1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * The base64 encode/decode code was copied from fscrypt: 4 * Copyright (C) 2015, Google, Inc. 5 * Copyright (C) 2015, Motorola Mobility 6 * Written by Uday Savagaonkar, 2014. 7 * Modified by Jaegeuk Kim, 2015. 8 */ 9 #include <linux/ceph/ceph_debug.h> 10 #include <linux/xattr.h> 11 #include <linux/fscrypt.h> 12 #include <linux/ceph/striper.h> 13 14 #include "super.h" 15 #include "mds_client.h" 16 #include "crypto.h" 17 18 /* 19 * The base64url encoding used by fscrypt includes the '_' character, which may 20 * cause problems in snapshot names (which can not start with '_'). Thus, we 21 * used the base64 encoding defined for IMAP mailbox names (RFC 3501) instead, 22 * which replaces '-' and '_' by '+' and ','. 23 */ 24 static const char base64_table[65] = 25 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,"; 26 27 int ceph_base64_encode(const u8 *src, int srclen, char *dst) 28 { 29 u32 ac = 0; 30 int bits = 0; 31 int i; 32 char *cp = dst; 33 34 for (i = 0; i < srclen; i++) { 35 ac = (ac << 8) | src[i]; 36 bits += 8; 37 do { 38 bits -= 6; 39 *cp++ = base64_table[(ac >> bits) & 0x3f]; 40 } while (bits >= 6); 41 } 42 if (bits) 43 *cp++ = base64_table[(ac << (6 - bits)) & 0x3f]; 44 return cp - dst; 45 } 46 47 int ceph_base64_decode(const char *src, int srclen, u8 *dst) 48 { 49 u32 ac = 0; 50 int bits = 0; 51 int i; 52 u8 *bp = dst; 53 54 for (i = 0; i < srclen; i++) { 55 const char *p = strchr(base64_table, src[i]); 56 57 if (p == NULL || src[i] == 0) 58 return -1; 59 ac = (ac << 6) | (p - base64_table); 60 bits += 6; 61 if (bits >= 8) { 62 bits -= 8; 63 *bp++ = (u8)(ac >> bits); 64 } 65 } 66 if (ac & ((1 << bits) - 1)) 67 return -1; 68 return bp - dst; 69 } 70 71 static int ceph_crypt_get_context(struct inode *inode, void *ctx, size_t len) 72 { 73 struct ceph_inode_info *ci = ceph_inode(inode); 74 struct ceph_fscrypt_auth *cfa = (struct ceph_fscrypt_auth *)ci->fscrypt_auth; 75 u32 ctxlen; 76 77 /* Non existent or too short? */ 78 if (!cfa || (ci->fscrypt_auth_len < (offsetof(struct ceph_fscrypt_auth, cfa_blob) + 1))) 79 return -ENOBUFS; 80 81 /* Some format we don't recognize? */ 82 if (le32_to_cpu(cfa->cfa_version) != CEPH_FSCRYPT_AUTH_VERSION) 83 return -ENOBUFS; 84 85 ctxlen = le32_to_cpu(cfa->cfa_blob_len); 86 if (len < ctxlen) 87 return -ERANGE; 88 89 memcpy(ctx, cfa->cfa_blob, ctxlen); 90 return ctxlen; 91 } 92 93 static int ceph_crypt_set_context(struct inode *inode, const void *ctx, 94 size_t len, void *fs_data) 95 { 96 int ret; 97 struct iattr attr = { }; 98 struct ceph_iattr cia = { }; 99 struct ceph_fscrypt_auth *cfa; 100 101 WARN_ON_ONCE(fs_data); 102 103 if (len > FSCRYPT_SET_CONTEXT_MAX_SIZE) 104 return -EINVAL; 105 106 cfa = kzalloc(sizeof(*cfa), GFP_KERNEL); 107 if (!cfa) 108 return -ENOMEM; 109 110 cfa->cfa_version = cpu_to_le32(CEPH_FSCRYPT_AUTH_VERSION); 111 cfa->cfa_blob_len = cpu_to_le32(len); 112 memcpy(cfa->cfa_blob, ctx, len); 113 114 cia.fscrypt_auth = cfa; 115 116 ret = __ceph_setattr(inode, &attr, &cia); 117 if (ret == 0) 118 inode_set_flags(inode, S_ENCRYPTED, S_ENCRYPTED); 119 