~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/fs/crypto/fscrypt_private.h

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* SPDX-License-Identifier: GPL-2.0 */
  2 /*
  3  * fscrypt_private.h
  4  *
  5  * Copyright (C) 2015, Google, Inc.
  6  *
  7  * Originally written by Michael Halcrow, Ildar Muslukhov, and Uday Savagaonkar.
  8  * Heavily modified since then.
  9  */
 10 
 11 #ifndef _FSCRYPT_PRIVATE_H
 12 #define _FSCRYPT_PRIVATE_H
 13 
 14 #include <linux/fscrypt.h>
 15 #include <linux/siphash.h>
 16 #include <crypto/hash.h>
 17 #include <linux/blk-crypto.h>
 18 
 19 #define CONST_STRLEN(str)       (sizeof(str) - 1)
 20 
 21 #define FSCRYPT_FILE_NONCE_SIZE 16
 22 
 23 /*
 24  * Minimum size of an fscrypt master key.  Note: a longer key will be required
 25  * if ciphers with a 256-bit security strength are used.  This is just the
 26  * absolute minimum, which applies when only 128-bit encryption is used.
 27  */
 28 #define FSCRYPT_MIN_KEY_SIZE    16
 29 
 30 #define FSCRYPT_CONTEXT_V1      1
 31 #define FSCRYPT_CONTEXT_V2      2
 32 
 33 /* Keep this in sync with include/uapi/linux/fscrypt.h */
 34 #define FSCRYPT_MODE_MAX        FSCRYPT_MODE_AES_256_HCTR2
 35 
 36 struct fscrypt_context_v1 {
 37         u8 version; /* FSCRYPT_CONTEXT_V1 */
 38         u8 contents_encryption_mode;
 39         u8 filenames_encryption_mode;
 40         u8 flags;
 41         u8 master_key_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];
 42         u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
 43 };
 44 
 45 struct fscrypt_context_v2 {
 46         u8 version; /* FSCRYPT_CONTEXT_V2 */
 47         u8 contents_encryption_mode;
 48         u8 filenames_encryption_mode;
 49         u8 flags;
 50         u8 log2_data_unit_size;
 51         u8 __reserved[3];
 52         u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];
 53         u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
 54 };
 55 
 56 /*
 57  * fscrypt_context - the encryption context of an inode
 58  *
 59  * This is the on-disk equivalent of an fscrypt_policy, stored alongside each
 60  * encrypted file usually in a hidden extended attribute.  It contains the
 61  * fields from the fscrypt_policy, in order to identify the encryption algorithm
 62  * and key with which the file is encrypted.  It also contains a nonce that was
 63  * randomly generated by fscrypt itself; this is used as KDF input or as a tweak
 64  * to cause different files to be encrypted differently.
 65  */
 66 union fscrypt_context {
 67         u8 version;
 68         struct fscrypt_context_v1 v1;
 69         struct fscrypt_context_v2 v2;
 70 };
 71 
 72 /*
 73  * Return the size expected for the given fscrypt_context based on its version
 74  * number, or 0 if the context version is unrecognized.
 75  */
 76 static inline int fscrypt_context_size(const union fscrypt_context *ctx)
 77 {
 78         switch (ctx->version) {
 79         case FSCRYPT_CONTEXT_V1:
 80                 BUILD_BUG_ON(sizeof(ctx->v1) != 28);
 81                 return sizeof(ctx->v1);
 82         case FSCRYPT_CONTEXT_V2:
 83                 BUILD_BUG_ON(sizeof(ctx->v2) != 40);
 84                 return sizeof(ctx->v2);
 85         }
 86         return 0;
 87 }
 88 
 89 /* Check whether an fscrypt_context has a recognized version number and size */
 90 static inline bool fscrypt_context_is_valid(const union fscrypt_context *ctx,
 91                                             int ctx_size)
 92 {
 93         return ctx_size >= 1 && ctx_size == fscrypt_context_size(ctx);
 94 }
 95 
 96 /* Retrieve the context's nonce, assuming the context was already validated */
 97 static inline const u8 *fscrypt_context_nonce(const union fscrypt_context *ctx)
 98 {
 99         switch (ctx->version) {
100         case FSCRYPT_CONTEXT_V1:
101                 return ctx->v1.nonce;
102         case FSCRYPT_CONTEXT_V2:
103                 return ctx->v2.nonce;
104         }
105         WARN_ON_ONCE(1);
106         return NULL;
107 }
108 
109 union fscrypt_policy {
110         u8 version;
111         struct fscrypt_policy_v1 v1;
112         struct fscrypt_policy_v2 v2;
113 };
114 
115 /*
116  * Return the size expected for the given fscrypt_policy based on its version
117  * number, or 0 if the policy version is unrecognized.
