Greg Kroah-Hartman | b244131 | 2017-11-01 15:07:57 +0100 | [diff] [blame] | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
Theodore Ts'o | 3325bea | 2016-11-26 20:32:46 -0500 | [diff] [blame] | 2 | /* |
| 3 | * fscrypt_private.h |
| 4 | * |
| 5 | * Copyright (C) 2015, Google, Inc. |
| 6 | * |
Eric Biggers | 3ec4f2a6 | 2019-08-04 19:35:45 -0700 | [diff] [blame] | 7 | * Originally written by Michael Halcrow, Ildar Muslukhov, and Uday Savagaonkar. |
| 8 | * Heavily modified since then. |
Theodore Ts'o | 3325bea | 2016-11-26 20:32:46 -0500 | [diff] [blame] | 9 | */ |
| 10 | |
| 11 | #ifndef _FSCRYPT_PRIVATE_H |
| 12 | #define _FSCRYPT_PRIVATE_H |
| 13 | |
Dave Chinner | 734f0d2 | 2017-10-09 12:15:34 -0700 | [diff] [blame] | 14 | #include <linux/fscrypt.h> |
Daniel Rosenberg | aa408f8 | 2020-01-20 14:31:57 -0800 | [diff] [blame^] | 15 | #include <linux/siphash.h> |
Daniel Walter | b7e7cf7 | 2017-06-19 09:27:58 +0200 | [diff] [blame] | 16 | #include <crypto/hash.h> |
Theodore Ts'o | 3325bea | 2016-11-26 20:32:46 -0500 | [diff] [blame] | 17 | |
Eric Biggers | 22d94f4 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 18 | #define CONST_STRLEN(str) (sizeof(str) - 1) |
| 19 | |
Eric Biggers | 11b8818 | 2018-04-30 15:51:46 -0700 | [diff] [blame] | 20 | #define FS_KEY_DERIVATION_NONCE_SIZE 16 |
Theodore Ts'o | cc4e0df | 2016-11-26 22:05:18 -0500 | [diff] [blame] | 21 | |
Eric Biggers | 22d94f4 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 22 | #define FSCRYPT_MIN_KEY_SIZE 16 |
| 23 | |
Eric Biggers | 5dae460 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 24 | #define FSCRYPT_CONTEXT_V1 1 |
| 25 | #define FSCRYPT_CONTEXT_V2 2 |
| 26 | |
| 27 | struct fscrypt_context_v1 { |
| 28 | u8 version; /* FSCRYPT_CONTEXT_V1 */ |
Theodore Ts'o | cc4e0df | 2016-11-26 22:05:18 -0500 | [diff] [blame] | 29 | u8 contents_encryption_mode; |
| 30 | u8 filenames_encryption_mode; |
| 31 | u8 flags; |
Eric Biggers | 3b6df59 | 2019-08-04 19:35:44 -0700 | [diff] [blame] | 32 | u8 master_key_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE]; |
Theodore Ts'o | cc4e0df | 2016-11-26 22:05:18 -0500 | [diff] [blame] | 33 | u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE]; |
Eric Biggers | 5dae460 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 34 | }; |
Theodore Ts'o | cc4e0df | 2016-11-26 22:05:18 -0500 | [diff] [blame] | 35 | |
Eric Biggers | 5dae460 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 36 | struct fscrypt_context_v2 { |
| 37 | u8 version; /* FSCRYPT_CONTEXT_V2 */ |
| 38 | u8 contents_encryption_mode; |
| 39 | u8 filenames_encryption_mode; |
| 40 | u8 flags; |
| 41 | u8 __reserved[4]; |
| 42 | u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]; |
| 43 | u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE]; |
| 44 | }; |
| 45 | |
| 46 | /** |
| 47 | * fscrypt_context - the encryption context of an inode |
| 48 | * |
| 49 | * This is the on-disk equivalent of an fscrypt_policy, stored alongside each |
| 50 | * encrypted file usually in a hidden extended attribute. It contains the |
| 51 | * fields from the fscrypt_policy, in order to identify the encryption algorithm |
| 52 | * and key with which the file is encrypted. It also contains a nonce that was |
