b24413180f560 (Greg Kroah-Hartman 2017-11-01 15:07:57 +0100 1) /* SPDX-License-Identifier: GPL-2.0 */
3325bea5b26ac (Theodore Ts'o 2016-11-26 20:32:46 -0500 2) /*
3325bea5b26ac (Theodore Ts'o 2016-11-26 20:32:46 -0500 3) * fscrypt_private.h
3325bea5b26ac (Theodore Ts'o 2016-11-26 20:32:46 -0500 4) *
3325bea5b26ac (Theodore Ts'o 2016-11-26 20:32:46 -0500 5) * Copyright (C) 2015, Google, Inc.
3325bea5b26ac (Theodore Ts'o 2016-11-26 20:32:46 -0500 6) *
3ec4f2a62927c (Eric Biggers 2019-08-04 19:35:45 -0700 7) * Originally written by Michael Halcrow, Ildar Muslukhov, and Uday Savagaonkar.
3ec4f2a62927c (Eric Biggers 2019-08-04 19:35:45 -0700 8) * Heavily modified since then.
3325bea5b26ac (Theodore Ts'o 2016-11-26 20:32:46 -0500 9) */
3325bea5b26ac (Theodore Ts'o 2016-11-26 20:32:46 -0500 10)
3325bea5b26ac (Theodore Ts'o 2016-11-26 20:32:46 -0500 11) #ifndef _FSCRYPT_PRIVATE_H
3325bea5b26ac (Theodore Ts'o 2016-11-26 20:32:46 -0500 12) #define _FSCRYPT_PRIVATE_H
3325bea5b26ac (Theodore Ts'o 2016-11-26 20:32:46 -0500 13)
734f0d241d2b4 (Dave Chinner 2017-10-09 12:15:34 -0700 14) #include <linux/fscrypt.h>
aa408f835d025 (Daniel Rosenberg 2020-01-20 14:31:57 -0800 15) #include <linux/siphash.h>
b7e7cf7a66a27 (Daniel Walter 2017-06-19 09:27:58 +0200 16) #include <crypto/hash.h>
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 17) #include <linux/blk-crypto.h>
3325bea5b26ac (Theodore Ts'o 2016-11-26 20:32:46 -0500 18)
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 19) #define CONST_STRLEN(str) (sizeof(str) - 1)
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 20)
1d6217a4f9905 (Eric Biggers 2020-07-08 14:57:22 -0700 21) #define FSCRYPT_FILE_NONCE_SIZE 16
cc4e0df038ddb (Theodore Ts'o 2016-11-26 22:05:18 -0500 22)
1d6217a4f9905 (Eric Biggers 2020-07-08 14:57:22 -0700 23) #define FSCRYPT_MIN_KEY_SIZE 16
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 24)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 25) #define FSCRYPT_CONTEXT_V1 1
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 26) #define FSCRYPT_CONTEXT_V2 2
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 27)
3ceb6543e9cf6 (Eric Biggers 2020-10-23 17:51:31 -0700 28) /* Keep this in sync with include/uapi/linux/fscrypt.h */
3ceb6543e9cf6 (Eric Biggers 2020-10-23 17:51:31 -0700 29) #define FSCRYPT_MODE_MAX FSCRYPT_MODE_ADIANTUM
3ceb6543e9cf6 (Eric Biggers 2020-10-23 17:51:31 -0700 30)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 31) struct fscrypt_context_v1 {
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 32) u8 version; /* FSCRYPT_CONTEXT_V1 */
cc4e0df038ddb (Theodore Ts'o 2016-11-26 22:05:18 -0500 33) u8 contents_encryption_mode;
cc4e0df038ddb (Theodore Ts'o 2016-11-26 22:05:18 -0500 34) u8 filenames_encryption_mode;
cc4e0df038ddb (Theodore Ts'o 2016-11-26 22:05:18 -0500 35) u8 flags;
3b6df59bc4d24 (Eric Biggers 2019-08-04 19:35:44 -0700 36) u8 master_key_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];
1d6217a4f9905 (Eric Biggers 2020-07-08 14:57:22 -0700 37) u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 38) };
cc4e0df038ddb (Theodore Ts'o 2016-11-26 22:05:18 -0500 39)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 40) struct fscrypt_context_v2 {
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 41) u8 version; /* FSCRYPT_CONTEXT_V2 */
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 42) u8 contents_encryption_mode;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 43) u8 filenames_encryption_mode;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 44) u8 flags;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 45) u8 __reserved[4];
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 46) u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];
1d6217a4f9905 (Eric Biggers 2020-07-08 14:57:22 -0700 47) u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 48) };
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 49)
d2fe97545a1e2 (Eric Biggers 2020-05-11 12:13:56 -0700 50) /*
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 51) * fscrypt_context - the encryption context of an inode
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 52) *
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 53) * This is the on-disk equivalent of an fscrypt_policy, stored alongside each
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 54) * encrypted file usually in a hidden extended attribute. It contains the
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 55) * fields from the fscrypt_policy, in order to identify the encryption algorithm
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 56) * and key with which the file is encrypted. It also contains a nonce that was
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 57) * randomly generated by fscrypt itself; this is used as KDF input or as a tweak
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 58) * to cause different files to be encrypted differently.
