Commit 5fee3609 authored by Satya Tangirala's avatar Satya Tangirala Committed by Eric Biggers

fscrypt: add inline encryption support

Add support for inline encryption to fs/crypto/.  With "inline
encryption", the block layer handles the decryption/encryption as part
of the bio, instead of the filesystem doing the crypto itself via
Linux's crypto API. This model is needed in order to take advantage of
the inline encryption hardware present on most modern mobile SoCs.

To use inline encryption, the filesystem needs to be mounted with
'-o inlinecrypt'. Blk-crypto will then be used instead of the traditional
filesystem-layer crypto whenever possible to encrypt the contents
of any encrypted files in that filesystem. Fscrypt still provides the key
and IV to use, and the actual ciphertext on-disk is still the same;
therefore it's testable using the existing fscrypt ciphertext verification
tests.

Note that since blk-crypto has a fallback to Linux's crypto API, and
also supports all the encryption modes currently supported by fscrypt,
this feature is usable and testable even without actual inline
encryption hardware.

Per-filesystem changes will be needed to set encryption contexts when
submitting bios and to implement the 'inlinecrypt' mount option.  This
patch just adds the common code.
Signed-off-by: default avatarSatya Tangirala <satyat@google.com>
Reviewed-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
Reviewed-by: default avatarEric Biggers <ebiggers@google.com>
Reviewed-by: default avatarTheodore Ts'o <tytso@mit.edu>
Link: https://lore.kernel.org/r/20200702015607.1215430-3-satyat@google.comCo-developed-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
parent 457e7a13
...@@ -1255,6 +1255,7 @@ f2fs encryption using `kvm-xfstests ...@@ -1255,6 +1255,7 @@ f2fs encryption using `kvm-xfstests
<https://github.com/tytso/xfstests-bld/blob/master/Documentation/kvm-quickstart.md>`_:: <https://github.com/tytso/xfstests-bld/blob/master/Documentation/kvm-quickstart.md>`_::
kvm-xfstests -c ext4,f2fs -g encrypt kvm-xfstests -c ext4,f2fs -g encrypt
kvm-xfstests -c ext4,f2fs -g encrypt -m inlinecrypt
UBIFS encryption can also be tested this way, but it should be done in UBIFS encryption can also be tested this way, but it should be done in
a separate command, and it takes some time for kvm-xfstests to set up a separate command, and it takes some time for kvm-xfstests to set up
...@@ -1276,6 +1277,7 @@ This tests the encrypted I/O paths more thoroughly. To do this with ...@@ -1276,6 +1277,7 @@ This tests the encrypted I/O paths more thoroughly. To do this with
kvm-xfstests, use the "encrypt" filesystem configuration:: kvm-xfstests, use the "encrypt" filesystem configuration::
kvm-xfstests -c ext4/encrypt,f2fs/encrypt -g auto kvm-xfstests -c ext4/encrypt,f2fs/encrypt -g auto
kvm-xfstests -c ext4/encrypt,f2fs/encrypt -g auto -m inlinecrypt
Because this runs many more tests than "-g encrypt" does, it takes Because this runs many more tests than "-g encrypt" does, it takes
much longer to run; so also consider using `gce-xfstests much longer to run; so also consider using `gce-xfstests
...@@ -1283,3 +1285,4 @@ much longer to run; so also consider using `gce-xfstests ...@@ -1283,3 +1285,4 @@ much longer to run; so also consider using `gce-xfstests
instead of kvm-xfstests:: instead of kvm-xfstests::
gce-xfstests -c ext4/encrypt,f2fs/encrypt -g auto gce-xfstests -c ext4/encrypt,f2fs/encrypt -g auto
gce-xfstests -c ext4/encrypt,f2fs/encrypt -g auto -m inlinecrypt
...@@ -24,3 +24,9 @@ config FS_ENCRYPTION_ALGS ...@@ -24,3 +24,9 @@ config FS_ENCRYPTION_ALGS
select CRYPTO_SHA256 select CRYPTO_SHA256
select CRYPTO_SHA512 select CRYPTO_SHA512
select CRYPTO_XTS select CRYPTO_XTS
config FS_ENCRYPTION_INLINE_CRYPT
bool "Enable fscrypt to use inline crypto"
depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
help
Enable fscrypt to use inline encryption hardware if available.