| 53 | * randomly generated by fscrypt itself; this is used as KDF input or as a tweak |
| 54 | * to cause different files to be encrypted differently. |
| 55 | */ |
| 56 | union fscrypt_context { |
| 57 | u8 version; |
| 58 | struct fscrypt_context_v1 v1; |
| 59 | struct fscrypt_context_v2 v2; |
| 60 | }; |
| 61 | |
| 62 | /* |
| 63 | * Return the size expected for the given fscrypt_context based on its version |
| 64 | * number, or 0 if the context version is unrecognized. |
| 65 | */ |
| 66 | static inline int fscrypt_context_size(const union fscrypt_context *ctx) |
| 67 | { |
| 68 | switch (ctx->version) { |
| 69 | case FSCRYPT_CONTEXT_V1: |
| 70 | BUILD_BUG_ON(sizeof(ctx->v1) != 28); |
| 71 | return sizeof(ctx->v1); |
| 72 | case FSCRYPT_CONTEXT_V2: |
| 73 | BUILD_BUG_ON(sizeof(ctx->v2) != 40); |
| 74 | return sizeof(ctx->v2); |
| 75 | } |
| 76 | return 0; |
| 77 | } |
| 78 | |
| 79 | #undef fscrypt_policy |
| 80 | union fscrypt_policy { |
| 81 | u8 version; |
| 82 | struct fscrypt_policy_v1 v1; |
| 83 | struct fscrypt_policy_v2 v2; |
| 84 | }; |
| 85 | |
| 86 | /* |
| 87 | * Return the size expected for the given fscrypt_policy based on its version |
| 88 | * number, or 0 if the policy version is unrecognized. |
| 89 | */ |
| 90 | static inline int fscrypt_policy_size(const union fscrypt_policy *policy) |
| 91 | { |
| 92 | switch (policy->version) { |
| 93 | case FSCRYPT_POLICY_V1: |
| 94 | return sizeof(policy->v1); |
| 95 | case FSCRYPT_POLICY_V2: |
| 96 | return sizeof(policy->v2); |
| 97 | } |
| 98 | return 0; |
| 99 | } |
| 100 | |
| 101 | /* Return the contents encryption mode of a valid encryption policy */ |
| 102 | static inline u8 |
| 103 | fscrypt_policy_contents_mode(const union fscrypt_policy *policy) |
| 104 | { |
| 105 | switch (policy->version) { |
| 106 | case FSCRYPT_POLICY_V1: |
| 107 | return policy->v1.contents_encryption_mode; |
| 108 | case FSCRYPT_POLICY_V2: |
| 109 | return policy->v2.contents_encryption_mode; |
| 110 | } |
| 111 | BUG(); |
| 112 | } |
| 113 | |
| 114 | /* Return the filenames encryption mode of a valid encryption policy */ |
| 115 | static inline u8 |
| 116 | fscrypt_policy_fnames_mode(const union fscrypt_policy *policy) |
| 117 | { |
| 118 | switch (policy->version) { |
| 119 | case FSCRYPT_POLICY_V1: |
| 120 | return policy->v1.filenames_encryption_mode; |
| 121 | case FSCRYPT_POLICY_V2: |
| 122 | return policy->v2.filenames_encryption_mode; |
| 123 | } |
| 124 | BUG(); |
| 125 | } |
| 126 | |
| 127 | /* Return the flags (FSCRYPT_POLICY_FLAG*) of a valid encryption policy */ |
| 128 | static inline u8 |
| 129 | fscrypt_policy_flags(const union fscrypt_policy *policy) |
| 130 | { |
| 131 | switch (policy->version) { |
| 132 | case FSCRYPT_POLICY_V1: |
| 133 | return policy->v1.flags; |
| 134 | case FSCRYPT_POLICY_V2: |
| 135 | return policy->v2.flags; |
| 136 | } |
| 137 | BUG(); |
| 138 | } |
| 139 | |
Eric Biggers | 0eaab5b | 2018-01-11 23:30:08 -0500 | [diff] [blame] | 140 | /** |
| 141 | * For encrypted symlinks, the ciphertext length is stored at the beginning |
| 142 | * of the string in little-endian format. |
| 143 | */ |
| 144 | struct fscrypt_symlink_data { |
| 145 | __le16 len; |
