mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-28 06:34:12 +08:00
dd66df0053
Since filenames in encrypted directories are encrypted and shown as a base64-encoded string when the directory is locked, make snapshot names show a similar behaviour. When creating a snapshot, .snap directories for every subdirectory will show the snapshot name in the "long format": # mkdir .snap/my-snap # ls my-dir/.snap/ _my-snap_1099511627782 Encrypted snapshots will need to be able to handle these by encrypting/decrypting only the snapshot part of the string ('my-snap'). Also, since the MDS prevents snapshot names to be bigger than 240 characters it is necessary to adapt CEPH_NOHASH_NAME_MAX to accommodate this extra limitation. [ idryomov: drop const on !CONFIG_FS_ENCRYPTION branch too ] Signed-off-by: Luís Henriques <lhenriques@suse.de> Reviewed-by: Jeff Layton <jlayton@kernel.org> Reviewed-by: Xiubo Li <xiubli@redhat.com> Reviewed-by: Milind Changire <mchangir@redhat.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
289 lines
7.9 KiB
C
289 lines
7.9 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Ceph fscrypt functionality
|
|
*/
|
|
|
|
#ifndef _CEPH_CRYPTO_H
|
|
#define _CEPH_CRYPTO_H
|
|
|
|
#include <crypto/sha2.h>
|
|
#include <linux/fscrypt.h>
|
|
|
|
#define CEPH_FSCRYPT_BLOCK_SHIFT 12
|
|
#define CEPH_FSCRYPT_BLOCK_SIZE (_AC(1, UL) << CEPH_FSCRYPT_BLOCK_SHIFT)
|
|
#define CEPH_FSCRYPT_BLOCK_MASK (~(CEPH_FSCRYPT_BLOCK_SIZE-1))
|
|
|
|
struct ceph_fs_client;
|
|
struct ceph_acl_sec_ctx;
|
|
struct ceph_mds_request;
|
|
|
|
struct ceph_fname {
|
|
struct inode *dir;
|
|
char *name; // b64 encoded, possibly hashed
|
|
unsigned char *ctext; // binary crypttext (if any)
|
|
u32 name_len; // length of name buffer
|
|
u32 ctext_len; // length of crypttext
|
|
bool no_copy;
|
|
};
|
|
|
|
/*
|
|
* Header for the crypted file when truncating the size, this
|
|
* will be sent to MDS, and the MDS will update the encrypted
|
|
* last block and then truncate the size.
|
|
*/
|
|
struct ceph_fscrypt_truncate_size_header {
|
|
__u8 ver;
|
|
__u8 compat;
|
|
|
|
/*
|
|
* It will be sizeof(assert_ver + file_offset + block_size)
|
|
* if the last block is empty when it's located in a file
|
|
* hole. Or the data_len will plus CEPH_FSCRYPT_BLOCK_SIZE.
|
|
*/
|
|
__le32 data_len;
|
|
|
|
__le64 change_attr;
|
|
__le64 file_offset;
|
|
__le32 block_size;
|
|
} __packed;
|
|
|
|
struct ceph_fscrypt_auth {
|
|
__le32 cfa_version;
|
|
__le32 cfa_blob_len;
|
|
u8 cfa_blob[FSCRYPT_SET_CONTEXT_MAX_SIZE];
|
|
} __packed;
|
|
|
|
#define CEPH_FSCRYPT_AUTH_VERSION 1
|
|
static inline u32 ceph_fscrypt_auth_len(struct ceph_fscrypt_auth *fa)
|
|
{
|
|
u32 ctxsize = le32_to_cpu(fa->cfa_blob_len);
|
|
|
|
return offsetof(struct ceph_fscrypt_auth, cfa_blob) + ctxsize;
|
|
}
|
|
|
|
#ifdef CONFIG_FS_ENCRYPTION
|
|
/*
|
|
* We want to encrypt filenames when creating them, but the encrypted
|
|
* versions of those names may have illegal characters in them. To mitigate
|
|
* that, we base64 encode them, but that gives us a result that can exceed
|
|
* NAME_MAX.
|
|
*
|
|
* Follow a similar scheme to fscrypt itself, and cap the filename to a
|
|
* smaller size. If the ciphertext name is longer than the value below, then
|
|
* sha256 hash the remaining bytes.
|
|
*
|
|
* For the fscrypt_nokey_name struct the dirhash[2] member is useless in ceph
|
|
* so the corresponding struct will be:
|
|
*
|
|
* struct fscrypt_ceph_nokey_name {
|
|
* u8 bytes[157];
|
|
* u8 sha256[SHA256_DIGEST_SIZE];
|
|
* }; // 180 bytes => 240 bytes base64-encoded, which is <= NAME_MAX (255)
|
|
*
|
|
* (240 bytes is the maximum size allowed for snapshot names to take into
|
|
* account the format: '_<SNAPSHOT-NAME>_<INODE-NUMBER>'.)
|
|
*
|
|
* Note that for long names that end up having their tail portion hashed, we
|
|
* must also store the full encrypted name (in the dentry's alternate_name
|
|
* field).
|
|
*/
|
|
#define CEPH_NOHASH_NAME_MAX (180 - SHA256_DIGEST_SIZE)
|
|
|
|
#define CEPH_BASE64_CHARS(nbytes) DIV_ROUND_UP((nbytes) * 4, 3)
|
|
|
|
int ceph_base64_encode(const u8 *src, int srclen, char *dst);
|
|
int ceph_base64_decode(const char *src, int srclen, u8 *dst);
|
|
|
|
void ceph_fscrypt_set_ops(struct super_block *sb);
|
|
|
|
void ceph_fscrypt_free_dummy_policy(struct ceph_fs_client *fsc);
|
|
|
|
int ceph_fscrypt_prepare_context(struct inode *dir, struct inode *inode,
|
|
struct ceph_acl_sec_ctx *as);
|
|
void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req,
|
|
struct ceph_acl_sec_ctx *as);
|
|
int ceph_encode_encrypted_dname(struct inode *parent, struct qstr *d_name,
|
|
char *buf);
|
|
int ceph_encode_encrypted_fname(struct inode *parent, struct dentry *dentry,
|
|
char *buf);
|
|
|
|
static inline int ceph_fname_alloc_buffer(struct inode *parent,
|
|
struct fscrypt_str *fname)
|
|
{
|
|
if (!IS_ENCRYPTED(parent))
|
|
return 0;
|
|
return fscrypt_fname_alloc_buffer(NAME_MAX, fname);
|
|
}
|
|
|
|
static inline void ceph_fname_free_buffer(struct inode *parent,
|
|
struct fscrypt_str *fname)
|
|
{
|
|
if (IS_ENCRYPTED(parent))
|
|
fscrypt_fname_free_buffer(fname);
|
|
}
|
|
|
|
int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname,
|
|
struct fscrypt_str *oname, bool *is_nokey);
|
|
int ceph_fscrypt_prepare_readdir(struct inode *dir);
|
|
|
|
static inline unsigned int ceph_fscrypt_blocks(u64 off, u64 len)
|
|
{
|
|
/* crypto blocks cannot span more than one page */
|
|
BUILD_BUG_ON(CEPH_FSCRYPT_BLOCK_SHIFT > PAGE_SHIFT);
|
|
|
|
return ((off+len+CEPH_FSCRYPT_BLOCK_SIZE-1) >> CEPH_FSCRYPT_BLOCK_SHIFT) -
|
|
(off >> CEPH_FSCRYPT_BLOCK_SHIFT);
|
|
}
|
|
|
|
/*
|
|
* If we have an encrypted inode then we must adjust the offset and
|
|
* range of the on-the-wire read to cover an entire encryption block.
|
|
* The copy will be done using the original offset and length, after
|
|
* we've decrypted the result.
|
|
*/
|
|
static inline void ceph_fscrypt_adjust_off_and_len(struct inode *inode,
|
|
u64 *off, u64 *len)
|
|
{
|
|
if (IS_ENCRYPTED(inode)) {
|
|
*len = ceph_fscrypt_blocks(*off, *len) * CEPH_FSCRYPT_BLOCK_SIZE;
|
|
*off &= CEPH_FSCRYPT_BLOCK_MASK;
|
|
}
|
|
}
|
|
|
|
int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode,
|
|
struct page *page, unsigned int len,
|
|
unsigned int offs, u64 lblk_num);
|
|
int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode,
|
|
struct page *page, unsigned int len,
|
|
unsigned int offs, u64 lblk_num,
|
|
gfp_t gfp_flags);
|
|
int ceph_fscrypt_decrypt_pages(struct inode *inode, struct page **page,
|
|
u64 off, int len);
|
|
int ceph_fscrypt_decrypt_extents(struct inode *inode, struct page **page,
|
|
u64 off, struct ceph_sparse_extent *map,
|
|
u32 ext_cnt);
|
|
int ceph_fscrypt_encrypt_pages(struct inode *inode, struct page **page, u64 off,
|
|
int len, gfp_t gfp);
|
|
|
|
static inline struct page *ceph_fscrypt_pagecache_page(struct page *page)
|
|
{
|
|
return fscrypt_is_bounce_page(page) ? fscrypt_pagecache_page(page) : page;
|
|
}
|
|
|
|
#else /* CONFIG_FS_ENCRYPTION */
|
|
|
|
static inline void ceph_fscrypt_set_ops(struct super_block *sb)
|
|
{
|
|
}
|
|
|
|
static inline void ceph_fscrypt_free_dummy_policy(struct ceph_fs_client *fsc)
|
|
{
|
|
}
|
|
|
|
static inline int ceph_fscrypt_prepare_context(struct inode *dir,
|
|
struct inode *inode,
|
|
struct ceph_acl_sec_ctx *as)
|
|
{
|
|
if (IS_ENCRYPTED(dir))
|
|
return -EOPNOTSUPP;
|
|
return 0;
|
|
}
|
|
|
|
static inline void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req,
|
|
struct ceph_acl_sec_ctx *as_ctx)
|
|
{
|
|
}
|
|
|
|
static inline int ceph_encode_encrypted_dname(struct inode *parent,
|
|
struct qstr *d_name, char *buf)
|
|
{
|
|
memcpy(buf, d_name->name, d_name->len);
|
|
return d_name->len;
|
|
}
|
|
|
|
static inline int ceph_encode_encrypted_fname(struct inode *parent,
|
|
struct dentry *dentry, char *buf)
|
|
{
|
|
return -EOPNOTSUPP;
|
|
}
|
|
|
|
static inline int ceph_fname_alloc_buffer(struct inode *parent,
|
|
struct fscrypt_str *fname)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline void ceph_fname_free_buffer(struct inode *parent,
|
|
struct fscrypt_str *fname)
|
|
{
|
|
}
|
|
|
|
static inline int ceph_fname_to_usr(const struct ceph_fname *fname,
|
|
struct fscrypt_str *tname,
|
|
struct fscrypt_str *oname, bool *is_nokey)
|
|
{
|
|
oname->name = fname->name;
|
|
oname->len = fname->name_len;
|
|
return 0;
|
|
}
|
|
|
|
static inline int ceph_fscrypt_prepare_readdir(struct inode *dir)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline void ceph_fscrypt_adjust_off_and_len(struct inode *inode,
|
|
u64 *off, u64 *len)
|
|
{
|
|
}
|
|
|
|
static inline int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode,
|
|
struct page *page, unsigned int len,
|
|
unsigned int offs, u64 lblk_num)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode,
|
|
struct page *page, unsigned int len,
|
|
unsigned int offs, u64 lblk_num,
|
|
gfp_t gfp_flags)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline int ceph_fscrypt_decrypt_pages(struct inode *inode,
|
|
struct page **page, u64 off,
|
|
int len)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline int ceph_fscrypt_decrypt_extents(struct inode *inode,
|
|
struct page **page, u64 off,
|
|
struct ceph_sparse_extent *map,
|
|
u32 ext_cnt)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline int ceph_fscrypt_encrypt_pages(struct inode *inode,
|
|
struct page **page, u64 off,
|
|
int len, gfp_t gfp)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline struct page *ceph_fscrypt_pagecache_page(struct page *page)
|
|
{
|
|
return page;
|
|
}
|
|
#endif /* CONFIG_FS_ENCRYPTION */
|
|
|
|
static inline loff_t ceph_fscrypt_page_offset(struct page *page)
|
|
{
|
|
return page_offset(ceph_fscrypt_pagecache_page(page));
|
|
}
|
|
|
|
#endif /* _CEPH_CRYPTO_H */
|