Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/fs/crypto/fscrypt_private.h 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) /* SPDX-License-Identifier: GPL-2.0 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * fscrypt_private.h
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Copyright (C) 2015, Google, Inc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  * Originally written by Michael Halcrow, Ildar Muslukhov, and Uday Savagaonkar.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  * Heavily modified since then.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #ifndef _FSCRYPT_PRIVATE_H
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) #define _FSCRYPT_PRIVATE_H
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <linux/fscrypt.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include <linux/siphash.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <crypto/hash.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <linux/blk-crypto.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) #define CONST_STRLEN(str)	(sizeof(str) - 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) #define FSCRYPT_FILE_NONCE_SIZE	16
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) #define FSCRYPT_MIN_KEY_SIZE	16
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) #define FSCRYPT_MAX_HW_WRAPPED_KEY_SIZE	128
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) #define FSCRYPT_CONTEXT_V1	1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) #define FSCRYPT_CONTEXT_V2	2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) /* Keep this in sync with include/uapi/linux/fscrypt.h */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) #define FSCRYPT_MODE_MAX	FSCRYPT_MODE_ADIANTUM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) struct fscrypt_context_v1 {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 	u8 version; /* FSCRYPT_CONTEXT_V1 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 	u8 contents_encryption_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 	u8 filenames_encryption_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 	u8 flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 	u8 master_key_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 	u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) struct fscrypt_context_v2 {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 	u8 version; /* FSCRYPT_CONTEXT_V2 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 	u8 contents_encryption_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 	u8 filenames_encryption_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 	u8 flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 	u8 __reserved[4];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 	u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 	u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53)  * fscrypt_context - the encryption context of an inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55)  * This is the on-disk equivalent of an fscrypt_policy, stored alongside each
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56)  * encrypted file usually in a hidden extended attribute.  It contains the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57)  * fields from the fscrypt_policy, in order to identify the encryption algorithm
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58)  * and key with which the file is encrypted.  It also contains a nonce that was
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59)  * randomly generated by fscrypt itself; this is used as KDF input or as a tweak
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60)  * to cause different files to be encrypted differently.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) union fscrypt_context {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 	u8 version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 	struct fscrypt_context_v1 v1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 	struct fscrypt_context_v2 v2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69)  * Return the size expected for the given fscrypt_context based on its version
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70)  * number, or 0 if the context version is unrecognized.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) static inline int fscrypt_context_size(const union fscrypt_context *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 	switch (ctx->version) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 	case FSCRYPT_CONTEXT_V1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 		BUILD_BUG_ON(sizeof(ctx->v1) != 28);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 		return sizeof(ctx->v1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 	case FSCRYPT_CONTEXT_V2:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 		BUILD_BUG_ON(sizeof(ctx->v2) != 40);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 		return sizeof(ctx->v2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) /* Check whether an fscrypt_context has a recognized version number and size */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) static inline bool fscrypt_context_is_valid(const union fscrypt_context *ctx,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 					    int ctx_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 	return ctx_size >= 1 && ctx_size == fscrypt_context_size(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) /* Retrieve the context's nonce, assuming the context was already validated */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) static inline const u8 *fscrypt_context_nonce(const union fscrypt_context *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 	switch (ctx->version) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 	case FSCRYPT_CONTEXT_V1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 		return ctx->v1.nonce;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 	case FSCRYPT_CONTEXT_V2:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 		return ctx->v2.nonce;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 	WARN_ON(1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 	return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) union fscrypt_policy {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 	u8 version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 	struct fscrypt_policy_v1 v1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 	struct fscrypt_policy_v2 v2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112)  * Return the size expected for the given fscrypt_policy based on its version