| 146 | char encrypted_path[1]; |
| 147 | } __packed; |
| 148 | |
Theodore Ts'o | cc4e0df | 2016-11-26 22:05:18 -0500 | [diff] [blame] | 149 | /* |
Eric Biggers | 8094c3c | 2019-01-06 08:36:21 -0500 | [diff] [blame] | 150 | * fscrypt_info - the "encryption key" for an inode |
| 151 | * |
| 152 | * When an encrypted file's key is made available, an instance of this struct is |
| 153 | * allocated and stored in ->i_crypt_info. Once created, it remains until the |
| 154 | * inode is evicted. |
Theodore Ts'o | cc4e0df | 2016-11-26 22:05:18 -0500 | [diff] [blame] | 155 | */ |
| 156 | struct fscrypt_info { |
Eric Biggers | 8094c3c | 2019-01-06 08:36:21 -0500 | [diff] [blame] | 157 | |
| 158 | /* The actual crypto transform used for encryption and decryption */ |
| 159 | struct crypto_skcipher *ci_ctfm; |
| 160 | |
Eric Biggers | b103fb7 | 2019-10-24 14:54:36 -0700 | [diff] [blame] | 161 | /* True if the key should be freed when this fscrypt_info is freed */ |
| 162 | bool ci_owns_key; |
| 163 | |
Eric Biggers | 8094c3c | 2019-01-06 08:36:21 -0500 | [diff] [blame] | 164 | /* |
Eric Biggers | 5dae460 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 165 | * Encryption mode used for this inode. It corresponds to either the |
| 166 | * contents or filenames encryption mode, depending on the inode type. |
Eric Biggers | 8094c3c | 2019-01-06 08:36:21 -0500 | [diff] [blame] | 167 | */ |
| 168 | struct fscrypt_mode *ci_mode; |
| 169 | |
Eric Biggers | 59dc6a8 | 2019-08-04 19:35:44 -0700 | [diff] [blame] | 170 | /* Back-pointer to the inode */ |
| 171 | struct inode *ci_inode; |
| 172 | |
Eric Biggers | 8094c3c | 2019-01-06 08:36:21 -0500 | [diff] [blame] | 173 | /* |
Eric Biggers | b1c0ec3 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 174 | * The master key with which this inode was unlocked (decrypted). This |
| 175 | * will be NULL if the master key was found in a process-subscribed |
| 176 | * keyring rather than in the filesystem-level keyring. |
| 177 | */ |
| 178 | struct key *ci_master_key; |
| 179 | |
| 180 | /* |
| 181 | * Link in list of inodes that were unlocked with the master key. |
| 182 | * Only used when ->ci_master_key is set. |
| 183 | */ |
| 184 | struct list_head ci_master_key_link; |
| 185 | |
| 186 | /* |
Eric Biggers | a828daa | 2019-08-04 19:35:45 -0700 | [diff] [blame] | 187 | * If non-NULL, then encryption is done using the master key directly |
| 188 | * and ci_ctfm will equal ci_direct_key->dk_ctfm. |
Eric Biggers | 8094c3c | 2019-01-06 08:36:21 -0500 | [diff] [blame] | 189 | */ |
Eric Biggers | a828daa | 2019-08-04 19:35:45 -0700 | [diff] [blame] | 190 | struct fscrypt_direct_key *ci_direct_key; |
Eric Biggers | 8094c3c | 2019-01-06 08:36:21 -0500 | [diff] [blame] | 191 | |
Daniel Rosenberg | aa408f8 | 2020-01-20 14:31:57 -0800 | [diff] [blame^] | 192 | /* |
| 193 | * This inode's hash key for filenames. This is a 128-bit SipHash-2-4 |
| 194 | * key. This is only set for directories that use a keyed dirhash over |
| 195 | * the plaintext filenames -- currently just casefolded directories. |
| 196 | */ |
| 197 | siphash_key_t ci_dirhash_key; |
| 198 | bool ci_dirhash_key_initialized; |
| 199 | |
