| crypto.c (69e6cdd0cf16f645be39038e5ccc9379e3923d00) | crypto.c (b98701df349b7003efd52d9330acbb7be5a255c6) |
|---|---|
| 1/* 2 * This contains encryption functions for per-file encryption. 3 * 4 * Copyright (C) 2015, Google, Inc. 5 * Copyright (C) 2015, Motorola Mobility 6 * 7 * Written by Michael Halcrow, 2014. 8 * --- 74 unchanged lines hidden (view full) --- 83 * @inode: The inode for which we are doing the crypto 84 * @gfp_flags: The gfp flag for memory allocation 85 * 86 * Allocates and initializes an encryption context. 87 * 88 * Return: An allocated and initialized encryption context on success; error 89 * value or NULL otherwise. 90 */ | 1/* 2 * This contains encryption functions for per-file encryption. 3 * 4 * Copyright (C) 2015, Google, Inc. 5 * Copyright (C) 2015, Motorola Mobility 6 * 7 * Written by Michael Halcrow, 2014. 8 * --- 74 unchanged lines hidden (view full) --- 83 * @inode: The inode for which we are doing the crypto 84 * @gfp_flags: The gfp flag for memory allocation 85 * 86 * Allocates and initializes an encryption context. 87 * 88 * Return: An allocated and initialized encryption context on success; error 89 * value or NULL otherwise. 90 */ |
| 91struct fscrypt_ctx *fscrypt_get_ctx(struct inode *inode, gfp_t gfp_flags) | 91struct fscrypt_ctx *fscrypt_get_ctx(const struct inode *inode, gfp_t gfp_flags) |
| 92{ 93 struct fscrypt_ctx *ctx = NULL; 94 struct fscrypt_info *ci = inode->i_crypt_info; 95 unsigned long flags; 96 97 if (ci == NULL) 98 return ERR_PTR(-ENOKEY); 99 --- 41 unchanged lines hidden (view full) --- 141 complete(&ecr->completion); 142} 143 144typedef enum { 145 FS_DECRYPT = 0, 146 FS_ENCRYPT, 147} fscrypt_direction_t; 148 | 92{ 93 struct fscrypt_ctx *ctx = NULL; 94 struct fscrypt_info *ci = inode->i_crypt_info; 95 unsigned long flags; 96 97 if (ci == NULL) 98 return ERR_PTR(-ENOKEY); 99 --- 41 unchanged lines hidden (view full) --- 141 complete(&ecr->completion); 142} 143 144typedef enum { 145 FS_DECRYPT = 0, 146 FS_ENCRYPT, 147} fscrypt_direction_t; 148 |
| 149static int do_page_crypto(struct inode *inode, | 149static int do_page_crypto(const struct inode *inode, |
| 150 fscrypt_direction_t rw, pgoff_t index, 151 struct page *src_page, struct page *dest_page, | 150 fscrypt_direction_t rw, pgoff_t index, 151 struct page *src_page, struct page *dest_page, |
| 152 unsigned int src_len, unsigned int src_offset, |
|
| 152 gfp_t gfp_flags) 153{ 154 struct { 155 __le64 index; 156 u8 padding[FS_XTS_TWEAK_SIZE - sizeof(__le64)]; 157 } xts_tweak; 158 struct skcipher_request *req = NULL; 159 DECLARE_FS_COMPLETION_RESULT(ecr); --- 14 unchanged lines hidden (view full) --- 174 req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, 175 page_crypt_complete, &ecr); 176 177 BUILD_BUG_ON(sizeof(xts_tweak) != FS_XTS_TWEAK_SIZE); 178 xts_tweak.index = cpu_to_le64(index); 179 memset(xts_tweak.padding, 0, sizeof(xts_tweak.padding)); 180 181 sg_init_table(&dst, 1); | 153 gfp_t gfp_flags) 154{ 155 struct { 156 __le64 index; 157 u8 padding[FS_XTS_TWEAK_SIZE - sizeof(__le64)]; 158 } xts_tweak; 159 struct skcipher_request *req = NULL; 160 DECLARE_FS_COMPLETION_RESULT(ecr); --- 14 unchanged lines hidden (view full) --- 175 req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, 176 page_crypt_complete, &ecr); 177 178 BUILD_BUG_ON(sizeof(xts_tweak) != FS_XTS_TWEAK_SIZE); 179 xts_tweak.index = cpu_to_le64(index); 180 memset(xts_tweak.padding, 0, sizeof(xts_tweak.padding)); 181 182 sg_init_table(&dst, 1); |
