1 // SPDX-License-Identifier: GPL-2.0-only
5 * Encryption hooks for higher-level filesystem operations.
8 * Linux commit 219d54332a09
12 #include "llcrypt_private.h"
15 * llcrypt_file_open - prepare to open a possibly-encrypted regular file
16 * @inode: the inode being opened
17 * @filp: the struct file being set up
19 * Currently, an encrypted regular file can only be opened if its encryption key
20 * is available; access to the raw encrypted contents is not supported.
21 * Therefore, we first set up the inode's encryption key (if not already done)
22 * and return an error if it's unavailable.
24 * We also verify that if the parent directory (from the path via which the file
25 * is being opened) is encrypted, then the inode being opened uses the same
26 * encryption policy. This is needed as part of the enforcement that all files
27 * in an encrypted directory tree use the same encryption policy, as a
28 * protection against certain types of offline attacks. Note that this check is
29 * needed even when opening an *unencrypted* file, since it's forbidden to have
30 * an unencrypted file in an encrypted directory.
32 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
34 int llcrypt_file_open(struct inode *inode, struct file *filp)
39 err = llcrypt_require_key(inode);
43 dir = dget_parent(file_dentry(filp));
44 if (IS_ENCRYPTED(d_inode(dir)) &&
45 !llcrypt_has_permitted_context(d_inode(dir), inode)) {
47 "Inconsistent encryption context (parent directory: %lu)",
54 EXPORT_SYMBOL_GPL(llcrypt_file_open);
56 int __llcrypt_prepare_link(struct inode *inode, struct inode *dir,
57 struct dentry *dentry)
61 err = llcrypt_require_key(dir);
65 /* ... in case we looked up ciphertext name before key was added */
66 if (dentry->d_flags & DCACHE_ENCRYPTED_NAME)
69 if (!llcrypt_has_permitted_context(dir, inode))
74 EXPORT_SYMBOL_GPL(__llcrypt_prepare_link);
76 int __llcrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry,
77 struct inode *new_dir, struct dentry *new_dentry,
82 err = llcrypt_require_key(old_dir);
86 err = llcrypt_require_key(new_dir);
90 /* ... in case we looked up ciphertext name(s) before key was added */
91 if ((old_dentry->d_flags | new_dentry->d_flags) &
92 DCACHE_ENCRYPTED_NAME)
95 if (old_dir != new_dir) {
96 if (IS_ENCRYPTED(new_dir) &&
97 !llcrypt_has_permitted_context(new_dir,
101 if ((flags & RENAME_EXCHANGE) &&
102 IS_ENCRYPTED(old_dir) &&
103 !llcrypt_has_permitted_context(old_dir,
104 d_inode(new_dentry)))
109 EXPORT_SYMBOL_GPL(__llcrypt_prepare_rename);
111 int __llcrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
112 struct llcrypt_name *fname)
114 int err = llcrypt_setup_filename(dir, &dentry->d_name, 1, fname);
116 if (err && err != -ENOENT)
119 if (fname->is_ciphertext_name) {
120 spin_lock(&dentry->d_lock);
121 dentry->d_flags |= DCACHE_ENCRYPTED_NAME;
122 spin_unlock(&dentry->d_lock);
123 d_set_d_op(dentry, &llcrypt_d_ops);
127 EXPORT_SYMBOL_GPL(__llcrypt_prepare_lookup);
129 int __llcrypt_prepare_symlink(struct inode *dir, unsigned int len,
130 unsigned int max_len,
131 struct llcrypt_str *disk_link)
136 * To calculate the size of the encrypted symlink target we need to know
137 * the amount of NUL padding, which is determined by the flags set in
138 * the encryption policy which will be inherited from the directory.
139 * The easiest way to get access to this is to just load the directory's
140 * llcrypt_info, since we'll need it to create the dir_entry anyway.
142 * Note: in test_dummy_encryption mode, @dir may be unencrypted.
144 err = llcrypt_get_encryption_info(dir);
147 if (!llcrypt_has_encryption_key(dir))
151 * Calculate the size of the encrypted symlink and verify it won't
152 * exceed max_len. Note that for historical reasons, encrypted symlink
153 * targets are prefixed with the ciphertext length, despite this
154 * actually being redundant with i_size. This decreases by 2 bytes the
155 * longest symlink target we can accept.
157 * We could recover 1 byte by not counting a null terminator, but
158 * counting it (even though it is meaningless for ciphertext) is simpler
159 * for now since filesystems will assume it is there and subtract it.