118  */
119 static inline int fscrypt_policy_size(const union fscrypt_policy *policy)
120 {
121         switch (policy->version) {
122         case FSCRYPT_POLICY_V1:
123                 return sizeof(policy->v1);
124         case FSCRYPT_POLICY_V2:
125                 return sizeof(policy->v2);
126         }
127         return 0;
128 }
129 
130 /* Return the contents encryption mode of a valid encryption policy */
131 static inline u8
132 fscrypt_policy_contents_mode(const union fscrypt_policy *policy)
133 {
134         switch (policy->version) {
135         case FSCRYPT_POLICY_V1:
136                 return policy->v1.contents_encryption_mode;
137         case FSCRYPT_POLICY_V2:
138                 return policy->v2.contents_encryption_mode;
139         }
140         BUG();
141 }
142 
143 /* Return the filenames encryption mode of a valid encryption policy */
144 static inline u8
145 fscrypt_policy_fnames_mode(const union fscrypt_policy *policy)
146 {
147         switch (policy->version) {
148         case FSCRYPT_POLICY_V1:
149                 return policy->v1.filenames_encryption_mode;
150         case FSCRYPT_POLICY_V2:
151                 return policy->v2.filenames_encryption_mode;
152         }
153         BUG();
154 }
155 
156 /* Return the flags (FSCRYPT_POLICY_FLAG*) of a valid encryption policy */
157 static inline u8
158 fscrypt_policy_flags(const union fscrypt_policy *policy)
159 {
160         switch (policy->version) {
161         case FSCRYPT_POLICY_V1:
162                 return policy->v1.flags;
163         case FSCRYPT_POLICY_V2:
164                 return policy->v2.flags;
165         }
166         BUG();
167 }
168 
169 static inline int
170 fscrypt_policy_v2_du_bits(const struct fscrypt_policy_v2 *policy,
171                           const struct inode *inode)
172 {
173         return policy->log2_data_unit_size ?: inode->i_blkbits;
174 }
175 
176 static inline int
177 fscrypt_policy_du_bits(const union fscrypt_policy *policy,
178                        const struct inode *inode)
179 {
180         switch (policy->version) {
181         case FSCRYPT_POLICY_V1:
182                 return inode->i_blkbits;
183         case FSCRYPT_POLICY_V2:
184                 return fscrypt_policy_v2_du_bits(&policy->v2, inode);
185         }
186         BUG();
187 }
188 
189 /*
190  * For encrypted symlinks, the ciphertext length is stored at the beginning
191  * of the string in little-endian format.
192  */
193 struct fscrypt_symlink_data {
194         __le16 len;
195         char encrypted_path[];
196 } __packed;
197 
198 /**
199  * struct fscrypt_prepared_key - a key prepared for actual encryption/decryption
200  * @tfm: crypto API transform object
201  * @blk_key: key for blk-crypto
202  *
203  * Normally only one of the fields will be non-NULL.
204  */
205 struct fscrypt_prepared_key {
206         struct crypto_skcipher *tfm;
207 #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
208         struct blk_crypto_key *blk_key;
209 #endif
210 };
211 
212 /*
213  * fscrypt_inode_info - the "encryption key" for an inode
214  *
215  * When an encrypted file's key is made available, an instance of this struct is
216  * allocated and stored in ->i_crypt_info.  Once created, it remains until the
217  * inode is evicted.
