1 /* SPDX-License-Identifier: GPL-2.0 */
3 * fscrypt.h: declarations for per-file encryption
5 * Filesystems that implement per-file encryption include this header
6 * file with the __FS_HAS_ENCRYPTION set according to whether that filesystem
7 * is being built with encryption support or not.
9 * Copyright (C) 2015, Google, Inc.
11 * Written by Michael Halcrow, 2015.
12 * Modified by Jaegeuk Kim, 2015.
14 #ifndef _LINUX_FSCRYPT_H
15 #define _LINUX_FSCRYPT_H
19 #define FS_CRYPTO_BLOCK_SIZE 16
30 const struct qstr *usr_fname;
31 struct fscrypt_str disk_name;
34 struct fscrypt_str crypto_buf;
37 #define FSTR_INIT(n, l) { .name = n, .len = l }
38 #define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len)
39 #define fname_name(p) ((p)->disk_name.name)
40 #define fname_len(p) ((p)->disk_name.len)
42 /* Maximum value for the third parameter of fscrypt_operations.set_context(). */
43 #define FSCRYPT_SET_CONTEXT_MAX_SIZE 28
45 #if __FS_HAS_ENCRYPTION
46 #include <linux/fscrypt_supp.h>
48 #include <linux/fscrypt_notsupp.h>
52 * fscrypt_require_key - require an inode's encryption key
53 * @inode: the inode we need the key for
55 * If the inode is encrypted, set up its encryption key if not already done.
56 * Then require that the key be present and return -ENOKEY otherwise.
58 * No locks are needed, and the key will live as long as the struct inode --- so
59 * it won't go away from under you.
61 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
62 * if a problem occurred while setting up the encryption key.
64 static inline int fscrypt_require_key(struct inode *inode)
66 if (IS_ENCRYPTED(inode)) {
67 int err = fscrypt_get_encryption_info(inode);
71 if (!fscrypt_has_encryption_key(inode))
78 * fscrypt_prepare_link - prepare to link an inode into a possibly-encrypted directory
79 * @old_dentry: an existing dentry for the inode being linked
80 * @dir: the target directory
81 * @dentry: negative dentry for the target filename
83 * A new link can only be added to an encrypted directory if the directory's
84 * encryption key is available --- since otherwise we'd have no way to encrypt
85 * the filename. Therefore, we first set up the directory's encryption key (if
86 * not already done) and return an error if it's unavailable.
88 * We also verify that the link will not violate the constraint that all files
89 * in an encrypted directory tree use the same encryption policy.
91 * Return: 0 on success, -ENOKEY if the directory's encryption key is missing,
92 * -EPERM if the link would result in an inconsistent encryption policy, or
93 * another -errno code.
95 static inline int fscrypt_prepare_link(struct dentry *old_dentry,
97 struct dentry *dentry)
99 if (IS_ENCRYPTED(dir))
100 return __fscrypt_prepare_link(d_inode(old_dentry), dir);
105 * fscrypt_prepare_rename - prepare for a rename between possibly-encrypted directories
106 * @old_dir: source directory
107 * @old_dentry: dentry for source file
108 * @new_dir: target directory
109 * @new_dentry: dentry for target location (may be negative unless exchanging)
110 * @flags: rename flags (we care at least about %RENAME_EXCHANGE)
112 * Prepare for ->rename() where the source and/or target directories may be
113 * encrypted. A new link can only be added to an encrypted directory if the
114 * directory's encryption key is available --- since otherwise we'd have no way
115 * to encrypt the filename. A rename to an existing name, on the other hand,
116 * *is* cryptographically possible without the key. However, we take the more
117 * conservative approach and just forbid all no-key renames.
119 * We also verify that the rename will not violate the constraint that all files
120 * in an encrypted directory tree use the same encryption policy.
122 * Return: 0 on success, -ENOKEY if an encryption key is missing, -EPERM if the
123 * rename would cause inconsistent encryption policies, or another -errno code.
125 static inline int fscrypt_prepare_rename(struct inode *old_dir,
126 struct dentry *old_dentry,
127 struct inode *new_dir,
128 struct dentry *new_dentry,
131 if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
132 return __fscrypt_prepare_rename(old_dir, old_dentry,
133 new_dir, new_dentry, flags);
138 * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory
139 * @dir: directory being searched
140 * @dentry: filename being looked up
141 * @flags: lookup flags
143 * Prepare for ->lookup() in a directory which may be encrypted. Lookups can be
144 * done with or without the directory's encryption key; without the key,
145 * filenames are presented in encrypted form. Therefore, we'll try to set up
146 * the directory's encryption key, but even without it the lookup can continue.
