2 * linux/fs/ext4/crypto_policy.c
4 * Copyright (C) 2015, Google, Inc.
6 * This contains encryption policy functions for ext4
8 * Written by Michael Halcrow, 2015.
11 #include <linux/random.h>
12 #include <linux/string.h>
13 #include <linux/types.h>
18 static int ext4_inode_has_encryption_context(struct inode *inode)
20 int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
21 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, NULL, 0);
26 * check whether the policy is consistent with the encryption context
29 static int ext4_is_encryption_context_consistent_with_policy(
30 struct inode *inode, const struct ext4_encryption_policy *policy)
32 struct ext4_encryption_context ctx;
33 int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
34 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
36 if (res != sizeof(ctx))
38 return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor,
39 EXT4_KEY_DESCRIPTOR_SIZE) == 0 &&
40 (ctx.contents_encryption_mode ==
41 policy->contents_encryption_mode) &&
42 (ctx.filenames_encryption_mode ==
43 policy->filenames_encryption_mode));
46 static int ext4_create_encryption_context_from_policy(
47 struct inode *inode, const struct ext4_encryption_policy *policy)
49 struct ext4_encryption_context ctx;
52 ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1;
53 memcpy(ctx.master_key_descriptor, policy->master_key_descriptor,
54 EXT4_KEY_DESCRIPTOR_SIZE);
55 if (!ext4_valid_contents_enc_mode(policy->contents_encryption_mode)) {
57 "%s: Invalid contents encryption mode %d\n", __func__,
58 policy->contents_encryption_mode);
62 if (!ext4_valid_filenames_enc_mode(policy->filenames_encryption_mode)) {
64 "%s: Invalid filenames encryption mode %d\n", __func__,
65 policy->filenames_encryption_mode);
69 ctx.contents_encryption_mode = policy->contents_encryption_mode;
70 ctx.filenames_encryption_mode = policy->filenames_encryption_mode;
71 BUILD_BUG_ON(sizeof(ctx.nonce) != EXT4_KEY_DERIVATION_NONCE_SIZE);
72 get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE);
74 res = ext4_xattr_set(inode, EXT4_XATTR_INDEX_ENCRYPTION,
75 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
79 ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
83 int ext4_process_policy(const struct ext4_encryption_policy *policy,
86 if (policy->version != 0)
89 if (!ext4_inode_has_encryption_context(inode)) {
90 if (!ext4_empty_dir(inode))
92 return ext4_create_encryption_context_from_policy(inode,
96 if (ext4_is_encryption_context_consistent_with_policy(inode, policy))
99 printk(KERN_WARNING "%s: Policy inconsistent with encryption context\n",
104 int ext4_get_policy(struct inode *inode, struct ext4_encryption_policy *policy)
106 struct ext4_encryption_context ctx;
108 int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
109 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
111 if (res != sizeof(ctx))
113 if (ctx.format != EXT4_ENCRYPTION_CONTEXT_FORMAT_V1)
116 policy->contents_encryption_mode = ctx.contents_encryption_mode;
117 policy->filenames_encryption_mode = ctx.filenames_encryption_mode;
118 memcpy(&policy->master_key_descriptor, ctx.master_key_descriptor,
119 EXT4_KEY_DESCRIPTOR_SIZE);
123 int ext4_is_child_context_consistent_with_parent(struct inode *parent,
126 struct ext4_encryption_context parent_ctx, child_ctx;
129 if ((parent == NULL) || (child == NULL)) {
130 pr_err("parent %p child %p\n", parent, child);
133 /* no restrictions if the parent directory is not encrypted */
134 if (!ext4_encrypted_inode(parent))
136 res = ext4_xattr_get(parent, EXT4_XATTR_INDEX_ENCRYPTION,
137 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
138 &parent_ctx, sizeof(parent_ctx));
139 if (res != sizeof(parent_ctx))
141 /* if the child directory is not encrypted, this is always a problem */
142 if (!ext4_encrypted_inode(child))
144 res = ext4_xattr_get(child, EXT4_XATTR_INDEX_ENCRYPTION,
145 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
146 &child_ctx, sizeof(child_ctx));
147 if (res != sizeof(child_ctx))
149 return (memcmp(parent_ctx.master_key_descriptor,
150 child_ctx.master_key_descriptor,
151 EXT4_KEY_DESCRIPTOR_SIZE) == 0 &&
152 (parent_ctx.contents_encryption_mode ==
153 child_ctx.contents_encryption_mode) &&
154 (parent_ctx.filenames_encryption_mode ==
155 child_ctx.filenames_encryption_mode));
159 * ext4_inherit_context() - Sets a child context from its parent
160 * @parent: Parent inode from which the context is inherited.
161 * @child: Child inode that inherits the context from @parent.
163 * Return: Zero on success, non-zero otherwise
165 int ext4_inherit_context(struct inode *parent, struct inode *child)
167 struct ext4_encryption_context ctx;
168 int res = ext4_xattr_get(parent, EXT4_XATTR_INDEX_ENCRYPTION,
169 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
172 if (res != sizeof(ctx)) {
173 if (DUMMY_ENCRYPTION_ENABLED(EXT4_SB(parent->i_sb))) {
174 ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1;
175 ctx.contents_encryption_mode =
176 EXT4_ENCRYPTION_MODE_AES_256_XTS;
177 ctx.filenames_encryption_mode =
178 EXT4_ENCRYPTION_MODE_AES_256_CTS;
179 memset(ctx.master_key_descriptor, 0x42,
180 EXT4_KEY_DESCRIPTOR_SIZE);
186 get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE);
187 res = ext4_xattr_set(child, EXT4_XATTR_INDEX_ENCRYPTION,
188 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
192 ext4_set_inode_flag(child, EXT4_INODE_ENCRYPT);