1 /* SPDX-License-Identifier: GPL-2.0 */
17 #include <linux/blk-crypto.h>
19 #define CONST_STRLEN(str)	(sizeof(str) - 1)
25  * if ciphers with a 256-bit security strength are used.  This is just the
26  * absolute minimum, which applies when only 128-bit encryption is used.
56  * fscrypt_context - the encryption context of an inode
58  * This is the on-disk equivalent of an fscrypt_policy, stored alongside each
77 	switch (ctx->version) {  in fscrypt_context_size()
79 		BUILD_BUG_ON(sizeof(ctx->v1) != 28);  in fscrypt_context_size()
80 		return sizeof(ctx->v1);  in fscrypt_context_size()
82 		BUILD_BUG_ON(sizeof(ctx->v2) != 40);  in fscrypt_context_size()
83 		return sizeof(ctx->v2);  in fscrypt_context_size()
98 	switch (ctx->version) {  in fscrypt_context_nonce()
100 		return ctx->v1.nonce;  in fscrypt_context_nonce()
102 		return ctx->v2.nonce;  in fscrypt_context_nonce()
120 	switch (policy->version) {  in fscrypt_policy_size()
122 		return sizeof(policy->v1);  in fscrypt_policy_size()
124 		return sizeof(policy->v2);  in fscrypt_policy_size()
133 	switch (policy->version) {  in fscrypt_policy_contents_mode()
135 		return policy->v1.contents_encryption_mode;  in fscrypt_policy_contents_mode()
137 		return policy->v2.contents_encryption_mode;  in fscrypt_policy_contents_mode()
146 	switch (policy->version) {  in fscrypt_policy_fnames_mode()
148 		return policy->v1.filenames_encryption_mode;  in fscrypt_policy_fnames_mode()
150 		return policy->v2.filenames_encryption_mode;  in fscrypt_policy_fnames_mode()
159 	switch (policy->version) {  in fscrypt_policy_flags()
161 		return policy->v1.flags;  in fscrypt_policy_flags()
163 		return policy->v2.flags;  in fscrypt_policy_flags()
170  * of the string in little-endian format.
178  * struct fscrypt_prepared_key - a key prepared for actual encryption/decryption
180  * @blk_key: key for blk-crypto
182  * Normally only one of the fields will be non-NULL.
192  * fscrypt_info - the "encryption key" for an inode
195  * allocated and stored in ->i_crypt_info.  Once created, it remains until the
208 	 * True if this inode will use inline encryption (blk-crypto) instead of
209 	 * the traditional filesystem-layer encryption.
220 	/* Back-pointer to the inode */
225 	 * will be NULL if the master key was found in a process-subscribed
226 	 * keyring rather than in the filesystem-level keyring.
232 	 * Only used when ->ci_master_key is set.
237 	 * If non-NULL, then encryption is done using the master key directly
238 	 * and ci_enc_key will equal ci_direct_key->dk_key.
243 	 * This inode's hash key for filenames.  This is a 128-bit SipHash-2-4
245 	 * the plaintext filenames -- currently just casefolded directories.
289 		/* per-file nonce; only set in DIRECT_KEY mode */
314  * the first byte of the HKDF application-specific info string to guarantee that
340 	return ci->ci_inlinecrypt;  in fscrypt_using_inline_encryption()
351  * Check whether the crypto transform or blk-crypto key has been allocated in
361 	 * I.e., in some cases (namely, if this prep_key is a per-mode  in fscrypt_is_key_prepared()
367 		return smp_load_acquire(&prep_key->blk_key) != NULL;  in fscrypt_is_key_prepared()
368 	return smp_load_acquire(&prep_key->tfm) != NULL;  in fscrypt_is_key_prepared()
390 	return -EOPNOTSUPP;  in fscrypt_prepare_inline_crypt_key()
403 	return smp_load_acquire(&prep_key->tfm) != NULL;  in fscrypt_is_key_prepared()
410  * fscrypt_master_key_secret - secret key material of an in-use master key
415 	 * For v2 policy keys: HKDF context keyed by this master key.
416 	 * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).
421 	 * Size of the raw key in bytes.  This remains set even if ->raw was
427 	/* For v1 policy keys: the raw key.  Wiped for v2 policy keys. */
433  * fscrypt_master_key - an in-use master key
436  * filesystem and can be used to "unlock" the encrypted files which were
442 	 * Back-pointer to the super_block of the filesystem to which this
443 	 * master key has been added.  Only valid if ->mk_active_refs > 0.
448 	 * Link in ->mk_sb->s_master_keys->key_hashtable.
449 	 * Only valid if ->mk_active_refs > 0.
453 	/* Semaphore that protects ->mk_secret and ->mk_users */
459 	 * ->mk_sb->s_master_keys, and that any embedded subkeys (e.g.
460 	 * ->mk_direct_keys) that have been prepared continue to exist.
463 	 * There is one active ref associated with ->mk_secret being present,
464 	 * and one active ref for each inode in ->mk_decrypted_inodes.
478 	 * key; however, there may still be inodes in ->mk_decrypted_inodes
483 	 * While ->mk_secret is present, one ref in ->mk_active_refs is held.
485 	 * Locking: protected by ->mk_sem.  The manipulation of ->mk_active_refs
486 	 *	    associated with this field is protected by ->mk_sem as well.
491 	 * For v1 policy keys: an arbitrary key descriptor which was assigned by
492 	 * userspace (->descriptor).
494 	 * For v2 policy keys: a cryptographic hash of this key (->identifier).
505 	 * This is NULL for v1 policy keys; those can only be added by root.
507 	 * Locking: protected by ->mk_sem.  (We don't just rely on the keyrings
508 	 * subsystem semaphore ->mk_users->sem, as we need support for atomic
509 	 * search+insert along with proper synchronization with ->mk_secret.)
521 	 * Per-mode encryption keys for the various types of encryption policies
522 	 * that use them.  Allocated and derived on-demand.
544 	return READ_ONCE(secret->size) != 0;  in is_master_key_secret_present()
550 	switch (spec->type) {  in master_key_spec_type()
561 	switch (spec->type) {  in master_key_spec_len()
619  * fscrypt_require_key() - require an inode's encryption key
623  * Then require that the key be present and return -ENOKEY otherwise.
625  * No locks are needed, and the key will live as long as the struct inode --- so
628  * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
639 			return -ENOKEY;  in fscrypt_require_key()