...@@ -11,3 +11,4 @@ fscrypto-y := crypto.o \ ...@@ -11,3 +11,4 @@ fscrypto-y := crypto.o \
policy.o policy.o
fscrypto-$(CONFIG_BLOCK) += bio.o fscrypto-$(CONFIG_BLOCK) += bio.o
fscrypto-$(CONFIG_FS_ENCRYPTION_INLINE_CRYPT) += inline_crypt.o
...@@ -41,6 +41,53 @@ void fscrypt_decrypt_bio(struct bio *bio) ...@@ -41,6 +41,53 @@ void fscrypt_decrypt_bio(struct bio *bio)
} }
EXPORT_SYMBOL(fscrypt_decrypt_bio); EXPORT_SYMBOL(fscrypt_decrypt_bio);
static int fscrypt_zeroout_range_inline_crypt(const struct inode *inode,
pgoff_t lblk, sector_t pblk,
unsigned int len)
{
const unsigned int blockbits = inode->i_blkbits;
const unsigned int blocks_per_page = 1 << (PAGE_SHIFT - blockbits);
struct bio *bio;
int ret, err = 0;
int num_pages = 0;
/* This always succeeds since __GFP_DIRECT_RECLAIM is set. */
bio = bio_alloc(GFP_NOFS, BIO_MAX_PAGES);
while (len) {
unsigned int blocks_this_page = min(len, blocks_per_page);
unsigned int bytes_this_page = blocks_this_page << blockbits;
if (num_pages == 0) {
fscrypt_set_bio_crypt_ctx(bio, inode, lblk, GFP_NOFS);
bio_set_dev(bio, inode->i_sb->s_bdev);
bio->bi_iter.bi_sector =
pblk << (blockbits - SECTOR_SHIFT);
bio_set_op_attrs(bio, REQ_OP_WRITE, 0);
}
ret = bio_add_page(bio, ZERO_PAGE(0), bytes_this_page, 0);
if (WARN_ON(ret != bytes_this_page)) {
err = -EIO;
goto out;
}
num_pages++;
len -= blocks_this_page;
lblk += blocks_this_page;
pblk += blocks_this_page;
if (num_pages == BIO_MAX_PAGES || !len ||
!fscrypt_mergeable_bio(bio, inode, lblk)) {
err = submit_bio_wait(bio);
if (err)
goto out;
bio_reset(bio);
num_pages = 0;
}
}
out:
bio_put(bio);
return err;
}
/** /**
* fscrypt_zeroout_range() - zero out a range of blocks in an encrypted file * fscrypt_zeroout_range() - zero out a range of blocks in an encrypted file
* @inode: the file's inode * @inode: the file's inode
...@@ -75,6 +122,10 @@ int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, ...@@ -75,6 +122,10 @@ int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
if (len == 0) if (len == 0)
return 0; return 0;
if (fscrypt_inode_uses_inline_crypto(inode))
return fscrypt_zeroout_range_inline_crypt(inode, lblk, pblk,
len);
BUILD_BUG_ON(ARRAY_SIZE(pages) > BIO_MAX_PAGES); BUILD_BUG_ON(ARRAY_SIZE(pages) > BIO_MAX_PAGES);
nr_pages = min_t(unsigned int, ARRAY_SIZE(pages), nr_pages = min_t(unsigned int, ARRAY_SIZE(pages),
(len + blocks_per_page - 1) >> blocks_per_page_bits); (len + blocks_per_page - 1) >> blocks_per_page_bits);
......
...@@ -100,7 +100,7 @@ int fscrypt_crypt_block(const struct inode *inode, fscrypt_direction_t rw, ...@@ -100,7 +100,7 @@ int fscrypt_crypt_block(const struct inode *inode, fscrypt_direction_t rw,
DECLARE_CRYPTO_WAIT(wait); DECLARE_CRYPTO_WAIT(wait);
struct scatterlist dst, src; struct scatterlist dst, src;
struct fscrypt_info *ci = inode->i_crypt_info; struct fscrypt_info *ci = inode->i_crypt_info;
struct crypto_skcipher *tfm = ci->ci_ctfm; struct crypto_skcipher *tfm = ci->ci_enc_key.tfm;
int res = 0; int res = 0;
if (WARN_ON_ONCE(len <= 0)) if (WARN_ON_ONCE(len <= 0))
......