161 if (!llcrypt_fname_encrypted_size(dir, len,
162 max_len - sizeof(struct llcrypt_symlink_data),
164 return -ENAMETOOLONG;
165 disk_link->len += sizeof(struct llcrypt_symlink_data);
167 disk_link->name = NULL;
170 EXPORT_SYMBOL_GPL(__llcrypt_prepare_symlink);
172 int __llcrypt_encrypt_symlink(struct inode *inode, const char *target,
173 unsigned int len, struct llcrypt_str *disk_link)
176 struct qstr iname = QSTR_INIT(target, len);
177 struct llcrypt_symlink_data *sd;
178 unsigned int ciphertext_len;
180 if (unlikely(!llcrypt_policy_has_filename_enc(inode)))
183 err = llcrypt_require_key(inode);
187 if (disk_link->name) {
188 /* filesystem-provided buffer */
189 sd = (struct llcrypt_symlink_data *)disk_link->name;
191 sd = kmalloc(disk_link->len, GFP_NOFS);
195 ciphertext_len = disk_link->len - sizeof(*sd);
196 sd->len = cpu_to_le16(ciphertext_len);
198 err = fname_encrypt(inode, &iname, sd->encrypted_path, ciphertext_len);
203 * Null-terminating the ciphertext doesn't make sense, but we still
204 * count the null terminator in the length, so we might as well
205 * initialize it just in case the filesystem writes it out.
207 sd->encrypted_path[ciphertext_len] = '\0';
209 /* Cache the plaintext symlink target for later use by get_link() */
211 inode->i_link = kmemdup(target, len + 1, GFP_NOFS);
215 if (!disk_link->name)
216 disk_link->name = (unsigned char *)sd;
220 if (!disk_link->name)
224 EXPORT_SYMBOL_GPL(__llcrypt_encrypt_symlink);
227 * llcrypt_get_symlink - get the target of an encrypted symlink
228 * @inode: the symlink inode
229 * @caddr: the on-disk contents of the symlink
230 * @max_size: size of @caddr buffer
231 * @done: if successful, will be set up to free the returned target if needed
233 * If the symlink's encryption key is available, we decrypt its target.
234 * Otherwise, we encode its target for presentation.
236 * This may sleep, so the filesystem must have dropped out of RCU mode already.
238 * Return: the presentable symlink target or an ERR_PTR()
240 const char *llcrypt_get_symlink(struct inode *inode, const void *caddr,
241 unsigned int max_size,
242 struct delayed_call *done)
244 const struct llcrypt_symlink_data *sd;
245 struct llcrypt_str cstr, pstr;
249 /* This is for encrypted symlinks only */
250 if (WARN_ON(!IS_ENCRYPTED(inode)))
251 return ERR_PTR(-EINVAL);
253 /* If the decrypted target is already cached, just return it. */
254 pstr.name = READ_ONCE(inode->i_link);
259 * Try to set up the symlink's encryption key, but we can continue
260 * regardless of whether the key is available or not.
262 err = llcrypt_get_encryption_info(inode);
265 has_key = llcrypt_has_encryption_key(inode);
268 * For historical reasons, encrypted symlink targets are prefixed with
269 * the ciphertext length, even though this is redundant with i_size.
272 if (unlikely(!llcrypt_policy_has_filename_enc(inode))) {
273 cstr.name = (unsigned char *)caddr;
274 cstr.len = strlen(cstr.name);
277 return ERR_PTR(-EUCLEAN);
279 if (max_size < sizeof(*sd))
280 return ERR_PTR(-EUCLEAN);
282 cstr.name = (unsigned char *)sd->encrypted_path;
283 cstr.len = le16_to_cpu(sd->len);
286 return ERR_PTR(-EUCLEAN);
288 if (cstr.len + sizeof(*sd) - 1 > max_size)
289 return ERR_PTR(-EUCLEAN);
292 err = llcrypt_fname_alloc_buffer(inode, cstr.len, &pstr);
296 err = llcrypt_fname_disk_to_usr(inode, 0, 0, &cstr, &pstr);
301 if (pstr.name[0] == '\0')
304 pstr.name[pstr.len] = '\0';
307 * Cache decrypted symlink targets in i_link for later use. Don't cache
308 * symlink targets encoded without the key, since those become outdated
309 * once the key is added. This pairs with the READ_ONCE() above and in
310 * the VFS path lookup code.
313 cmpxchg_release(&inode->i_link, NULL, pstr.name) != NULL)
314 set_delayed_call(done, kfree_link, pstr.name);
322 EXPORT_SYMBOL_GPL(llcrypt_get_symlink);