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 59) */
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 60) union fscrypt_context {
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 61) u8 version;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 62) struct fscrypt_context_v1 v1;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 63) struct fscrypt_context_v2 v2;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 64) };
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 65)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 66) /*
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 67) * Return the size expected for the given fscrypt_context based on its version
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 68) * number, or 0 if the context version is unrecognized.
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 69) */
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 70) static inline int fscrypt_context_size(const union fscrypt_context *ctx)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 71) {
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 72) switch (ctx->version) {
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 73) case FSCRYPT_CONTEXT_V1:
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 74) BUILD_BUG_ON(sizeof(ctx->v1) != 28);
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 75) return sizeof(ctx->v1);
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 76) case FSCRYPT_CONTEXT_V2:
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 77) BUILD_BUG_ON(sizeof(ctx->v2) != 40);
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 78) return sizeof(ctx->v2);
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 79) }
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 80) return 0;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 81) }
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 82)
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 83) /* Check whether an fscrypt_context has a recognized version number and size */
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 84) static inline bool fscrypt_context_is_valid(const union fscrypt_context *ctx,
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 85) int ctx_size)
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 86) {
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 87) return ctx_size >= 1 && ctx_size == fscrypt_context_size(ctx);
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 88) }
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 89)
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 90) /* Retrieve the context's nonce, assuming the context was already validated */
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 91) static inline const u8 *fscrypt_context_nonce(const union fscrypt_context *ctx)
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 92) {
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 93) switch (ctx->version) {
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 94) case FSCRYPT_CONTEXT_V1:
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 95) return ctx->v1.nonce;
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 96) case FSCRYPT_CONTEXT_V2:
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 97) return ctx->v2.nonce;
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 98) }
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 99) WARN_ON(1);
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 100) return NULL;
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 101) }
e98ad464750c0 (Eric Biggers 2020-03-14 13:50:49 -0700 102)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 103) union fscrypt_policy {
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 104) u8 version;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 105) struct fscrypt_policy_v1 v1;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 106) struct fscrypt_policy_v2 v2;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 107) };
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 108)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 109) /*
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 110) * Return the size expected for the given fscrypt_policy based on its version
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 111) * number, or 0 if the policy version is unrecognized.
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 112) */
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 113) static inline int fscrypt_policy_size(const union fscrypt_policy *policy)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 114) {
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 115) switch (policy->version) {
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 116) case FSCRYPT_POLICY_V1:
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 117) return sizeof(policy->v1);
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 118) case FSCRYPT_POLICY_V2:
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 119) return sizeof(policy->v2);
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 120) }
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 121) return 0;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 122) }
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 123)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 124) /* Return the contents encryption mode of a valid encryption policy */
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 125) static inline u8
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 126) fscrypt_policy_contents_mode(const union fscrypt_policy *policy)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 127) {
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 128) switch (policy->version) {
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 129) case FSCRYPT_POLICY_V1:
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 130) return policy->v1.contents_encryption_mode;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 131) case FSCRYPT_POLICY_V2:
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 132) return policy->v2.contents_encryption_mode;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 133) }
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 134) BUG();
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 135) }
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 136)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 137) /* Return the filenames encryption mode of a valid encryption policy */
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 138) static inline u8
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 139) fscrypt_policy_fnames_mode(const union fscrypt_policy *policy)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 140) {
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 141) switch (policy->version) {
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 142) case FSCRYPT_POLICY_V1:
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 143) return policy->v1.filenames_encryption_mode;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 144) case FSCRYPT_POLICY_V2:
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 145) return policy->v2.filenames_encryption_mode;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 146) }
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 147) BUG();
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 148) }
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 149)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 150) /* Return the flags (FSCRYPT_POLICY_FLAG*) of a valid encryption policy */
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 151) static inline u8
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 152) fscrypt_policy_flags(const union fscrypt_policy *policy)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 153) {
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 154) switch (policy->version) {
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 155) case FSCRYPT_POLICY_V1:
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 156) return policy->v1.flags;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 157) case FSCRYPT_POLICY_V2:
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 158) return policy->v2.flags;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 159) }
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 160) BUG();
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 161) }
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 162)
d2fe97545a1e2 (Eric Biggers 2020-05-11 12:13:56 -0700 163) /*
0eaab5b10621e (Eric Biggers 2018-01-11 23:30:08 -0500 164) * For encrypted symlinks, the ciphertext length is stored at the beginning
0eaab5b10621e (Eric Biggers 2018-01-11 23:30:08 -0500 165) * of the string in little-endian format.
