Commit | Line | Data |
---|---|---|
457c8996 | 1 | // SPDX-License-Identifier: GPL-2.0-only |
efcc7ae2 EB |
2 | /* |
3 | * fs/crypto/hooks.c | |
4 | * | |
5 | * Encryption hooks for higher-level filesystem operations. | |
6 | */ | |
7 | ||
aa408f83 DR |
8 | #include <linux/key.h> |
9 | ||
efcc7ae2 EB |
10 | #include "fscrypt_private.h" |
11 | ||
12 | /** | |
d2fe9754 | 13 | * fscrypt_file_open() - prepare to open a possibly-encrypted regular file |
efcc7ae2 EB |
14 | * @inode: the inode being opened |
15 | * @filp: the struct file being set up | |
16 | * | |
17 | * Currently, an encrypted regular file can only be opened if its encryption key | |
18 | * is available; access to the raw encrypted contents is not supported. | |
19 | * Therefore, we first set up the inode's encryption key (if not already done) | |
20 | * and return an error if it's unavailable. | |
21 | * | |
22 | * We also verify that if the parent directory (from the path via which the file | |
23 | * is being opened) is encrypted, then the inode being opened uses the same | |
24 | * encryption policy. This is needed as part of the enforcement that all files | |
25 | * in an encrypted directory tree use the same encryption policy, as a | |
26 | * protection against certain types of offline attacks. Note that this check is | |
27 | * needed even when opening an *unencrypted* file, since it's forbidden to have | |
28 | * an unencrypted file in an encrypted directory. | |
29 | * | |
30 | * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code | |
31 | */ | |
32 | int fscrypt_file_open(struct inode *inode, struct file *filp) | |
33 | { | |
34 | int err; | |
35 | struct dentry *dir; | |
36 | ||
37 | err = fscrypt_require_key(inode); | |
38 | if (err) | |
39 | return err; | |
40 | ||
41 | dir = dget_parent(file_dentry(filp)); | |
42 | if (IS_ENCRYPTED(d_inode(dir)) && | |
43 | !fscrypt_has_permitted_context(d_inode(dir), inode)) { | |
886da8b3 EB |
44 | fscrypt_warn(inode, |
45 | "Inconsistent encryption context (parent directory: %lu)", | |
46 | d_inode(dir)->i_ino); | |
efcc7ae2 EB |
47 | err = -EPERM; |
48 | } | |
49 | dput(dir); | |
50 | return err; | |
51 | } | |
52 | EXPORT_SYMBOL_GPL(fscrypt_file_open); | |
0ea87a96 | 53 | |
968dd6d0 EB |
54 | int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, |
55 | struct dentry *dentry) | |
0ea87a96 EB |
56 | { |
57 | int err; | |
58 | ||
59 | err = fscrypt_require_key(dir); | |
60 | if (err) | |
61 | return err; | |
62 | ||
968dd6d0 EB |
63 | /* ... in case we looked up ciphertext name before key was added */ |
64 | if (dentry->d_flags & DCACHE_ENCRYPTED_NAME) | |
65 | return -ENOKEY; | |
66 | ||
0ea87a96 | 67 | if (!fscrypt_has_permitted_context(dir, inode)) |
f5e55e77 | 68 | return -EXDEV; |
0ea87a96 EB |
69 | |
70 | return 0; | |
71 | } | |
72 | EXPORT_SYMBOL_GPL(__fscrypt_prepare_link); | |
94b26f36 EB |
73 | |
74 | int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry, | |
75 | struct inode *new_dir, struct dentry *new_dentry, | |
76 | unsigned int flags) | |
77 | { | |
78 | int err; | |
79 | ||
80 | err = fscrypt_require_key(old_dir); | |
81 | if (err) | |
82 | return err; | |
83 | ||
84 | err = fscrypt_require_key(new_dir); | |
85 | if (err) | |
86 | return err; | |
87 | ||
968dd6d0 EB |
88 | /* ... in case we looked up ciphertext name(s) before key was added */ |
89 | if ((old_dentry->d_flags | new_dentry->d_flags) & | |
90 | DCACHE_ENCRYPTED_NAME) | |
91 | return -ENOKEY; | |
92 | ||
94b26f36 EB |
93 | if (old_dir != new_dir) { |
94 | if (IS_ENCRYPTED(new_dir) && | |
95 | !fscrypt_has_permitted_context(new_dir, | |
96 | d_inode(old_dentry))) | |
f5e55e77 | 97 | return -EXDEV; |
94b26f36 EB |
98 | |
99 | if ((flags & RENAME_EXCHANGE) && | |
100 | IS_ENCRYPTED(old_dir) && | |
101 | !fscrypt_has_permitted_context(old_dir, | |
102 | d_inode(new_dentry))) | |
f5e55e77 | 103 | return -EXDEV; |
94b26f36 EB |
104 | } |
105 | return 0; | |
106 | } | |
107 | EXPORT_SYMBOL_GPL(__fscrypt_prepare_rename); | |
32c3cf02 | 108 | |
b01531db EB |
109 | int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry, |
110 | struct fscrypt_name *fname) | |
32c3cf02 | 111 | { |
b01531db | 112 | int err = fscrypt_setup_filename(dir, &dentry->d_name, 1, fname); |
32c3cf02 | 113 | |
b01531db | 114 | if (err && err != -ENOENT) |
32c3cf02 EB |
115 | return err; |
116 | ||
b01531db | 117 | if (fname->is_ciphertext_name) { |
32c3cf02 | 118 | spin_lock(&dentry->d_lock); |