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113)  * number, or 0 if the policy version is unrecognized.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) static inline int fscrypt_policy_size(const union fscrypt_policy *policy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 	switch (policy->version) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 	case FSCRYPT_POLICY_V1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 		return sizeof(policy->v1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 	case FSCRYPT_POLICY_V2:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 		return sizeof(policy->v2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) /* Return the contents encryption mode of a valid encryption policy */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) static inline u8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) fscrypt_policy_contents_mode(const union fscrypt_policy *policy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 	switch (policy->version) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 	case FSCRYPT_POLICY_V1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 		return policy->v1.contents_encryption_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 	case FSCRYPT_POLICY_V2:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 		return policy->v2.contents_encryption_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 	BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) /* Return the filenames encryption mode of a valid encryption policy */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) static inline u8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) fscrypt_policy_fnames_mode(const union fscrypt_policy *policy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 	switch (policy->version) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 	case FSCRYPT_POLICY_V1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 		return policy->v1.filenames_encryption_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 	case FSCRYPT_POLICY_V2:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 		return policy->v2.filenames_encryption_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 	BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) /* Return the flags (FSCRYPT_POLICY_FLAG*) of a valid encryption policy */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) static inline u8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) fscrypt_policy_flags(const union fscrypt_policy *policy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 	switch (policy->version) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 	case FSCRYPT_POLICY_V1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 		return policy->v1.flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 	case FSCRYPT_POLICY_V2:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 		return policy->v2.flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 	BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166)  * For encrypted symlinks, the ciphertext length is stored at the beginning
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167)  * of the string in little-endian format.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) struct fscrypt_symlink_data {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 	__le16 len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 	char encrypted_path[1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) } __packed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175)  * struct fscrypt_prepared_key - a key prepared for actual encryption/decryption
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176)  * @tfm: crypto API transform object
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177)  * @blk_key: key for blk-crypto
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179)  * Normally only one of the fields will be non-NULL.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) struct fscrypt_prepared_key {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 	struct crypto_skcipher *tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 	struct fscrypt_blk_crypto_key *blk_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189)  * fscrypt_info - the "encryption key" for an inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191)  * When an encrypted file's key is made available, an instance of this struct is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192)  * allocated and stored in ->i_crypt_info.  Once created, it remains until the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193)  * inode is evicted.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) struct fscrypt_info {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 	/* The key in a form prepared for actual encryption/decryption */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 	struct fscrypt_prepared_key ci_enc_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 	/* True if ci_enc_key should be freed when this fscrypt_info is freed */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 	bool ci_owns_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 	 * True if this inode will use inline encryption (blk-crypto) instead of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 	 * the traditional filesystem-layer encryption.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 	bool ci_inlinecrypt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 	 * Encryption mode used for this inode.  It corresponds to either the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 	 * contents or filenames encryption mode, depending on the inode type.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 	struct fscrypt_mode *ci_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 	/* Back-pointer to the inode */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 	struct inode *ci_inode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 	 * The master key with which this inode was unlocked (decrypted).  This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 	 * will be NULL if the master key was found in a process-subscribed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 	 * keyring rather than in the filesystem-level keyring.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 	struct key *ci_master_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 	 * Link in list of inodes that were unlocked with the master key.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 	 * Only used when ->ci_master_key is set.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 	struct list_head ci_master_key_link;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 	 * If non-NULL, then encryption is done using the master key directly
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 	 * and ci_enc_key will equal ci_direct_key->dk_key.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 	struct fscrypt_direct_key *ci_direct_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 	 * This inode's hash key for filenames.  This is a 128-bit SipHash-2-4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 	 * key.  This is only set for directories that use a keyed dirhash over