Eric Biggers | 5dae460 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 200 | /* The encryption policy used by this inode */ |
| 201 | union fscrypt_policy ci_policy; |
| 202 | |
| 203 | /* This inode's nonce, copied from the fscrypt_context */ |
Eric Biggers | 8094c3c | 2019-01-06 08:36:21 -0500 | [diff] [blame] | 204 | u8 ci_nonce[FS_KEY_DERIVATION_NONCE_SIZE]; |
Theodore Ts'o | cc4e0df | 2016-11-26 22:05:18 -0500 | [diff] [blame] | 205 | }; |
| 206 | |
Richard Weinberger | 58ae746 | 2016-12-19 12:25:32 +0100 | [diff] [blame] | 207 | typedef enum { |
| 208 | FS_DECRYPT = 0, |
| 209 | FS_ENCRYPT, |
| 210 | } fscrypt_direction_t; |
| 211 | |
Theodore Ts'o | b98701df | 2016-11-26 20:43:09 -0500 | [diff] [blame] | 212 | /* crypto.c */ |
Eric Biggers | e4de782 | 2018-01-05 10:44:54 -0800 | [diff] [blame] | 213 | extern struct kmem_cache *fscrypt_info_cachep; |
Richard Weinberger | 58ae746 | 2016-12-19 12:25:32 +0100 | [diff] [blame] | 214 | extern int fscrypt_initialize(unsigned int cop_flags); |
Eric Biggers | f47fcbb | 2019-05-20 09:29:41 -0700 | [diff] [blame] | 215 | extern int fscrypt_crypt_block(const struct inode *inode, |
| 216 | fscrypt_direction_t rw, u64 lblk_num, |
| 217 | struct page *src_page, struct page *dest_page, |
| 218 | unsigned int len, unsigned int offs, |
| 219 | gfp_t gfp_flags); |
Eric Biggers | d2d0727 | 2019-05-20 09:29:39 -0700 | [diff] [blame] | 220 | extern struct page *fscrypt_alloc_bounce_page(gfp_t gfp_flags); |
Theodore Ts'o | b98701df | 2016-11-26 20:43:09 -0500 | [diff] [blame] | 221 | |
Eric Biggers | 544d08f | 2018-04-30 15:51:47 -0700 | [diff] [blame] | 222 | extern void __printf(3, 4) __cold |
Eric Biggers | 886da8b | 2019-07-24 11:07:58 -0700 | [diff] [blame] | 223 | fscrypt_msg(const struct inode *inode, const char *level, const char *fmt, ...); |
Eric Biggers | 544d08f | 2018-04-30 15:51:47 -0700 | [diff] [blame] | 224 | |
Eric Biggers | 886da8b | 2019-07-24 11:07:58 -0700 | [diff] [blame] | 225 | #define fscrypt_warn(inode, fmt, ...) \ |
| 226 | fscrypt_msg((inode), KERN_WARNING, fmt, ##__VA_ARGS__) |
| 227 | #define fscrypt_err(inode, fmt, ...) \ |
| 228 | fscrypt_msg((inode), KERN_ERR, fmt, ##__VA_ARGS__) |
Eric Biggers | 544d08f | 2018-04-30 15:51:47 -0700 | [diff] [blame] | 229 | |
Eric Biggers | 8094c3c | 2019-01-06 08:36:21 -0500 | [diff] [blame] | 230 | #define FSCRYPT_MAX_IV_SIZE 32 |
| 231 | |
| 232 | union fscrypt_iv { |
| 233 | struct { |
| 234 | /* logical block number within the file */ |
| 235 | __le64 lblk_num; |
| 236 | |
| 237 | /* per-file nonce; only set in DIRECT_KEY mode */ |
| 238 | u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE]; |
| 239 | }; |
| 240 | u8 raw[FSCRYPT_MAX_IV_SIZE]; |
| 241 | }; |
| 242 | |
| 243 | void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num, |
| 244 | const struct fscrypt_info *ci); |
| 245 | |
Eric Biggers | 76e81d6 | 2018-01-05 10:45:01 -0800 | [diff] [blame] | 246 | /* fname.c */ |
Eric Biggers | 1b3b827 | 2020-01-19 23:17:36 -0800 | [diff] [blame] | 247 | extern int fscrypt_fname_encrypt(const struct inode *inode, |
| 248 | const struct qstr *iname, |
| 249 | u8 *out, unsigned int olen); |
Eric Biggers | b9db0b4 | 2018-01-11 23:30:08 -0500 | [diff] [blame] | 250 | extern bool fscrypt_fname_encrypted_size(const struct inode *inode, |
