~hc/RK356X_SDK_RELEASE.git

..	..	@@ -14,17 +14,21 @@
14	14	#include <linux/fscrypt.h>
15	15	#include <linux/siphash.h>
16	16	#include <crypto/hash.h>
17		-#include <linux/bio-crypt-ctx.h>
	17	+#include <linux/blk-crypto.h>
18	18
19	19	#define CONST_STRLEN(str) (sizeof(str) - 1)
20	20
21		-#define FS_KEY_DERIVATION_NONCE_SIZE 16
	21	+#define FSCRYPT_FILE_NONCE_SIZE 16
22	22
23		-#define FSCRYPT_MIN_KEY_SIZE 16
	23	+#define FSCRYPT_MIN_KEY_SIZE 16
	24	+
24	25	#define FSCRYPT_MAX_HW_WRAPPED_KEY_SIZE 128
25	26
26	27	#define FSCRYPT_CONTEXT_V1 1
27	28	#define FSCRYPT_CONTEXT_V2 2
	29	+
	30	+/* Keep this in sync with include/uapi/linux/fscrypt.h */
	31	+#define FSCRYPT_MODE_MAX FSCRYPT_MODE_ADIANTUM
28	32
29	33	struct fscrypt_context_v1 {
30	34	u8 version; /* FSCRYPT_CONTEXT_V1 */
..	..	@@ -32,7 +36,7 @@
32	36	u8 filenames_encryption_mode;
33	37	u8 flags;
34	38	u8 master_key_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];
35		- u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
	39	+ u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
36	40	};
37	41
38	42	struct fscrypt_context_v2 {
..	..	@@ -42,7 +46,7 @@
42	46	u8 flags;
43	47	u8 __reserved[4];
44	48	u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];
45		- u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
	49	+ u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
46	50	};
47	51
48	52	/*
..	..	@@ -98,7 +102,6 @@
98	102	return NULL;
99	103	}
100	104
101		-#undef fscrypt_policy
102	105	union fscrypt_policy {
103	106	u8 version;
104	107	struct fscrypt_policy_v1 v1;
..	..	@@ -192,9 +195,9 @@
192	195	struct fscrypt_info {
193	196
194	197	/* The key in a form prepared for actual encryption/decryption */
195		- struct fscrypt_prepared_key ci_key;
	198	+ struct fscrypt_prepared_key ci_enc_key;
196	199
197		- /* True if the key should be freed when this fscrypt_info is freed */
	200	+ /* True if ci_enc_key should be freed when this fscrypt_info is freed */
198	201	bool ci_owns_key;
199	202
200	203	#ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
..	..	@@ -219,7 +222,16 @@
219	222	* will be NULL if the master key was found in a process-subscribed
220	223	* keyring rather than in the filesystem-level keyring.
221	224	*/
	225	+#ifdef __GENKSYMS__
	226	+ /*
	227	+ * Android ABI CRC preservation due to commit 391cceee6d43 ("fscrypt:
	228	+ * stop using keyrings subsystem for fscrypt_master_key") changing this
	229	+ * type. Size is the same, this is a private field.
	230	+ */
222	231	struct key *ci_master_key;
	232	+#else
	233	+ struct fscrypt_master_key *ci_master_key;
	234	+#endif
223	235
224	236	/*
225	237	* Link in list of inodes that were unlocked with the master key.
..	..	@@ -229,7 +241,7 @@
229	241
230	242	/*
231	243	* If non-NULL, then encryption is done using the master key directly
232		- * and ci_key will equal ci_direct_key->dk_key.
	244	+ * and ci_enc_key will equal ci_direct_key->dk_key.
233	245	*/
234	246	struct fscrypt_direct_key *ci_direct_key;
235	247
..	..	@@ -245,7 +257,7 @@
245	257	union fscrypt_policy ci_policy;
246	258
247	259	/* This inode's nonce, copied from the fscrypt_context */
248		- u8 ci_nonce[FS_KEY_DERIVATION_NONCE_SIZE];
	260	+ u8 ci_nonce[FSCRYPT_FILE_NONCE_SIZE];
249	261
250	262	/* Hashed inode number. Only set for IV_INO_LBLK_32 */
251	263	u32 ci_hashed_ino;
..	..	@@ -281,7 +293,7 @@
281	293	__le64 lblk_num;
282	294
283	295	/* per-file nonce; only set in DIRECT_KEY mode */
284		- u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
	296	+ u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
285	297	};
286	298	u8 raw[FSCRYPT_MAX_IV_SIZE];
287	299	__le64 dun[FSCRYPT_MAX_IV_SIZE / sizeof(__le64)];
..	..	@@ -293,8 +305,9 @@
293	305	/* fname.c */
294	306	int fscrypt_fname_encrypt(const struct inode inode, const struct qstr iname,
295	307	u8 *out, unsigned int olen);
296		-bool fscrypt_fname_encrypted_size(const struct inode *inode, u32 orig_len,
297		- u32 max_len, u32 *encrypted_len_ret);
	308	+bool fscrypt_fname_encrypted_size(const union fscrypt_policy *policy,
	309	+ u32 orig_len, u32 max_len,
	310	+ u32 *encrypted_len_ret);
298	311
299	312	/* hkdf.c */
300	313
..	..	@@ -312,13 +325,13 @@
312	325	* outputs are unique and cryptographically isolated, i.e. knowledge of one
313	326	* output doesn't reveal another.