218  */
219 struct fscrypt_inode_info {
220 
221         /* The key in a form prepared for actual encryption/decryption */
222         struct fscrypt_prepared_key ci_enc_key;
223 
224         /* True if ci_enc_key should be freed when this struct is freed */
225         u8 ci_owns_key : 1;
226 
227 #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
228         /*
229          * True if this inode will use inline encryption (blk-crypto) instead of
230          * the traditional filesystem-layer encryption.
231          */
232         u8 ci_inlinecrypt : 1;
233 #endif
234 
235         /* True if ci_dirhash_key is initialized */
236         u8 ci_dirhash_key_initialized : 1;
237 
238         /*
239          * log2 of the data unit size (granularity of contents encryption) of
240          * this file.  This is computable from ci_policy and ci_inode but is
241          * cached here for efficiency.  Only used for regular files.
242          */
243         u8 ci_data_unit_bits;
244 
245         /* Cached value: log2 of number of data units per FS block */
246         u8 ci_data_units_per_block_bits;
247 
248         /* Hashed inode number.  Only set for IV_INO_LBLK_32 */
249         u32 ci_hashed_ino;
250 
251         /*
252          * Encryption mode used for this inode.  It corresponds to either the
253          * contents or filenames encryption mode, depending on the inode type.
254          */
255         struct fscrypt_mode *ci_mode;
256 
257         /* Back-pointer to the inode */
258         struct inode *ci_inode;
259 
260         /*
261          * The master key with which this inode was unlocked (decrypted).  This
262          * will be NULL if the master key was found in a process-subscribed
263          * keyring rather than in the filesystem-level keyring.
264          */
265         struct fscrypt_master_key *ci_master_key;
266 
267         /*
268          * Link in list of inodes that were unlocked with the master key.
269          * Only used when ->ci_master_key is set.
270          */
271         struct list_head ci_master_key_link;
272 
273         /*
274          * If non-NULL, then encryption is done using the master key directly
275          * and ci_enc_key will equal ci_direct_key->dk_key.
276          */
277         struct fscrypt_direct_key *ci_direct_key;
278 
279         /*
280          * This inode's hash key for filenames.  This is a 128-bit SipHash-2-4
281          * key.  This is only set for directories that use a keyed dirhash over
282          * the plaintext filenames -- currently just casefolded directories.
283          */
284         siphash_key_t ci_dirhash_key;
285 
286         /* The encryption policy used by this inode */
287         union fscrypt_policy ci_policy;
288 
289         /* This inode's nonce, copied from the fscrypt_context */
290         u8 ci_nonce[FSCRYPT_FILE_NONCE_SIZE];
291 };
292 
293 typedef enum {
294         FS_DECRYPT = 0,
295         FS_ENCRYPT,
296 } fscrypt_direction_t;
297 
298 /* crypto.c */
299 extern struct kmem_cache *fscrypt_inode_info_cachep;
300 int fscrypt_initialize(struct super_block *sb);
301 int fscrypt_crypt_data_unit(const struct fscrypt_inode_info *ci,
302                             fscrypt_direction_t rw, u64 index,
303                             struct page *src_page, struct page *dest_page,
304                             unsigned int len, unsigned int offs,
305                             gfp_t gfp_flags);
306 struct page *fscrypt_alloc_bounce_page(gfp_t gfp_flags);
307 
308 void __printf(3, 4) __cold
309 fscrypt_msg(const struct inode *inode, const char *level, const char *fmt, ...);
310 
311 #define fscrypt_warn(inode, fmt, ...)           \
312         fscrypt_msg((inode), KERN_WARNING, fmt, ##__VA_ARGS__)
313 #define fscrypt_err(inode, fmt, ...)            \
314         fscrypt_msg((inode), KERN_ERR, fmt, ##__VA_ARGS__)
315 
316 #define FSCRYPT_MAX_IV_SIZE     32
317 
318 union fscrypt_iv {
319         struct {
320                 /* zero-based index of data unit within the file */
321                 __le64 index;
322 
323                 /* per-file nonce; only set in DIRECT_KEY mode */
324                 u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
325         };
326         u8 raw[FSCRYPT_MAX_IV_SIZE];
327         __le64 dun[FSCRYPT_MAX_IV_SIZE / sizeof(__le64)];
328 };
329 
330 void fscrypt_generate_iv(union fscrypt_iv *iv, u64 index,
331                          const struct fscrypt_inode_info *ci);
332 
333 /*
334  * Return the number of bits used by the maximum file data unit index that is
335  * possible on the given filesystem, using the given log2 data unit size.
