fs/ubifs/crypto.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 #include "ubifs.h"
   3
   4 static int ubifs_crypt_get_context(struct inode *inode, void *ctx, size_t len)
   5 {
   6         return ubifs_xattr_get(inode, UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT,
   7                                ctx, len);
   8 }
   9
  10 static int ubifs_crypt_set_context(struct inode *inode, const void *ctx,
  11                                    size_t len, void *fs_data)
  12 {
  13         /*
  14          * Creating an encryption context is done unlocked since we
  15          * operate on a new inode which is not visible to other users
  16          * at this point. So, no need to check whether inode is locked.
  17          */
  18         return ubifs_xattr_set(inode, UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT,
  19                                ctx, len, 0, false);
  20 }
  21
  22 static bool ubifs_crypt_empty_dir(struct inode *inode)
  23 {
  24         return ubifs_check_dir_empty(inode) == 0;
  25 }
  26
  27 int ubifs_encrypt(const struct inode *inode, struct ubifs_data_node *dn,
  28                   unsigned int in_len, unsigned int *out_len, int block)
  29 {
  30         struct ubifs_info *c = inode->i_sb->s_fs_info;
  31         void *p = &dn->data;
  32         unsigned int pad_len = round_up(in_len, UBIFS_CIPHER_BLOCK_SIZE);
  33         int err;
  34
  35         ubifs_assert(c, pad_len <= *out_len);
  36         dn->compr_size = cpu_to_le16(in_len);
  37
  38         /* pad to full block cipher length */
  39         if (pad_len != in_len)
  40                 memset(p + in_len, 0, pad_len - in_len);
  41
  42         err = fscrypt_encrypt_block_inplace(inode, virt_to_page(p), pad_len,
  43                                             offset_in_page(p), block, GFP_NOFS);
  44         if (err) {
  45                 ubifs_err(c, "fscrypt_encrypt_block_inplace() failed: %d", err);
  46                 return err;
  47         }
  48         *out_len = pad_len;
  49
  50         return 0;
  51 }
  52
  53 int ubifs_decrypt(const struct inode *inode, struct ubifs_data_node *dn,
  54                   unsigned int *out_len, int block)
  55 {
  56         struct ubifs_info *c = inode->i_sb->s_fs_info;
  57         int err;
  58         unsigned int clen = le16_to_cpu(dn->compr_size);
  59         unsigned int dlen = *out_len;
  60
  61         if (clen <= 0 || clen > UBIFS_BLOCK_SIZE || clen > dlen) {
  62                 ubifs_err(c, "bad compr_size: %i", clen);
  63                 return -EINVAL;
  64         }
  65
  66         ubifs_assert(c, dlen <= UBIFS_BLOCK_SIZE);
  67         err = fscrypt_decrypt_block_inplace(inode, virt_to_page(&dn->data),
  68                                             dlen, offset_in_page(&dn->data),
  69                                             block);
  70         if (err) {
  71                 ubifs_err(c, "fscrypt_decrypt_block_inplace() failed: %d", err);
  72                 return err;
  73         }
  74         *out_len = clen;
  75
  76         return 0;
  77 }
  78
  79 const struct fscrypt_operations ubifs_crypt_operations = {
  80         .flags                  = FS_CFLG_OWN_PAGES,
  81         .key_prefix             = "ubifs:",
  82         .get_context            = ubifs_crypt_get_context,
  83         .set_context            = ubifs_crypt_set_context,
  84         .empty_dir              = ubifs_crypt_empty_dir,
  85         .max_namelen            = UBIFS_MAX_NLEN,
  86 };