fs/ext4/crypto_policy.c

   1 /*
   2  * linux/fs/ext4/crypto_policy.c
   3  *
   4  * Copyright (C) 2015, Google, Inc.
   5  *
   6  * This contains encryption policy functions for ext4
   7  *
   8  * Written by Michael Halcrow, 2015.
   9  */
  10
  11 #include <linux/random.h>
  12 #include <linux/string.h>
  13 #include <linux/types.h>
  14
  15 #include "ext4.h"
  16 #include "xattr.h"
  17
  18 static int ext4_inode_has_encryption_context(struct inode *inode)
  19 {
  20         int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
  21                                  EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, NULL, 0);
  22         return (res > 0);
  23 }
  24
  25 /*
  26  * check whether the policy is consistent with the encryption context
  27  * for the inode
  28  */
  29 static int ext4_is_encryption_context_consistent_with_policy(
  30         struct inode *inode, const struct ext4_encryption_policy *policy)
  31 {
  32         struct ext4_encryption_context ctx;
  33         int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
  34                                  EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
  35                                  sizeof(ctx));
  36         if (res != sizeof(ctx))
  37                 return 0;
  38         return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor,
  39                         EXT4_KEY_DESCRIPTOR_SIZE) == 0 &&
  40                 (ctx.contents_encryption_mode ==
  41                  policy->contents_encryption_mode) &&
  42                 (ctx.filenames_encryption_mode ==
  43                  policy->filenames_encryption_mode));
  44 }
  45
  46 static int ext4_create_encryption_context_from_policy(
  47         struct inode *inode, const struct ext4_encryption_policy *policy)
  48 {
  49         struct ext4_encryption_context ctx;
  50         int res = 0;
  51
  52         ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1;
  53         memcpy(ctx.master_key_descriptor, policy->master_key_descriptor,
  54                EXT4_KEY_DESCRIPTOR_SIZE);
  55         if (!ext4_valid_contents_enc_mode(policy->contents_encryption_mode)) {
  56                 printk(KERN_WARNING
  57                        "%s: Invalid contents encryption mode %d\n", __func__,
  58                         policy->contents_encryption_mode);
  59                 res = -EINVAL;
  60                 goto out;
  61         }
  62         if (!ext4_valid_filenames_enc_mode(policy->filenames_encryption_mode)) {
  63                 printk(KERN_WARNING
  64                        "%s: Invalid filenames encryption mode %d\n", __func__,
  65                         policy->filenames_encryption_mode);
  66                 res = -EINVAL;
  67                 goto out;
  68         }
  69         ctx.contents_encryption_mode = policy->contents_encryption_mode;
  70         ctx.filenames_encryption_mode = policy->filenames_encryption_mode;
  71         BUILD_BUG_ON(sizeof(ctx.nonce) != EXT4_KEY_DERIVATION_NONCE_SIZE);
  72         get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE);
  73
  74         res = ext4_xattr_set(inode, EXT4_XATTR_INDEX_ENCRYPTION,
  75                              EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
  76                              sizeof(ctx), 0);
  77 out:
  78         if (!res)
  79                 ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
  80         return res;
  81 }
  82
  83 int ext4_process_policy(const struct ext4_encryption_policy *policy,
  84                         struct inode *inode)
  85 {
  86         if (policy->version != 0)
  87                 return -EINVAL;
  88
  89         if (!ext4_inode_has_encryption_context(inode)) {
  90                 if (!ext4_empty_dir(inode))
  91                         return -ENOTEMPTY;
  92                 return ext4_create_encryption_context_from_policy(inode,
  93                                                                   policy);
  94         }
  95
  96         if (ext4_is_encryption_context_consistent_with_policy(inode, policy))
  97                 return 0;
  98
  99         printk(KERN_WARNING "%s: Policy inconsistent with encryption context\n",
 100                __func__);
 101         return -EINVAL;
 102 }
 103
 104 int ext4_get_policy(struct inode *inode, struct ext4_encryption_policy *policy)
 105 {
