| /* SPDX-License-Identifier: GPL-2.0 */ |
| /* |
| * Ceph fscrypt functionality |
| */ |
| |
| #ifndef _CEPH_CRYPTO_H |
| #define _CEPH_CRYPTO_H |
| |
| #include <crypto/sha2.h> |
| #include <linux/fscrypt.h> |
| |
| #define CEPH_FSCRYPT_BLOCK_SHIFT 12 |
| #define CEPH_FSCRYPT_BLOCK_SIZE (_AC(1, UL) << CEPH_FSCRYPT_BLOCK_SHIFT) |
| #define CEPH_FSCRYPT_BLOCK_MASK (~(CEPH_FSCRYPT_BLOCK_SIZE-1)) |
| |
| struct ceph_fs_client; |
| struct ceph_acl_sec_ctx; |
| struct ceph_mds_request; |
| |
| struct ceph_fname { |
| struct inode *dir; |
| char *name; // b64 encoded, possibly hashed |
| unsigned char *ctext; // binary crypttext (if any) |
| u32 name_len; // length of name buffer |
| u32 ctext_len; // length of crypttext |
| bool no_copy; |
| }; |
| |
| /* |
| * Header for the crypted file when truncating the size, this |
| * will be sent to MDS, and the MDS will update the encrypted |
| * last block and then truncate the size. |
| */ |
| struct ceph_fscrypt_truncate_size_header { |
| __u8 ver; |
| __u8 compat; |
| |
| /* |
| * It will be sizeof(assert_ver + file_offset + block_size) |
| * if the last block is empty when it's located in a file |
| * hole. Or the data_len will plus CEPH_FSCRYPT_BLOCK_SIZE. |
| */ |
| __le32 data_len; |
| |
| __le64 change_attr; |
| __le64 file_offset; |
| __le32 block_size; |
| } __packed; |
| |
| struct ceph_fscrypt_auth { |
| __le32 cfa_version; |
| __le32 cfa_blob_len; |
| u8 cfa_blob[FSCRYPT_SET_CONTEXT_MAX_SIZE]; |
| } __packed; |
| |
| #define CEPH_FSCRYPT_AUTH_VERSION 1 |
| static inline u32 ceph_fscrypt_auth_len(struct ceph_fscrypt_auth *fa) |
| { |
| u32 ctxsize = le32_to_cpu(fa->cfa_blob_len); |
| |
| return offsetof(struct ceph_fscrypt_auth, cfa_blob) + ctxsize; |
| } |
| |
| #ifdef CONFIG_FS_ENCRYPTION |
| /* |
| * We want to encrypt filenames when creating them, but the encrypted |
| * versions of those names may have illegal characters in them. To mitigate |
| * that, we base64 encode them, but that gives us a result that can exceed |
| * NAME_MAX. |
| * |
| * Follow a similar scheme to fscrypt itself, and cap the filename to a |
| * smaller size. If the ciphertext name is longer than the value below, then |
| * sha256 hash the remaining bytes. |
| * |
| * For the fscrypt_nokey_name struct the dirhash[2] member is useless in ceph |
| * so the corresponding struct will be: |
| * |
| * struct fscrypt_ceph_nokey_name { |
| * u8 bytes[157]; |
| * u8 sha256[SHA256_DIGEST_SIZE]; |
| * }; // 180 bytes => 240 bytes base64-encoded, which is <= NAME_MAX (255) |
| * |
| * (240 bytes is the maximum size allowed for snapshot names to take into |
| * account the format: '_<SNAPSHOT-NAME>_<INODE-NUMBER>'.) |
| * |
| * Note that for long names that end up having their tail portion hashed, we |
| * must also store the full encrypted name (in the dentry's alternate_name |
| * field). |
| */ |
| #define CEPH_NOHASH_NAME_MAX (180 - SHA256_DIGEST_SIZE) |
| |
| #define CEPH_BASE64_CHARS(nbytes) DIV_ROUND_UP((nbytes) * 4, 3) |
| |
| int ceph_base64_encode(const u8 *src, int srclen, char *dst); |
| int ceph_base64_decode(const char *src, int srclen, u8 *dst); |
| |
| void ceph_fscrypt_set_ops(struct super_block *sb); |
| |
| void ceph_fscrypt_free_dummy_policy(struct ceph_fs_client *fsc); |
| |
| int ceph_fscrypt_prepare_context(struct inode *dir, struct inode *inode, |
| struct ceph_acl_sec_ctx *as); |
| void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req, |
| struct ceph_acl_sec_ctx *as); |
| int ceph_encode_encrypted_dname(const struct inode *parent, |
| struct qstr *d_name, char *buf); |
| int ceph_encode_encrypted_fname(const struct inode *parent, |
| struct dentry *dentry, char *buf); |
| |
| static inline int ceph_fname_alloc_buffer(struct inode *parent, |
| struct fscrypt_str *fname) |
| { |
| if (!IS_ENCRYPTED(parent)) |
| return 0; |
| return fscrypt_fname_alloc_buffer(NAME_MAX, fname); |
| } |
| |
| static inline void ceph_fname_free_buffer(struct inode *parent, |
| struct fscrypt_str *fname) |
| { |
| if (IS_ENCRYPTED(parent)) |
| fscrypt_fname_free_buffer(fname); |
| } |
| |
| int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname, |