| 182 sg_set_page(&dst, dest_page, PAGE_SIZE, 0); | 183 sg_set_page(&dst, dest_page, src_len, src_offset); |
| 183 sg_init_table(&src, 1); | 184 sg_init_table(&src, 1); |
| 184 sg_set_page(&src, src_page, PAGE_SIZE, 0); 185 skcipher_request_set_crypt(req, &src, &dst, PAGE_SIZE, &xts_tweak); | 185 sg_set_page(&src, src_page, src_len, src_offset); 186 skcipher_request_set_crypt(req, &src, &dst, src_len, &xts_tweak); |
| 186 if (rw == FS_DECRYPT) 187 res = crypto_skcipher_decrypt(req); 188 else 189 res = crypto_skcipher_encrypt(req); 190 if (res == -EINPROGRESS || res == -EBUSY) { 191 BUG_ON(req->base.data != &ecr); 192 wait_for_completion(&ecr.completion); 193 res = ecr.res; --- 14 unchanged lines hidden (view full) --- 208 if (ctx->w.bounce_page == NULL) 209 return ERR_PTR(-ENOMEM); 210 ctx->flags |= FS_WRITE_PATH_FL; 211 return ctx->w.bounce_page; 212} 213 214/** 215 * fscypt_encrypt_page() - Encrypts a page | 187 if (rw == FS_DECRYPT) 188 res = crypto_skcipher_decrypt(req); 189 else 190 res = crypto_skcipher_encrypt(req); 191 if (res == -EINPROGRESS || res == -EBUSY) { 192 BUG_ON(req->base.data != &ecr); 193 wait_for_completion(&ecr.completion); 194 res = ecr.res; --- 14 unchanged lines hidden (view full) --- 209 if (ctx->w.bounce_page == NULL) 210 return ERR_PTR(-ENOMEM); 211 ctx->flags |= FS_WRITE_PATH_FL; 212 return ctx->w.bounce_page; 213} 214 215/** 216 * fscypt_encrypt_page() - Encrypts a page |
| 216 * @inode: The inode for which the encryption should take place 217 * @plaintext_page: The page to encrypt. Must be locked. 218 * @gfp_flags: The gfp flag for memory allocation | 217 * @inode: The inode for which the encryption should take place 218 * @plaintext_page: The page to encrypt. Must be locked. 219 * @plaintext_len: Length of plaintext within page 220 * @plaintext_offset: Offset of plaintext within page 221 * @index: Index for encryption. This is mainly the page index, but 222 * but might be different for multiple calls on same page. 223 * @gfp_flags: The gfp flag for memory allocation |
| 219 * | 224 * |
| 220 * Allocates a ciphertext page and encrypts plaintext_page into it using the ctx 221 * encryption context. | 225 * Encrypts plaintext_page using the ctx encryption context. If 226 * the filesystem supports it, encryption is performed in-place, otherwise a 227 * new ciphertext_page is allocated and returned. |
| 222 * 223 * Called on the page write path. The caller must call 224 * fscrypt_restore_control_page() on the returned ciphertext page to 225 * release the bounce buffer and the encryption context. 226 * 227 * Return: An allocated page with the encrypted content on success. Else, an 228 * error value or NULL. 229 */ | 228 * 229 * Called on the page write path. The caller must call 230 * fscrypt_restore_control_page() on the returned ciphertext page to 231 * release the bounce buffer and the encryption context. 232 * 233 * Return: An allocated page with the encrypted content on success. Else, an 234 * error value or NULL. 235 */ |
| 230struct page *fscrypt_encrypt_page(struct inode *inode, 231 struct page *plaintext_page, gfp_t gfp_flags) | 236struct page *fscrypt_encrypt_page(const struct inode *inode, 237 struct page *plaintext_page, 238 unsigned int plaintext_len, 239 unsigned int plaintext_offset, 240 pgoff_t index, gfp_t gfp_flags) 241 |