0eaab5b10621e (Eric Biggers 2018-01-11 23:30:08 -0500 166) */
0eaab5b10621e (Eric Biggers 2018-01-11 23:30:08 -0500 167) struct fscrypt_symlink_data {
0eaab5b10621e (Eric Biggers 2018-01-11 23:30:08 -0500 168) __le16 len;
0eaab5b10621e (Eric Biggers 2018-01-11 23:30:08 -0500 169) char encrypted_path[1];
0eaab5b10621e (Eric Biggers 2018-01-11 23:30:08 -0500 170) } __packed;
0eaab5b10621e (Eric Biggers 2018-01-11 23:30:08 -0500 171)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 172) /**
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 173) * struct fscrypt_prepared_key - a key prepared for actual encryption/decryption
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 174) * @tfm: crypto API transform object
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 175) * @blk_key: key for blk-crypto
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 176) *
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 177) * Normally only one of the fields will be non-NULL.
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 178) */
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 179) struct fscrypt_prepared_key {
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 180) struct crypto_skcipher *tfm;
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 181) #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 182) struct fscrypt_blk_crypto_key *blk_key;
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 183) #endif
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 184) };
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 185)
cc4e0df038ddb (Theodore Ts'o 2016-11-26 22:05:18 -0500 186) /*
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 187) * fscrypt_info - the "encryption key" for an inode
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 188) *
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 189) * When an encrypted file's key is made available, an instance of this struct is
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 190) * allocated and stored in ->i_crypt_info. Once created, it remains until the
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 191) * inode is evicted.
cc4e0df038ddb (Theodore Ts'o 2016-11-26 22:05:18 -0500 192) */
cc4e0df038ddb (Theodore Ts'o 2016-11-26 22:05:18 -0500 193) struct fscrypt_info {
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 194)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 195) /* The key in a form prepared for actual encryption/decryption */
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 196) struct fscrypt_prepared_key ci_enc_key;
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 197)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 198) /* True if ci_enc_key should be freed when this fscrypt_info is freed */
b103fb7653fff (Eric Biggers 2019-10-24 14:54:36 -0700 199) bool ci_owns_key;
b103fb7653fff (Eric Biggers 2019-10-24 14:54:36 -0700 200)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 201) #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 202) /*
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 203) * True if this inode will use inline encryption (blk-crypto) instead of
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 204) * the traditional filesystem-layer encryption.
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 205) */
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 206) bool ci_inlinecrypt;
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 207) #endif
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 208)
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 209) /*
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 210) * Encryption mode used for this inode. It corresponds to either the
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 211) * contents or filenames encryption mode, depending on the inode type.
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 212) */
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 213) struct fscrypt_mode *ci_mode;
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 214)
59dc6a8e1f534 (Eric Biggers 2019-08-04 19:35:44 -0700 215) /* Back-pointer to the inode */
59dc6a8e1f534 (Eric Biggers 2019-08-04 19:35:44 -0700 216) struct inode *ci_inode;
59dc6a8e1f534 (Eric Biggers 2019-08-04 19:35:44 -0700 217)
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 218) /*
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 219) * The master key with which this inode was unlocked (decrypted). This
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 220) * will be NULL if the master key was found in a process-subscribed
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 221) * keyring rather than in the filesystem-level keyring.
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 222) */
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 223) struct key *ci_master_key;
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 224)
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 225) /*
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 226) * Link in list of inodes that were unlocked with the master key.
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 227) * Only used when ->ci_master_key is set.
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 228) */
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 229) struct list_head ci_master_key_link;
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 230)
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 231) /*
a828daabb2ae9 (Eric Biggers 2019-08-04 19:35:45 -0700 232) * If non-NULL, then encryption is done using the master key directly
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 233) * and ci_enc_key will equal ci_direct_key->dk_key.
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 234) */
a828daabb2ae9 (Eric Biggers 2019-08-04 19:35:45 -0700 235) struct fscrypt_direct_key *ci_direct_key;
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 236)
aa408f835d025 (Daniel Rosenberg 2020-01-20 14:31:57 -0800 237) /*
aa408f835d025 (Daniel Rosenberg 2020-01-20 14:31:57 -0800 238) * This inode's hash key for filenames. This is a 128-bit SipHash-2-4
aa408f835d025 (Daniel Rosenberg 2020-01-20 14:31:57 -0800 239) * key. This is only set for directories that use a keyed dirhash over
aa408f835d025 (Daniel Rosenberg 2020-01-20 14:31:57 -0800 240) * the plaintext filenames -- currently just casefolded directories.
