/* SPDX-License-Identifier: GPL-2.0 */ /* * Ceph fscrypt functionality */ #ifndef _CEPH_CRYPTO_H #define _CEPH_CRYPTO_H #include <crypto/sha2.h> #include <linux/fscrypt.h> #define CEPH_FSCRYPT_BLOCK_SHIFT 12 #define CEPH_FSCRYPT_BLOCK_SIZE (_AC(1, UL) << CEPH_FSCRYPT_BLOCK_SHIFT) #define CEPH_FSCRYPT_BLOCK_MASK (~(CEPH_FSCRYPT_BLOCK_SIZE-1)) struct ceph_fs_client; struct ceph_acl_sec_ctx; struct ceph_mds_request; struct ceph_fname { struct inode *dir; char *name; // b64 encoded, possibly hashed unsigned char *ctext; // binary crypttext (if any) u32 name_len; // length of name buffer u32 ctext_len; // length of crypttext bool no_copy; }; /* * Header for the crypted file when truncating the size, this * will be sent to MDS, and the MDS will update the encrypted * last block and then truncate the size. */ struct ceph_fscrypt_truncate_size_header { __u8 ver; __u8 compat; /* * It will be sizeof(assert_ver + file_offset + block_size) * if the last block is empty when it's located in a file * hole. Or the data_len will plus CEPH_FSCRYPT_BLOCK_SIZE. */ __le32 data_len; __le64 change_attr; __le64 file_offset; __le32 block_size; } __packed; struct ceph_fscrypt_auth { __le32 cfa_version; __le32 cfa_blob_len; u8 cfa_blob[FSCRYPT_SET_CONTEXT_MAX_SIZE]; } __packed; #define CEPH_FSCRYPT_AUTH_VERSION 1 static inline u32 ceph_fscrypt_auth_len(struct ceph_fscrypt_auth *fa) { u32 ctxsize = le32_to_cpu(fa->cfa_blob_len); return offsetof(struct ceph_fscrypt_auth, cfa_blob) + ctxsize; } #ifdef CONFIG_FS_ENCRYPTION /* * We want to encrypt filenames when creating them, but the encrypted * versions of those names may have illegal characters in them. To mitigate * that, we base64 encode them, but that gives us a result that can exceed * NAME_MAX. * * Follow a similar scheme to fscrypt itself, and cap the filename to a * smaller size. If the ciphertext name is longer than the value below, then * sha256 hash the remaining bytes. * * For the fscrypt_nokey_name struct the dirhash[2] member is useless in ceph * so the corresponding struct will be: * * struct fscrypt_ceph_nokey_name { * u8 bytes[157]; * u8 sha256[SHA256_DIGEST_SIZE]; * }; // 180 bytes => 240 bytes base64-encoded, which is <= NAME_MAX (255) * * (240 bytes is the maximum size allowed for snapshot names to take into * account the format: '_<SNAPSHOT-NAME>_<INODE-NUMBER>'.) * * Note that for long names that end up having their tail portion hashed, we * must also store the full encrypted name (in the dentry's alternate_name * field). */ #define CEPH_NOHASH_NAME_MAX (180 - SHA256_DIGEST_SIZE) #define CEPH_BASE64_CHARS(nbytes) DIV_ROUND_UP((nbytes) * 4, 3) int ceph_base64_encode(const u8 *src, int srclen, char *dst); int ceph_base64_decode(const char *src, int srclen, u8 *dst); void ceph_fscrypt_set_ops(struct super_block *sb); void ceph_fscrypt_free_dummy_policy(struct ceph_fs_client *fsc); int ceph_fscrypt_prepare_context(struct inode *dir, struct inode *inode, struct ceph_acl_sec_ctx *as); void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req, struct ceph_acl_sec_ctx *as); int ceph_encode_encrypted_dname(struct inode *parent, struct qstr *d_name, char *buf); int ceph_encode_encrypted_fname(struct inode *parent, struct dentry *dentry, char *buf); static inline int ceph_fname_alloc_buffer(struct inode *parent, struct fscrypt_str *fname) { if (!IS_ENCRYPTED(parent)) return 0; return fscrypt_fname_alloc_buffer(NAME_MAX, fname); } static inline void ceph_fname_free_buffer(struct inode *parent, struct fscrypt_str *fname) { if (IS_ENCRYPTED(parent)) fscrypt_fname_free_buffer(fname); } int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname, struct fscrypt_str *oname, bool *is_nokey); int ceph_fscrypt_prepare_readdir(struct inode *dir); static inline