kfree(cia.fscrypt_auth); 120 return ret; 121 } 122 123 static bool ceph_crypt_empty_dir(struct inode *inode) 124 { 125 struct ceph_inode_info *ci = ceph_inode(inode); 126 127 return ci->i_rsubdirs + ci->i_rfiles == 1; 128 } 129 130 static const union fscrypt_policy *ceph_get_dummy_policy(struct super_block *sb) 131 { 132 return ceph_sb_to_client(sb)->fsc_dummy_enc_policy.policy; 133 } 134 135 static struct fscrypt_operations ceph_fscrypt_ops = { 136 .get_context = ceph_crypt_get_context, 137 .set_context = ceph_crypt_set_context, 138 .get_dummy_policy = ceph_get_dummy_policy, 139 .empty_dir = ceph_crypt_empty_dir, 140 }; 141 142 void ceph_fscrypt_set_ops(struct super_block *sb) 143 { 144 fscrypt_set_ops(sb, &ceph_fscrypt_ops); 145 } 146 147 void ceph_fscrypt_free_dummy_policy(struct ceph_fs_client *fsc) 148 { 149 fscrypt_free_dummy_policy(&fsc->fsc_dummy_enc_policy); 150 } 151 152 int ceph_fscrypt_prepare_context(struct inode *dir, struct inode *inode, 153 struct ceph_acl_sec_ctx *as) 154 { 155 int ret, ctxsize; 156 bool encrypted = false; 157 struct ceph_inode_info *ci = ceph_inode(inode); 158 159 ret = fscrypt_prepare_new_inode(dir, inode, &encrypted); 160 if (ret) 161 return ret; 162 if (!encrypted) 163 return 0; 164 165 as->fscrypt_auth = kzalloc(sizeof(*as->fscrypt_auth), GFP_KERNEL); 166 if (!as->fscrypt_auth) 167 return -ENOMEM; 168 169 ctxsize = fscrypt_context_for_new_inode(as->fscrypt_auth->cfa_blob, 170 inode); 171 if (ctxsize < 0) 172 return ctxsize; 173 174 as->fscrypt_auth->cfa_version = cpu_to_le32(CEPH_FSCRYPT_AUTH_VERSION); 175 as->fscrypt_auth->cfa_blob_len = cpu_to_le32(ctxsize); 176 177 WARN_ON_ONCE(ci->fscrypt_auth); 178 kfree(ci->fscrypt_auth); 179 ci->fscrypt_auth_len = ceph_fscrypt_auth_len(as->fscrypt_auth); 180 ci->fscrypt_auth = kmemdup(as->fscrypt_auth, ci->fscrypt_auth_len, 181 GFP_KERNEL); 182 if (!ci->fscrypt_auth) 183 return -ENOMEM; 184 185 inode->i_flags |= S_ENCRYPTED; 186 187 return 0; 188 } 189 190 void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req, 191 struct ceph_acl_sec_ctx *as) 192 { 193 swap(req->r_fscrypt_auth, as->fscrypt_auth); 194 } 195 196 int ceph_encode_encrypted_dname(const struct inode *parent, 197 struct qstr *d_name, char *buf) 198 { 199 u32 len; 200 int elen; 201 int ret; 202 u8 *cryptbuf; 203 204 if (!fscrypt_has_encryption_key(parent)) { 205 memcpy(buf, d_name->name, d_name->len); 206 return d_name->len; 207 } 208 209 /* 210 * Convert cleartext d_name to ciphertext. If result is longer than 211 * CEPH_NOHASH_NAME_MAX, sha256 the remaining bytes 212 * 213 * See: fscrypt_setup_filename 214 */ 215 if (!fscrypt_fname_encrypted_size(parent, d_name->len, NAME_MAX, &len)) 216 return -ENAMETOOLONG; 217 218 /* Allocate a buffer appropriate to hold the result */ 219 cryptbuf = kmalloc(len > CEPH_NOHASH_NAME_MAX ? NAME_MAX : len, 220 GFP_KERNEL); 221 if (!cryptbuf) 222 return -ENOMEM; 223 224 ret = fscrypt_fname_encrypt(parent, d_name, cryptbuf, len); 225 if (ret) { 226 kfree(cryptbuf); 227 return ret; 228 } 229 230 /* hash the end if the name is long enough */ 231 if (len > CEPH_NOHASH_NAME_MAX) { 232 u8 hash[SHA256_DIGEST_SIZE]; 