aa408f835d025 (Daniel Rosenberg 2020-01-20 14:31:57 -0800 241) */
aa408f835d025 (Daniel Rosenberg 2020-01-20 14:31:57 -0800 242) siphash_key_t ci_dirhash_key;
aa408f835d025 (Daniel Rosenberg 2020-01-20 14:31:57 -0800 243) bool ci_dirhash_key_initialized;
aa408f835d025 (Daniel Rosenberg 2020-01-20 14:31:57 -0800 244)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 245) /* The encryption policy used by this inode */
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 246) union fscrypt_policy ci_policy;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 247)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 248) /* This inode's nonce, copied from the fscrypt_context */
1d6217a4f9905 (Eric Biggers 2020-07-08 14:57:22 -0700 249) u8 ci_nonce[FSCRYPT_FILE_NONCE_SIZE];
e3b1078bedd32 (Eric Biggers 2020-05-15 13:41:41 -0700 250)
e3b1078bedd32 (Eric Biggers 2020-05-15 13:41:41 -0700 251) /* Hashed inode number. Only set for IV_INO_LBLK_32 */
e3b1078bedd32 (Eric Biggers 2020-05-15 13:41:41 -0700 252) u32 ci_hashed_ino;
cc4e0df038ddb (Theodore Ts'o 2016-11-26 22:05:18 -0500 253) };
cc4e0df038ddb (Theodore Ts'o 2016-11-26 22:05:18 -0500 254)
58ae74683ae2c (Richard Weinberger 2016-12-19 12:25:32 +0100 255) typedef enum {
58ae74683ae2c (Richard Weinberger 2016-12-19 12:25:32 +0100 256) FS_DECRYPT = 0,
58ae74683ae2c (Richard Weinberger 2016-12-19 12:25:32 +0100 257) FS_ENCRYPT,
58ae74683ae2c (Richard Weinberger 2016-12-19 12:25:32 +0100 258) } fscrypt_direction_t;
58ae74683ae2c (Richard Weinberger 2016-12-19 12:25:32 +0100 259)
b98701df349b7 (Theodore Ts'o 2016-11-26 20:43:09 -0500 260) /* crypto.c */
e4de782a0960b (Eric Biggers 2018-01-05 10:44:54 -0800 261) extern struct kmem_cache *fscrypt_info_cachep;
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 262) int fscrypt_initialize(unsigned int cop_flags);
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 263) int fscrypt_crypt_block(const struct inode *inode, fscrypt_direction_t rw,
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 264) u64 lblk_num, struct page *src_page,
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 265) struct page *dest_page, unsigned int len,
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 266) unsigned int offs, gfp_t gfp_flags);
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 267) struct page *fscrypt_alloc_bounce_page(gfp_t gfp_flags);
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 268)
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 269) void __printf(3, 4) __cold
886da8b39cf27 (Eric Biggers 2019-07-24 11:07:58 -0700 270) fscrypt_msg(const struct inode *inode, const char *level, const char *fmt, ...);
544d08fde258b (Eric Biggers 2018-04-30 15:51:47 -0700 271)
886da8b39cf27 (Eric Biggers 2019-07-24 11:07:58 -0700 272) #define fscrypt_warn(inode, fmt, ...) \
886da8b39cf27 (Eric Biggers 2019-07-24 11:07:58 -0700 273) fscrypt_msg((inode), KERN_WARNING, fmt, ##__VA_ARGS__)
886da8b39cf27 (Eric Biggers 2019-07-24 11:07:58 -0700 274) #define fscrypt_err(inode, fmt, ...) \
886da8b39cf27 (Eric Biggers 2019-07-24 11:07:58 -0700 275) fscrypt_msg((inode), KERN_ERR, fmt, ##__VA_ARGS__)
544d08fde258b (Eric Biggers 2018-04-30 15:51:47 -0700 276)
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 277) #define FSCRYPT_MAX_IV_SIZE 32
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 278)
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 279) union fscrypt_iv {
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 280) struct {
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 281) /* logical block number within the file */
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 282) __le64 lblk_num;
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 283)
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 284) /* per-file nonce; only set in DIRECT_KEY mode */
1d6217a4f9905 (Eric Biggers 2020-07-08 14:57:22 -0700 285) u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 286) };
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 287) u8 raw[FSCRYPT_MAX_IV_SIZE];
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 288) __le64 dun[FSCRYPT_MAX_IV_SIZE / sizeof(__le64)];
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 289) };
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 290)
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 291) void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num,
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 292) const struct fscrypt_info *ci);
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 293)
76e81d6d50481 (Eric Biggers 2018-01-05 10:45:01 -0800 294) /* fname.c */
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 295) int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname,
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 296) u8 *out, unsigned int olen);
ac4acb1f4b2b6 (Eric Biggers 2020-09-16 21:11:35 -0700 297) bool fscrypt_fname_encrypted_size(const union fscrypt_policy *policy,
ac4acb1f4b2b6 (Eric Biggers 2020-09-16 21:11:35 -0700 298) u32 orig_len, u32 max_len,
ac4acb1f4b2b6 (Eric Biggers 2020-09-16 21:11:35 -0700 299) u32 *encrypted_len_ret);
76e81d6d50481 (Eric Biggers 2018-01-05 10:45:01 -0800 300)
c1144c9b8ad94 (Eric Biggers 2019-08-04 19:35:47 -0700 301) /* hkdf.c */
c1144c9b8ad94 (Eric Biggers 2019-08-04 19:35:47 -0700 302)
c1144c9b8ad94 (Eric Biggers 2019-08-04 19:35:47 -0700 303) struct fscrypt_hkdf {
c1144c9b8ad94 (Eric Biggers 2019-08-04 19:35:47 -0700 304) struct crypto_shash *hmac_tfm;
c1144c9b8ad94 (Eric Biggers 2019-08-04 19:35:47 -0700 305) };
c1144c9b8ad94 (Eric Biggers 2019-08-04 19:35:47 -0700 306)
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 307) int fscrypt_init_hkdf(struct fscrypt_hkdf *hkdf, const u8 *master_key,
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 308) unsigned int master_key_size);
c1144c9b8ad94 (Eric Biggers 2019-08-04 19:35:47 -0700 309)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 310) /*
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 311) * The list of contexts in which fscrypt uses HKDF. These values are used as
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 312) * the first byte of the HKDF application-specific info string to guarantee that
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 313) * info strings are never repeated between contexts. This ensures that all HKDF
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 314) * outputs are unique and cryptographically isolated, i.e. knowledge of one
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 315) * output doesn't reveal another.