336  */
337 static inline int
338 fscrypt_max_file_dun_bits(const struct super_block *sb, int du_bits)
339 {
340         return fls64(sb->s_maxbytes - 1) - du_bits;
341 }
342 
343 /* fname.c */
344 bool __fscrypt_fname_encrypted_size(const union fscrypt_policy *policy,
345                                     u32 orig_len, u32 max_len,
346                                     u32 *encrypted_len_ret);
347 
348 /* hkdf.c */
349 struct fscrypt_hkdf {
350         struct crypto_shash *hmac_tfm;
351 };
352 
353 int fscrypt_init_hkdf(struct fscrypt_hkdf *hkdf, const u8 *master_key,
354                       unsigned int master_key_size);
355 
356 /*
357  * The list of contexts in which fscrypt uses HKDF.  These values are used as
358  * the first byte of the HKDF application-specific info string to guarantee that
359  * info strings are never repeated between contexts.  This ensures that all HKDF
360  * outputs are unique and cryptographically isolated, i.e. knowledge of one
361  * output doesn't reveal another.
362  */
363 #define HKDF_CONTEXT_KEY_IDENTIFIER     1 /* info=<empty>               */
364 #define HKDF_CONTEXT_PER_FILE_ENC_KEY   2 /* info=file_nonce            */
365 #define HKDF_CONTEXT_DIRECT_KEY         3 /* info=mode_num              */
366 #define HKDF_CONTEXT_IV_INO_LBLK_64_KEY 4 /* info=mode_num||fs_uuid     */
367 #define HKDF_CONTEXT_DIRHASH_KEY        5 /* info=file_nonce            */
368 #define HKDF_CONTEXT_IV_INO_LBLK_32_KEY 6 /* info=mode_num||fs_uuid     */
369 #define HKDF_CONTEXT_INODE_HASH_KEY     7 /* info=<empty>               */
370 
371 int fscrypt_hkdf_expand(const struct fscrypt_hkdf *hkdf, u8 context,
372                         const u8 *info, unsigned int infolen,
373                         u8 *okm, unsigned int okmlen);
374 
375 void fscrypt_destroy_hkdf(struct fscrypt_hkdf *hkdf);
376 
377 /* inline_crypt.c */
378 #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
379 int fscrypt_select_encryption_impl(struct fscrypt_inode_info *ci);
380 
381 static inline bool
382 fscrypt_using_inline_encryption(const struct fscrypt_inode_info *ci)
383 {
384         return ci->ci_inlinecrypt;
385 }
386 
387 int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
388                                      const u8 *raw_key,
389                                      const struct fscrypt_inode_info *ci);
390 
391 void fscrypt_destroy_inline_crypt_key(struct super_block *sb,
392                                       struct fscrypt_prepared_key *prep_key);
393 
394 /*
395  * Check whether the crypto transform or blk-crypto key has been allocated in
396  * @prep_key, depending on which encryption implementation the file will use.
397  */
398 static inline bool
399 fscrypt_is_key_prepared(struct fscrypt_prepared_key *prep_key,
400                         const struct fscrypt_inode_info *ci)
401 {
402         /*
403          * The two smp_load_acquire()'s here pair with the smp_store_release()'s
404          * in fscrypt_prepare_inline_crypt_key() and fscrypt_prepare_key().
405          * I.e., in some cases (namely, if this prep_key is a per-mode
406          * encryption key) another task can publish blk_key or tfm concurrently,
407          * executing a RELEASE barrier.  We need to use smp_load_acquire() here
408          * to safely ACQUIRE the memory the other task published.
