mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-25 03:46:17 +00:00
3fd945a79e
Allow ceph_mdsc_build_path to encrypt and base64 encode the filename when the parent is encrypted and we're sending the path to the MDS. In a similar fashion, encode encrypted dentry names if including a dentry release in a request. In most cases, we just encrypt the filenames and base64 encode them, but when the name is longer than CEPH_NOHASH_NAME_MAX, we use a similar scheme to fscrypt proper, and hash the remaning bits with sha256. When doing this, we then send along the full crypttext of the name in the new alternate_name field of the MClientRequest. The MDS can then send that along in readdir responses and traces. [ idryomov: drop duplicate include reported by Abaci Robot ] Signed-off-by: Jeff Layton <jlayton@kernel.org> Reviewed-by: Xiubo Li <xiubli@redhat.com> Reviewed-and-tested-by: Luís Henriques <lhenriques@suse.de> Reviewed-by: Milind Changire <mchangir@redhat.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
246 lines
6 KiB
C
246 lines
6 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* The base64 encode/decode code was copied from fscrypt:
|
|
* Copyright (C) 2015, Google, Inc.
|
|
* Copyright (C) 2015, Motorola Mobility
|
|
* Written by Uday Savagaonkar, 2014.
|
|
* Modified by Jaegeuk Kim, 2015.
|
|
*/
|
|
#include <linux/ceph/ceph_debug.h>
|
|
#include <linux/xattr.h>
|
|
#include <linux/fscrypt.h>
|
|
|
|
#include "super.h"
|
|
#include "mds_client.h"
|
|
#include "crypto.h"
|
|
|
|
/*
|
|
* The base64url encoding used by fscrypt includes the '_' character, which may
|
|
* cause problems in snapshot names (which can not start with '_'). Thus, we
|
|
* used the base64 encoding defined for IMAP mailbox names (RFC 3501) instead,
|
|
* which replaces '-' and '_' by '+' and ','.
|
|
*/
|
|
static const char base64_table[65] =
|
|
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,";
|
|
|
|
int ceph_base64_encode(const u8 *src, int srclen, char *dst)
|
|
{
|
|
u32 ac = 0;
|
|
int bits = 0;
|
|
int i;
|
|
char *cp = dst;
|
|
|
|
for (i = 0; i < srclen; i++) {
|
|
ac = (ac << 8) | src[i];
|
|
bits += 8;
|
|
do {
|
|
bits -= 6;
|
|
*cp++ = base64_table[(ac >> bits) & 0x3f];
|
|
} while (bits >= 6);
|
|
}
|
|
if (bits)
|
|
*cp++ = base64_table[(ac << (6 - bits)) & 0x3f];
|
|
return cp - dst;
|
|
}
|
|
|
|
int ceph_base64_decode(const char *src, int srclen, u8 *dst)
|
|
{
|
|
u32 ac = 0;
|
|
int bits = 0;
|
|
int i;
|
|
u8 *bp = dst;
|
|
|
|
for (i = 0; i < srclen; i++) {
|
|
const char *p = strchr(base64_table, src[i]);
|
|
|
|
if (p == NULL || src[i] == 0)
|
|