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 316) */
e455de313ef8b (Eric Biggers 2020-07-08 14:55:29 -0700 317) #define HKDF_CONTEXT_KEY_IDENTIFIER 1 /* info=<empty> */
e455de313ef8b (Eric Biggers 2020-07-08 14:55:29 -0700 318) #define HKDF_CONTEXT_PER_FILE_ENC_KEY 2 /* info=file_nonce */
e455de313ef8b (Eric Biggers 2020-07-08 14:55:29 -0700 319) #define HKDF_CONTEXT_DIRECT_KEY 3 /* info=mode_num */
e455de313ef8b (Eric Biggers 2020-07-08 14:55:29 -0700 320) #define HKDF_CONTEXT_IV_INO_LBLK_64_KEY 4 /* info=mode_num||fs_uuid */
e455de313ef8b (Eric Biggers 2020-07-08 14:55:29 -0700 321) #define HKDF_CONTEXT_DIRHASH_KEY 5 /* info=file_nonce */
e455de313ef8b (Eric Biggers 2020-07-08 14:55:29 -0700 322) #define HKDF_CONTEXT_IV_INO_LBLK_32_KEY 6 /* info=mode_num||fs_uuid */
e455de313ef8b (Eric Biggers 2020-07-08 14:55:29 -0700 323) #define HKDF_CONTEXT_INODE_HASH_KEY 7 /* info=<empty> */
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 324)
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 325) int fscrypt_hkdf_expand(const struct fscrypt_hkdf *hkdf, u8 context,
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 326) const u8 *info, unsigned int infolen,
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 327) u8 *okm, unsigned int okmlen);
c1144c9b8ad94 (Eric Biggers 2019-08-04 19:35:47 -0700 328)
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 329) void fscrypt_destroy_hkdf(struct fscrypt_hkdf *hkdf);
c1144c9b8ad94 (Eric Biggers 2019-08-04 19:35:47 -0700 330)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 331) /* inline_crypt.c */
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 332) #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 333) int fscrypt_select_encryption_impl(struct fscrypt_info *ci);
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 334)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 335) static inline bool
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 336) fscrypt_using_inline_encryption(const struct fscrypt_info *ci)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 337) {
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 338) return ci->ci_inlinecrypt;
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 339) }
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 340)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 341) int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 342) const u8 *raw_key,
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 343) const struct fscrypt_info *ci);
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 344)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 345) void fscrypt_destroy_inline_crypt_key(struct fscrypt_prepared_key *prep_key);
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 346)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 347) /*
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 348) * Check whether the crypto transform or blk-crypto key has been allocated in
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 349) * @prep_key, depending on which encryption implementation the file will use.
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 350) */
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 351) static inline bool
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 352) fscrypt_is_key_prepared(struct fscrypt_prepared_key *prep_key,
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 353) const struct fscrypt_info *ci)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 354) {
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 355) /*
97c6327f7192d (Eric Biggers 2020-07-21 15:59:17 -0700 356) * The two smp_load_acquire()'s here pair with the smp_store_release()'s
97c6327f7192d (Eric Biggers 2020-07-21 15:59:17 -0700 357) * in fscrypt_prepare_inline_crypt_key() and fscrypt_prepare_key().
97c6327f7192d (Eric Biggers 2020-07-21 15:59:17 -0700 358) * I.e., in some cases (namely, if this prep_key is a per-mode
97c6327f7192d (Eric Biggers 2020-07-21 15:59:17 -0700 359) * encryption key) another task can publish blk_key or tfm concurrently,
97c6327f7192d (Eric Biggers 2020-07-21 15:59:17 -0700 360) * executing a RELEASE barrier. We need to use smp_load_acquire() here
97c6327f7192d (Eric Biggers 2020-07-21 15:59:17 -0700 361) * to safely ACQUIRE the memory the other task published.