| 232{ 233 struct fscrypt_ctx *ctx; | 242{ 243 struct fscrypt_ctx *ctx; |
| 234 struct page *ciphertext_page = NULL; | 244 struct page *ciphertext_page = plaintext_page; |
| 235 int err; 236 | 245 int err; 246 |
| 237 BUG_ON(!PageLocked(plaintext_page)); | 247 BUG_ON(plaintext_len % FS_CRYPTO_BLOCK_SIZE != 0); |
| 238 239 ctx = fscrypt_get_ctx(inode, gfp_flags); 240 if (IS_ERR(ctx)) 241 return (struct page *)ctx; 242 | 248 249 ctx = fscrypt_get_ctx(inode, gfp_flags); 250 if (IS_ERR(ctx)) 251 return (struct page *)ctx; 252 |
| 243 /* The encryption operation will require a bounce page. */ 244 ciphertext_page = alloc_bounce_page(ctx, gfp_flags); 245 if (IS_ERR(ciphertext_page)) 246 goto errout; | 253 if (!(inode->i_sb->s_cop->flags & FS_CFLG_INPLACE_ENCRYPTION)) { 254 /* The encryption operation will require a bounce page. */ 255 ciphertext_page = alloc_bounce_page(ctx, gfp_flags); 256 if (IS_ERR(ciphertext_page)) 257 goto errout; 258 } |
| 247 248 ctx->w.control_page = plaintext_page; | 259 260 ctx->w.control_page = plaintext_page; |
| 249 err = do_page_crypto(inode, FS_ENCRYPT, plaintext_page->index, | 261 err = do_page_crypto(inode, FS_ENCRYPT, index, |
| 250 plaintext_page, ciphertext_page, | 262 plaintext_page, ciphertext_page, |
| 263 plaintext_len, plaintext_offset, |
|
| 251 gfp_flags); 252 if (err) { 253 ciphertext_page = ERR_PTR(err); 254 goto errout; 255 } | 264 gfp_flags); 265 if (err) { 266 ciphertext_page = ERR_PTR(err); 267 goto errout; 268 } |
| 256 SetPagePrivate(ciphertext_page); 257 set_page_private(ciphertext_page, (unsigned long)ctx); 258 lock_page(ciphertext_page); | 269 if (!(inode->i_sb->s_cop->flags & FS_CFLG_INPLACE_ENCRYPTION)) { 270 SetPagePrivate(ciphertext_page); 271 set_page_private(ciphertext_page, (unsigned long)ctx); 272 lock_page(ciphertext_page); 273 } |
| 259 return ciphertext_page; 260 261errout: 262 fscrypt_release_ctx(ctx); 263 return ciphertext_page; 264} 265EXPORT_SYMBOL(fscrypt_encrypt_page); 266 267/** | 274 return ciphertext_page; 275 276errout: 277 fscrypt_release_ctx(ctx); 278 return ciphertext_page; 279} 280EXPORT_SYMBOL(fscrypt_encrypt_page); 281 282/** |
| 268 * f2crypt_decrypt_page() - Decrypts a page in-place 269 * @page: The page to decrypt. Must be locked. | 283 * fscrypt_decrypt_page() - Decrypts a page in-place 284 * @inode: Encrypted inode to decrypt. 285 * @page: The page to decrypt. Must be locked. 286 * @len: Number of bytes in @page to be decrypted. 287 * @offs: Start of data in @page. 288 * @index: Index for encryption. |
| 270 * 271 * Decrypts page in-place using the ctx encryption context. 272 * 273 * Called from the read completion callback. 274 * 275 * Return: Zero on success, non-zero otherwise. 276 */ | 289 * 290 * Decrypts page in-place using the ctx encryption context. 291 * 292 * Called from the read completion callback. 293 * 294 * Return: Zero on success, non-zero otherwise. 295 */ |
| 277int fscrypt_decrypt_page(struct page *page) | 296int fscrypt_decrypt_page(const struct inode *inode, struct page *page, 297 unsigned int len, unsigned int offs, pgoff_t index) |
| 278{ | 298{ |
| 279 BUG_ON(!PageLocked(page)); 280 281 return do_page_crypto(page->mapping->host, 282 FS_DECRYPT, page->index, page, page, GFP_NOFS); | 299 return do_page_crypto(inode, FS_DECRYPT, page->index, page, page, len, offs, 300 GFP_NOFS); |
