Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / aa56f1b4ce172ea0b5a89919a34c236d43436bef / . / include / linux / fscrypt.h
blob: 8641e56b8f8a9107a3cb595b130fe70b12839f79 [file] [log] [blame]
Jaegeuk Kim8dec0742017-06-22 12:14:40 -0700[diff] [blame]1/*
2 * fscrypt.h: declarations for per-file encryption
3 *
4 * Filesystems that implement per-file encryption include this header
5 * file with the __FS_HAS_ENCRYPTION set according to whether that filesystem
6 * is being built with encryption support or not.
7 *
8 * Copyright (C) 2015, Google, Inc.
9 *
10 * Written by Michael Halcrow, 2015.
11 * Modified by Jaegeuk Kim, 2015.
12 */
13#ifndef _LINUX_FSCRYPT_H
14#define _LINUX_FSCRYPT_H
15
16#include <linux/key.h>
17#include <linux/fs.h>
18#include <linux/mm.h>
19#include <linux/bio.h>
20#include <linux/dcache.h>
21#include <crypto/skcipher.h>
22#include <uapi/linux/fs.h>
23
24#define FS_CRYPTO_BLOCK_SIZE 16
25
26struct fscrypt_info;
27
28struct fscrypt_ctx {
29 union {
30 struct {
31 struct page *bounce_page; /* Ciphertext page */
32 struct page *control_page; /* Original page */
33 } w;
34 struct {
35 struct bio *bio;
36 struct work_struct work;
37 } r;
38 struct list_head free_list; /* Free list */
39 };
40 u8 flags; /* Flags */
41};
42
43/**
44 * For encrypted symlinks, the ciphertext length is stored at the beginning
45 * of the string in little-endian format.
46 */
47struct fscrypt_symlink_data {
48 __le16 len;
49 char encrypted_path[1];
50} __packed;
51
52struct fscrypt_str {
53 unsigned char *name;
54 u32 len;
55};
56
57struct fscrypt_name {
58 const struct qstr *usr_fname;
59 struct fscrypt_str disk_name;
60 u32 hash;
61 u32 minor_hash;
62 struct fscrypt_str crypto_buf;
63};
64
65#define FSTR_INIT(n, l) { .name = n, .len = l }
66#define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len)
67#define fname_name(p) ((p)->disk_name.name)
68#define fname_len(p) ((p)->disk_name.len)
69
70/*
71 * fscrypt superblock flags
72 */
73#define FS_CFLG_OWN_PAGES (1U << 1)
74
75/*
76 * crypto opertions for filesystems
77 */
78struct fscrypt_operations {
79 unsigned int flags;
80 const char *key_prefix;
81 int (*get_context)(struct inode *, void *, size_t);
82 int (*set_context)(struct inode *, const void *, size_t, void *);
83 bool (*dummy_context)(struct inode *);
84 bool (*empty_dir)(struct inode *);
85 unsigned (*max_namelen)(struct inode *);
86};
87
88static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
89{
90 if (inode->i_sb->s_cop->dummy_context &&
91 inode->i_sb->s_cop->dummy_context(inode))
92 return true;
93 return false;
94}
95
96static inline bool fscrypt_valid_enc_modes(u32 contents_mode,
97 u32 filenames_mode)
98{
99 if (contents_mode == FS_ENCRYPTION_MODE_AES_128_CBC &&
100 filenames_mode == FS_ENCRYPTION_MODE_AES_128_CTS)
101 return true;
102
103 if (contents_mode == FS_ENCRYPTION_MODE_AES_256_XTS &&
104 filenames_mode == FS_ENCRYPTION_MODE_AES_256_CTS)
105 return true;
106
107 return false;
108}
109
110static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
111{
112 if (str->len == 1 && str->name[0] == '.')
113 return true;
114
115 if (str->len == 2 && str->name[0] == '.' && str->name[1] == '.')
116 return true;
117
118 return false;
119}
120
121#if __FS_HAS_ENCRYPTION
122
123static inline struct page *fscrypt_control_page(struct page *page)
124{
125 return ((struct fscrypt_ctx *)page_private(page))->w.control_page;
126}
127
128static inline bool fscrypt_has_encryption_key(const struct inode *inode)
129{
130 return (inode->i_crypt_info != NULL);
131}
132
133#include <linux/fscrypt_supp.h>
134
135#else /* !__FS_HAS_ENCRYPTION */
136
137static inline struct page *fscrypt_control_page(struct page *page)
138{
139 WARN_ON_ONCE(1);
140 return ERR_PTR(-EINVAL);
141}
142
143static inline bool fscrypt_has_encryption_key(const struct inode *inode)
144{
145 return 0;
146}
147
148#include <linux/fscrypt_notsupp.h>
149#endif /* __FS_HAS_ENCRYPTION */
150
151/**
152 * fscrypt_require_key - require an inode's encryption key
153 * @inode: the inode we need the key for
154 *
155 * If the inode is encrypted, set up its encryption key if not already done.
156 * Then require that the key be present and return -ENOKEY otherwise.
157 *
158 * No locks are needed, and the key will live as long as the struct inode --- so
159 * it won't go away from under you.