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 362) */
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 363) if (fscrypt_using_inline_encryption(ci))
97c6327f7192d (Eric Biggers 2020-07-21 15:59:17 -0700 364) return smp_load_acquire(&prep_key->blk_key) != NULL;
97c6327f7192d (Eric Biggers 2020-07-21 15:59:17 -0700 365) return smp_load_acquire(&prep_key->tfm) != NULL;
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 366) }
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 367)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 368) #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 369)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 370) static inline int fscrypt_select_encryption_impl(struct fscrypt_info *ci)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 371) {
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 372) return 0;
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 373) }
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 374)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 375) static inline bool
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 376) fscrypt_using_inline_encryption(const struct fscrypt_info *ci)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 377) {
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 378) return false;
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 379) }
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 380)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 381) static inline int
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 382) fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 383) const u8 *raw_key,
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 384) const struct fscrypt_info *ci)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 385) {
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 386) WARN_ON(1);
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 387) return -EOPNOTSUPP;
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 388) }
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 389)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 390) static inline void
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 391) fscrypt_destroy_inline_crypt_key(struct fscrypt_prepared_key *prep_key)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 392) {
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 393) }
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 394)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 395) static inline bool
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 396) fscrypt_is_key_prepared(struct fscrypt_prepared_key *prep_key,
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 397) const struct fscrypt_info *ci)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 398) {
97c6327f7192d (Eric Biggers 2020-07-21 15:59:17 -0700 399) return smp_load_acquire(&prep_key->tfm) != NULL;
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 400) }
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 401) #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 402)
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 403) /* keyring.c */
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 404)
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 405) /*
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 406) * fscrypt_master_key_secret - secret key material of an in-use master key
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 407) */
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 408) struct fscrypt_master_key_secret {
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 409)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 410) /*
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 411) * For v2 policy keys: HKDF context keyed by this master key.
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 412) * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 413) */
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 414) struct fscrypt_hkdf hkdf;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 415)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 416) /* Size of the raw key in bytes. Set even if ->raw isn't set. */
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 417) u32 size;
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 418)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 419) /* For v1 policy keys: the raw key. Wiped for v2 policy keys. */
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 420) u8 raw[FSCRYPT_MAX_KEY_SIZE];
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 421)
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 422) } __randomize_layout;
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 423)
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 424) /*
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 425) * fscrypt_master_key - an in-use master key
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 426) *
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 427) * This represents a master encryption key which has been added to the
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 428) * filesystem and can be used to "unlock" the encrypted files which were
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 429) * encrypted with it.
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 430) */
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 431) struct fscrypt_master_key {
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 432)
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 433) /*
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 434) * The secret key material. After FS_IOC_REMOVE_ENCRYPTION_KEY is
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 435) * executed, this is wiped and no new inodes can be unlocked with this
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 436) * key; however, there may still be inodes in ->mk_decrypted_inodes
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 437) * which could not be evicted. As long as some inodes still remain,
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 438) * FS_IOC_REMOVE_ENCRYPTION_KEY can be retried, or
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 439) * FS_IOC_ADD_ENCRYPTION_KEY can add the secret again.
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 440) *
4a4b8721f1a5e (Eric Biggers 2020-11-16 19:26:26 -0800 441) * Locking: protected by this master key's key->sem.
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 442) */
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 443) struct fscrypt_master_key_secret mk_secret;
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 444)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 445) /*
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 446) * For v1 policy keys: an arbitrary key descriptor which was assigned by
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 447) * userspace (->descriptor).
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 448) *
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 449) * For v2 policy keys: a cryptographic hash of this key (->identifier).
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 450) */
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 451) struct fscrypt_key_specifier mk_spec;
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 452)
23c688b54016e (Eric Biggers 2019-08-04 19:35:47 -0700 453) /*
23c688b54016e (Eric Biggers 2019-08-04 19:35:47 -0700 454) * Keyring which contains a key of type 'key_type_fscrypt_user' for each
23c688b54016e (Eric Biggers 2019-08-04 19:35:47 -0700 455) * user who has added this key. Normally each key will be added by just
23c688b54016e (Eric Biggers 2019-08-04 19:35:47 -0700 456) * one user, but it's possible that multiple users share a key, and in
23c688b54016e (Eric Biggers 2019-08-04 19:35:47 -0700 457) * that case we need to keep track of those users so that one user can't
23c688b54016e (Eric Biggers 2019-08-04 19:35:47 -0700 458) * remove the key before the others want it removed too.
23c688b54016e (Eric Biggers 2019-08-04 19:35:47 -0700 459) *
23c688b54016e (Eric Biggers 2019-08-04 19:35:47 -0700 460) * This is NULL for v1 policy keys; those can only be added by root.
23c688b54016e (Eric Biggers 2019-08-04 19:35:47 -0700 461) *
4a4b8721f1a5e (Eric Biggers 2020-11-16 19:26:26 -0800 462) * Locking: in addition to this keyring's own semaphore, this is
4a4b8721f1a5e (Eric Biggers 2020-11-16 19:26:26 -0800 463) * protected by this master key's key->sem, so we can do atomic
23c688b54016e (Eric Biggers 2019-08-04 19:35:47 -0700 464) * search+insert. It can also be searched without taking any locks, but
23c688b54016e (Eric Biggers 2019-08-04 19:35:47 -0700 465) * in that case the returned key may have already been removed.
23c688b54016e (Eric Biggers 2019-08-04 19:35:47 -0700 466) */
23c688b54016e (Eric Biggers 2019-08-04 19:35:47 -0700 467) struct key *mk_users;
23c688b54016e (Eric Biggers 2019-08-04 19:35:47 -0700 468)
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 469) /*
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 470) * Length of ->mk_decrypted_inodes, plus one if mk_secret is present.
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 471) * Once this goes to 0, the master key is removed from ->s_master_keys.