return -1;
|
|
ac = (ac << 6) | (p - base64_table);
|
|
bits += 6;
|
|
if (bits >= 8) {
|
|
bits -= 8;
|
|
*bp++ = (u8)(ac >> bits);
|
|
}
|
|
}
|
|
if (ac & ((1 << bits) - 1))
|
|
return -1;
|
|
return bp - dst;
|
|
}
|
|
|
|
static int ceph_crypt_get_context(struct inode *inode, void *ctx, size_t len)
|
|
{
|
|
struct ceph_inode_info *ci = ceph_inode(inode);
|
|
struct ceph_fscrypt_auth *cfa = (struct ceph_fscrypt_auth *)ci->fscrypt_auth;
|
|
u32 ctxlen;
|
|
|
|
/* Non existent or too short? */
|
|
if (!cfa || (ci->fscrypt_auth_len < (offsetof(struct ceph_fscrypt_auth, cfa_blob) + 1)))
|
|
return -ENOBUFS;
|
|
|
|
/* Some format we don't recognize? */
|
|
if (le32_to_cpu(cfa->cfa_version) != CEPH_FSCRYPT_AUTH_VERSION)
|
|
return -ENOBUFS;
|
|
|
|
ctxlen = le32_to_cpu(cfa->cfa_blob_len);
|
|
if (len < ctxlen)
|
|
return -ERANGE;
|
|
|
|
memcpy(ctx, cfa->cfa_blob, ctxlen);
|
|
return ctxlen;
|
|
}
|
|
|
|
static int ceph_crypt_set_context(struct inode *inode, const void *ctx,
|
|
size_t len, void *fs_data)
|
|
{
|
|
int ret;
|
|
struct iattr attr = { };
|
|
struct ceph_iattr cia = { };
|
|
struct ceph_fscrypt_auth *cfa;
|
|
|
|
WARN_ON_ONCE(fs_data);
|
|
|
|
if (len > FSCRYPT_SET_CONTEXT_MAX_SIZE)
|
|
return -EINVAL;
|
|
|
|
cfa = kzalloc(sizeof(*cfa), GFP_KERNEL);
|
|
if (!cfa)
|
|
return -ENOMEM;
|
|
|
|
cfa->cfa_version = cpu_to_le32(CEPH_FSCRYPT_AUTH_VERSION);
|
|
cfa->cfa_blob_len = cpu_to_le32(len);
|
|
memcpy(cfa->cfa_blob, ctx, len);
|
|
|
|
cia.fscrypt_auth = cfa;
|
|
|
|
ret = __ceph_setattr(inode, &attr, &cia);
|
|
if (ret == 0)
|
|
inode_set_flags(inode, S_ENCRYPTED, S_ENCRYPTED);
|
|
kfree(cia.fscrypt_auth);
|
|
return ret;
|
|
}
|
|
|
|
static bool ceph_crypt_empty_dir(struct inode *inode)
|
|
{
|
|
struct ceph_inode_info *ci = ceph_inode(inode);
|
|
|
|
return ci->i_rsubdirs + ci->i_rfiles == 1;
|
|
}
|
|
|
|
static const union fscrypt_policy *ceph_get_dummy_policy(struct super_block *sb)
|
|
{
|
|
return ceph_sb_to_client(sb)->fsc_dummy_enc_policy.policy;
|
|
}
|
|
|
|
static struct fscrypt_operations ceph_fscrypt_ops = {
|
|
.get_context = ceph_crypt_get_context,
|
|
.set_context = ceph_crypt_set_context,
|
|
.get_dummy_policy = ceph_get_dummy_policy,
|
|
.empty_dir = ceph_crypt_empty_dir,
|
|
};
|
|
|
|
void ceph_fscrypt_set_ops(struct super_block *sb)
|
|
{
|
|
fscrypt_set_ops(sb, &ceph_fscrypt_ops);
|
|
}
|
|
|
|
void ceph_fscrypt_free_dummy_policy(struct ceph_fs_client *fsc)
|
|
{
|
|
fscrypt_free_dummy_policy(&fsc->fsc_dummy_enc_policy);
|
|
}
|
|
|
|
int ceph_fscrypt_prepare_context(struct inode *dir, struct inode *inode,
|
|
struct ceph_acl_sec_ctx *as)