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 	 * the plaintext filenames -- currently just casefolded directories.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 	siphash_key_t ci_dirhash_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 	bool ci_dirhash_key_initialized;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 	/* The encryption policy used by this inode */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 	union fscrypt_policy ci_policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 	/* This inode's nonce, copied from the fscrypt_context */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) 	u8 ci_nonce[FSCRYPT_FILE_NONCE_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 	/* Hashed inode number.  Only set for IV_INO_LBLK_32 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) 	u32 ci_hashed_ino;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) typedef enum {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) 	FS_DECRYPT = 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) 	FS_ENCRYPT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) } fscrypt_direction_t;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) /* crypto.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) extern struct kmem_cache *fscrypt_info_cachep;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) int fscrypt_initialize(unsigned int cop_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) int fscrypt_crypt_block(const struct inode *inode, fscrypt_direction_t rw,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) 			u64 lblk_num, struct page *src_page,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) 			struct page *dest_page, unsigned int len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) 			unsigned int offs, gfp_t gfp_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) struct page *fscrypt_alloc_bounce_page(gfp_t gfp_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) void __printf(3, 4) __cold
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) fscrypt_msg(const struct inode *inode, const char *level, const char *fmt, ...);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) #define fscrypt_warn(inode, fmt, ...)		\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) 	fscrypt_msg((inode), KERN_WARNING, fmt, ##__VA_ARGS__)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) #define fscrypt_err(inode, fmt, ...)		\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) 	fscrypt_msg((inode), KERN_ERR, fmt, ##__VA_ARGS__)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) #define FSCRYPT_MAX_IV_SIZE	32
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) union fscrypt_iv {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) 	struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) 		/* logical block number within the file */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) 		__le64 lblk_num;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) 		/* per-file nonce; only set in DIRECT_KEY mode */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) 		u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) 	};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) 	u8 raw[FSCRYPT_MAX_IV_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) 	__le64 dun[FSCRYPT_MAX_IV_SIZE / sizeof(__le64)];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) 			 const struct fscrypt_info *ci);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) /* fname.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) 			  u8 *out, unsigned int olen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) bool fscrypt_fname_encrypted_size(const union fscrypt_policy *policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) 				  u32 orig_len, u32 max_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) 				  u32 *encrypted_len_ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) /* hkdf.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) struct fscrypt_hkdf {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) 	struct crypto_shash *hmac_tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) int fscrypt_init_hkdf(struct fscrypt_hkdf *hkdf, const u8 *master_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) 		      unsigned int master_key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313)  * The list of contexts in which fscrypt uses HKDF.  These values are used as
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314)  * the first byte of the HKDF application-specific info string to guarantee that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315)  * info strings are never repeated between contexts.  This ensures that all HKDF
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316)  * outputs are unique and cryptographically isolated, i.e. knowledge of one
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317)  * output doesn't reveal another.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) #define HKDF_CONTEXT_KEY_IDENTIFIER	1 /* info=<empty>		*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) #define HKDF_CONTEXT_PER_FILE_ENC_KEY	2 /* info=file_nonce		*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) #define HKDF_CONTEXT_DIRECT_KEY		3 /* info=mode_num		*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) #define HKDF_CONTEXT_IV_INO_LBLK_64_KEY	4 /* info=mode_num||fs_uuid	*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) #define HKDF_CONTEXT_DIRHASH_KEY	5 /* info=file_nonce		*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) #define HKDF_CONTEXT_IV_INO_LBLK_32_KEY	6 /* info=mode_num||fs_uuid	*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) #define HKDF_CONTEXT_INODE_HASH_KEY	7 /* info=<empty>		*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) int fscrypt_hkdf_expand(const struct fscrypt_hkdf *hkdf, u8 context,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) 			const u8 *info, unsigned int infolen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) 			u8 *okm, unsigned int okmlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) void fscrypt_destroy_hkdf(struct fscrypt_hkdf *hkdf);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) /* inline_crypt.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) int fscrypt_select_encryption_impl(struct fscrypt_info *ci,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) 				   bool is_hw_wrapped_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) static inline bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) fscrypt_using_inline_encryption(const struct fscrypt_info *ci)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) 	return ci->ci_inlinecrypt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) 				     const u8 *raw_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) 				     unsigned int raw_key_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) 				     bool is_hw_wrapped,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) 				     const struct fscrypt_info *ci);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) void fscrypt_destroy_inline_crypt_key(struct fscrypt_prepared_key *prep_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) extern int fscrypt_derive_raw_secret(struct super_block *sb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) 				     const u8 *wrapped_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) 				     unsigned int wrapped_key_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) 				     u8 *raw_secret,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) 				     unsigned int raw_secret_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359)  * Check whether the crypto transform or blk-crypto key has been allocated in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360)  * @prep_key, depending on which encryption implementation the file will use.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) static inline bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) fscrypt_is_key_prepared(struct fscrypt_prepared_key *prep_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) 			const struct fscrypt_info *ci)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) 	 * The two smp_load_acquire()'s here pair with the smp_store_release()'s
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) 	 * in fscrypt_prepare_inline_crypt_key() and fscrypt_prepare_key().
