X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Finclude%2Flustre_crypto.h;h=b6c1c8a623470d7457fd1dd3c58439081c5c8758;hb=2169aed82a32df47be9aef2f249178ede6c7fadd;hp=63f7696cfc03f53f6797f146643a606bf79367e3;hpb=28be31137cd22223113e461f74098c92ba6d71e4;p=fs%2Flustre-release.git diff --git a/lustre/include/lustre_crypto.h b/lustre/include/lustre_crypto.h index 63f7696..b6c1c8a 100644 --- a/lustre/include/lustre_crypto.h +++ b/lustre/include/lustre_crypto.h @@ -30,9 +30,77 @@ #define _LUSTRE_CRYPTO_H_ struct ll_sb_info; +int ll_set_encflags(struct inode *inode, void *encctx, __u32 encctxlen, + bool preload); +void llcrypt_free_ctx(void *encctx, __u32 size); bool ll_sbi_has_test_dummy_encryption(struct ll_sb_info *sbi); bool ll_sbi_has_encrypt(struct ll_sb_info *sbi); void ll_sbi_set_encrypt(struct ll_sb_info *sbi, bool set); +/* sizeof(struct fscrypt_context_v2) = 40 */ +#define LLCRYPT_ENC_CTX_SIZE 40 + + +/* Encoding/decoding routines inspired from yEnc principles. + * We just take care of a few critical characters: + * NULL, LF, CR, /, DEL and =. + * If such a char is found, it is replaced with '=' followed by + * the char value + 64. + * All other chars are left untouched. + * Efficiency of this encoding depends on the occurences of the + * critical chars, but statistically on binary data it can be much higher + * than base64 for instance. + */ +static inline int critical_encode(const u8 *src, int len, char *dst) +{ + u8 *p = (u8 *)src, *q = dst; + + while (p - src < len) { + /* escape NULL, LF, CR, /, DEL and = */ + if (unlikely(*p == 0x0 || *p == 0xA || *p == 0xD || + *p == '/' || *p == 0x7F || *p == '=')) { + *(q++) = '='; + *(q++) = *(p++) + 64; + } else { + *(q++) = *(p++); + } + } + + return (char *)q - dst; +} + +/* returns the number of chars encoding would produce */ +static inline int critical_chars(const u8 *src, int len) +{ + u8 *p = (u8 *)src; + int newlen = len; + + while (p - src < len) { + /* NULL, LF, CR, /, DEL and = cost an additional '=' */ + if (unlikely(*p == 0x0 || *p == 0xA || *p == 0xD || + *p == '/' || *p == 0x7F || *p == '=')) + newlen++; + p++; + } + + return newlen; +} + +/* decoding routine - returns the number of chars in output */ +static inline int critical_decode(const u8 *src, int len, char *dst) +{ + u8 *p = (u8 *)src, *q = dst; + + while (p - src < len) { + if (unlikely(*p == '=')) { + *(q++) = *(++p) - 64; + p++; + } else { + *(q++) = *(p++); + } + } + + return (char *)q - dst; +} #ifdef CONFIG_LL_ENCRYPTION #include @@ -41,15 +109,28 @@ void ll_sbi_set_encrypt(struct ll_sb_info *sbi, bool set); #define __FS_HAS_ENCRYPTION 1 #include +#define LLCRYPT_FNAME_DIGEST_SIZE FSCRYPT_FNAME_DIGEST_SIZE +#define LLCRYPT_FNAME_DIGEST FSCRYPT_FNAME_DIGEST +#define llcrypt_name fscrypt_name +#define llcrypt_str fscrypt_str +#define LLTR_INIT FSTR_INIT +#define LLCRYPT_FNAME_MAX_UNDIGESTED_SIZE \ + FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE #define llcrypt_operations fscrypt_operations #define llcrypt_symlink_data fscrypt_symlink_data #define llcrypt_dummy_context_enabled(inode) \ fscrypt_dummy_context_enabled(inode) +#define llcrypt_require_key(inode) \ + fscrypt_require_key(inode) #define llcrypt_has_encryption_key(inode) fscrypt_has_encryption_key(inode) #define llcrypt_encrypt_pagecache_blocks(page, len, offs, gfp_flags) \ fscrypt_encrypt_pagecache_blocks(page, len, offs, gfp_flags) +#define llcrypt_encrypt_block_inplace(inode, page, len, offs, lblk, gfp_flags) \ + fscrypt_encrypt_block_inplace(inode, page, len, offs, lblk, gfp_flags) #define llcrypt_decrypt_pagecache_blocks(page, len, offs) \ fscrypt_decrypt_pagecache_blocks(page, len, offs) +#define llcrypt_decrypt_block_inplace(inode, page, len, offs, lblk_num) \ + fscrypt_decrypt_block_inplace(inode, page, len, offs, lblk_num) #define llcrypt_inherit_context(parent, child, fs_data, preload) \ fscrypt_inherit_context(parent, child, fs_data, preload) #define llcrypt_get_encryption_info(inode) fscrypt_get_encryption_info(inode) @@ -60,6 +141,7 @@ void ll_sbi_set_encrypt(struct ll_sb_info *sbi, bool set); #define llcrypt_ioctl_set_policy(filp, arg) fscrypt_ioctl_set_policy(filp, arg) #define llcrypt_ioctl_get_policy_ex(filp, arg) \ fscrypt_ioctl_get_policy_ex(filp, arg) +#define llcrypt_policy_has_filename_enc(inode) true #define llcrypt_ioctl_add_key(filp, arg) fscrypt_ioctl_add_key(filp, arg) #define llcrypt_ioctl_remove_key(filp, arg) fscrypt_ioctl_remove_key(filp, arg) #define llcrypt_ioctl_remove_key_all_users(filp, arg) \ @@ -74,35 +156,35 @@ void ll_sbi_set_encrypt(struct ll_sb_info *sbi, bool set); #define llcrypt_prepare_setattr(dentry, attr) \ fscrypt_prepare_setattr(dentry, attr) #define llcrypt_set_ops(sb, cop) fscrypt_set_ops(sb, cop) +#define llcrypt_fname_alloc_buffer(inode, max_encrypted_len, crypto_str) \ + fscrypt_fname_alloc_buffer(inode, max_encrypted_len, crypto_str) +#define llcrypt_fname_disk_to_usr(inode, hash, minor_hash, iname, oname) \ + fscrypt_fname_disk_to_usr(inode, hash, minor_hash, iname, oname) +#define llcrypt_fname_free_buffer(crypto_str) \ + fscrypt_fname_free_buffer(crypto_str) +#define llcrypt_setup_filename(dir, iname, lookup, fname) \ + fscrypt_setup_filename(dir, iname, lookup, fname) +#define llcrypt_free_filename(fname) \ + fscrypt_free_filename(fname) +#define llcrypt_prepare_lookup(dir, dentry, fname) \ + fscrypt_prepare_lookup(dir, dentry, fname) +#define llcrypt_encrypt_symlink(inode, target, len, disk_link) \ + fscrypt_encrypt_symlink(inode, target, len, disk_link) +#define __llcrypt_encrypt_symlink(inode, target, len, disk_link) \ + __fscrypt_encrypt_symlink(inode, target, len, disk_link) +#define llcrypt_prepare_symlink(dir, target, len, max_len, disk_link) \ + fscrypt_prepare_symlink(dir, target, len, max_len, disk_link) +#define llcrypt_get_symlink(inode, caddr, max_size, done) \ + fscrypt_get_symlink(inode, caddr, max_size, done) +#define llcrypt_handle_d_move(dentry) \ + fscrypt_handle_d_move(dentry) #else /* !HAVE_LUSTRE_CRYPTO */ -#undef IS_ENCRYPTED -#define IS_ENCRYPTED(x) 0 -#define llcrypt_dummy_context_enabled(inode) NULL -/* copied from include/linux/fscrypt.h */ -#define llcrypt_has_encryption_key(inode) false -#define llcrypt_encrypt_pagecache_blocks(page, len, offs, gfp_flags) \ - ERR_PTR(-EOPNOTSUPP) -#define llcrypt_decrypt_pagecache_blocks(page, len, offs) -EOPNOTSUPP -#define llcrypt_inherit_context(parent, child, fs_data, preload) -EOPNOTSUPP -#define llcrypt_get_encryption_info(inode) -EOPNOTSUPP -#define llcrypt_put_encryption_info(inode) do {} while (0) -#define llcrypt_free_inode(inode) do {} while (0) -#define llcrypt_finalize_bounce_page(pagep) do {} while (0) -static inline int llcrypt_file_open(struct inode *inode, struct file *filp) -{ - return IS_ENCRYPTED(inode) ? -EOPNOTSUPP : 0; -} -#define llcrypt_ioctl_set_policy(filp, arg) -EOPNOTSUPP -#define llcrypt_ioctl_get_policy_ex(filp, arg) -EOPNOTSUPP -#define llcrypt_ioctl_add_key(filp, arg) -EOPNOTSUPP -#define llcrypt_ioctl_remove_key(filp, arg) -EOPNOTSUPP -#define llcrypt_ioctl_remove_key_all_users(filp, arg) -EOPNOTSUPP -#define llcrypt_ioctl_get_key_status(filp, arg) -EOPNOTSUPP -#define llcrypt_drop_inode(inode) 0 -#define llcrypt_prepare_rename(olddir, olddentry, newdir, newdentry, flags) 0 -#define llcrypt_prepare_link(old_dentry, dir, dentry) 0 -#define llcrypt_prepare_setattr(dentry, attr) 0 -#define llcrypt_set_ops(sb, cop) do {} while (0) +/* Extracts the second-to-last ciphertext block */ +#define LLCRYPT_FNAME_DIGEST(name, len) \ + ((name) + round_down((len) - LL_CRYPTO_BLOCK_SIZE - 1, \ + LL_CRYPTO_BLOCK_SIZE)) +#define LLCRYPT_FNAME_DIGEST_SIZE LL_CRYPTO_BLOCK_SIZE +#include #endif /* HAVE_LUSTRE_CRYPTO */ #endif /* !CONFIG_LL_ENCRYPTION */