314	327	*/
315		-#define HKDF_CONTEXT_KEY_IDENTIFIER 1
316		-#define HKDF_CONTEXT_PER_FILE_ENC_KEY 2
317		-#define HKDF_CONTEXT_DIRECT_KEY 3
318		-#define HKDF_CONTEXT_IV_INO_LBLK_64_KEY 4
319		-#define HKDF_CONTEXT_DIRHASH_KEY 5
320		-#define HKDF_CONTEXT_IV_INO_LBLK_32_KEY 6
321		-#define HKDF_CONTEXT_INODE_HASH_KEY 7
	328	+#define HKDF_CONTEXT_KEY_IDENTIFIER 1 /* info=<empty> */
	329	+#define HKDF_CONTEXT_PER_FILE_ENC_KEY 2 /* info=file_nonce */
	330	+#define HKDF_CONTEXT_DIRECT_KEY 3 /* info=mode_num */
	331	+#define HKDF_CONTEXT_IV_INO_LBLK_64_KEY 4 /* info=mode_num\|\|fs_uuid */
	332	+#define HKDF_CONTEXT_DIRHASH_KEY 5 /* info=file_nonce */
	333	+#define HKDF_CONTEXT_IV_INO_LBLK_32_KEY 6 /* info=mode_num\|\|fs_uuid */
	334	+#define HKDF_CONTEXT_INODE_HASH_KEY 7 /* info=<empty> */
322	335
323	336	int fscrypt_hkdf_expand(const struct fscrypt_hkdf *hkdf, u8 context,
324	337	const u8 *info, unsigned int infolen,
..	..	@@ -328,8 +341,8 @@
328	341
329	342	/* inline_crypt.c */
330	343	#ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
331		-extern int fscrypt_select_encryption_impl(struct fscrypt_info *ci,
332		- bool is_hw_wrapped_key);
	344	+int fscrypt_select_encryption_impl(struct fscrypt_info *ci,
	345	+ bool is_hw_wrapped_key);
333	346
334	347	static inline bool
335	348	fscrypt_using_inline_encryption(const struct fscrypt_info *ci)
..	..	@@ -337,15 +350,13 @@
337	350	return ci->ci_inlinecrypt;
338	351	}
339	352
340		-extern int fscrypt_prepare_inline_crypt_key(
341		- struct fscrypt_prepared_key *prep_key,
342		- const u8 *raw_key,
343		- unsigned int raw_key_size,
344		- bool is_hw_wrapped,
345		- const struct fscrypt_info *ci);
	353	+int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
	354	+ const u8 *raw_key,
	355	+ unsigned int raw_key_size,
	356	+ bool is_hw_wrapped,
	357	+ const struct fscrypt_info *ci);
346	358
347		-extern void fscrypt_destroy_inline_crypt_key(
348		- struct fscrypt_prepared_key *prep_key);
	359	+void fscrypt_destroy_inline_crypt_key(struct fscrypt_prepared_key *prep_key);
349	360
350	361	extern int fscrypt_derive_raw_secret(struct super_block *sb,
351	362	const u8 *wrapped_key,
..	..	@@ -382,8 +393,8 @@
382	393	return 0;
383	394	}
384	395
385		-static inline bool fscrypt_using_inline_encryption(
386		- const struct fscrypt_info *ci)
	396	+static inline bool
	397	+fscrypt_using_inline_encryption(const struct fscrypt_info *ci)
387	398	{
388	399	return false;
389	400	}
..	..	@@ -460,6 +471,40 @@
460	471	struct fscrypt_master_key {
461	472
462	473	/*
	474	+ * Back-pointer to the super_block of the filesystem to which this
	475	+ * master key has been added. Only valid if ->mk_active_refs > 0.