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) 	 * I.e., in some cases (namely, if this prep_key is a per-mode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) 	 * encryption key) another task can publish blk_key or tfm concurrently,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) 	 * executing a RELEASE barrier.  We need to use smp_load_acquire() here
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) 	 * to safely ACQUIRE the memory the other task published.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) 	if (fscrypt_using_inline_encryption(ci))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) 		return smp_load_acquire(&prep_key->blk_key) != NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) 	return smp_load_acquire(&prep_key->tfm) != NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) static inline int fscrypt_select_encryption_impl(struct fscrypt_info *ci,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) 						 bool is_hw_wrapped_key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) static inline bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) fscrypt_using_inline_encryption(const struct fscrypt_info *ci)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) 	return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) static inline int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) 				 const u8 *raw_key, unsigned int raw_key_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) 				 bool is_hw_wrapped,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) 				 const struct fscrypt_info *ci)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) 	WARN_ON(1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) 	return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) static inline void
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) fscrypt_destroy_inline_crypt_key(struct fscrypt_prepared_key *prep_key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) static inline int fscrypt_derive_raw_secret(struct super_block *sb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) 					    const u8 *wrapped_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) 					    unsigned int wrapped_key_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) 					    u8 *raw_secret,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) 					    unsigned int raw_secret_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) 	fscrypt_warn(NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) 		     "kernel built without support for hardware-wrapped keys");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) 	return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) static inline bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) fscrypt_is_key_prepared(struct fscrypt_prepared_key *prep_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) 			const struct fscrypt_info *ci)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) 	return smp_load_acquire(&prep_key->tfm) != NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) /* keyring.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430)  * fscrypt_master_key_secret - secret key material of an in-use master key
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) struct fscrypt_master_key_secret {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) 	 * For v2 policy keys: HKDF context keyed by this master key.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) 	 * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) 	struct fscrypt_hkdf	hkdf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) 	/* Size of the raw key in bytes.  Set even if ->raw isn't set. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) 	u32			size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) 	/* True if the key in ->raw is a hardware-wrapped key. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) 	bool			is_hw_wrapped;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) 	 * For v1 policy keys: the raw key.  Wiped for v2 policy keys, unless
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) 	 * ->is_hw_wrapped is true, in which case this contains the wrapped key
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) 	 * rather than the key with which 'hkdf' was keyed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) 	u8			raw[FSCRYPT_MAX_HW_WRAPPED_KEY_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) } __randomize_layout;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456)  * fscrypt_master_key - an in-use master key
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458)  * This represents a master encryption key which has been added to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459)  * filesystem and can be used to "unlock" the encrypted files which were
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460)  * encrypted with it.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) struct fscrypt_master_key {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) 	 * The secret key material.  After FS_IOC_REMOVE_ENCRYPTION_KEY is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) 	 * executed, this is wiped and no new inodes can be unlocked with this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) 	 * key; however, there may still be inodes in ->mk_decrypted_inodes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) 	 * which could not be evicted.  As long as some inodes still remain,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) 	 * FS_IOC_REMOVE_ENCRYPTION_KEY can be retried, or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) 	 * FS_IOC_ADD_ENCRYPTION_KEY can add the secret again.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) 	 *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) 	 * Locking: protected by this master key's key->sem.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) 	struct fscrypt_master_key_secret	mk_secret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) 	 * For v1 policy keys: an arbitrary key descriptor which was assigned by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) 	 * userspace (->descriptor).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) 	 *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) 	 * For v2 policy keys: a cryptographic hash of this key (->identifier).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) 	struct fscrypt_key_specifier		mk_spec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) 	 * Keyring which contains a key of type 'key_type_fscrypt_user' for each
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) 	 * user who has added this key.  Normally each key will be added by just
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) 	 * one user, but it's possible that multiple users share a key, and in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) 	 * that case we need to keep track of those users so that one user can't
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) 	 * remove the key before the others want it removed too.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) 	 *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) 	 * This is NULL for v1 policy keys; those can only be added by root.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) 	 *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) 	 * Locking: in addition to this keyring's own semaphore, this is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) 	 * protected by this master key's key->sem, so we can do atomic
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) 	 * search+insert.  It can also be searched without taking any locks, but
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) 	 * in that case the returned key may have already been removed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) 	struct key		*mk_users;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) 	 * Length of ->mk_decrypted_inodes, plus one if mk_secret is present.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) 	 * Once this goes to 0, the master key is removed from ->s_master_keys.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) 	 * The 'struct fscrypt_master_key' will continue to live as long as the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) 	 * 'struct key' whose payload it is, but we won't let this reference
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) 	 * count rise again.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) 	refcount_t		mk_refcount;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) 	 * List of inodes that were unlocked using this key.  This allows the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) 	 * inodes to be evicted efficiently if the key is removed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) 	struct list_head	mk_decrypted_inodes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) 	spinlock_t		mk_decrypted_inodes_lock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) 	 * Per-mode encryption keys for the various types of encryption policies