...@@ -115,7 +115,7 @@ int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname, ...@@ -115,7 +115,7 @@ int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname,
struct skcipher_request *req = NULL; struct skcipher_request *req = NULL;
DECLARE_CRYPTO_WAIT(wait); DECLARE_CRYPTO_WAIT(wait);
const struct fscrypt_info *ci = inode->i_crypt_info; const struct fscrypt_info *ci = inode->i_crypt_info;
struct crypto_skcipher *tfm = ci->ci_ctfm; struct crypto_skcipher *tfm = ci->ci_enc_key.tfm;
union fscrypt_iv iv; union fscrypt_iv iv;
struct scatterlist sg; struct scatterlist sg;
int res; int res;
...@@ -171,7 +171,7 @@ static int fname_decrypt(const struct inode *inode, ...@@ -171,7 +171,7 @@ static int fname_decrypt(const struct inode *inode,
DECLARE_CRYPTO_WAIT(wait); DECLARE_CRYPTO_WAIT(wait);
struct scatterlist src_sg, dst_sg; struct scatterlist src_sg, dst_sg;
const struct fscrypt_info *ci = inode->i_crypt_info; const struct fscrypt_info *ci = inode->i_crypt_info;
struct crypto_skcipher *tfm = ci->ci_ctfm; struct crypto_skcipher *tfm = ci->ci_enc_key.tfm;
union fscrypt_iv iv; union fscrypt_iv iv;
int res; int res;
......
...@@ -14,6 +14,7 @@ ...@@ -14,6 +14,7 @@
#include <linux/fscrypt.h> #include <linux/fscrypt.h>
#include <linux/siphash.h> #include <linux/siphash.h>
#include <crypto/hash.h> #include <crypto/hash.h>
#include <linux/blk-crypto.h>
#define CONST_STRLEN(str) (sizeof(str) - 1) #define CONST_STRLEN(str) (sizeof(str) - 1)
...@@ -166,6 +167,20 @@ struct fscrypt_symlink_data { ...@@ -166,6 +167,20 @@ struct fscrypt_symlink_data {
char encrypted_path[1]; char encrypted_path[1];
} __packed; } __packed;
/**
* struct fscrypt_prepared_key - a key prepared for actual encryption/decryption
* @tfm: crypto API transform object
* @blk_key: key for blk-crypto
*
* Normally only one of the fields will be non-NULL.
*/
struct fscrypt_prepared_key {
struct crypto_skcipher *tfm;
#ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
struct fscrypt_blk_crypto_key *blk_key;
#endif
};
/* /*
* fscrypt_info - the "encryption key" for an inode * fscrypt_info - the "encryption key" for an inode
* *
...@@ -175,12 +190,20 @@ struct fscrypt_symlink_data { ...@@ -175,12 +190,20 @@ struct fscrypt_symlink_data {
*/ */
struct fscrypt_info { struct fscrypt_info {
/* The actual crypto transform used for encryption and decryption */ /* The key in a form prepared for actual encryption/decryption */
struct crypto_skcipher *ci_ctfm; struct fscrypt_prepared_key ci_enc_key;
/* True if the key should be freed when this fscrypt_info is freed */ /* True if ci_enc_key should be freed when this fscrypt_info is freed */
bool ci_owns_key; bool ci_owns_key;
#ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
/*
* True if this inode will use inline encryption (blk-crypto) instead of
* the traditional filesystem-layer encryption.
*/
bool ci_inlinecrypt;
#endif
/* /*
* Encryption mode used for this inode. It corresponds to either the * Encryption mode used for this inode. It corresponds to either the
* contents or filenames encryption mode, depending on the inode type. * contents or filenames encryption mode, depending on the inode type.
...@@ -205,7 +228,7 @@ struct fscrypt_info { ...@@ -205,7 +228,7 @@ struct fscrypt_info {
/* /*
* If non-NULL, then encryption is done using the master key directly * If non-NULL, then encryption is done using the master key directly
* and ci_ctfm will equal ci_direct_key->dk_ctfm. * and ci_enc_key will equal ci_direct_key->dk_key.
*/ */
struct fscrypt_direct_key *ci_direct_key; struct fscrypt_direct_key *ci_direct_key;
...@@ -260,6 +283,7 @@ union fscrypt_iv { ...@@ -260,6 +283,7 @@ union fscrypt_iv {
u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE]; u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
}; };
u8 raw[FSCRYPT_MAX_IV_SIZE]; u8 raw[FSCRYPT_MAX_IV_SIZE];
__le64 dun[FSCRYPT_MAX_IV_SIZE / sizeof(__le64)];
}; };
void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num, void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num,
...@@ -302,6 +326,75 @@ int fscrypt_hkdf_expand(const struct fscrypt_hkdf *hkdf, u8 context, ...@@ -302,6 +326,75 @@ int fscrypt_hkdf_expand(const struct fscrypt_hkdf *hkdf, u8 context,
void fscrypt_destroy_hkdf(struct fscrypt_hkdf *hkdf); void fscrypt_destroy_hkdf(struct fscrypt_hkdf *hkdf);
/* inline_crypt.c */
#ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
int fscrypt_select_encryption_impl(struct fscrypt_info *ci);
static inline bool
fscrypt_using_inline_encryption(const struct fscrypt_info *ci)
{
return ci->ci_inlinecrypt;
}
int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
const u8 *raw_key,
const struct fscrypt_info *ci);
void fscrypt_destroy_inline_crypt_key(struct fscrypt_prepared_key *prep_key);
/*
* Check whether the crypto transform or blk-crypto key has been allocated in
* @prep_key, depending on which encryption implementation the file will use.
