Lines Matching +full:key +full:- +full:up
1 // SPDX-License-Identifier: GPL-2.0-only
5 * Encryption hooks for higher-level filesystem operations.
11 * fscrypt_file_open() - prepare to open a possibly-encrypted regular file
13 * @filp: the struct file being set up
15 * Currently, an encrypted regular file can only be opened if its encryption key
17 * Therefore, we first set up the inode's encryption key (if not already done)
28 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
44 d_inode(dir)->i_ino); in fscrypt_file_open()
45 err = -EPERM; in fscrypt_file_open()
56 return -ENOKEY; in __fscrypt_prepare_link()
58 * We don't need to separately check that the directory inode's key is in __fscrypt_prepare_link()
59 * available, as it's implied by the dentry not being a no-key name. in __fscrypt_prepare_link()
63 return -EXDEV; in __fscrypt_prepare_link()
75 return -ENOKEY; in __fscrypt_prepare_rename()
78 * available, as it's implied by the dentries not being no-key names. in __fscrypt_prepare_rename()
85 return -EXDEV; in __fscrypt_prepare_rename()
91 return -EXDEV; in __fscrypt_prepare_rename()
100 int err = fscrypt_setup_filename(dir, &dentry->d_name, 1, fname); in __fscrypt_prepare_lookup()
102 if (err && err != -ENOENT) in __fscrypt_prepare_lookup()
105 if (fname->is_nokey_name) { in __fscrypt_prepare_lookup()
106 spin_lock(&dentry->d_lock); in __fscrypt_prepare_lookup()
107 dentry->d_flags |= DCACHE_NOKEY_NAME; in __fscrypt_prepare_lookup()
108 spin_unlock(&dentry->d_lock); in __fscrypt_prepare_lookup()
115 * fscrypt_prepare_lookup_partial() - prepare lookup without filename setup
117 * @dentry: the dentry being looked up in @dir
119 * This function should be used by the ->lookup and ->atomic_open methods of
120 * filesystems that handle filename encryption and no-key name encoding
122 * fscrypt_prepare_lookup(), this will try to set up the directory's encryption
123 * key and will set DCACHE_NOKEY_NAME on the dentry if the key is unavailable.
124 * However, this function doesn't set up a struct fscrypt_name for the filename.
126 * Return: 0 on success; -errno on error. Note that the encryption key being
129 * like the key being unavailable, so that files can still be deleted.
136 spin_lock(&dentry->d_lock); in fscrypt_prepare_lookup_partial()
137 dentry->d_flags |= DCACHE_NOKEY_NAME; in fscrypt_prepare_lookup_partial()
138 spin_unlock(&dentry->d_lock); in fscrypt_prepare_lookup_partial()
152 if (attr->ia_valid & ATTR_SIZE) in __fscrypt_prepare_setattr()
159 * fscrypt_prepare_setflags() - prepare to change flags with FS_IOC_SETFLAGS
166 * Return: 0 on success; -errno if the flags change isn't allowed or if
178 * derive the secret key needed for the dirhash. This is only possible in fscrypt_prepare_setflags()
185 ci = inode->i_crypt_info; in fscrypt_prepare_setflags()
186 if (ci->ci_policy.version != FSCRYPT_POLICY_V2) in fscrypt_prepare_setflags()
187 return -EINVAL; in fscrypt_prepare_setflags()
188 mk = ci->ci_master_key; in fscrypt_prepare_setflags()
189 down_read(&mk->mk_sem); in fscrypt_prepare_setflags()
190 if (is_master_key_secret_present(&mk->mk_secret)) in fscrypt_prepare_setflags()
193 err = -ENOKEY; in fscrypt_prepare_setflags()
194 up_read(&mk->mk_sem); in fscrypt_prepare_setflags()
201 * fscrypt_prepare_symlink() - prepare to create a possibly-encrypted symlink
206 * @disk_link: (out) the on-disk symlink target being prepared
208 * This function computes the size the symlink target will require on-disk,
209 * stores it in @disk_link->len, and validates it against @max_len. An
212 * Additionally, @disk_link->name is set to @target if the symlink will be
215 * on-disk target later. (The reason for the two-step process is that some
219 * Return: 0 on success, -ENAMETOOLONG if the symlink target is too long,
220 * -ENOKEY if the encryption key is missing, or another -errno code if a problem
221 * occurred while setting up the encryption key.