233 u8 *extra = cryptbuf + CEPH_NOHASH_NAME_MAX; 234 235 /* 236 * hash the extra bytes and overwrite crypttext beyond that 237 * point with it 238 */ 239 sha256(extra, len - CEPH_NOHASH_NAME_MAX, hash); 240 memcpy(extra, hash, SHA256_DIGEST_SIZE); 241 len = CEPH_NOHASH_NAME_MAX + SHA256_DIGEST_SIZE; 242 } 243 244 /* base64 encode the encrypted name */ 245 elen = ceph_base64_encode(cryptbuf, len, buf); 246 kfree(cryptbuf); 247 dout("base64-encoded ciphertext name = %.*s\n", elen, buf); 248 return elen; 249 } 250 251 int ceph_encode_encrypted_fname(const struct inode *parent, 252 struct dentry *dentry, char *buf) 253 { 254 WARN_ON_ONCE(!fscrypt_has_encryption_key(parent)); 255 256 return ceph_encode_encrypted_dname(parent, &dentry->d_name, buf); 257 } 258 259 /** 260 * ceph_fname_to_usr - convert a filename for userland presentation 261 * @fname: ceph_fname to be converted 262 * @tname: temporary name buffer to use for conversion (may be NULL) 263 * @oname: where converted name should be placed 264 * @is_nokey: set to true if key wasn't available during conversion (may be NULL) 265 * 266 * Given a filename (usually from the MDS), format it for presentation to 267 * userland. If @parent is not encrypted, just pass it back as-is. 268 * 269 * Otherwise, base64 decode the string, and then ask fscrypt to format it 270 * for userland presentation. 271 * 272 * Returns 0 on success or negative error code on error. 273 */ 274 int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname, 275 struct fscrypt_str *oname, bool *is_nokey) 276 { 277 int ret; 278 struct fscrypt_str _tname = FSTR_INIT(NULL, 0); 279 struct fscrypt_str iname; 280 281 if (!IS_ENCRYPTED(fname->dir)) { 282 oname->name = fname->name; 283 oname->len = fname->name_len; 284 return 0; 285 } 286 287 /* Sanity check that the resulting name will fit in the buffer */ 288 if (fname->name_len > NAME_MAX || fname->ctext_len > NAME_MAX) 289 return -EIO; 290 291 ret = ceph_fscrypt_prepare_readdir(fname->dir); 292 if (ret < 0) 293 return ret; 294 295 /* 296 * Use the raw dentry name as sent by the MDS instead of 297 * generating a nokey name via fscrypt. 298 */ 299 if (!fscrypt_has_encryption_key(fname->dir)) { 300 if (fname->no_copy) 301 oname->name = fname->name; 302 else 303 memcpy(oname->name, fname->name, fname->name_len); 304 oname->len = fname->name_len; 305 if (is_nokey) 306 *is_nokey = true; 307 return 0; 308 } 309 310 if (fname->ctext_len == 0) { 311 int declen; 312 313 if (!tname) { 314 ret = fscrypt_fname_alloc_buffer(NAME_MAX, &_tname); 315 if (ret) 316 return ret; 317 tname = &_tname; 318 } 319 320 declen = ceph_base64_decode(fname->name, fname->name_len, 321 tname->name); 322 if (declen <= 0) { 323 ret = -EIO; 324 goto out; 325 } 326 iname.name = tname->name; 327 iname.len = declen; 328 } else { 329 iname.name = fname->ctext; 330 iname.len = fname->ctext_len; 331 } 332 333 ret = fscrypt_fname_disk_to_usr(fname->dir, 0, 0, &iname, oname); 334 out: 335 fscrypt_fname_free_buffer(&_tname); 336 return ret; 337 } 338 339 /** 340 * ceph_fscrypt_prepare_readdir - simple __fscrypt_prepare_readdir() wrapper 341 * @dir: directory inode for readdir prep 342 * 343 * Simple wrapper around __fscrypt_prepare_readdir() that will mark directory as 344 * non-complete if this call results in having the directory unlocked. 