148 * To allow invalidating stale dentries if the directory's encryption key is
149 * added later, we also install a custom ->d_revalidate() method and use the
150 * DCACHE_ENCRYPTED_WITH_KEY flag to indicate whether a given dentry is a
151 * plaintext name (flag set) or a ciphertext name (flag cleared).
153 * Return: 0 on success, -errno if a problem occurred while setting up the
156 static inline int fscrypt_prepare_lookup(struct inode *dir,
157 struct dentry *dentry,
160 if (IS_ENCRYPTED(dir))
161 return __fscrypt_prepare_lookup(dir, dentry);
166 * fscrypt_prepare_setattr - prepare to change a possibly-encrypted inode's attributes
167 * @dentry: dentry through which the inode is being changed
168 * @attr: attributes to change
170 * Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file,
171 * most attribute changes are allowed even without the encryption key. However,
172 * without the encryption key we do have to forbid truncates. This is needed
173 * because the size being truncated to may not be a multiple of the filesystem
174 * block size, and in that case we'd have to decrypt the final block, zero the
175 * portion past i_size, and re-encrypt it. (We *could* allow truncating to a
176 * filesystem block boundary, but it's simpler to just forbid all truncates ---
177 * and we already forbid all other contents modifications without the key.)
179 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
180 * if a problem occurred while setting up the encryption key.
182 static inline int fscrypt_prepare_setattr(struct dentry *dentry,
185 if (attr->ia_valid & ATTR_SIZE)
186 return fscrypt_require_key(d_inode(dentry));
191 * fscrypt_prepare_symlink - prepare to create a possibly-encrypted symlink
192 * @dir: directory in which the symlink is being created
193 * @target: plaintext symlink target
194 * @len: length of @target excluding null terminator
195 * @max_len: space the filesystem has available to store the symlink target
196 * @disk_link: (out) the on-disk symlink target being prepared
198 * This function computes the size the symlink target will require on-disk,
199 * stores it in @disk_link->len, and validates it against @max_len. An
200 * encrypted symlink may be longer than the original.
202 * Additionally, @disk_link->name is set to @target if the symlink will be
203 * unencrypted, but left NULL if the symlink will be encrypted. For encrypted
204 * symlinks, the filesystem must call fscrypt_encrypt_symlink() to create the
205 * on-disk target later. (The reason for the two-step process is that some
206 * filesystems need to know the size of the symlink target before creating the
207 * inode, e.g. to determine whether it will be a "fast" or "slow" symlink.)
209 * Return: 0 on success, -ENAMETOOLONG if the symlink target is too long,
210 * -ENOKEY if the encryption key is missing, or another -errno code if a problem
211 * occurred while setting up the encryption key.
213 static inline int fscrypt_prepare_symlink(struct inode *dir,
216 unsigned int max_len,
217 struct fscrypt_str *disk_link)
219 if (IS_ENCRYPTED(dir) || fscrypt_dummy_context_enabled(dir))
220 return __fscrypt_prepare_symlink(dir, len, max_len, disk_link);
222 disk_link->name = (unsigned char *)target;
223 disk_link->len = len + 1;
224 if (disk_link->len > max_len)
225 return -ENAMETOOLONG;
230 * fscrypt_encrypt_symlink - encrypt the symlink target if needed
231 * @inode: symlink inode
232 * @target: plaintext symlink target
233 * @len: length of @target excluding null terminator
234 * @disk_link: (in/out) the on-disk symlink target being prepared
236 * If the symlink target needs to be encrypted, then this function encrypts it
237 * into @disk_link->name. fscrypt_prepare_symlink() must have been called
238 * previously to compute @disk_link->len. If the filesystem did not allocate a
239 * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one
240 * will be kmalloc()'ed and the filesystem will be responsible for freeing it.
242 * Return: 0 on success, -errno on failure
244 static inline int fscrypt_encrypt_symlink(struct inode *inode,
247 struct fscrypt_str *disk_link)
249 if (IS_ENCRYPTED(inode))
250 return __fscrypt_encrypt_symlink(inode, target, len, disk_link);
254 #endif /* _LINUX_FSCRYPT_H */