| 251 | u32 orig_len, u32 max_len, |
| 252 | u32 *encrypted_len_ret); |
Eric Biggers | 2ebdef6 | 2019-12-09 12:43:59 -0800 | [diff] [blame] | 253 | extern const struct dentry_operations fscrypt_d_ops; |
Eric Biggers | 76e81d6 | 2018-01-05 10:45:01 -0800 | [diff] [blame] | 254 | |
Eric Biggers | c1144c9 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 255 | /* hkdf.c */ |
| 256 | |
| 257 | struct fscrypt_hkdf { |
| 258 | struct crypto_shash *hmac_tfm; |
| 259 | }; |
| 260 | |
| 261 | extern int fscrypt_init_hkdf(struct fscrypt_hkdf *hkdf, const u8 *master_key, |
| 262 | unsigned int master_key_size); |
| 263 | |
Eric Biggers | 5dae460 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 264 | /* |
| 265 | * The list of contexts in which fscrypt uses HKDF. These values are used as |
| 266 | * the first byte of the HKDF application-specific info string to guarantee that |
| 267 | * info strings are never repeated between contexts. This ensures that all HKDF |
| 268 | * outputs are unique and cryptographically isolated, i.e. knowledge of one |
| 269 | * output doesn't reveal another. |
| 270 | */ |
| 271 | #define HKDF_CONTEXT_KEY_IDENTIFIER 1 |
| 272 | #define HKDF_CONTEXT_PER_FILE_KEY 2 |
Eric Biggers | b103fb7 | 2019-10-24 14:54:36 -0700 | [diff] [blame] | 273 | #define HKDF_CONTEXT_DIRECT_KEY 3 |
| 274 | #define HKDF_CONTEXT_IV_INO_LBLK_64_KEY 4 |
Daniel Rosenberg | aa408f8 | 2020-01-20 14:31:57 -0800 | [diff] [blame^] | 275 | #define HKDF_CONTEXT_DIRHASH_KEY 5 |
Eric Biggers | 5dae460 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 276 | |
Eric Biggers | 2a5831b | 2019-12-09 12:40:54 -0800 | [diff] [blame] | 277 | extern int fscrypt_hkdf_expand(const struct fscrypt_hkdf *hkdf, u8 context, |
Eric Biggers | c1144c9 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 278 | const u8 *info, unsigned int infolen, |
| 279 | u8 *okm, unsigned int okmlen); |
| 280 | |
| 281 | extern void fscrypt_destroy_hkdf(struct fscrypt_hkdf *hkdf); |
| 282 | |
Eric Biggers | 22d94f4 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 283 | /* keyring.c */ |
| 284 | |
| 285 | /* |
| 286 | * fscrypt_master_key_secret - secret key material of an in-use master key |
| 287 | */ |
| 288 | struct fscrypt_master_key_secret { |
| 289 | |
Eric Biggers | 5dae460 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 290 | /* |
| 291 | * For v2 policy keys: HKDF context keyed by this master key. |
| 292 | * For v1 policy keys: not set (hkdf.hmac_tfm == NULL). |
| 293 | */ |
| 294 | struct fscrypt_hkdf hkdf; |
| 295 | |
| 296 | /* Size of the raw key in bytes. Set even if ->raw isn't set. */ |
Eric Biggers | 22d94f4 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 297 | u32 size; |
| 298 | |
Eric Biggers | 5dae460 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 299 | /* For v1 policy keys: the raw key. Wiped for v2 policy keys. */ |
Eric Biggers | 22d94f4 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 300 | u8 raw[FSCRYPT_MAX_KEY_SIZE]; |
| 301 | |
| 302 | } __randomize_layout; |
| 303 | |
| 304 | /* |
| 305 | * fscrypt_master_key - an in-use master key |
| 306 | * |
| 307 | * This represents a master encryption key which has been added to the |