*/
static inline bool
fscrypt_is_key_prepared(struct fscrypt_prepared_key *prep_key,
const struct fscrypt_info *ci)
{
/*
* The READ_ONCE() here pairs with the smp_store_release() in
* fscrypt_prepare_key(). (This only matters for the per-mode keys,
* which are shared by multiple inodes.)
*/
if (fscrypt_using_inline_encryption(ci))
return READ_ONCE(prep_key->blk_key) != NULL;
return READ_ONCE(prep_key->tfm) != NULL;
}
#else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
static inline int fscrypt_select_encryption_impl(struct fscrypt_info *ci)
{
return 0;
}
static inline bool
fscrypt_using_inline_encryption(const struct fscrypt_info *ci)
{
return false;
}
static inline int
fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
const u8 *raw_key,
const struct fscrypt_info *ci)
{
WARN_ON(1);
return -EOPNOTSUPP;
}
static inline void
fscrypt_destroy_inline_crypt_key(struct fscrypt_prepared_key *prep_key)
{
}
static inline bool
fscrypt_is_key_prepared(struct fscrypt_prepared_key *prep_key,
const struct fscrypt_info *ci)
{
return READ_ONCE(prep_key->tfm) != NULL;
}
#endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
/* keyring.c */ /* keyring.c */
/* /*
...@@ -395,9 +488,9 @@ struct fscrypt_master_key { ...@@ -395,9 +488,9 @@ struct fscrypt_master_key {
* Per-mode encryption keys for the various types of encryption policies * Per-mode encryption keys for the various types of encryption policies
* that use them. Allocated and derived on-demand. * that use them. Allocated and derived on-demand.
*/ */
struct crypto_skcipher *mk_direct_keys[__FSCRYPT_MODE_MAX + 1]; struct fscrypt_prepared_key mk_direct_keys[__FSCRYPT_MODE_MAX + 1];
struct crypto_skcipher *mk_iv_ino_lblk_64_keys[__FSCRYPT_MODE_MAX + 1]; struct fscrypt_prepared_key mk_iv_ino_lblk_64_keys[__FSCRYPT_MODE_MAX + 1];
struct crypto_skcipher *mk_iv_ino_lblk_32_keys[__FSCRYPT_MODE_MAX + 1]; struct fscrypt_prepared_key mk_iv_ino_lblk_32_keys[__FSCRYPT_MODE_MAX + 1];
/* Hash key for inode numbers. Initialized only when needed. */ /* Hash key for inode numbers. Initialized only when needed. */
siphash_key_t mk_ino_hash_key; siphash_key_t mk_ino_hash_key;
...@@ -461,13 +554,15 @@ struct fscrypt_mode { ...@@ -461,13 +554,15 @@ struct fscrypt_mode {
int keysize; int keysize;
int ivsize; int ivsize;
int logged_impl_name; int logged_impl_name;
enum blk_crypto_mode_num blk_crypto_mode;
}; };
extern struct fscrypt_mode fscrypt_modes[]; extern struct fscrypt_mode fscrypt_modes[];
struct crypto_skcipher *fscrypt_allocate_skcipher(struct fscrypt_mode *mode, int fscrypt_prepare_key(struct fscrypt_prepared_key *prep_key,
const u8 *raw_key, const u8 *raw_key, const struct fscrypt_info *ci);
const struct inode *inode);
void fscrypt_destroy_prepared_key(struct fscrypt_prepared_key *prep_key);
int fscrypt_set_per_file_enc_key(struct fscrypt_info *ci, const u8 *raw_key); int fscrypt_set_per_file_enc_key(struct fscrypt_info *ci, const u8 *raw_key);
......
This diff is collapsed.
