename
187 * A new link can only be added to an encrypted directory if the directory's
188 * encryption key is available --- since otherwise we'd have no way to encrypt
189 * the filename. Therefore, we first set up the directory's encryption key (if
190 * not already done) and return an error if it's unavailable.
192 * We also verify that the link will not violate the constraint that all files
193 * in an encrypted directory tree use the same encryption policy.
195 * Return: 0 on success, -ENOKEY if the directory's encryption key is missing,
196 * -EPERM if the link would result in an inconsistent encryption policy, or
197 * another -errno code.
199 static inline int fscrypt_prepare_link(struct dentry
*old_dentry
,
201 struct dentry
*dentry
)
203 if (IS_ENCRYPTED(dir
))
204 return __fscrypt_prepare_link(d_inode(old_dentry
), dir
);
209 * fscrypt_prepare_rename - prepare for a rename between possibly-encrypted directories
210 * @old_dir: source directory
211 * @old_dentry: dentry for source file
212 * @new_dir: target directory
213 * @new_dentry: dentry for target location (may be negative unless exchanging)
214 * @flags: rename flags (we care at least about %RENAME_EXCHANGE)
216 * Prepare for ->rename() where the source and/or target directories may be
217 * encrypted. A new link can only be added to an encrypted directory if the
218 * directory's encryption key is available --- since otherwise we'd have no way
219 * to encrypt the filename. A rename to an existing name, on the other hand,
220 * *is* cryptographically possible without the key. However, we take the more
221 * conservative approach and just forbid all no-key renames.
223 * We also verify that the rename will not violate the constraint that all files
224 * in an encrypted directory tree use the same encryption policy.
226 * Return: 0 on success, -ENOKEY if an encryption key is missing, -EPERM if the
227 * rename would cause inconsistent encryption policies, or another -errno code.
229 static inline int fscrypt_prepare_rename(struct inode
*old_dir
,
230 struct dentry
*old_dentry
,
231 struct inode
*new_dir
,
232 struct dentry
*new_dentry
,
235 if (IS_ENCRYPTED(old_dir
) || IS_ENCRYPTED(new_dir
))
236 return __fscrypt_prepare_rename(old_dir
, old_dentry
,
237 new_dir
, new_dentry
, flags
);
242 * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory
243 * @dir: directory being searched
244 * @dentry: filename being looked up
245 * @flags: lookup flags
247 * Prepare for ->lookup() in a directory which may be encrypted. Lookups can be
248 * done with or without the directory's encryption key; without the key,
249 * filenames are presented in encrypted form. Therefore, we'll try to set up
250 * the directory's encryption key, but even without it the lookup can continue.
252 * To allow invalidating stale dentries if the directory's encryption key is
253 * added later, we also install a custom ->d_revalidate() method and use the
254 * DCACHE_ENCRYPTED_WITH_KEY flag to indicate whether a given dentry is a
255 * plaintext name (flag set) or a ciphertext name (flag cleared).
257 * Return: 0 on success, -errno if a problem occurred while setting up the
260 static inline int fscrypt_prepare_lookup(struct inode
*dir
,
261 struct dentry
*dentry
,
264 if (IS_ENCRYPTED(dir
))
265 return __fscrypt_prepare_lookup(dir
, dentry
);
270 * fscrypt_prepare_setattr - prepare to change a possibly-encrypted inode's attributes
271 * @dentry: dentry through which the inode is being changed
272 * @attr: attributes to change
274 * Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file,
275 * most attribute changes are allowed even without the encryption key. However,
276 * without the encryption key we do have to forbid truncates. This is needed
277 * because the size being truncated to may not be a multiple of the filesystem
278 * block size, and in that case we'd have to decrypt the final block, zero the
279 * portion past i_size, and re-encrypt it. (We *could* allow truncating to a
280 * filesystem block boundary, but it's simpler to just forbid all truncates ---
281 * and we already forbid all other contents modifications without the key.)
283 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
284 * if a problem occurred while setting up the encryption key.
286 static inline int fscrypt_prepare_setattr(struct dentry
*dentry
,
289 if (attr
->ia_valid
& ATTR_SIZE
)
290 return fscrypt_require_key(d_inode(dentry
));
294 #endif /* _LINUX_FSCRYPT_H */