4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (c) 2019, 2020, Whamcloud.
26 * This file is part of Lustre, http://www.lustre.org/
29 #ifndef _LUSTRE_CRYPTO_H_
30 #define _LUSTRE_CRYPTO_H_
32 #if defined(HAVE_LUSTRE_CRYPTO) && !defined(CONFIG_LL_ENCRYPTION)
33 #define __FS_HAS_ENCRYPTION 1
34 #include <linux/fscrypt.h>
36 /* LLCRYPT_DIGESTED_* is provided by llcrypt.h but that is not present
37 * for native fscrypt builds
39 #define LLCRYPT_DIGESTED_CHAR '+'
40 #define LLCRYPT_DIGESTED_CHAR_OLD '_'
41 #define LL_CRYPTO_BLOCK_SIZE FS_CRYPTO_BLOCK_SIZE
42 #define llcrypt_name fscrypt_name
43 #define llcrypt_str fscrypt_str
44 #define LLTR_INIT FSTR_INIT
45 #define llcrypt_operations fscrypt_operations
46 #define llcrypt_symlink_data fscrypt_symlink_data
47 #define llcrypt_init() 0
48 #define llcrypt_exit() {}
49 #ifndef HAVE_FSCRYPT_DUMMY_CONTEXT_ENABLED
50 #ifdef HAVE_FSCRYPT_DUMMY_POLICY
51 #define llcrypt_policy fscrypt_policy
52 #define llcrypt_dummy_policy fscrypt_dummy_policy
54 #define llcrypt_policy fscrypt_context
55 #define llcrypt_dummy_policy fscrypt_dummy_context
58 #ifdef HAVE_FSCRYPT_D_REVALIDATE
59 #define llcrypt_d_revalidate(dentry, flags) \
60 fscrypt_d_revalidate(dentry, flags)
62 int llcrypt_d_revalidate(struct dentry *dentry, unsigned int flags);
64 #define llcrypt_require_key(inode) \
65 fscrypt_require_key(inode)
66 #define llcrypt_has_encryption_key(inode) fscrypt_has_encryption_key(inode)
67 #define llcrypt_encrypt_pagecache_blocks(page, len, offs, gfp_flags) \
68 fscrypt_encrypt_pagecache_blocks(page, len, offs, gfp_flags)
69 #define llcrypt_decrypt_pagecache_blocks(page, len, offs) \
70 fscrypt_decrypt_pagecache_blocks(page, len, offs)
71 #define llcrypt_decrypt_block_inplace(inode, page, len, offs, lblk_num) \
72 fscrypt_decrypt_block_inplace(inode, page, len, offs, lblk_num)
73 #define llcrypt_inherit_context(parent, child, fs_data, preload) \
74 fscrypt_inherit_context(parent, child, fs_data, preload)
75 #ifdef HAVE_FSCRYPT_PREPARE_READDIR
76 #define llcrypt_prepare_readdir(inode) fscrypt_prepare_readdir(inode)
78 #define llcrypt_prepare_readdir(inode) fscrypt_get_encryption_info(inode)
80 #define llcrypt_put_encryption_info(inode) fscrypt_put_encryption_info(inode)
81 #define llcrypt_free_inode(inode) fscrypt_free_inode(inode)
82 #define llcrypt_finalize_bounce_page(pagep) fscrypt_finalize_bounce_page(pagep)
83 #define llcrypt_file_open(inode, filp) fscrypt_file_open(inode, filp)
84 #define llcrypt_ioctl_set_policy(filp, arg) fscrypt_ioctl_set_policy(filp, arg)
85 #define llcrypt_ioctl_get_policy_ex(filp, arg) \
86 fscrypt_ioctl_get_policy_ex(filp, arg)
87 #define llcrypt_policy_has_filename_enc(inode) true
88 #define llcrypt_ioctl_add_key(filp, arg) fscrypt_ioctl_add_key(filp, arg)
89 #define llcrypt_ioctl_remove_key(filp, arg) fscrypt_ioctl_remove_key(filp, arg)
90 #define llcrypt_ioctl_remove_key_all_users(filp, arg) \
91 fscrypt_ioctl_remove_key_all_users(filp, arg)
92 #define llcrypt_ioctl_get_key_status(filp, arg) \
93 fscrypt_ioctl_get_key_status(filp, arg)
94 #define llcrypt_drop_inode(inode) fscrypt_drop_inode(inode)