345 * 346 * Returns: 347 * 1 - if directory was locked and key is now loaded (i.e. dir is unlocked) 348 * 0 - if directory is still locked 349 * < 0 - if __fscrypt_prepare_readdir() fails 350 */ 351 int ceph_fscrypt_prepare_readdir(struct inode *dir) 352 { 353 bool had_key = fscrypt_has_encryption_key(dir); 354 int err; 355 356 if (!IS_ENCRYPTED(dir)) 357 return 0; 358 359 err = __fscrypt_prepare_readdir(dir); 360 if (err) 361 return err; 362 if (!had_key && fscrypt_has_encryption_key(dir)) { 363 /* directory just got unlocked, mark it as not complete */ 364 ceph_dir_clear_complete(dir); 365 return 1; 366 } 367 return 0; 368 } 369 370 int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode, 371 struct page *page, unsigned int len, 372 unsigned int offs, u64 lblk_num) 373 { 374 dout("%s: len %u offs %u blk %llu\n", __func__, len, offs, lblk_num); 375 return fscrypt_decrypt_block_inplace(inode, page, len, offs, lblk_num); 376 } 377 378 int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode, 379 struct page *page, unsigned int len, 380 unsigned int offs, u64 lblk_num, 381 gfp_t gfp_flags) 382 { 383 dout("%s: len %u offs %u blk %llu\n", __func__, len, offs, lblk_num); 384 return fscrypt_encrypt_block_inplace(inode, page, len, offs, lblk_num, 385 gfp_flags); 386 } 387 388 /** 389 * ceph_fscrypt_decrypt_pages - decrypt an array of pages 390 * @inode: pointer to inode associated with these pages 391 * @page: pointer to page array 392 * @off: offset into the file that the read data starts 393 * @len: max length to decrypt 394 * 395 * Decrypt an array of fscrypt'ed pages and return the amount of 396 * data decrypted. Any data in the page prior to the start of the 397 * first complete block in the read is ignored. Any incomplete 398 * crypto blocks at the end of the array are ignored (and should 399 * probably be zeroed by the caller). 400 * 401 * Returns the length of the decrypted data or a negative errno. 402 */ 403 int ceph_fscrypt_decrypt_pages(struct inode *inode, struct page **page, 404 u64 off, int len) 405 { 406 int i, num_blocks; 407 u64 baseblk = off >> CEPH_FSCRYPT_BLOCK_SHIFT; 408 int ret = 0; 409 410 /* 411 * We can't deal with partial blocks on an encrypted file, so mask off 412 * the last bit. 413 */ 414 num_blocks = ceph_fscrypt_blocks(off, len & CEPH_FSCRYPT_BLOCK_MASK); 415 416 /* Decrypt each block */ 417 for (i = 0; i < num_blocks; ++i) { 418 int blkoff = i << CEPH_FSCRYPT_BLOCK_SHIFT; 419 int pgidx = blkoff >> PAGE_SHIFT; 420 unsigned int pgoffs = offset_in_page(blkoff); 421 int fret; 422 423 fret = ceph_fscrypt_decrypt_block_inplace(inode, page[pgidx], 424 CEPH_FSCRYPT_BLOCK_SIZE, pgoffs, 425 baseblk + i); 426 if (fret < 0) { 427 if (ret == 0) 428 ret = fret; 429 break; 430 } 431 ret += CEPH_FSCRYPT_BLOCK_SIZE; 432 } 433 return ret; 434 } 435 436 /** 437 * ceph_fscrypt_decrypt_extents: decrypt received extents in given buffer 438 * @inode: inode associated with pages being decrypted 439 * @page: pointer to page array 440 * @off: offset into the file that the data in page[0] starts 441 * @map: pointer to extent array 442 * @ext_cnt: length of extent array 443 * 444 * Given an extent map and a page array, decrypt the received data in-place, 445 * skipping holes. Returns the offset into buffer of end of last decrypted 446 * block. 