...@@ -45,9 +45,9 @@ static void free_master_key(struct fscrypt_master_key *mk) ...@@ -45,9 +45,9 @@ static void free_master_key(struct fscrypt_master_key *mk)
wipe_master_key_secret(&mk->mk_secret); wipe_master_key_secret(&mk->mk_secret);
for (i = 0; i <= __FSCRYPT_MODE_MAX; i++) { for (i = 0; i <= __FSCRYPT_MODE_MAX; i++) {
crypto_free_skcipher(mk->mk_direct_keys[i]); fscrypt_destroy_prepared_key(&mk->mk_direct_keys[i]);
crypto_free_skcipher(mk->mk_iv_ino_lblk_64_keys[i]); fscrypt_destroy_prepared_key(&mk->mk_iv_ino_lblk_64_keys[i]);
crypto_free_skcipher(mk->mk_iv_ino_lblk_32_keys[i]); fscrypt_destroy_prepared_key(&mk->mk_iv_ino_lblk_32_keys[i]);
} }
key_put(mk->mk_users); key_put(mk->mk_users);
......
...@@ -19,6 +19,7 @@ struct fscrypt_mode fscrypt_modes[] = { ...@@ -19,6 +19,7 @@ struct fscrypt_mode fscrypt_modes[] = {
.cipher_str = "xts(aes)", .cipher_str = "xts(aes)",
.keysize = 64, .keysize = 64,
.ivsize = 16, .ivsize = 16,
.blk_crypto_mode = BLK_ENCRYPTION_MODE_AES_256_XTS,
}, },
[FSCRYPT_MODE_AES_256_CTS] = { [FSCRYPT_MODE_AES_256_CTS] = {
.friendly_name = "AES-256-CTS-CBC", .friendly_name = "AES-256-CTS-CBC",
...@@ -31,6 +32,7 @@ struct fscrypt_mode fscrypt_modes[] = { ...@@ -31,6 +32,7 @@ struct fscrypt_mode fscrypt_modes[] = {
.cipher_str = "essiv(cbc(aes),sha256)", .cipher_str = "essiv(cbc(aes),sha256)",
.keysize = 16, .keysize = 16,
.ivsize = 16, .ivsize = 16,
.blk_crypto_mode = BLK_ENCRYPTION_MODE_AES_128_CBC_ESSIV,
}, },
[FSCRYPT_MODE_AES_128_CTS] = { [FSCRYPT_MODE_AES_128_CTS] = {
.friendly_name = "AES-128-CTS-CBC", .friendly_name = "AES-128-CTS-CBC",
...@@ -43,6 +45,7 @@ struct fscrypt_mode fscrypt_modes[] = { ...@@ -43,6 +45,7 @@ struct fscrypt_mode fscrypt_modes[] = {
.cipher_str = "adiantum(xchacha12,aes)", .cipher_str = "adiantum(xchacha12,aes)",
.keysize = 32, .keysize = 32,
.ivsize = 32, .ivsize = 32,
.blk_crypto_mode = BLK_ENCRYPTION_MODE_ADIANTUM,
}, },
}; };
...@@ -64,8 +67,8 @@ select_encryption_mode(const union fscrypt_policy *policy, ...@@ -64,8 +67,8 @@ select_encryption_mode(const union fscrypt_policy *policy,
} }
/* Create a symmetric cipher object for the given encryption mode and key */ /* Create a symmetric cipher object for the given encryption mode and key */
struct crypto_skcipher *fscrypt_allocate_skcipher(struct fscrypt_mode *mode, static struct crypto_skcipher *
const u8 *raw_key, fscrypt_allocate_skcipher(struct fscrypt_mode *mode, const u8 *raw_key,
const struct inode *inode) const struct inode *inode)
{ {
struct crypto_skcipher *tfm; struct crypto_skcipher *tfm;
...@@ -109,30 +112,54 @@ struct crypto_skcipher *fscrypt_allocate_skcipher(struct fscrypt_mode *mode, ...@@ -109,30 +112,54 @@ struct crypto_skcipher *fscrypt_allocate_skcipher(struct fscrypt_mode *mode,
return ERR_PTR(err); return ERR_PTR(err);
} }
/* Given a per-file encryption key, set up the file's crypto transform object */ /*
int fscrypt_set_per_file_enc_key(struct fscrypt_info *ci, const u8 *raw_key) * Prepare the crypto transform object or blk-crypto key in @prep_key, given the
* raw key, encryption mode, and flag indicating which encryption implementation
* (fs-layer or blk-crypto) will be used.