95 #define llcrypt_prepare_rename(olddir, olddentry, newdir, newdentry, flags) \
96 fscrypt_prepare_rename(olddir, olddentry, newdir, newdentry, flags)
97 #define llcrypt_prepare_link(old_dentry, dir, dentry) \
98 fscrypt_prepare_link(old_dentry, dir, dentry)
99 #define llcrypt_prepare_setattr(dentry, attr) \
100 fscrypt_prepare_setattr(dentry, attr)
101 #define __llcrypt_prepare_lookup(inode, dentry, fname) \
102 __fscrypt_prepare_lookup(inode, dentry, fname)
103 #define llcrypt_set_ops(sb, cop) fscrypt_set_ops(sb, cop)
104 #define llcrypt_sb_free(sb) {}
105 #ifdef HAVE_FSCRYPT_FNAME_ALLOC_BUFFER_NO_INODE
106 #define llcrypt_fname_alloc_buffer(inode, max_encrypted_len, crypto_str) \
107 fscrypt_fname_alloc_buffer(max_encrypted_len, crypto_str)
109 #define llcrypt_fname_alloc_buffer(inode, max_encrypted_len, crypto_str) \
110 fscrypt_fname_alloc_buffer(inode, max_encrypted_len, crypto_str)
112 #define llcrypt_fname_disk_to_usr(inode, hash, minor_hash, iname, oname) \
113 fscrypt_fname_disk_to_usr(inode, hash, minor_hash, iname, oname)
114 #define llcrypt_fname_free_buffer(crypto_str) \
115 fscrypt_fname_free_buffer(crypto_str)
116 #define llcrypt_setup_filename(dir, iname, lookup, fname) \
117 fscrypt_setup_filename(dir, iname, lookup, fname)
118 #define llcrypt_free_filename(fname) \
119 fscrypt_free_filename(fname)
120 #define llcrypt_match_name(fname, de_name, name_len) \
121 fscrypt_match_name(fname, de_name, name_len)
122 #define llcrypt_prepare_lookup(dir, dentry, fname) \
123 fscrypt_prepare_lookup(dir, dentry, fname)
124 #define llcrypt_encrypt_symlink(inode, target, len, disk_link) \
125 fscrypt_encrypt_symlink(inode, target, len, disk_link)
126 #define __llcrypt_encrypt_symlink(inode, target, len, disk_link) \
127 __fscrypt_encrypt_symlink(inode, target, len, disk_link)
128 #define llcrypt_prepare_symlink(dir, target, len, max_len, disk_link) \
129 fscrypt_prepare_symlink(dir, target, len, max_len, disk_link)
130 #define llcrypt_get_symlink(inode, caddr, max_size, done) \
131 fscrypt_get_symlink(inode, caddr, max_size, done)
133 #define LL_IOC_SET_ENCRYPTION_POLICY FS_IOC_SET_ENCRYPTION_POLICY
134 #define LL_IOC_GET_ENCRYPTION_POLICY_EX FS_IOC_GET_ENCRYPTION_POLICY_EX
135 #define LL_IOC_ADD_ENCRYPTION_KEY FS_IOC_ADD_ENCRYPTION_KEY
136 #define LL_IOC_REMOVE_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY
137 #define LL_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS \
138 FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS
139 #define LL_IOC_GET_ENCRYPTION_KEY_STATUS FS_IOC_GET_ENCRYPTION_KEY_STATUS
141 #else /* HAVE_LUSTRE_CRYPTO && !CONFIG_LL_ENCRYPTION */
142 #include <libcfs/crypto/llcrypt.h>
144 #define llcrypt_prepare_readdir(inode) llcrypt_get_encryption_info(inode)
146 int llcrypt_d_revalidate(struct dentry *dentry, unsigned int flags);
148 #endif /* !HAVE_LUSTRE_CRYPTO || CONFIG_LL_ENCRYPTION */
150 #if !defined(HAVE_FSCRYPT_IS_NOKEY_NAME) || defined(CONFIG_LL_ENCRYPTION)
152 #ifndef DCACHE_NOKEY_NAME
153 #define DCACHE_NOKEY_NAME 0x02000000 /* Enc name without key */