	476	+ */
	477	+ struct super_block *mk_sb;
	478	+
	479	+ /*
	480	+ * Link in ->mk_sb->s_master_keys->key_hashtable.
	481	+ * Only valid if ->mk_active_refs > 0.
	482	+ */
	483	+ struct hlist_node mk_node;
	484	+
	485	+ /* Semaphore that protects ->mk_secret and ->mk_users */
	486	+ struct rw_semaphore mk_sem;
	487	+
	488	+ /*
	489	+ * Active and structural reference counts. An active ref guarantees
	490	+ * that the struct continues to exist, continues to be in the keyring
	491	+ * ->mk_sb->s_master_keys, and that any embedded subkeys (e.g.
	492	+ * ->mk_direct_keys) that have been prepared continue to exist.
	493	+ * A structural ref only guarantees that the struct continues to exist.
	494	+ *
	495	+ * There is one active ref associated with ->mk_secret being present,
	496	+ * and one active ref for each inode in ->mk_decrypted_inodes.
	497	+ *
	498	+ * There is one structural ref associated with the active refcount being
	499	+ * nonzero. Finding a key in the keyring also takes a structural ref,
	500	+ * which is then held temporarily while the key is operated on.
	501	+ */
	502	+ refcount_t mk_active_refs;
	503	+ refcount_t mk_struct_refs;
	504	+
	505	+ struct rcu_head mk_rcu_head;
	506	+
	507	+ /*
463	508	* The secret key material. After FS_IOC_REMOVE_ENCRYPTION_KEY is
464	509	* executed, this is wiped and no new inodes can be unlocked with this
465	510	* key; however, there may still be inodes in ->mk_decrypted_inodes
..	..	@@ -467,16 +512,12 @@
467	512	* FS_IOC_REMOVE_ENCRYPTION_KEY can be retried, or
468	513	* FS_IOC_ADD_ENCRYPTION_KEY can add the secret again.
469	514	*
470		- * Locking: protected by key->sem (outer) and mk_secret_sem (inner).
471		- * The reason for two locks is that key->sem also protects modifying
472		- * mk_users, which ranks it above the semaphore for the keyring key
473		- * type, which is in turn above page faults (via keyring_read). But
474		- * sometimes filesystems call fscrypt_get_encryption_info() from within
475		- * a transaction, which ranks it below page faults. So we need a
476		- * separate lock which protects mk_secret but not also mk_users.
	515	+ * While ->mk_secret is present, one ref in ->mk_active_refs is held.
	516	+ *
	517	+ * Locking: protected by ->mk_sem. The manipulation of ->mk_active_refs
	518	+ * associated with this field is protected by ->mk_sem as well.
477	519	*/
478	520	struct fscrypt_master_key_secret mk_secret;
479		- struct rw_semaphore mk_secret_sem;
480	521
481	522	/*
482	523	* For v1 policy keys: an arbitrary key descriptor which was assigned by
..	..	@@ -495,21 +536,11 @@
495	536	*
496	537	* This is NULL for v1 policy keys; those can only be added by root.
497	538	*
498		- * Locking: in addition to this keyrings own semaphore, this is
499		- * protected by the master key's key->sem, so we can do atomic
500		- * search+insert. It can also be searched without taking any locks, but
501		- * in that case the returned key may have already been removed.
	539	+ * Locking: protected by ->mk_sem. (We don't just rely on the keyrings
	540	+ * subsystem semaphore ->mk_users->sem, as we need support for atomic
	541	+ * search+insert along with proper synchronization with ->mk_secret.)
502	542	*/
503	543	struct key *mk_users;
504		-
505		- /*
506		- * Length of ->mk_decrypted_inodes, plus one if mk_secret is present.
507		- * Once this goes to 0, the master key is removed from ->s_master_keys.
508		- * The 'struct fscrypt_master_key' will continue to live as long as the
509		- * 'struct key' whose payload it is, but we won't let this reference
510		- * count rise again.
511		- */
512		- refcount_t mk_refcount;
513	544
514	545	/*
515	546	* List of inodes that were unlocked using this key. This allows the
..	..	@@ -522,9 +553,9 @@
522	553	* Per-mode encryption keys for the various types of encryption policies
523	554	* that use them. Allocated and derived on-demand.