 106         struct ext4_encryption_context ctx;
 107
 108         int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
 109                                  EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
 110                                  &ctx, sizeof(ctx));
 111         if (res != sizeof(ctx))
 112                 return -ENOENT;
 113         if (ctx.format != EXT4_ENCRYPTION_CONTEXT_FORMAT_V1)
 114                 return -EINVAL;
 115         policy->version = 0;
 116         policy->contents_encryption_mode = ctx.contents_encryption_mode;
 117         policy->filenames_encryption_mode = ctx.filenames_encryption_mode;
 118         memcpy(&policy->master_key_descriptor, ctx.master_key_descriptor,
 119                EXT4_KEY_DESCRIPTOR_SIZE);
 120         return 0;
 121 }
 122
 123 int ext4_is_child_context_consistent_with_parent(struct inode *parent,
 124                                                  struct inode *child)
 125 {
 126         struct ext4_encryption_context parent_ctx, child_ctx;
 127         int res;
 128
 129         if ((parent == NULL) || (child == NULL)) {
 130                 pr_err("parent %p child %p\n", parent, child);
 131                 BUG_ON(1);
 132         }
 133         /* no restrictions if the parent directory is not encrypted */
 134         if (!ext4_encrypted_inode(parent))
 135                 return 1;
 136         res = ext4_xattr_get(parent, EXT4_XATTR_INDEX_ENCRYPTION,
 137                              EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
 138                              &parent_ctx, sizeof(parent_ctx));
 139         if (res != sizeof(parent_ctx))
 140                 return 0;
 141         /* if the child directory is not encrypted, this is always a problem */
 142         if (!ext4_encrypted_inode(child))
 143                 return 0;
 144         res = ext4_xattr_get(child, EXT4_XATTR_INDEX_ENCRYPTION,
 145                              EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
 146                              &child_ctx, sizeof(child_ctx));
 147         if (res != sizeof(child_ctx))
 148                 return 0;
 149         return (memcmp(parent_ctx.master_key_descriptor,
 150                        child_ctx.master_key_descriptor,
 151                        EXT4_KEY_DESCRIPTOR_SIZE) == 0 &&
 152                 (parent_ctx.contents_encryption_mode ==
 153                  child_ctx.contents_encryption_mode) &&
 154                 (parent_ctx.filenames_encryption_mode ==
 155                  child_ctx.filenames_encryption_mode));
 156 }
 157
 158 /**
 159  * ext4_inherit_context() - Sets a child context from its parent
 160  * @parent: Parent inode from which the context is inherited.
 161  * @child:  Child inode that inherits the context from @parent.
 162  *
 163  * Return: Zero on success, non-zero otherwise
 164  */
 165 int ext4_inherit_context(struct inode *parent, struct inode *child)
 166 {
 167         struct ext4_encryption_context ctx;
 168         int res = ext4_xattr_get(parent, EXT4_XATTR_INDEX_ENCRYPTION,
 169                                  EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
 170                                  &ctx, sizeof(ctx));
 171
 172         if (res != sizeof(ctx)) {
 173                 if (DUMMY_ENCRYPTION_ENABLED(EXT4_SB(parent->i_sb))) {
 174                         ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1;
 175                         ctx.contents_encryption_mode =
 176                                 EXT4_ENCRYPTION_MODE_AES_256_XTS;
 177                         ctx.filenames_encryption_mode =
 178                                 EXT4_ENCRYPTION_MODE_AES_256_CTS;
 179                         memset(ctx.master_key_descriptor, 0x42,
 180                                EXT4_KEY_DESCRIPTOR_SIZE);
 181                         res = 0;
 182                 } else {
 183                         goto out;
 184                 }
 185         }
 186         get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE);
 187         res = ext4_xattr_set(child, EXT4_XATTR_INDEX_ENCRYPTION,
 188                              EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
 189                              sizeof(ctx), 0);
 190 out:
 191         if (!res)
 192                 ext4_set_inode_flag(child, EXT4_INODE_ENCRYPT);
 193         return res;
 194 }