160 *
161 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
162 * if a problem occurred while setting up the encryption key.
163 */
164static inline int fscrypt_require_key(struct inode *inode)
165{
166 if (IS_ENCRYPTED(inode)) {
167 int err = fscrypt_get_encryption_info(inode);
168
169 if (err)
170 return err;
171 if (!fscrypt_has_encryption_key(inode))
172 return -ENOKEY;
173 }
174 return 0;
175}
176
177/**
178 * fscrypt_prepare_link - prepare to link an inode into a possibly-encrypted directory
179 * @old_dentry: an existing dentry for the inode being linked
180 * @dir: the target directory
181 * @dentry: negative dentry for the target filename
182 *
183 * A new link can only be added to an encrypted directory if the directory's
184 * encryption key is available --- since otherwise we'd have no way to encrypt
185 * the filename. Therefore, we first set up the directory's encryption key (if
186 * not already done) and return an error if it's unavailable.
187 *
188 * We also verify that the link will not violate the constraint that all files
189 * in an encrypted directory tree use the same encryption policy.
190 *
191 * Return: 0 on success, -ENOKEY if the directory's encryption key is missing,
192 * -EPERM if the link would result in an inconsistent encryption policy, or
193 * another -errno code.
194 */
195static inline int fscrypt_prepare_link(struct dentry *old_dentry,
196 struct inode *dir,
197 struct dentry *dentry)
198{
199 if (IS_ENCRYPTED(dir))
200 return __fscrypt_prepare_link(d_inode(old_dentry), dir);
201 return 0;
202}
203
204/**
205 * fscrypt_prepare_rename - prepare for a rename between possibly-encrypted directories
206 * @old_dir: source directory
207 * @old_dentry: dentry for source file
208 * @new_dir: target directory
209 * @new_dentry: dentry for target location (may be negative unless exchanging)
210 * @flags: rename flags (we care at least about %RENAME_EXCHANGE)
211 *
212 * Prepare for ->rename() where the source and/or target directories may be
213 * encrypted. A new link can only be added to an encrypted directory if the
214 * directory's encryption key is available --- since otherwise we'd have no way
215 * to encrypt the filename. A rename to an existing name, on the other hand,
216 * *is* cryptographically possible without the key. However, we take the more
217 * conservative approach and just forbid all no-key renames.
218 *
219 * We also verify that the rename will not violate the constraint that all files
220 * in an encrypted directory tree use the same encryption policy.
221 *
222 * Return: 0 on success, -ENOKEY if an encryption key is missing, -EPERM if the
223 * rename would cause inconsistent encryption policies, or another -errno code.
224 */
225static inline int fscrypt_prepare_rename(struct inode *old_dir,
226 struct dentry *old_dentry,
227 struct inode *new_dir,
228 struct dentry *new_dentry,
229 unsigned int flags)
230{
231 if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
232 return __fscrypt_prepare_rename(old_dir, old_dentry,
233 new_dir, new_dentry, flags);
234 return 0;
235}
236
237/**
238 * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory
239 * @dir: directory being searched
240 * @dentry: filename being looked up
241 * @flags: lookup flags
242 *
243 * Prepare for ->lookup() in a directory which may be encrypted. Lookups can be
244 * done with or without the directory's encryption key; without the key,
245 * filenames are presented in encrypted form. Therefore, we'll try to set up
246 * the directory's encryption key, but even without it the lookup can continue.
247 *
248 * To allow invalidating stale dentries if the directory's encryption key is
249 * added later, we also install a custom ->d_revalidate() method and use the
250 * DCACHE_ENCRYPTED_WITH_KEY flag to indicate whether a given dentry is a
251 * plaintext name (flag set) or a ciphertext name (flag cleared).
252 *
253 * Return: 0 on success, -errno if a problem occurred while setting up the
254 * encryption key
255 */
256static inline int fscrypt_prepare_lookup(struct inode *dir,
257 struct dentry *dentry,
258 unsigned int flags)
259{
260 if (IS_ENCRYPTED(dir))
261 return __fscrypt_prepare_lookup(dir, dentry);
262 return 0;
263}
264
265/**
266 * fscrypt_prepare_setattr - prepare to change a possibly-encrypted inode's attributes
267 * @dentry: dentry through which the inode is being changed
268 * @attr: attributes to change
269 *
270 * Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file,
271 * most attribute changes are allowed even without the encryption key. However,
272 * without the encryption key we do have to forbid truncates. This is needed
273 * because the size being truncated to may not be a multiple of the filesystem
274 * block size, and in that case we'd have to decrypt the final block, zero the
275 * portion past i_size, and re-encrypt it. (We *could* allow truncating to a
276 * filesystem block boundary, but it's simpler to just forbid all truncates ---
277 * and we already forbid all other contents modifications without the key.)
278 *
279 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
280 * if a problem occurred while setting up the encryption key.
281 */
282static inline int fscrypt_prepare_setattr(struct dentry *dentry,
283 struct iattr *attr)
284{
285 if (attr->ia_valid & ATTR_SIZE)
286 return fscrypt_require_key(d_inode(dentry));
287 return 0;
288}
289
290#endif /* _LINUX_FSCRYPT_H */