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 472) * The 'struct fscrypt_master_key' will continue to live as long as the
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 473) * 'struct key' whose payload it is, but we won't let this reference
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 474) * count rise again.
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 475) */
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 476) refcount_t mk_refcount;
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 477)
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 478) /*
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 479) * List of inodes that were unlocked using this key. This allows the
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 480) * inodes to be evicted efficiently if the key is removed.
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 481) */
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 482) struct list_head mk_decrypted_inodes;
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 483) spinlock_t mk_decrypted_inodes_lock;
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 484)
b103fb7653fff (Eric Biggers 2019-10-24 14:54:36 -0700 485) /*
e3b1078bedd32 (Eric Biggers 2020-05-15 13:41:41 -0700 486) * Per-mode encryption keys for the various types of encryption policies
e3b1078bedd32 (Eric Biggers 2020-05-15 13:41:41 -0700 487) * that use them. Allocated and derived on-demand.
b103fb7653fff (Eric Biggers 2019-10-24 14:54:36 -0700 488) */
3ceb6543e9cf6 (Eric Biggers 2020-10-23 17:51:31 -0700 489) struct fscrypt_prepared_key mk_direct_keys[FSCRYPT_MODE_MAX + 1];
3ceb6543e9cf6 (Eric Biggers 2020-10-23 17:51:31 -0700 490) struct fscrypt_prepared_key mk_iv_ino_lblk_64_keys[FSCRYPT_MODE_MAX + 1];
3ceb6543e9cf6 (Eric Biggers 2020-10-23 17:51:31 -0700 491) struct fscrypt_prepared_key mk_iv_ino_lblk_32_keys[FSCRYPT_MODE_MAX + 1];
e3b1078bedd32 (Eric Biggers 2020-05-15 13:41:41 -0700 492)
e3b1078bedd32 (Eric Biggers 2020-05-15 13:41:41 -0700 493) /* Hash key for inode numbers. Initialized only when needed. */
e3b1078bedd32 (Eric Biggers 2020-05-15 13:41:41 -0700 494) siphash_key_t mk_ino_hash_key;
e3b1078bedd32 (Eric Biggers 2020-05-15 13:41:41 -0700 495) bool mk_ino_hash_key_initialized;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 496)
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 497) } __randomize_layout;
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 498)
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 499) static inline bool
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 500) is_master_key_secret_present(const struct fscrypt_master_key_secret *secret)
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 501) {
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 502) /*
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 503) * The READ_ONCE() is only necessary for fscrypt_drop_inode() and
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 504) * fscrypt_key_describe(). These run in atomic context, so they can't
4a4b8721f1a5e (Eric Biggers 2020-11-16 19:26:26 -0800 505) * take the key semaphore and thus 'secret' can change concurrently
4a4b8721f1a5e (Eric Biggers 2020-11-16 19:26:26 -0800 506) * which would be a data race. But they only need to know whether the
4a4b8721f1a5e (Eric Biggers 2020-11-16 19:26:26 -0800 507) * secret *was* present at the time of check, so READ_ONCE() suffices.
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 508) */
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 509) return READ_ONCE(secret->size) != 0;
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 510) }
b1c0ec3599f42 (Eric Biggers 2019-08-04 19:35:46 -0700 511)
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 512) static inline const char *master_key_spec_type(
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 513) const struct fscrypt_key_specifier *spec)
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 514) {
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 515) switch (spec->type) {
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 516) case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR:
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 517) return "descriptor";
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 518) case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER:
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 519) return "identifier";
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 520) }
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 521) return "[unknown]";
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 522) }
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 523)
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 524) static inline int master_key_spec_len(const struct fscrypt_key_specifier *spec)
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 525) {
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 526) switch (spec->type) {
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 527) case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR:
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 528) return FSCRYPT_KEY_DESCRIPTOR_SIZE;
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 529) case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER:
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 530) return FSCRYPT_KEY_IDENTIFIER_SIZE;
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 531) }
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 532) return 0;
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 533) }
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 534)
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 535) struct key *
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 536) fscrypt_find_master_key(struct super_block *sb,
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 537) const struct fscrypt_key_specifier *mk_spec);
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 538)
cdeb21da1783a (Eric Biggers 2020-05-12 16:32:49 -0700 539) int fscrypt_add_test_dummy_key(struct super_block *sb,
cdeb21da1783a (Eric Biggers 2020-05-12 16:32:49 -0700 540) struct fscrypt_key_specifier *key_spec);
cdeb21da1783a (Eric Biggers 2020-05-12 16:32:49 -0700 541)
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 542) int fscrypt_verify_key_added(struct super_block *sb,
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 543) const u8 identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]);
5ab7189a31bad (Eric Biggers 2019-08-04 19:35:48 -0700 544)
