xref: /openbmc/linux/fs/ceph/crypto.h (revision 5c64737d253683b7d138dde0da513a9ade16a170)

/* SPDX-License-Identifier: GPL-2.0 */
/*
 * Ceph fscrypt functionality
 */

#ifndef _CEPH_CRYPTO_H
#define _CEPH_CRYPTO_H

#include <crypto/sha2.h>
#include <linux/fscrypt.h>

#define CEPH_FSCRYPT_BLOCK_SHIFT   12
#define CEPH_FSCRYPT_BLOCK_SIZE    (_AC(1, UL) << CEPH_FSCRYPT_BLOCK_SHIFT)
#define CEPH_FSCRYPT_BLOCK_MASK	   (~(CEPH_FSCRYPT_BLOCK_SIZE-1))

struct ceph_fs_client;
struct ceph_acl_sec_ctx;
struct ceph_mds_request;

struct ceph_fname {
	struct inode	*dir;
	char		*name;		// b64 encoded, possibly hashed
	unsigned char	*ctext;		// binary crypttext (if any)
	u32		name_len;	// length of name buffer
	u32		ctext_len;	// length of crypttext
	bool		no_copy;
};

/*
 * Header for the crypted file when truncating the size, this
 * will be sent to MDS, and the MDS will update the encrypted
 * last block and then truncate the size.
 */
struct ceph_fscrypt_truncate_size_header {
	__u8  ver;
	__u8  compat;

	/*
	 * It will be sizeof(assert_ver + file_offset + block_size)
	 * if the last block is empty when it's located in a file
	 * hole. Or the data_len will plus CEPH_FSCRYPT_BLOCK_SIZE.
	 */
	__le32 data_len;

	__le64 change_attr;
	__le64 file_offset;
	__le32 block_size;
} __packed;

struct ceph_fscrypt_auth {
	__le32	cfa_version;
	__le32	cfa_blob_len;
	u8	cfa_blob[FSCRYPT_SET_CONTEXT_MAX_SIZE];
} __packed;

#define CEPH_FSCRYPT_AUTH_VERSION	1
static inline u32 ceph_fscrypt_auth_len(struct ceph_fscrypt_auth *fa)
{
	u32 ctxsize = le32_to_cpu(fa->cfa_blob_len);

	return offsetof(struct ceph_fscrypt_auth, cfa_blob) + ctxsize;
}

#ifdef CONFIG_FS_ENCRYPTION
/*
 * We want to encrypt filenames when creating them, but the encrypted
 * versions of those names may have illegal characters in them. To mitigate
 * that, we base64 encode them, but that gives us a result that can exceed
 * NAME_MAX.
 *
 * Follow a similar scheme to fscrypt itself, and cap the filename to a
 * smaller size. If the ciphertext name is longer than the value below, then
 * sha256 hash the remaining bytes.
 *
 * For the fscrypt_nokey_name struct the dirhash[2] member is useless in ceph
 * so the corresponding struct will be:
 *
 * struct fscrypt_ceph_nokey_name {
 *	u8 bytes[157];
 *	u8 sha256[SHA256_DIGEST_SIZE];
 * }; // 180 bytes => 240 bytes base64-encoded, which is <= NAME_MAX (255)
 *
 * (240 bytes is the maximum size allowed for snapshot names to take into
 *  account the format: '_<SNAPSHOT-NAME>_<INODE-NUMBER>'.)
 *
 * Note that for long names that end up having their tail portion hashed, we
 * must also store the full encrypted name (in the dentry's alternate_name
 * field).
 */
#define CEPH_NOHASH_NAME_MAX (180 - SHA256_DIGEST_SIZE)

#define CEPH_BASE64_CHARS(nbytes) DIV_ROUND_UP((nbytes) * 4, 3)

int ceph_base64_encode(const u8 *src, int srclen, char *dst);
int ceph_base64_decode(const char *src, int srclen, u8 *dst);

void ceph_fscrypt_set_ops(struct super_block *sb);

void ceph_fscrypt_free_dummy_policy(struct ceph_fs_client *fsc);

int ceph_fscrypt_prepare_context(struct inode *dir, struct inode *inode,
				 struct ceph_acl_sec_ctx *as);
void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req,
				struct ceph_acl_sec_ctx *as);
int ceph_encode_encrypted_dname(const struct inode *parent,
				struct qstr *d_name, char *buf);
int ceph_encode_encrypted_fname(const struct inode *parent,
				struct dentry *dentry, char *buf);

static inline int ceph_fname_alloc_buffer(struct inode *parent,
					  struct fscrypt_str *fname)
{
	if (!IS_ENCRYPTED(parent))
		return 0;
	return fscrypt_fname_alloc_buffer(NAME_MAX, fname);
}