|
|
{
|
|
int ret, ctxsize;
|
|
bool encrypted = false;
|
|
struct ceph_inode_info *ci = ceph_inode(inode);
|
|
|
|
ret = fscrypt_prepare_new_inode(dir, inode, &encrypted);
|
|
if (ret)
|
|
return ret;
|
|
if (!encrypted)
|
|
return 0;
|
|
|
|
as->fscrypt_auth = kzalloc(sizeof(*as->fscrypt_auth), GFP_KERNEL);
|
|
if (!as->fscrypt_auth)
|
|
return -ENOMEM;
|
|
|
|
ctxsize = fscrypt_context_for_new_inode(as->fscrypt_auth->cfa_blob,
|
|
inode);
|
|
if (ctxsize < 0)
|
|
return ctxsize;
|
|
|
|
as->fscrypt_auth->cfa_version = cpu_to_le32(CEPH_FSCRYPT_AUTH_VERSION);
|
|
as->fscrypt_auth->cfa_blob_len = cpu_to_le32(ctxsize);
|
|
|
|
WARN_ON_ONCE(ci->fscrypt_auth);
|
|
kfree(ci->fscrypt_auth);
|
|
ci->fscrypt_auth_len = ceph_fscrypt_auth_len(as->fscrypt_auth);
|
|
ci->fscrypt_auth = kmemdup(as->fscrypt_auth, ci->fscrypt_auth_len,
|
|
GFP_KERNEL);
|
|
if (!ci->fscrypt_auth)
|
|
return -ENOMEM;
|
|
|
|
inode->i_flags |= S_ENCRYPTED;
|
|
|
|
return 0;
|
|
}
|
|
|
|
void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req,
|
|
struct ceph_acl_sec_ctx *as)
|
|
{
|
|
swap(req->r_fscrypt_auth, as->fscrypt_auth);
|
|
}
|
|
|
|
int ceph_encode_encrypted_fname(const struct inode *parent,
|
|
struct dentry *dentry, char *buf)
|
|
{
|
|
u32 len;
|
|
int elen;
|
|
int ret;
|
|
u8 *cryptbuf;
|
|
|
|
WARN_ON_ONCE(!fscrypt_has_encryption_key(parent));
|
|
|
|
/*
|
|
* Convert cleartext d_name to ciphertext. If result is longer than
|
|
* CEPH_NOHASH_NAME_MAX, sha256 the remaining bytes
|
|
*
|
|
* See: fscrypt_setup_filename
|
|
*/
|
|
if (!fscrypt_fname_encrypted_size(parent, dentry->d_name.len, NAME_MAX,
|
|
&len))
|
|
return -ENAMETOOLONG;
|
|
|
|
/* Allocate a buffer appropriate to hold the result */
|
|
cryptbuf = kmalloc(len > CEPH_NOHASH_NAME_MAX ? NAME_MAX : len,
|
|
GFP_KERNEL);
|
|
if (!cryptbuf)
|
|
return -ENOMEM;
|
|
|
|
ret = fscrypt_fname_encrypt(parent, &dentry->d_name, cryptbuf, len);
|
|
if (ret) {
|
|
kfree(cryptbuf);
|
|
return ret;
|
|
}
|
|
|
|
/* hash the end if the name is long enough */
|
|
if (len > CEPH_NOHASH_NAME_MAX) {
|
|
u8 hash[SHA256_DIGEST_SIZE];
|
|
u8 *extra = cryptbuf + CEPH_NOHASH_NAME_MAX;
|
|
|
|
/*
|
|
* hash the extra bytes and overwrite crypttext beyond that
|
|
* point with it
|
|
*/
|
|
sha256(extra, len - CEPH_NOHASH_NAME_MAX, hash);
|
|
memcpy(extra, hash, SHA256_DIGEST_SIZE);
|
|
len = CEPH_NOHASH_NAME_MAX + SHA256_DIGEST_SIZE;
|
|
}
|
|
|
|
/* base64 encode the encrypted name */
|
|
elen = ceph_base64_encode(cryptbuf, len, buf);
|
|
kfree(cryptbuf);
|
|
dout("base64-encoded ciphertext name = %.*s\n", elen, buf);
|
|
return elen;
|
|
}
|