409          */
410         if (fscrypt_using_inline_encryption(ci))
411                 return smp_load_acquire(&prep_key->blk_key) != NULL;
412         return smp_load_acquire(&prep_key->tfm) != NULL;
413 }
414 
415 #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
416 
417 static inline int fscrypt_select_encryption_impl(struct fscrypt_inode_info *ci)
418 {
419         return 0;
420 }
421 
422 static inline bool
423 fscrypt_using_inline_encryption(const struct fscrypt_inode_info *ci)
424 {
425         return false;
426 }
427 
428 static inline int
429 fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
430                                  const u8 *raw_key,
431                                  const struct fscrypt_inode_info *ci)
432 {
433         WARN_ON_ONCE(1);
434         return -EOPNOTSUPP;
435 }
436 
437 static inline void
438 fscrypt_destroy_inline_crypt_key(struct super_block *sb,
439                                  struct fscrypt_prepared_key *prep_key)
440 {
441 }
442 
443 static inline bool
444 fscrypt_is_key_prepared(struct fscrypt_prepared_key *prep_key,
445                         const struct fscrypt_inode_info *ci)
446 {
447         return smp_load_acquire(&prep_key->tfm) != NULL;
448 }
449 #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
450 
451 /* keyring.c */
452 
453 /*
454  * fscrypt_master_key_secret - secret key material of an in-use master key
455  */
456 struct fscrypt_master_key_secret {
457 
458         /*
459          * For v2 policy keys: HKDF context keyed by this master key.
460          * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).
461          */
462         struct fscrypt_hkdf     hkdf;
463 
464         /*
465          * Size of the raw key in bytes.  This remains set even if ->raw was
466          * zeroized due to no longer being needed.  I.e. we still remember the
467          * size of the key even if we don't need to remember the key itself.
468          */
469         u32                     size;
470 
471         /* For v1 policy keys: the raw key.  Wiped for v2 policy keys. */
472         u8                      raw[FSCRYPT_MAX_KEY_SIZE];
473 
474 } __randomize_layout;
475 
476 /*
477  * fscrypt_master_key - an in-use master key
478  *
479  * This represents a master encryption key which has been added to the
480  * filesystem.  There are three high-level states that a key can be in:
481  *
482  * FSCRYPT_KEY_STATUS_PRESENT
483  *      Key is fully usable; it can be used to unlock inodes that are encrypted
484  *      with it (this includes being able to create new inodes).  ->mk_present
485  *      indicates whether the key is in this state.  ->mk_secret exists, the key
486  *      is in the keyring, and ->mk_active_refs > 0 due to ->mk_present.
487  *
488  * FSCRYPT_KEY_STATUS_INCOMPLETELY_REMOVED
489  *      Removal of this key has been initiated, but some inodes that were
490  *      unlocked with it are still in-use.  Like ABSENT, ->mk_secret is wiped,
491  *      and the key can no longer be used to unlock inodes.  Unlike ABSENT, the
492  *      key is still in the keyring; ->mk_decrypted_inodes is nonempty; and
493  *      ->mk_active_refs > 0, being equal to the size of ->mk_decrypted_inodes.
494  *
495  *      This state transitions to ABSENT if ->mk_decrypted_inodes becomes empty,
496  *      or to PRESENT if FS_IOC_ADD_ENCRYPTION_KEY is called again for this key.
497  *
498  * FSCRYPT_KEY_STATUS_ABSENT
499  *      Key is fully removed.  The key is no longer in the keyring,
500  *      ->mk_decrypted_inodes is empty, ->mk_active_refs == 0, ->mk_secret is
501  *      wiped, and the key can no longer be used to unlock inodes.
502  */
503 struct fscrypt_master_key {
504 
505         /*
506          * Link in ->s_master_keys->key_hashtable.
507          * Only valid if ->mk_active_refs > 0.
508          */
509         struct hlist_node                       mk_node;
510 
511         /* Semaphore that protects ->mk_secret, ->mk_users, and ->mk_present */
512         struct rw_semaphore                     mk_sem;
513 
514         /*
515          * Active and structural reference counts.  An active ref guarantees
516          * that the struct continues to exist, continues to be in the keyring
517          * ->s_master_keys, and that any embedded subkeys (e.g.