| 308 | * filesystem and can be used to "unlock" the encrypted files which were |
| 309 | * encrypted with it. |
| 310 | */ |
| 311 | struct fscrypt_master_key { |
| 312 | |
Eric Biggers | b1c0ec3 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 313 | /* |
| 314 | * The secret key material. After FS_IOC_REMOVE_ENCRYPTION_KEY is |
| 315 | * executed, this is wiped and no new inodes can be unlocked with this |
| 316 | * key; however, there may still be inodes in ->mk_decrypted_inodes |
| 317 | * which could not be evicted. As long as some inodes still remain, |
| 318 | * FS_IOC_REMOVE_ENCRYPTION_KEY can be retried, or |
| 319 | * FS_IOC_ADD_ENCRYPTION_KEY can add the secret again. |
| 320 | * |
Eric Biggers | 23c688b | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 321 | * Locking: protected by key->sem (outer) and mk_secret_sem (inner). |
| 322 | * The reason for two locks is that key->sem also protects modifying |
| 323 | * mk_users, which ranks it above the semaphore for the keyring key |
| 324 | * type, which is in turn above page faults (via keyring_read). But |
| 325 | * sometimes filesystems call fscrypt_get_encryption_info() from within |
| 326 | * a transaction, which ranks it below page faults. So we need a |
| 327 | * separate lock which protects mk_secret but not also mk_users. |
Eric Biggers | b1c0ec3 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 328 | */ |
Eric Biggers | 22d94f4 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 329 | struct fscrypt_master_key_secret mk_secret; |
Eric Biggers | 23c688b | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 330 | struct rw_semaphore mk_secret_sem; |
Eric Biggers | 22d94f4 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 331 | |
Eric Biggers | 5dae460 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 332 | /* |
| 333 | * For v1 policy keys: an arbitrary key descriptor which was assigned by |
| 334 | * userspace (->descriptor). |
| 335 | * |
| 336 | * For v2 policy keys: a cryptographic hash of this key (->identifier). |
| 337 | */ |
Eric Biggers | 22d94f4 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 338 | struct fscrypt_key_specifier mk_spec; |
| 339 | |
Eric Biggers | b1c0ec3 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 340 | /* |
Eric Biggers | 23c688b | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 341 | * Keyring which contains a key of type 'key_type_fscrypt_user' for each |
| 342 | * user who has added this key. Normally each key will be added by just |
| 343 | * one user, but it's possible that multiple users share a key, and in |
| 344 | * that case we need to keep track of those users so that one user can't |
| 345 | * remove the key before the others want it removed too. |
| 346 | * |
| 347 | * This is NULL for v1 policy keys; those can only be added by root. |
| 348 | * |
| 349 | * Locking: in addition to this keyrings own semaphore, this is |
| 350 | * protected by the master key's key->sem, so we can do atomic |
| 351 | * search+insert. It can also be searched without taking any locks, but |
| 352 | * in that case the returned key may have already been removed. |
| 353 | */ |
| 354 | struct key *mk_users; |