unsigned int ceph_fscrypt_blocks(u64 off, u64 len) { /* crypto blocks cannot span more than one page */ BUILD_BUG_ON(CEPH_FSCRYPT_BLOCK_SHIFT > PAGE_SHIFT); return ((off+len+CEPH_FSCRYPT_BLOCK_SIZE-1) >> CEPH_FSCRYPT_BLOCK_SHIFT) - (off >> CEPH_FSCRYPT_BLOCK_SHIFT); } /* * If we have an encrypted inode then we must adjust the offset and * range of the on-the-wire read to cover an entire encryption block. * The copy will be done using the original offset and length, after * we've decrypted the result. */ static inline void ceph_fscrypt_adjust_off_and_len(struct inode *inode, u64 *off, u64 *len) { if (IS_ENCRYPTED(inode)) { *len = ceph_fscrypt_blocks(*off, *len) * CEPH_FSCRYPT_BLOCK_SIZE; *off &= CEPH_FSCRYPT_BLOCK_MASK; } } int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page, unsigned int len, unsigned int offs, u64 lblk_num); int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page, unsigned int len, unsigned int offs, u64 lblk_num, gfp_t gfp_flags); int ceph_fscrypt_decrypt_pages(struct inode *inode, struct page **page, u64 off, int len); int ceph_fscrypt_decrypt_extents(struct inode *inode, struct page **page, u64 off, struct ceph_sparse_extent *map, u32 ext_cnt); int ceph_fscrypt_encrypt_pages(struct inode *inode, struct page **page, u64 off, int len, gfp_t gfp); static inline struct page *ceph_fscrypt_pagecache_page(struct page *page) { return fscrypt_is_bounce_page(page) ? fscrypt_pagecache_page(page) : page; } #else /* CONFIG_FS_ENCRYPTION */ static inline void ceph_fscrypt_set_ops(struct super_block *sb) { } static inline void ceph_fscrypt_free_dummy_policy(struct ceph_fs_client *fsc) { } static inline int ceph_fscrypt_prepare_context(struct inode *dir, struct inode *inode, struct ceph_acl_sec_ctx *as) { if (IS_ENCRYPTED(dir)) return -EOPNOTSUPP; return 0; } static inline void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req, struct ceph_acl_sec_ctx *as_ctx) { } static inline int ceph_encode_encrypted_dname(struct inode *parent, struct qstr *d_name, char *buf) { memcpy(buf, d_name->name, d_name->len); return d_name->len; } static inline int ceph_encode_encrypted_fname(struct inode *parent, struct dentry *dentry, char *buf) { return -EOPNOTSUPP; } static inline int ceph_fname_alloc_buffer(struct inode *parent, struct fscrypt_str *fname) { return 0; } static inline void ceph_fname_free_buffer(struct inode *parent, struct fscrypt_str *fname) { } static inline int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname, struct fscrypt_str *oname, bool *is_nokey) { oname->name = fname->name; oname->len = fname->name_len; return 0; } static inline int ceph_fscrypt_prepare_readdir(struct inode *dir) { return 0; } static inline void ceph_fscrypt_adjust_off_and_len(struct inode *inode, u64 *off, u64 *len) { } static inline int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page, unsigned int len, unsigned int offs, u64 lblk_num) { return 0; } static inline int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page, unsigned int len, unsigned int offs, u64 lblk_num, gfp_t gfp_flags) { return 0; } static inline int ceph_fscrypt_decrypt_pages(struct inode *inode, struct page **page, u64 off, int len) { return 0; } static inline int ceph_fscrypt_decrypt_extents(struct inode *inode, struct page **page, u64 off, struct ceph_sparse_extent *map, u32 ext_cnt) { return 0; } static inline int ceph_fscrypt_encrypt_pages(struct inode *inode, struct page **page, u64 off, int len, gfp_t gfp) { return 0; } static inline struct page *ceph_fscrypt_pagecache_page(struct page *page) { return page; } #endif /* CONFIG_FS_ENCRYPTION */ static inline loff_t ceph_fscrypt_page_offset(struct page *page) { return page_offset(ceph_fscrypt_pagecache_page(page)); } #endif /* _CEPH_CRYPTO_H */