*/
int fscrypt_prepare_key(struct fscrypt_prepared_key *prep_key,
const u8 *raw_key, const struct fscrypt_info *ci)
{ {
struct crypto_skcipher *tfm; struct crypto_skcipher *tfm;
if (fscrypt_using_inline_encryption(ci))
return fscrypt_prepare_inline_crypt_key(prep_key, raw_key, ci);
tfm = fscrypt_allocate_skcipher(ci->ci_mode, raw_key, ci->ci_inode); tfm = fscrypt_allocate_skcipher(ci->ci_mode, raw_key, ci->ci_inode);
if (IS_ERR(tfm)) if (IS_ERR(tfm))
return PTR_ERR(tfm); return PTR_ERR(tfm);
/*
* Pairs with READ_ONCE() in fscrypt_is_key_prepared(). (Only matters
* for the per-mode keys, which are shared by multiple inodes.)
*/
smp_store_release(&prep_key->tfm, tfm);
return 0;
}
/* Destroy a crypto transform object and/or blk-crypto key. */
void fscrypt_destroy_prepared_key(struct fscrypt_prepared_key *prep_key)
{
crypto_free_skcipher(prep_key->tfm);
fscrypt_destroy_inline_crypt_key(prep_key);
}
ci->ci_ctfm = tfm; /* Given a per-file encryption key, set up the file's crypto transform object */
int fscrypt_set_per_file_enc_key(struct fscrypt_info *ci, const u8 *raw_key)
{
ci->ci_owns_key = true; ci->ci_owns_key = true;
return 0; return fscrypt_prepare_key(&ci->ci_enc_key, raw_key, ci);
} }
static int setup_per_mode_enc_key(struct fscrypt_info *ci, static int setup_per_mode_enc_key(struct fscrypt_info *ci,
struct fscrypt_master_key *mk, struct fscrypt_master_key *mk,
struct crypto_skcipher **tfms, struct fscrypt_prepared_key *keys,
u8 hkdf_context, bool include_fs_uuid) u8 hkdf_context, bool include_fs_uuid)
{ {
const struct inode *inode = ci->ci_inode; const struct inode *inode = ci->ci_inode;
const struct super_block *sb = inode->i_sb; const struct super_block *sb = inode->i_sb;
struct fscrypt_mode *mode = ci->ci_mode; struct fscrypt_mode *mode = ci->ci_mode;
const u8 mode_num = mode - fscrypt_modes; const u8 mode_num = mode - fscrypt_modes;
struct crypto_skcipher *tfm; struct fscrypt_prepared_key *prep_key;
u8 mode_key[FSCRYPT_MAX_KEY_SIZE]; u8 mode_key[FSCRYPT_MAX_KEY_SIZE];
u8 hkdf_info[sizeof(mode_num) + sizeof(sb->s_uuid)]; u8 hkdf_info[sizeof(mode_num) + sizeof(sb->s_uuid)];
unsigned int hkdf_infolen = 0; unsigned int hkdf_infolen = 0;
...@@ -141,16 +168,15 @@ static int setup_per_mode_enc_key(struct fscrypt_info *ci, ...@@ -141,16 +168,15 @@ static int setup_per_mode_enc_key(struct fscrypt_info *ci,
if (WARN_ON(mode_num > __FSCRYPT_MODE_MAX)) if (WARN_ON(mode_num > __FSCRYPT_MODE_MAX))
return -EINVAL; return -EINVAL;
/* pairs with smp_store_release() below */ prep_key = &keys[mode_num];
tfm = READ_ONCE(tfms[mode_num]); if (fscrypt_is_key_prepared(prep_key, ci)) {
if (likely(tfm != NULL)) { ci->ci_enc_key = *prep_key;
ci->ci_ctfm = tfm;
return 0; return 0;
} }
mutex_lock(&fscrypt_mode_key_setup_mutex); mutex_lock(&fscrypt_mode_key_setup_mutex);
if (tfms[mode_num]) if (fscrypt_is_key_prepared(prep_key, ci))
goto done_unlock; goto done_unlock;
BUILD_BUG_ON(sizeof(mode_num) != 1); BUILD_BUG_ON(sizeof(mode_num) != 1);
...@@ -167,16 +193,12 @@ static int setup_per_mode_enc_key(struct fscrypt_info *ci, ...@@ -167,16 +193,12 @@ static int setup_per_mode_enc_key(struct fscrypt_info *ci,
mode_key, mode->keysize); mode_key, mode->keysize);
if (err) if (err)
goto out_unlock; goto out_unlock;
tfm = fscrypt_allocate_skcipher(mode, mode_key, inode); err = fscrypt_prepare_key(prep_key, mode_key, ci);
memzero_explicit(mode_key, mode->keysize); memzero_explicit(mode_key, mode->keysize);
if (IS_ERR(tfm)) { if (err)
err = PTR_ERR(tfm);
goto out_unlock; goto out_unlock;
}
/* pairs with READ_ONCE() above */
smp_store_release(&tfms[mode_num], tfm);
done_unlock: done_unlock:
ci->ci_ctfm = tfm; ci->ci_enc_key = *prep_key;
err = 0; err = 0;
out_unlock: out_unlock:
mutex_unlock(&fscrypt_mode_key_setup_mutex); mutex_unlock(&fscrypt_mode_key_setup_mutex);