static inline void ceph_fname_free_buffer(struct inode *parent,
					  struct fscrypt_str *fname)
{
	if (IS_ENCRYPTED(parent))
		fscrypt_fname_free_buffer(fname);
}

int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname,
		      struct fscrypt_str *oname, bool *is_nokey);
int ceph_fscrypt_prepare_readdir(struct inode *dir);

static inline unsigned int ceph_fscrypt_blocks(u64 off, u64 len)
{
	/* crypto blocks cannot span more than one page */
	BUILD_BUG_ON(CEPH_FSCRYPT_BLOCK_SHIFT > PAGE_SHIFT);

	return ((off+len+CEPH_FSCRYPT_BLOCK_SIZE-1) >> CEPH_FSCRYPT_BLOCK_SHIFT) -
		(off >> CEPH_FSCRYPT_BLOCK_SHIFT);
}

/*
 * If we have an encrypted inode then we must adjust the offset and
 * range of the on-the-wire read to cover an entire encryption block.
 * The copy will be done using the original offset and length, after
 * we've decrypted the result.
 */
static inline void ceph_fscrypt_adjust_off_and_len(struct inode *inode,
						   u64 *off, u64 *len)
{
	if (IS_ENCRYPTED(inode)) {
		*len = ceph_fscrypt_blocks(*off, *len) * CEPH_FSCRYPT_BLOCK_SIZE;
		*off &= CEPH_FSCRYPT_BLOCK_MASK;
	}
}

int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode,
				  struct page *page, unsigned int len,
				  unsigned int offs, u64 lblk_num);
int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode,
				  struct page *page, unsigned int len,
				  unsigned int offs, u64 lblk_num,
				  gfp_t gfp_flags);
int ceph_fscrypt_decrypt_pages(struct inode *inode, struct page **page,
			       u64 off, int len);
int ceph_fscrypt_decrypt_extents(struct inode *inode, struct page **page,
				 u64 off, struct ceph_sparse_extent *map,
				 u32 ext_cnt);
int ceph_fscrypt_encrypt_pages(struct inode *inode, struct page **page, u64 off,
			       int len, gfp_t gfp);
#else /* CONFIG_FS_ENCRYPTION */

static inline void ceph_fscrypt_set_ops(struct super_block *sb)
{
}

static inline void ceph_fscrypt_free_dummy_policy(struct ceph_fs_client *fsc)
{
}

static inline int ceph_fscrypt_prepare_context(struct inode *dir,
					       struct inode *inode,
					       struct ceph_acl_sec_ctx *as)
{
	if (IS_ENCRYPTED(dir))
		return -EOPNOTSUPP;
	return 0;
}

static inline void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req,
						struct ceph_acl_sec_ctx *as_ctx)
{
}

static inline int ceph_encode_encrypted_dname(const struct inode *parent,
					      struct qstr *d_name, char *buf)
{
	memcpy(buf, d_name->name, d_name->len);
	return d_name->len;
}

static inline int ceph_encode_encrypted_fname(const struct inode *parent,
					      struct dentry *dentry, char *buf)
{
	return -EOPNOTSUPP;
}

static inline int ceph_fname_alloc_buffer(struct inode *parent,
					  struct fscrypt_str *fname)
{
	return 0;
}

static inline void ceph_fname_free_buffer(struct inode *parent,
					  struct fscrypt_str *fname)
{
}

static inline int ceph_fname_to_usr(const struct ceph_fname *fname,
				    struct fscrypt_str *tname,
				    struct fscrypt_str *oname, bool *is_nokey)
{
	oname->name = fname->name;
	oname->len = fname->name_len;
	return 0;
}

static inline int ceph_fscrypt_prepare_readdir(struct inode *dir)
{
	return 0;
}

static inline void ceph_fscrypt_adjust_off_and_len(struct inode *inode,
						   u64 *off, u64 *len)
{
}

static inline int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode,
					  struct page *page, unsigned int len,
					  unsigned int offs, u64 lblk_num)
{
	return 0;
}

static inline int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode,
					  struct page *page, unsigned int len,
					  unsigned int offs, u64 lblk_num,
					  gfp_t gfp_flags)
{
	return 0;
}

static inline int ceph_fscrypt_decrypt_pages(struct inode *inode,
					     struct page **page, u64 off,
					     int len)
{
	return 0;
}

static inline int ceph_fscrypt_decrypt_extents(struct inode *inode,
					       struct page **page, u64 off,
					       struct ceph_sparse_extent *map,
					       u32 ext_cnt)
{
	return 0;
}

static inline int ceph_fscrypt_encrypt_pages(struct inode *inode,
					     struct page **page, u64 off,
					     int len, gfp_t gfp)
{
	return 0;
}
#endif /* CONFIG_FS_ENCRYPTION */

#endif