518          * ->mk_direct_keys) that have been prepared continue to exist.
519          * A structural ref only guarantees that the struct continues to exist.
520          *
521          * There is one active ref associated with ->mk_present being true, and
522          * one active ref for each inode in ->mk_decrypted_inodes.
523          *
524          * There is one structural ref associated with the active refcount being
525          * nonzero.  Finding a key in the keyring also takes a structural ref,
526          * which is then held temporarily while the key is operated on.
527          */
528         refcount_t                              mk_active_refs;
529         refcount_t                              mk_struct_refs;
530 
531         struct rcu_head                         mk_rcu_head;
532 
533         /*
534          * The secret key material.  Wiped as soon as it is no longer needed;
535          * for details, see the fscrypt_master_key struct comment.
536          *
537          * Locking: protected by ->mk_sem.
538          */
539         struct fscrypt_master_key_secret        mk_secret;
540 
541         /*
542          * For v1 policy keys: an arbitrary key descriptor which was assigned by
543          * userspace (->descriptor).
544          *
545          * For v2 policy keys: a cryptographic hash of this key (->identifier).
546          */
547         struct fscrypt_key_specifier            mk_spec;
548 
549         /*
550          * Keyring which contains a key of type 'key_type_fscrypt_user' for each
551          * user who has added this key.  Normally each key will be added by just
552          * one user, but it's possible that multiple users share a key, and in
553          * that case we need to keep track of those users so that one user can't
554          * remove the key before the others want it removed too.
555          *
556          * This is NULL for v1 policy keys; those can only be added by root.
557          *
558          * Locking: protected by ->mk_sem.  (We don't just rely on the keyrings
559          * subsystem semaphore ->mk_users->sem, as we need support for atomic
560          * search+insert along with proper synchronization with other fields.)
561          */
562         struct key              *mk_users;
563 
564         /*
565          * List of inodes that were unlocked using this key.  This allows the
566          * inodes to be evicted efficiently if the key is removed.
567          */
568         struct list_head        mk_decrypted_inodes;
569         spinlock_t              mk_decrypted_inodes_lock;
570 
571         /*
572          * Per-mode encryption keys for the various types of encryption policies
573          * that use them.  Allocated and derived on-demand.
574          */
575         struct fscrypt_prepared_key mk_direct_keys[FSCRYPT_MODE_MAX + 1];
576         struct fscrypt_prepared_key mk_iv_ino_lblk_64_keys[FSCRYPT_MODE_MAX + 1];
577         struct fscrypt_prepared_key mk_iv_ino_lblk_32_keys[FSCRYPT_MODE_MAX + 1];
578 
579         /* Hash key for inode numbers.  Initialized only when needed. */
580         siphash_key_t           mk_ino_hash_key;
581         bool                    mk_ino_hash_key_initialized;
582 
583         /*
584          * Whether this key is in the "present" state, i.e. fully usable.  For
585          * details, see the fscrypt_master_key struct comment.
586          *
587          * Locking: protected by ->mk_sem, but can be read locklessly using
588          * READ_ONCE().  Writers must use WRITE_ONCE() when concurrent readers
589          * are possible.