447 */ 448 int ceph_fscrypt_decrypt_extents(struct inode *inode, struct page **page, 449 u64 off, struct ceph_sparse_extent *map, 450 u32 ext_cnt) 451 { 452 int i, ret = 0; 453 struct ceph_inode_info *ci = ceph_inode(inode); 454 u64 objno, objoff; 455 u32 xlen; 456 457 /* Nothing to do for empty array */ 458 if (ext_cnt == 0) { 459 dout("%s: empty array, ret 0\n", __func__); 460 return 0; 461 } 462 463 ceph_calc_file_object_mapping(&ci->i_layout, off, map[0].len, 464 &objno, &objoff, &xlen); 465 466 for (i = 0; i < ext_cnt; ++i) { 467 struct ceph_sparse_extent *ext = &map[i]; 468 int pgsoff = ext->off - objoff; 469 int pgidx = pgsoff >> PAGE_SHIFT; 470 int fret; 471 472 if ((ext->off | ext->len) & ~CEPH_FSCRYPT_BLOCK_MASK) { 473 pr_warn("%s: bad encrypted sparse extent idx %d off %llx len %llx\n", 474 __func__, i, ext->off, ext->len); 475 return -EIO; 476 } 477 fret = ceph_fscrypt_decrypt_pages(inode, &page[pgidx], 478 off + pgsoff, ext->len); 479 dout("%s: [%d] 0x%llx~0x%llx fret %d\n", __func__, i, 480 ext->off, ext->len, fret); 481 if (fret < 0) { 482 if (ret == 0) 483 ret = fret; 484 break; 485 } 486 ret = pgsoff + fret; 487 } 488 dout("%s: ret %d\n", __func__, ret); 489 return ret; 490 } 491 492 /** 493 * ceph_fscrypt_encrypt_pages - encrypt an array of pages 494 * @inode: pointer to inode associated with these pages 495 * @page: pointer to page array 496 * @off: offset into the file that the data starts 497 * @len: max length to encrypt 498 * @gfp: gfp flags to use for allocation 499 * 500 * Decrypt an array of cleartext pages and return the amount of 501 * data encrypted. Any data in the page prior to the start of the 502 * first complete block in the read is ignored. Any incomplete 503 * crypto blocks at the end of the array are ignored. 504 * 505 * Returns the length of the encrypted data or a negative errno. 506 */ 507 int ceph_fscrypt_encrypt_pages(struct inode *inode, struct page **page, u64 off, 508 int len, gfp_t gfp) 509 { 510 int i, num_blocks; 511 u64 baseblk = off >> CEPH_FSCRYPT_BLOCK_SHIFT; 512 int ret = 0; 513 514 /* 515 * We can't deal with partial blocks on an encrypted file, so mask off 516 * the last bit. 517 */ 518 num_blocks = ceph_fscrypt_blocks(off, len & CEPH_FSCRYPT_BLOCK_MASK); 519 520 /* Encrypt each block */ 521 for (i = 0; i < num_blocks; ++i) { 522 int blkoff = i << CEPH_FSCRYPT_BLOCK_SHIFT; 523 int pgidx = blkoff >> PAGE_SHIFT; 524 unsigned int pgoffs = offset_in_page(blkoff); 525 int fret; 526 527 fret = ceph_fscrypt_encrypt_block_inplace(inode, page[pgidx], 528 CEPH_FSCRYPT_BLOCK_SIZE, pgoffs, 529 baseblk + i, gfp); 530 if (fret < 0) { 531 if (ret == 0) 532 ret = fret; 533 break; 534 } 535 ret += CEPH_FSCRYPT_BLOCK_SIZE; 536 } 537 return ret; 538 } 539