...@@ -310,6 +332,10 @@ static int setup_file_encryption_key(struct fscrypt_info *ci, ...@@ -310,6 +332,10 @@ static int setup_file_encryption_key(struct fscrypt_info *ci,
struct fscrypt_key_specifier mk_spec; struct fscrypt_key_specifier mk_spec;
int err; int err;
err = fscrypt_select_encryption_impl(ci);
if (err)
return err;
switch (ci->ci_policy.version) { switch (ci->ci_policy.version) {
case FSCRYPT_POLICY_V1: case FSCRYPT_POLICY_V1:
mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;
...@@ -402,7 +428,7 @@ static void put_crypt_info(struct fscrypt_info *ci) ...@@ -402,7 +428,7 @@ static void put_crypt_info(struct fscrypt_info *ci)
if (ci->ci_direct_key) if (ci->ci_direct_key)
fscrypt_put_direct_key(ci->ci_direct_key); fscrypt_put_direct_key(ci->ci_direct_key);
else if (ci->ci_owns_key) else if (ci->ci_owns_key)
crypto_free_skcipher(ci->ci_ctfm); fscrypt_destroy_prepared_key(&ci->ci_enc_key);
key = ci->ci_master_key; key = ci->ci_master_key;
if (key) { if (key) {
......
...@@ -146,7 +146,7 @@ struct fscrypt_direct_key { ...@@ -146,7 +146,7 @@ struct fscrypt_direct_key {
struct hlist_node dk_node; struct hlist_node dk_node;
refcount_t dk_refcount; refcount_t dk_refcount;
const struct fscrypt_mode *dk_mode; const struct fscrypt_mode *dk_mode;
struct crypto_skcipher *dk_ctfm; struct fscrypt_prepared_key dk_key;
u8 dk_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE]; u8 dk_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];
u8 dk_raw[FSCRYPT_MAX_KEY_SIZE]; u8 dk_raw[FSCRYPT_MAX_KEY_SIZE];
}; };
...@@ -154,7 +154,7 @@ struct fscrypt_direct_key { ...@@ -154,7 +154,7 @@ struct fscrypt_direct_key {
static void free_direct_key(struct fscrypt_direct_key *dk) static void free_direct_key(struct fscrypt_direct_key *dk)
{ {
if (dk) { if (dk) {
crypto_free_skcipher(dk->dk_ctfm); fscrypt_destroy_prepared_key(&dk->dk_key);
kzfree(dk); kzfree(dk);
} }
} }
...@@ -199,6 +199,8 @@ find_or_insert_direct_key(struct fscrypt_direct_key *to_insert, ...@@ -199,6 +199,8 @@ find_or_insert_direct_key(struct fscrypt_direct_key *to_insert,
continue; continue;
if (ci->ci_mode != dk->dk_mode) if (ci->ci_mode != dk->dk_mode)
continue; continue;
if (!fscrypt_is_key_prepared(&dk->dk_key, ci))
continue;
if (crypto_memneq(raw_key, dk->dk_raw, ci->ci_mode->keysize)) if (crypto_memneq(raw_key, dk->dk_raw, ci->ci_mode->keysize))
continue; continue;
/* using existing tfm with same (descriptor, mode, raw_key) */ /* using existing tfm with same (descriptor, mode, raw_key) */
...@@ -231,13 +233,9 @@ fscrypt_get_direct_key(const struct fscrypt_info *ci, const u8 *raw_key) ...@@ -231,13 +233,9 @@ fscrypt_get_direct_key(const struct fscrypt_info *ci, const u8 *raw_key)
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
refcount_set(&dk->dk_refcount, 1); refcount_set(&dk->dk_refcount, 1);
dk->dk_mode = ci->ci_mode; dk->dk_mode = ci->ci_mode;
dk->dk_ctfm = fscrypt_allocate_skcipher(ci->ci_mode, raw_key, err = fscrypt_prepare_key(&dk->dk_key, raw_key, ci);
ci->ci_inode); if (err)
if (IS_ERR(dk->dk_ctfm)) {
err = PTR_ERR(dk->dk_ctfm);
dk->dk_ctfm = NULL;
goto err_free_dk; goto err_free_dk;
}
memcpy(dk->dk_descriptor, ci->ci_policy.v1.master_key_descriptor, memcpy(dk->dk_descriptor, ci->ci_policy.v1.master_key_descriptor,
FSCRYPT_KEY_DESCRIPTOR_SIZE); FSCRYPT_KEY_DESCRIPTOR_SIZE);
memcpy(dk->dk_raw, raw_key, ci->ci_mode->keysize); memcpy(dk->dk_raw, raw_key, ci->ci_mode->keysize);
...@@ -259,7 +257,7 @@ static int setup_v1_file_key_direct(struct fscrypt_info *ci, ...@@ -259,7 +257,7 @@ static int setup_v1_file_key_direct(struct fscrypt_info *ci,
if (IS_ERR(dk)) if (IS_ERR(dk))
return PTR_ERR(dk); return PTR_ERR(dk);
ci->ci_direct_key = dk; ci->ci_direct_key = dk;
ci->ci_ctfm = dk->dk_ctfm; ci->ci_enc_key = dk->dk_key;
return 0; return 0;
} }
......