590          */
591         bool                    mk_present;
592 
593 } __randomize_layout;
594 
595 static inline const char *master_key_spec_type(
596                                 const struct fscrypt_key_specifier *spec)
597 {
598         switch (spec->type) {
599         case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR:
600                 return "descriptor";
601         case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER:
602                 return "identifier";
603         }
604         return "[unknown]";
605 }
606 
607 static inline int master_key_spec_len(const struct fscrypt_key_specifier *spec)
608 {
609         switch (spec->type) {
610         case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR:
611                 return FSCRYPT_KEY_DESCRIPTOR_SIZE;
612         case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER:
613                 return FSCRYPT_KEY_IDENTIFIER_SIZE;
614         }
615         return 0;
616 }
617 
618 void fscrypt_put_master_key(struct fscrypt_master_key *mk);
619 
620 void fscrypt_put_master_key_activeref(struct super_block *sb,
621                                       struct fscrypt_master_key *mk);
622 
623 struct fscrypt_master_key *
624 fscrypt_find_master_key(struct super_block *sb,
625                         const struct fscrypt_key_specifier *mk_spec);
626 
627 int fscrypt_get_test_dummy_key_identifier(
628                           u8 key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]);
629 
630 int fscrypt_add_test_dummy_key(struct super_block *sb,
631                                struct fscrypt_key_specifier *key_spec);
632 
633 int fscrypt_verify_key_added(struct super_block *sb,
634                              const u8 identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]);
635 
636 int __init fscrypt_init_keyring(void);
637 
638 /* keysetup.c */
639 
640 struct fscrypt_mode {
641         const char *friendly_name;
642         const char *cipher_str;
643         int keysize;            /* key size in bytes */
644         int security_strength;  /* security strength in bytes */
645         int ivsize;             /* IV size in bytes */
646         int logged_cryptoapi_impl;
647         int logged_blk_crypto_native;
648         int logged_blk_crypto_fallback;
649         enum blk_crypto_mode_num blk_crypto_mode;
650 };
651 
652 extern struct fscrypt_mode fscrypt_modes[];
653 
654 int fscrypt_prepare_key(struct fscrypt_prepared_key *prep_key,
655                         const u8 *raw_key, const struct fscrypt_inode_info *ci);
656 
657 void fscrypt_destroy_prepared_key(struct super_block *sb,
658                                   struct fscrypt_prepared_key *prep_key);
659 
660 int fscrypt_set_per_file_enc_key(struct fscrypt_inode_info *ci,
661                                  const u8 *raw_key);
662 
663 int fscrypt_derive_dirhash_key(struct fscrypt_inode_info *ci,
664                                const struct fscrypt_master_key *mk);
665 
666 void fscrypt_hash_inode_number(struct fscrypt_inode_info *ci,
667                                const struct fscrypt_master_key *mk);
668 
669 int fscrypt_get_encryption_info(struct inode *inode, bool allow_unsupported);
670 
671 /**
672  * fscrypt_require_key() - require an inode's encryption key
673  * @inode: the inode we need the key for
674  *
675  * If the inode is encrypted, set up its encryption key if not already done.
676  * Then require that the key be present and return -ENOKEY otherwise.
677  *
678  * No locks are needed, and the key will live as long as the struct inode --- so
679  * it won't go away from under you.
680  *
681  * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
682  * if a problem occurred while setting up the encryption key.
683  */
684 static inline int fscrypt_require_key(struct inode *inode)
685 {
686         if (IS_ENCRYPTED(inode)) {
687                 int err = fscrypt_get_encryption_info(inode, false);
688 
689                 if (err)
690                         return err;
691                 if (!fscrypt_has_encryption_key(inode))
692                         return -ENOKEY;
693         }
694         return 0;
695 }
696 
697 /* keysetup_v1.c */
698 
699 void fscrypt_put_direct_key(struct fscrypt_direct_key *dk);
700 
701 int fscrypt_setup_v1_file_key(struct fscrypt_inode_info *ci,
702                               const u8 *raw_master_key);
703 
704 int fscrypt_setup_v1_file_key_via_subscribed_keyrings(
705                                 struct fscrypt_inode_info *ci);
706 
707 /* policy.c */
708 
709 bool fscrypt_policies_equal(const union fscrypt_policy *policy1,
710                             const union fscrypt_policy *policy2);
711 int fscrypt_policy_to_key_spec(const union fscrypt_policy *policy,
712                                struct fscrypt_key_specifier *key_spec);
713 const union fscrypt_policy *fscrypt_get_dummy_policy(struct super_block *sb);
714 bool fscrypt_supported_policy(const union fscrypt_policy *policy_u,
715                               const struct inode *inode);
716 int fscrypt_policy_from_context(union fscrypt_policy *policy_u,
717                                 const union fscrypt_context *ctx_u,
718                                 int ctx_size);
719 const union fscrypt_policy *fscrypt_policy_to_inherit(struct inode *dir);
720 
721 #endif /* _FSCRYPT_PRIVATE_H */
722 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php