237 disk_link->name = (unsigned char *)target; in fscrypt_prepare_symlink()
238 disk_link->len = len + 1; in fscrypt_prepare_symlink()
239 if (disk_link->len > max_len) in fscrypt_prepare_symlink()
240 return -ENAMETOOLONG; in fscrypt_prepare_symlink()
258 max_len - sizeof(struct fscrypt_symlink_data) - 1, in fscrypt_prepare_symlink()
259 &disk_link->len)) in fscrypt_prepare_symlink()
260 return -ENAMETOOLONG; in fscrypt_prepare_symlink()
261 disk_link->len += sizeof(struct fscrypt_symlink_data) + 1; in fscrypt_prepare_symlink()
263 disk_link->name = NULL; in fscrypt_prepare_symlink()
277 * fscrypt_prepare_new_inode() should have already set up the new in __fscrypt_encrypt_symlink()
278 * symlink inode's encryption key. We don't wait until now to do it, in __fscrypt_encrypt_symlink()
282 return -ENOKEY; in __fscrypt_encrypt_symlink()
284 if (disk_link->name) { in __fscrypt_encrypt_symlink()
285 /* filesystem-provided buffer */ in __fscrypt_encrypt_symlink()
286 sd = (struct fscrypt_symlink_data *)disk_link->name; in __fscrypt_encrypt_symlink()
288 sd = kmalloc(disk_link->len, GFP_NOFS); in __fscrypt_encrypt_symlink()
290 return -ENOMEM; in __fscrypt_encrypt_symlink()
292 ciphertext_len = disk_link->len - sizeof(*sd) - 1; in __fscrypt_encrypt_symlink()
293 sd->len = cpu_to_le16(ciphertext_len); in __fscrypt_encrypt_symlink()
295 err = fscrypt_fname_encrypt(inode, &iname, sd->encrypted_path, in __fscrypt_encrypt_symlink()
301 * Null-terminating the ciphertext doesn't make sense, but we still in __fscrypt_encrypt_symlink()
305 sd->encrypted_path[ciphertext_len] = '\0'; in __fscrypt_encrypt_symlink()
308 err = -ENOMEM; in __fscrypt_encrypt_symlink()
309 inode->i_link = kmemdup(target, len + 1, GFP_NOFS); in __fscrypt_encrypt_symlink()
310 if (!inode->i_link) in __fscrypt_encrypt_symlink()
313 if (!disk_link->name) in __fscrypt_encrypt_symlink()
314 disk_link->name = (unsigned char *)sd; in __fscrypt_encrypt_symlink()
318 if (!disk_link->name) in __fscrypt_encrypt_symlink()
325 * fscrypt_get_symlink() - get the target of an encrypted symlink
327 * @caddr: the on-disk contents of the symlink
329 * @done: if successful, will be set up to free the returned target if needed
331 * If the symlink's encryption key is available, we decrypt its target.
349 return ERR_PTR(-EINVAL); in fscrypt_get_symlink()
352 pstr.name = READ_ONCE(inode->i_link); in fscrypt_get_symlink()
357 * Try to set up the symlink's encryption key, but we can continue in fscrypt_get_symlink()
358 * regardless of whether the key is available or not. in fscrypt_get_symlink()
371 return ERR_PTR(-EUCLEAN); in fscrypt_get_symlink()
373 cstr.name = (unsigned char *)sd->encrypted_path; in fscrypt_get_symlink()
374 cstr.len = le16_to_cpu(sd->len); in fscrypt_get_symlink()
377 return ERR_PTR(-EUCLEAN); in fscrypt_get_symlink()
380 return ERR_PTR(-EUCLEAN); in fscrypt_get_symlink()
390 err = -EUCLEAN; in fscrypt_get_symlink()
398 * symlink targets encoded without the key, since those become outdated in fscrypt_get_symlink()
399 * once the key is added. This pairs with the READ_ONCE() above and in in fscrypt_get_symlink()
403 cmpxchg_release(&inode->i_link, NULL, pstr.name) != NULL) in fscrypt_get_symlink()
415 * fscrypt_symlink_getattr() - set the correct st_size for encrypted symlinks
420 * symlink target (or the no-key encoded symlink target, if the key is
425 * This requires reading the symlink target from disk if needed, setting up the
426 * inode's encryption key if possible, and then decrypting or encoding the
428 * case. However, decrypted symlink targets will be cached in ->i_link, so
432 * Return: 0 on success, -errno on failure
436 struct dentry *dentry = path->dentry; in fscrypt_symlink_getattr()
443 * decrypted target or the no-key encoded target), we can just get it in in fscrypt_symlink_getattr()
446 link = READ_ONCE(inode->i_link); in fscrypt_symlink_getattr()
448 link = inode->i_op->get_link(dentry, inode, &done); in fscrypt_symlink_getattr()
452 stat->size = strlen(link); in fscrypt_symlink_getattr()