...@@ -69,6 +69,9 @@ struct fscrypt_operations { ...@@ -69,6 +69,9 @@ struct fscrypt_operations {
bool (*has_stable_inodes)(struct super_block *sb); bool (*has_stable_inodes)(struct super_block *sb);
void (*get_ino_and_lblk_bits)(struct super_block *sb, void (*get_ino_and_lblk_bits)(struct super_block *sb,
int *ino_bits_ret, int *lblk_bits_ret); int *ino_bits_ret, int *lblk_bits_ret);
int (*get_num_devices)(struct super_block *sb);
void (*get_devices)(struct super_block *sb,
struct request_queue **devs);
}; };
static inline bool fscrypt_has_encryption_key(const struct inode *inode) static inline bool fscrypt_has_encryption_key(const struct inode *inode)
...@@ -537,6 +540,85 @@ static inline void fscrypt_set_ops(struct super_block *sb, ...@@ -537,6 +540,85 @@ static inline void fscrypt_set_ops(struct super_block *sb,
#endif /* !CONFIG_FS_ENCRYPTION */ #endif /* !CONFIG_FS_ENCRYPTION */
/* inline_crypt.c */
#ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode);
void fscrypt_set_bio_crypt_ctx(struct bio *bio,
const struct inode *inode, u64 first_lblk,
gfp_t gfp_mask);
void fscrypt_set_bio_crypt_ctx_bh(struct bio *bio,
const struct buffer_head *first_bh,
gfp_t gfp_mask);
bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode,
u64 next_lblk);
bool fscrypt_mergeable_bio_bh(struct bio *bio,
const struct buffer_head *next_bh);
#else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode)
{
return false;
}
static inline void fscrypt_set_bio_crypt_ctx(struct bio *bio,
const struct inode *inode,
u64 first_lblk, gfp_t gfp_mask) { }
static inline void fscrypt_set_bio_crypt_ctx_bh(
struct bio *bio,
const struct buffer_head *first_bh,
gfp_t gfp_mask) { }
static inline bool fscrypt_mergeable_bio(struct bio *bio,
const struct inode *inode,
u64 next_lblk)
{
return true;
}
static inline bool fscrypt_mergeable_bio_bh(struct bio *bio,
const struct buffer_head *next_bh)
{
return true;
}
#endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
/**
* fscrypt_inode_uses_inline_crypto() - test whether an inode uses inline
* encryption
* @inode: an inode. If encrypted, its key must be set up.
*
* Return: true if the inode requires file contents encryption and if the
* encryption should be done in the block layer via blk-crypto rather
* than in the filesystem layer.
*/
static inline bool fscrypt_inode_uses_inline_crypto(const struct inode *inode)
{
return fscrypt_needs_contents_encryption(inode) &&
__fscrypt_inode_uses_inline_crypto(inode);
}
/**
* fscrypt_inode_uses_fs_layer_crypto() - test whether an inode uses fs-layer
* encryption
* @inode: an inode. If encrypted, its key must be set up.
*
* Return: true if the inode requires file contents encryption and if the
* encryption should be done in the filesystem layer rather than in the
* block layer via blk-crypto.
*/
static inline bool fscrypt_inode_uses_fs_layer_crypto(const struct inode *inode)
{
return fscrypt_needs_contents_encryption(inode) &&
!__fscrypt_inode_uses_inline_crypto(inode);
}
/** /**
* fscrypt_require_key() - require an inode's encryption key * fscrypt_require_key() - require an inode's encryption key
* @inode: the inode we need the key for * @inode: the inode we need the key for
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment