fs/ubifs/crypto.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 #include "ubifs.h"
   3
   4 static int ubifs_crypt_get_context(struct inode *inode, void *ctx, size_t len)
   5 {
   6         return ubifs_xattr_get(inode, UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT,
   7                                ctx, len);
   8 }
   9
  10 static int ubifs_crypt_set_context(struct inode *inode, const void *ctx,
  11                                    size_t len, void *fs_data)
  12 {
  13         /*
  14          * Creating an encryption context is done unlocked since we
  15          * operate on a new inode which is not visible to other users
  16          * at this point. So, no need to check whether inode is locked.
  17          */
  18         return ubifs_xattr_set(inode, UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT,
  19                                ctx, len, 0, false);
  20 }
  21
  22 static bool ubifs_crypt_empty_dir(struct inode *inode)
  23 {
  24         return ubifs_check_dir_empty(inode) == 0;
  25 }
  26
  27 /**
  28  * ubifs_encrypt - Encrypt data.
  29  * @inode: inode which refers to the data node
  30  * @dn: data node to encrypt
  31  * @in_len: length of data to be compressed
  32  * @out_len: allocated memory size for the data area of @dn
  33  * @block: logical block number of the block
  34  *
  35  * This function encrypt a possibly-compressed data in the data node.
  36  * The encrypted data length will store in @out_len.
  37  */
  38 int ubifs_encrypt(const struct inode *inode, struct ubifs_data_node *dn,
  39                   unsigned int in_len, unsigned int *out_len, int block)
  40 {
  41         struct ubifs_info *c = inode->i_sb->s_fs_info;
  42         void *p = &dn->data;
  43         unsigned int pad_len = round_up(in_len, UBIFS_CIPHER_BLOCK_SIZE);
  44         int err;
  45
  46         ubifs_assert(c, pad_len <= *out_len);
  47         dn->compr_size = cpu_to_le16(in_len);
  48
  49         /* pad to full block cipher length */
  50         if (pad_len != in_len)
  51                 memset(p + in_len, 0, pad_len - in_len);
  52
  53         err = fscrypt_encrypt_block_inplace(inode, virt_to_page(p), pad_len,
  54                                             offset_in_page(p), block, GFP_NOFS);
  55         if (err) {
  56                 ubifs_err(c, "fscrypt_encrypt_block_inplace() failed: %d", err);
  57                 return err;
  58         }
  59         *out_len = pad_len;
  60
  61         return 0;
  62 }
  63
  64 int ubifs_decrypt(const struct inode *inode, struct ubifs_data_node *dn,
  65                   unsigned int *out_len, int block)
  66 {
  67         struct ubifs_info *c = inode->i_sb->s_fs_info;
  68         int err;
  69         unsigned int clen = le16_to_cpu(dn->compr_size);
  70         unsigned int dlen = *out_len;
  71
  72         if (clen <= 0 || clen > UBIFS_BLOCK_SIZE || clen > dlen) {
  73                 ubifs_err(c, "bad compr_size: %i", clen);
  74                 return -EINVAL;
  75         }
  76
  77         ubifs_assert(c, dlen <= UBIFS_BLOCK_SIZE);
  78         err = fscrypt_decrypt_block_inplace(inode, virt_to_page(&dn->data),
  79                                             dlen, offset_in_page(&dn->data),
  80                                             block);
  81         if (err) {
  82                 ubifs_err(c, "fscrypt_decrypt_block_inplace() failed: %d", err);
  83                 return err;
  84         }
  85         *out_len = clen;
  86
  87         return 0;
  88 }
  89
  90 const struct fscrypt_operations ubifs_crypt_operations = {
  91         .legacy_key_prefix      = "ubifs:",
  92         .get_context            = ubifs_crypt_get_context,
  93         .set_context            = ubifs_crypt_set_context,
  94         .empty_dir              = ubifs_crypt_empty_dir,
  95 };