| 355 | |
| 356 | /* |
Eric Biggers | b1c0ec3 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 357 | * Length of ->mk_decrypted_inodes, plus one if mk_secret is present. |
| 358 | * Once this goes to 0, the master key is removed from ->s_master_keys. |
| 359 | * The 'struct fscrypt_master_key' will continue to live as long as the |
| 360 | * 'struct key' whose payload it is, but we won't let this reference |
| 361 | * count rise again. |
| 362 | */ |
| 363 | refcount_t mk_refcount; |
| 364 | |
| 365 | /* |
| 366 | * List of inodes that were unlocked using this key. This allows the |
| 367 | * inodes to be evicted efficiently if the key is removed. |
| 368 | */ |
| 369 | struct list_head mk_decrypted_inodes; |
| 370 | spinlock_t mk_decrypted_inodes_lock; |
| 371 | |
Eric Biggers | b103fb7 | 2019-10-24 14:54:36 -0700 | [diff] [blame] | 372 | /* Crypto API transforms for DIRECT_KEY policies, allocated on-demand */ |
| 373 | struct crypto_skcipher *mk_direct_tfms[__FSCRYPT_MODE_MAX + 1]; |
| 374 | |
| 375 | /* |
| 376 | * Crypto API transforms for filesystem-layer implementation of |
| 377 | * IV_INO_LBLK_64 policies, allocated on-demand. |
| 378 | */ |
| 379 | struct crypto_skcipher *mk_iv_ino_lblk_64_tfms[__FSCRYPT_MODE_MAX + 1]; |
Eric Biggers | 5dae460 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 380 | |
Eric Biggers | 22d94f4 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 381 | } __randomize_layout; |
| 382 | |
Eric Biggers | b1c0ec3 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 383 | static inline bool |
| 384 | is_master_key_secret_present(const struct fscrypt_master_key_secret *secret) |
| 385 | { |
| 386 | /* |
| 387 | * The READ_ONCE() is only necessary for fscrypt_drop_inode() and |
| 388 | * fscrypt_key_describe(). These run in atomic context, so they can't |
Eric Biggers | 23c688b | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 389 | * take ->mk_secret_sem and thus 'secret' can change concurrently which |
| 390 | * would be a data race. But they only need to know whether the secret |
| 391 | * *was* present at the time of check, so READ_ONCE() suffices. |
Eric Biggers | b1c0ec3 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 392 | */ |
| 393 | return READ_ONCE(secret->size) != 0; |
| 394 | } |
| 395 | |
Eric Biggers | 22d94f4 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 396 | static inline const char *master_key_spec_type( |
| 397 | const struct fscrypt_key_specifier *spec) |
| 398 | { |
| 399 | switch (spec->type) { |
| 400 | case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR: |
| 401 | return "descriptor"; |
Eric Biggers | 5dae460 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 402 | case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER: |
| 403 | return "identifier"; |
Eric Biggers | 22d94f4 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 404 | } |
| 405 | return "[unknown]"; |
| 406 | } |
| 407 | |
| 408 | static inline int master_key_spec_len(const struct fscrypt_key_specifier *spec) |
| 409 | { |
| 410 | switch (spec->type) { |
| 411 | case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR: |
| 412 | return FSCRYPT_KEY_DESCRIPTOR_SIZE; |