| 283} 284EXPORT_SYMBOL(fscrypt_decrypt_page); 285 | 301} 302EXPORT_SYMBOL(fscrypt_decrypt_page); 303 |
| 286int fscrypt_zeroout_range(struct inode *inode, pgoff_t lblk, | 304int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, |
| 287 sector_t pblk, unsigned int len) 288{ 289 struct fscrypt_ctx *ctx; 290 struct page *ciphertext_page = NULL; 291 struct bio *bio; 292 int ret, err = 0; 293 294 BUG_ON(inode->i_sb->s_blocksize != PAGE_SIZE); --- 6 unchanged lines hidden (view full) --- 301 if (IS_ERR(ciphertext_page)) { 302 err = PTR_ERR(ciphertext_page); 303 goto errout; 304 } 305 306 while (len--) { 307 err = do_page_crypto(inode, FS_ENCRYPT, lblk, 308 ZERO_PAGE(0), ciphertext_page, | 305 sector_t pblk, unsigned int len) 306{ 307 struct fscrypt_ctx *ctx; 308 struct page *ciphertext_page = NULL; 309 struct bio *bio; 310 int ret, err = 0; 311 312 BUG_ON(inode->i_sb->s_blocksize != PAGE_SIZE); --- 6 unchanged lines hidden (view full) --- 319 if (IS_ERR(ciphertext_page)) { 320 err = PTR_ERR(ciphertext_page); 321 goto errout; 322 } 323 324 while (len--) { 325 err = do_page_crypto(inode, FS_ENCRYPT, lblk, 326 ZERO_PAGE(0), ciphertext_page, |
| 309 GFP_NOFS); | 327 PAGE_SIZE, 0, GFP_NOFS); |
| 310 if (err) 311 goto errout; 312 313 bio = bio_alloc(GFP_NOWAIT, 1); 314 if (!bio) { 315 err = -ENOMEM; 316 goto errout; 317 } --- 91 unchanged lines hidden (view full) --- 409 struct fscrypt_ctx *ctx = 410 container_of(work, struct fscrypt_ctx, r.work); 411 struct bio *bio = ctx->r.bio; 412 struct bio_vec *bv; 413 int i; 414 415 bio_for_each_segment_all(bv, bio, i) { 416 struct page *page = bv->bv_page; | 328 if (err) 329 goto errout; 330 331 bio = bio_alloc(GFP_NOWAIT, 1); 332 if (!bio) { 333 err = -ENOMEM; 334 goto errout; 335 } --- 91 unchanged lines hidden (view full) --- 427 struct fscrypt_ctx *ctx = 428 container_of(work, struct fscrypt_ctx, r.work); 429 struct bio *bio = ctx->r.bio; 430 struct bio_vec *bv; 431 int i; 432 433 bio_for_each_segment_all(bv, bio, i) { 434 struct page *page = bv->bv_page; |
| 417 int ret = fscrypt_decrypt_page(page); | 435 int ret = fscrypt_decrypt_page(page->mapping->host, page, 436 PAGE_SIZE, 0, page->index); |
| 418 419 if (ret) { 420 WARN_ON_ONCE(1); 421 SetPageError(page); 422 } else { 423 SetPageUptodate(page); 424 } 425 unlock_page(page); --- 90 unchanged lines hidden (view full) --- 516already_initialized: 517 mutex_unlock(&fscrypt_init_mutex); 518 return 0; 519fail: 520 fscrypt_destroy(); 521 mutex_unlock(&fscrypt_init_mutex); 522 return res; 523} | 437 438 if (ret) { 439 WARN_ON_ONCE(1); 440 SetPageError(page); 441 } else { 442 SetPageUptodate(page); 443 } 444 unlock_page(page); --- 90 unchanged lines hidden (view full) --- 535already_initialized: 536 mutex_unlock(&fscrypt_init_mutex); 537 return 0; 538fail: 539 fscrypt_destroy(); 540 mutex_unlock(&fscrypt_init_mutex); 541 return res; 542} |
| 524EXPORT_SYMBOL(fscrypt_initialize); | |
| 525 526/** 527 * fscrypt_init() - Set up for fs encryption. 528 */ 529static int __init fscrypt_init(void) 530{ 531 fscrypt_read_workqueue = alloc_workqueue("fscrypt_read_queue", 532 WQ_HIGHPRI, 0); --- 37 unchanged lines hidden --- | 543 544/** 545 * fscrypt_init() - Set up for fs encryption. 546 */ 547static int __init fscrypt_init(void) 548{ 549 fscrypt_read_workqueue = alloc_workqueue("fscrypt_read_queue", 550 WQ_HIGHPRI, 0); --- 37 unchanged lines hidden --- |