524	555	*/
525		- struct fscrypt_prepared_key mk_direct_keys[__FSCRYPT_MODE_MAX + 1];
526		- struct fscrypt_prepared_key mk_iv_ino_lblk_64_keys[__FSCRYPT_MODE_MAX + 1];
527		- struct fscrypt_prepared_key mk_iv_ino_lblk_32_keys[__FSCRYPT_MODE_MAX + 1];
	556	+ struct fscrypt_prepared_key mk_direct_keys[FSCRYPT_MODE_MAX + 1];
	557	+ struct fscrypt_prepared_key mk_iv_ino_lblk_64_keys[FSCRYPT_MODE_MAX + 1];
	558	+ struct fscrypt_prepared_key mk_iv_ino_lblk_32_keys[FSCRYPT_MODE_MAX + 1];
528	559
529	560	/* Hash key for inode numbers. Initialized only when needed. */
530	561	siphash_key_t mk_ino_hash_key;
..	..	@@ -536,11 +567,11 @@
536	567	is_master_key_secret_present(const struct fscrypt_master_key_secret *secret)
537	568	{
538	569	/*
539		- * The READ_ONCE() is only necessary for fscrypt_drop_inode() and
540		- * fscrypt_key_describe(). These run in atomic context, so they can't
541		- * take ->mk_secret_sem and thus 'secret' can change concurrently which
542		- * would be a data race. But they only need to know whether the secret
543		- * was present at the time of check, so READ_ONCE() suffices.
	570	+ * The READ_ONCE() is only necessary for fscrypt_drop_inode().
	571	+ * fscrypt_drop_inode() runs in atomic context, so it can't take the key
	572	+ * semaphore and thus 'secret' can change concurrently which would be a
	573	+ * data race. But fscrypt_drop_inode() only need to know whether the
	574	+ * secret was present at the time of check, so READ_ONCE() suffices.
544	575	*/
545	576	return READ_ONCE(secret->size) != 0;
546	577	}
..	..	@@ -568,7 +599,11 @@
568	599	return 0;
569	600	}
570	601
571		-struct key *
	602	+void fscrypt_put_master_key(struct fscrypt_master_key *mk);
	603	+
	604	+void fscrypt_put_master_key_activeref(struct fscrypt_master_key *mk);
	605	+
	606	+struct fscrypt_master_key *
572	607	fscrypt_find_master_key(struct super_block *sb,
573	608	const struct fscrypt_key_specifier *mk_spec);
574	609
..	..	@@ -585,8 +620,9 @@
585	620	struct fscrypt_mode {
586	621	const char *friendly_name;
587	622	const char *cipher_str;
588		- int keysize;
589		- int ivsize;
	623	+ int keysize; /* key size in bytes */
	624	+ int security_strength; /* security strength in bytes */
	625	+ int ivsize; /* IV size in bytes */
590	626	int logged_impl_name;
591	627	enum blk_crypto_mode_num blk_crypto_mode;
592	628	};
..	..	@@ -603,6 +639,37 @@
603	639
604	640	int fscrypt_derive_dirhash_key(struct fscrypt_info *ci,
605	641	const struct fscrypt_master_key *mk);
	642	+
	643	+void fscrypt_hash_inode_number(struct fscrypt_info *ci,
	644	+ const struct fscrypt_master_key *mk);
	645	+
	646	+int fscrypt_get_encryption_info(struct inode *inode, bool allow_unsupported);
	647	+
	648	+/**
	649	+ * fscrypt_require_key() - require an inode's encryption key
	650	+ * @inode: the inode we need the key for
	651	+ *
	652	+ * If the inode is encrypted, set up its encryption key if not already done.
	653	+ * Then require that the key be present and return -ENOKEY otherwise.
	654	+ *
	655	+ * No locks are needed, and the key will live as long as the struct inode --- so
	656	+ * it won't go away from under you.
	657	+ *
	658	+ * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
	659	+ * if a problem occurred while setting up the encryption key.
	660	+ */
	661	+static inline int fscrypt_require_key(struct inode *inode)
	662	+{
	663	+ if (IS_ENCRYPTED(inode)) {
	664	+ int err = fscrypt_get_encryption_info(inode, false);
	665	+
	666	+ if (err)
	667	+ return err;
	668	+ if (!fscrypt_has_encryption_key(inode))
	669	+ return -ENOKEY;
	670	+ }
	671	+ return 0;
	672	+}
606	673
607	674	/* keysetup_v1.c */
608	675
..	..	@@ -622,5 +689,6 @@
622	689	int fscrypt_policy_from_context(union fscrypt_policy *policy_u,
623	690	const union fscrypt_context *ctx_u,
624	691	int ctx_size);
	692	+const union fscrypt_policy fscrypt_policy_to_inherit(struct inode dir);
625	693
626	694	#endif /* _FSCRYPT_PRIVATE_H */