| struct fscrypt_str *oname, bool *is_nokey); |
| int ceph_fscrypt_prepare_readdir(struct inode *dir); |
| |
| static inline unsigned int ceph_fscrypt_blocks(u64 off, u64 len) |
| { |
| /* crypto blocks cannot span more than one page */ |
| BUILD_BUG_ON(CEPH_FSCRYPT_BLOCK_SHIFT > PAGE_SHIFT); |
| |
| return ((off+len+CEPH_FSCRYPT_BLOCK_SIZE-1) >> CEPH_FSCRYPT_BLOCK_SHIFT) - |
| (off >> CEPH_FSCRYPT_BLOCK_SHIFT); |
| } |
| |
| /* |
| * If we have an encrypted inode then we must adjust the offset and |
| * range of the on-the-wire read to cover an entire encryption block. |
| * The copy will be done using the original offset and length, after |
| * we've decrypted the result. |
| */ |
| static inline void ceph_fscrypt_adjust_off_and_len(struct inode *inode, |
| u64 *off, u64 *len) |
| { |
| if (IS_ENCRYPTED(inode)) { |
| *len = ceph_fscrypt_blocks(*off, *len) * CEPH_FSCRYPT_BLOCK_SIZE; |
| *off &= CEPH_FSCRYPT_BLOCK_MASK; |
| } |
| } |
| |
| int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode, |
| struct page *page, unsigned int len, |
| unsigned int offs, u64 lblk_num); |
| int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode, |
| struct page *page, unsigned int len, |
| unsigned int offs, u64 lblk_num, |
| gfp_t gfp_flags); |
| int ceph_fscrypt_decrypt_pages(struct inode *inode, struct page **page, |
| u64 off, int len); |
| int ceph_fscrypt_decrypt_extents(struct inode *inode, struct page **page, |
| u64 off, struct ceph_sparse_extent *map, |
| u32 ext_cnt); |
| int ceph_fscrypt_encrypt_pages(struct inode *inode, struct page **page, u64 off, |
| int len, gfp_t gfp); |
| #else /* CONFIG_FS_ENCRYPTION */ |
| |
| static inline void ceph_fscrypt_set_ops(struct super_block *sb) |
| { |
| } |
| |
| static inline void ceph_fscrypt_free_dummy_policy(struct ceph_fs_client *fsc) |
| { |
| } |
| |
| static inline int ceph_fscrypt_prepare_context(struct inode *dir, |
| struct inode *inode, |
| struct ceph_acl_sec_ctx *as) |
| { |
| if (IS_ENCRYPTED(dir)) |
| return -EOPNOTSUPP; |
| return 0; |
| } |
| |
| static inline void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req, |
| struct ceph_acl_sec_ctx *as_ctx) |
| { |
| } |
| |
| static inline int ceph_encode_encrypted_dname(const struct inode *parent, |
| struct qstr *d_name, char *buf) |
| { |
| memcpy(buf, d_name->name, d_name->len); |
| return d_name->len; |
| } |
| |
| static inline int ceph_encode_encrypted_fname(const struct inode *parent, |
| struct dentry *dentry, char *buf) |
| { |
| return -EOPNOTSUPP; |
| } |
| |
| static inline int ceph_fname_alloc_buffer(struct inode *parent, |
| struct fscrypt_str *fname) |
| { |
| return 0; |
| } |
| |
| static inline void ceph_fname_free_buffer(struct inode *parent, |
| struct fscrypt_str *fname) |
| { |
| } |
| |
| static inline int ceph_fname_to_usr(const struct ceph_fname *fname, |
| struct fscrypt_str *tname, |
| struct fscrypt_str *oname, bool *is_nokey) |
| { |
| oname->name = fname->name; |
| oname->len = fname->name_len; |
| return 0; |
| } |
| |
| static inline int ceph_fscrypt_prepare_readdir(struct inode *dir) |
| { |
| return 0; |
| } |
| |
| static inline void ceph_fscrypt_adjust_off_and_len(struct inode *inode, |
| u64 *off, u64 *len) |
| { |
| } |
| |
| static inline int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode, |
| struct page *page, unsigned int len, |
| unsigned int offs, u64 lblk_num) |
| { |
| return 0; |
| } |
| |
| static inline int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode, |
| struct page *page, unsigned int len, |
| unsigned int offs, u64 lblk_num, |
| gfp_t gfp_flags) |
| { |
| return 0; |
| } |
| |
| static inline int ceph_fscrypt_decrypt_pages(struct inode *inode, |
| struct page **page, u64 off, |
| int len) |
| { |
| return 0; |
| } |
| |
| static inline int ceph_fscrypt_decrypt_extents(struct inode *inode, |
| struct page **page, u64 off, |
| struct ceph_sparse_extent *map, |
| u32 ext_cnt) |
| { |
| return 0; |
| } |
| |
| static inline int ceph_fscrypt_encrypt_pages(struct inode *inode, |
| struct page **page, u64 off, |
| int len, gfp_t gfp) |
| { |
| return 0; |
| } |
| #endif /* CONFIG_FS_ENCRYPTION */ |
| |
| #endif |