156 static inline bool llcrypt_is_nokey_name(const struct dentry *dentry)
158 return dentry->d_flags & DCACHE_NOKEY_NAME;
161 #define llcrypt_is_nokey_name(dentry) \
162 fscrypt_is_nokey_name(dentry)
165 #if defined(HAVE_LUSTRE_CRYPTO) && !defined(HAVE_FSCRYPT_DUMMY_CONTEXT_ENABLED)
166 #define llcrypt_show_test_dummy_encryption(seq, sep, sb) \
167 fscrypt_show_test_dummy_encryption(seq, sep, sb)
168 #define llcrypt_set_test_dummy_encryption(sb, arg, ctx) \
169 fscrypt_set_test_dummy_encryption(sb, arg, ctx)
170 #ifdef HAVE_FSCRYPT_DUMMY_POLICY
171 #define llcrypt_free_dummy_policy(policy) \
172 fscrypt_free_dummy_policy(policy)
174 #define llcrypt_free_dummy_policy(policy) \
175 fscrypt_free_dummy_context(policy)
178 #define llcrypt_show_test_dummy_encryption(seq, sep, sb) {}
179 #define llcrypt_free_dummy_policy(policy) {}
182 /* Macro to extract digest from Lustre specific structures */
183 #if defined(HAVE_FSCRYPT_DIGESTED_NAME) && !defined(CONFIG_LL_ENCRYPTION)
184 #define LLCRYPT_EXTRACT_DIGEST FSCRYPT_FNAME_DIGEST
186 #define LLCRYPT_EXTRACT_DIGEST(name, len) \
187 ((name) + round_down((len) - LL_CRYPTO_BLOCK_SIZE - 1, \
188 LL_CRYPTO_BLOCK_SIZE))
192 int ll_set_encflags(struct inode *inode, void *encctx, __u32 encctxlen,
194 void llcrypt_free_ctx(void *encctx, __u32 size);
195 bool ll_sb_has_test_dummy_encryption(struct super_block *sb);
196 bool ll_sbi_has_encrypt(struct ll_sb_info *sbi);
197 void ll_sbi_set_encrypt(struct ll_sb_info *sbi, bool set);
198 bool ll_sbi_has_name_encrypt(struct ll_sb_info *sbi);
199 void ll_sbi_set_name_encrypt(struct ll_sb_info *sbi, bool set);
200 /* sizeof(struct fscrypt_context_v2) = 40 */
201 #define LLCRYPT_ENC_CTX_SIZE 40
203 /* Encoding/decoding routines inspired from yEnc principles.
204 * We just take care of a few critical characters:
205 * NULL, LF, CR, /, DEL and =.
206 * If such a char is found, it is replaced with '=' followed by
207 * the char value + 64.
208 * All other chars are left untouched.
209 * Efficiency of this encoding depends on the occurences of the
210 * critical chars, but statistically on binary data it can be much higher
211 * than base64 for instance.
213 static inline int critical_encode(const u8 *src, int len, char *dst)
215 u8 *p = (u8 *)src, *q = dst;
217 while (p - src < len) {
218 /* escape NULL, LF, CR, /, DEL and = */
219 if (unlikely(*p == 0x0 || *p == 0xA || *p == 0xD ||
220 *p == '/' || *p == 0x7F || *p == '=')) {
222 *(q++) = *(p++) + 64;
228 return (char *)q - dst;
231 /* returns the number of chars encoding would produce */
232 static inline int critical_chars(const u8 *src, int len)
237 while (p - src < len) {
238 /* NULL, LF, CR, /, DEL and = cost an additional '=' */
239 if (unlikely(*p == 0x0 || *p == 0xA || *p == 0xD ||
240 *p == '/' || *p == 0x7F || *p == '='))
248 /* decoding routine - returns the number of chars in output */
249 static inline int critical_decode(const u8 *src, int len, char *dst)
251 u8 *p = (u8 *)src, *q = dst;
253 while (p - src < len) {
254 if (unlikely(*p == '=')) {
255 *(q++) = *(++p) - 64;
262 return (char *)q - dst;
265 #endif /* _LUSTRE_CRYPTO_H_ */