Eric Biggers | 5dae460 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 413 | case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER: |
| 414 | return FSCRYPT_KEY_IDENTIFIER_SIZE; |
Eric Biggers | 22d94f4 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 415 | } |
| 416 | return 0; |
| 417 | } |
| 418 | |
| 419 | extern struct key * |
| 420 | fscrypt_find_master_key(struct super_block *sb, |
| 421 | const struct fscrypt_key_specifier *mk_spec); |
| 422 | |
Eric Biggers | 5ab7189 | 2019-08-04 19:35:48 -0700 | [diff] [blame] | 423 | extern int fscrypt_verify_key_added(struct super_block *sb, |
| 424 | const u8 identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]); |
| 425 | |
Eric Biggers | 22d94f4 | 2019-08-04 19:35:46 -0700 | [diff] [blame] | 426 | extern int __init fscrypt_init_keyring(void); |
| 427 | |
Eric Biggers | feed825 | 2019-08-04 19:35:45 -0700 | [diff] [blame] | 428 | /* keysetup.c */ |
Eric Biggers | 8094c3c | 2019-01-06 08:36:21 -0500 | [diff] [blame] | 429 | |
| 430 | struct fscrypt_mode { |
| 431 | const char *friendly_name; |
| 432 | const char *cipher_str; |
| 433 | int keysize; |
| 434 | int ivsize; |
Eric Biggers | ff73c2c | 2019-10-21 13:49:03 -0700 | [diff] [blame] | 435 | int logged_impl_name; |
Eric Biggers | 8094c3c | 2019-01-06 08:36:21 -0500 | [diff] [blame] | 436 | }; |
| 437 | |
Eric Biggers | 85af90e | 2019-12-09 13:18:27 -0800 | [diff] [blame] | 438 | extern struct fscrypt_mode fscrypt_modes[]; |
Eric Biggers | 3ec4f2a6 | 2019-08-04 19:35:45 -0700 | [diff] [blame] | 439 | |
Eric Biggers | 0109ce76 | 2019-08-04 19:35:45 -0700 | [diff] [blame] | 440 | extern struct crypto_skcipher * |
| 441 | fscrypt_allocate_skcipher(struct fscrypt_mode *mode, const u8 *raw_key, |
| 442 | const struct inode *inode); |
| 443 | |
| 444 | extern int fscrypt_set_derived_key(struct fscrypt_info *ci, |
| 445 | const u8 *derived_key); |
| 446 | |
Daniel Rosenberg | aa408f8 | 2020-01-20 14:31:57 -0800 | [diff] [blame^] | 447 | extern int fscrypt_derive_dirhash_key(struct fscrypt_info *ci, |
| 448 | const struct fscrypt_master_key *mk); |
| 449 | |
Eric Biggers | 0109ce76 | 2019-08-04 19:35:45 -0700 | [diff] [blame] | 450 | /* keysetup_v1.c */ |
| 451 | |
| 452 | extern void fscrypt_put_direct_key(struct fscrypt_direct_key *dk); |
| 453 | |
| 454 | extern int fscrypt_setup_v1_file_key(struct fscrypt_info *ci, |
| 455 | const u8 *raw_master_key); |
| 456 | |
| 457 | extern int fscrypt_setup_v1_file_key_via_subscribed_keyrings( |
| 458 | struct fscrypt_info *ci); |
Eric Biggers | 5dae460 | 2019-08-04 19:35:47 -0700 | [diff] [blame] | 459 | /* policy.c */ |
| 460 | |
| 461 | extern bool fscrypt_policies_equal(const union fscrypt_policy *policy1, |
| 462 | const union fscrypt_policy *policy2); |
| 463 | extern bool fscrypt_supported_policy(const union fscrypt_policy *policy_u, |
| 464 | const struct inode *inode); |
| 465 | extern int fscrypt_policy_from_context(union fscrypt_policy *policy_u, |
| 466 | const union fscrypt_context *ctx_u, |
| 467 | int ctx_size); |
Eric Biggers | 0109ce76 | 2019-08-04 19:35:45 -0700 | [diff] [blame] | 468 | |
Theodore Ts'o | 3325bea | 2016-11-26 20:32:46 -0500 | [diff] [blame] | 469 | #endif /* _FSCRYPT_PRIVATE_H */ |