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) 	 * that use them.  Allocated and derived on-demand.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) 	struct fscrypt_prepared_key mk_direct_keys[FSCRYPT_MODE_MAX + 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) 	struct fscrypt_prepared_key mk_iv_ino_lblk_64_keys[FSCRYPT_MODE_MAX + 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) 	struct fscrypt_prepared_key mk_iv_ino_lblk_32_keys[FSCRYPT_MODE_MAX + 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) 	/* Hash key for inode numbers.  Initialized only when needed. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) 	siphash_key_t		mk_ino_hash_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) 	bool			mk_ino_hash_key_initialized;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) } __randomize_layout;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) static inline bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) is_master_key_secret_present(const struct fscrypt_master_key_secret *secret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) 	 * The READ_ONCE() is only necessary for fscrypt_drop_inode() and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) 	 * fscrypt_key_describe().  These run in atomic context, so they can't
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) 	 * take the key semaphore and thus 'secret' can change concurrently
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) 	 * which would be a data race.  But they only need to know whether the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) 	 * secret *was* present at the time of check, so READ_ONCE() suffices.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) 	return READ_ONCE(secret->size) != 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) static inline const char *master_key_spec_type(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) 				const struct fscrypt_key_specifier *spec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) 	switch (spec->type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) 	case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) 		return "descriptor";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) 	case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) 		return "identifier";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) 	return "[unknown]";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) static inline int master_key_spec_len(const struct fscrypt_key_specifier *spec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) 	switch (spec->type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) 	case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) 		return FSCRYPT_KEY_DESCRIPTOR_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560) 	case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) 		return FSCRYPT_KEY_IDENTIFIER_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) struct key *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) fscrypt_find_master_key(struct super_block *sb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) 			const struct fscrypt_key_specifier *mk_spec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) int fscrypt_add_test_dummy_key(struct super_block *sb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) 			       struct fscrypt_key_specifier *key_spec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) int fscrypt_verify_key_added(struct super_block *sb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) 			     const u8 identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) int __init fscrypt_init_keyring(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) /* keysetup.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) struct fscrypt_mode {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581) 	const char *friendly_name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) 	const char *cipher_str;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) 	int keysize;		/* key size in bytes */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) 	int security_strength;	/* security strength in bytes */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) 	int ivsize;		/* IV size in bytes */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) 	int logged_impl_name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) 	enum blk_crypto_mode_num blk_crypto_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) extern struct fscrypt_mode fscrypt_modes[];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) int fscrypt_prepare_key(struct fscrypt_prepared_key *prep_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) 			const u8 *raw_key, unsigned int raw_key_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) 			bool is_hw_wrapped, const struct fscrypt_info *ci);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) void fscrypt_destroy_prepared_key(struct fscrypt_prepared_key *prep_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) int fscrypt_set_per_file_enc_key(struct fscrypt_info *ci, const u8 *raw_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) int fscrypt_derive_dirhash_key(struct fscrypt_info *ci,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) 			       const struct fscrypt_master_key *mk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) void fscrypt_hash_inode_number(struct fscrypt_info *ci,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) 			       const struct fscrypt_master_key *mk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) int fscrypt_get_encryption_info(struct inode *inode, bool allow_unsupported);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609)  * fscrypt_require_key() - require an inode's encryption key
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610)  * @inode: the inode we need the key for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612)  * If the inode is encrypted, set up its encryption key if not already done.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613)  * Then require that the key be present and return -ENOKEY otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615)  * No locks are needed, and the key will live as long as the struct inode --- so
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616)  * it won't go away from under you.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618)  * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619)  * if a problem occurred while setting up the encryption key.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) static inline int fscrypt_require_key(struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) 	if (IS_ENCRYPTED(inode)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) 		int err = fscrypt_get_encryption_info(inode, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) 		if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) 			return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) 		if (!fscrypt_has_encryption_key(inode))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629) 			return -ENOKEY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) /* keysetup_v1.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) void fscrypt_put_direct_key(struct fscrypt_direct_key *dk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) int fscrypt_setup_v1_file_key(struct fscrypt_info *ci,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) 			      const u8 *raw_master_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) int fscrypt_setup_v1_file_key_via_subscribed_keyrings(struct fscrypt_info *ci);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) /* policy.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) bool fscrypt_policies_equal(const union fscrypt_policy *policy1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) 			    const union fscrypt_policy *policy2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) bool fscrypt_supported_policy(const union fscrypt_policy *policy_u,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648) 			      const struct inode *inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) int fscrypt_policy_from_context(union fscrypt_policy *policy_u,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650) 				const union fscrypt_context *ctx_u,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) 				int ctx_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) const union fscrypt_policy *fscrypt_policy_to_inherit(struct inode *dir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) #endif /* _FSCRYPT_PRIVATE_H */
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.