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 545) int __init fscrypt_init_keyring(void);
22d94f493bfb4 (Eric Biggers 2019-08-04 19:35:46 -0700 546)
feed825861919 (Eric Biggers 2019-08-04 19:35:45 -0700 547) /* keysetup.c */
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 548)
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 549) struct fscrypt_mode {
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 550) const char *friendly_name;
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 551) const char *cipher_str;
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 552) int keysize;
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 553) int ivsize;
ff73c2c016f85 (Eric Biggers 2019-10-21 13:49:03 -0700 554) int logged_impl_name;
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 555) enum blk_crypto_mode_num blk_crypto_mode;
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 556) };
8094c3ceb21ad (Eric Biggers 2019-01-06 08:36:21 -0500 557)
85af90e57ce96 (Eric Biggers 2019-12-09 13:18:27 -0800 558) extern struct fscrypt_mode fscrypt_modes[];
3ec4f2a62927c (Eric Biggers 2019-08-04 19:35:45 -0700 559)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 560) int fscrypt_prepare_key(struct fscrypt_prepared_key *prep_key,
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 561) const u8 *raw_key, const struct fscrypt_info *ci);
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 562)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 563) void fscrypt_destroy_prepared_key(struct fscrypt_prepared_key *prep_key);
0109ce76dd6e9 (Eric Biggers 2019-08-04 19:35:45 -0700 564)
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 565) int fscrypt_set_per_file_enc_key(struct fscrypt_info *ci, const u8 *raw_key);
0109ce76dd6e9 (Eric Biggers 2019-08-04 19:35:45 -0700 566)
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 567) int fscrypt_derive_dirhash_key(struct fscrypt_info *ci,
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 568) const struct fscrypt_master_key *mk);
aa408f835d025 (Daniel Rosenberg 2020-01-20 14:31:57 -0800 569)
a992b20cd4ee3 (Eric Biggers 2020-09-16 21:11:24 -0700 570) void fscrypt_hash_inode_number(struct fscrypt_info *ci,
a992b20cd4ee3 (Eric Biggers 2020-09-16 21:11:24 -0700 571) const struct fscrypt_master_key *mk);
a992b20cd4ee3 (Eric Biggers 2020-09-16 21:11:24 -0700 572)
a14d0b6764917 (Eric Biggers 2020-12-02 18:20:41 -0800 573) int fscrypt_get_encryption_info(struct inode *inode, bool allow_unsupported);
5b421f08801fe (Eric Biggers 2020-12-02 18:20:40 -0800 574)
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 575) /**
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 576) * fscrypt_require_key() - require an inode's encryption key
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 577) * @inode: the inode we need the key for
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 578) *
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 579) * If the inode is encrypted, set up its encryption key if not already done.
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 580) * Then require that the key be present and return -ENOKEY otherwise.
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 581) *
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 582) * No locks are needed, and the key will live as long as the struct inode --- so
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 583) * it won't go away from under you.
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 584) *
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 585) * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 586) * if a problem occurred while setting up the encryption key.
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 587) */
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 588) static inline int fscrypt_require_key(struct inode *inode)
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 589) {
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 590) if (IS_ENCRYPTED(inode)) {
a14d0b6764917 (Eric Biggers 2020-12-02 18:20:41 -0800 591) int err = fscrypt_get_encryption_info(inode, false);
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 592)
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 593) if (err)
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 594) return err;
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 595) if (!fscrypt_has_encryption_key(inode))
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 596) return -ENOKEY;
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 597) }
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 598) return 0;
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 599) }
de3cdc6e75179 (Eric Biggers 2020-12-02 18:20:39 -0800 600)
0109ce76dd6e9 (Eric Biggers 2019-08-04 19:35:45 -0700 601) /* keysetup_v1.c */
0109ce76dd6e9 (Eric Biggers 2019-08-04 19:35:45 -0700 602)
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 603) void fscrypt_put_direct_key(struct fscrypt_direct_key *dk);
0109ce76dd6e9 (Eric Biggers 2019-08-04 19:35:45 -0700 604)
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 605) int fscrypt_setup_v1_file_key(struct fscrypt_info *ci,
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 606) const u8 *raw_master_key);
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 607)
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 608) int fscrypt_setup_v1_file_key_via_subscribed_keyrings(struct fscrypt_info *ci);
0109ce76dd6e9 (Eric Biggers 2019-08-04 19:35:45 -0700 609)
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 610) /* policy.c */
5dae460c2292d (Eric Biggers 2019-08-04 19:35:47 -0700 611)
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 612) bool fscrypt_policies_equal(const union fscrypt_policy *policy1,
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 613) const union fscrypt_policy *policy2);
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 614) bool fscrypt_supported_policy(const union fscrypt_policy *policy_u,
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 615) const struct inode *inode);
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 616) int fscrypt_policy_from_context(union fscrypt_policy *policy_u,
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 617) const union fscrypt_context *ctx_u,
607009020a5e7 (Eric Biggers 2020-05-11 12:13:58 -0700 618) int ctx_size);
ac4acb1f4b2b6 (Eric Biggers 2020-09-16 21:11:35 -0700 619) const union fscrypt_policy *fscrypt_policy_to_inherit(struct inode *dir);
0109ce76dd6e9 (Eric Biggers 2019-08-04 19:35:45 -0700 620)
3325bea5b26ac (Theodore Ts'o 2016-11-26 20:32:46 -0500 621) #endif /* _FSCRYPT_PRIVATE_H */