6cc24868 | 119 | dentry->d_flags |= DCACHE_ENCRYPTED_NAME; |
32c3cf02 | 120 | spin_unlock(&dentry->d_lock); |
d456a33f | 121 | d_set_d_op(dentry, &fscrypt_d_ops); |
32c3cf02 | 122 | } |
b01531db | 123 | return err; |
32c3cf02 EB |
124 | } |
125 | EXPORT_SYMBOL_GPL(__fscrypt_prepare_lookup); | |
76e81d6d | 126 | |
6e1918cf DR |
127 | /** |
128 | * fscrypt_prepare_setflags() - prepare to change flags with FS_IOC_SETFLAGS | |
129 | * @inode: the inode on which flags are being changed | |
130 | * @oldflags: the old flags | |
131 | * @flags: the new flags | |
132 | * | |
133 | * The caller should be holding i_rwsem for write. | |
134 | * | |
135 | * Return: 0 on success; -errno if the flags change isn't allowed or if | |
136 | * another error occurs. | |
137 | */ | |
138 | int fscrypt_prepare_setflags(struct inode *inode, | |
139 | unsigned int oldflags, unsigned int flags) | |
140 | { | |
141 | struct fscrypt_info *ci; | |
aa408f83 | 142 | struct fscrypt_master_key *mk; |
6e1918cf DR |
143 | int err; |
144 | ||
aa408f83 DR |
145 | /* |
146 | * When the CASEFOLD flag is set on an encrypted directory, we must | |
147 | * derive the secret key needed for the dirhash. This is only possible | |
148 | * if the directory uses a v2 encryption policy. | |
149 | */ | |
6e1918cf DR |
150 | if (IS_ENCRYPTED(inode) && (flags & ~oldflags & FS_CASEFOLD_FL)) { |
151 | err = fscrypt_require_key(inode); | |
152 | if (err) | |
153 | return err; | |
154 | ci = inode->i_crypt_info; | |
155 | if (ci->ci_policy.version != FSCRYPT_POLICY_V2) | |
156 | return -EINVAL; | |
aa408f83 DR |
157 | mk = ci->ci_master_key->payload.data[0]; |
158 | down_read(&mk->mk_secret_sem); | |
159 | if (is_master_key_secret_present(&mk->mk_secret)) | |
160 | err = fscrypt_derive_dirhash_key(ci, mk); | |
161 | else | |
162 | err = -ENOKEY; | |
163 | up_read(&mk->mk_secret_sem); | |
164 | return err; | |
6e1918cf DR |
165 | } |
166 | return 0; | |
167 | } | |
168 | ||
76e81d6d EB |
169 | int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len, |
170 | unsigned int max_len, | |
171 | struct fscrypt_str *disk_link) | |
172 | { | |
173 | int err; | |
174 | ||
175 | /* | |
176 | * To calculate the size of the encrypted symlink target we need to know | |
177 | * the amount of NUL padding, which is determined by the flags set in | |
178 | * the encryption policy which will be inherited from the directory. | |
179 | * The easiest way to get access to this is to just load the directory's | |
180 | * fscrypt_info, since we'll need it to create the dir_entry anyway. | |
181 | * | |
182 | * Note: in test_dummy_encryption mode, @dir may be unencrypted. | |
183 | */ | |
184 | err = fscrypt_get_encryption_info(dir); | |
185 | if (err) | |
186 | return err; | |
187 | if (!fscrypt_has_encryption_key(dir)) | |
188 | return -ENOKEY; | |
189 | ||
190 | /* | |
191 | * Calculate the size of the encrypted symlink and verify it won't | |
192 | * exceed max_len. Note that for historical reasons, encrypted symlink | |
193 | * targets are prefixed with the ciphertext length, despite this | |
194 | * actually being redundant with i_size. This decreases by 2 bytes the | |
195 | * longest symlink target we can accept. | |
196 | * | |
197 | * We could recover 1 byte by not counting a null terminator, but | |
198 | * counting it (even though it is meaningless for ciphertext) is simpler | |
199 | * for now since filesystems will assume it is there and subtract it. | |
200 | */ | |
b9db0b4a EB |
201 | if (!fscrypt_fname_encrypted_size(dir, len, |
202 | max_len - sizeof(struct fscrypt_symlink_data), | |
203 | &disk_link->len)) | |
76e81d6d | 204 | return -ENAMETOOLONG; |
b9db0b4a EB |
205 | disk_link->len += sizeof(struct fscrypt_symlink_data); |
206 | ||
76e81d6d EB |
207 | disk_link->name = NULL; |
208 | return 0; | |
209 | } | |
210 | EXPORT_SYMBOL_GPL(__fscrypt_prepare_symlink); | |
211 | ||
212 | int __fscrypt_encrypt_symlink(struct inode *inode, const char *target, | |
213 | unsigned int len, struct fscrypt_str *disk_link) | |
214 | { | |
215 | int err; | |
0b1dfa4c | 216 | struct qstr iname = QSTR_INIT(target, len); |
76e81d6d EB |
217 | struct fscrypt_symlink_data *sd; |
218 | unsigned int ciphertext_len; | |
76e81d6d EB |
219 | |
220 | err = fscrypt_require_key(inode); | |
221 | if (err) | |
222 | return err; | |
223 | ||
224 | if (disk_link->name) { | |
225 | /* filesystem-provided buffer */ | |
226 | sd = (struct fscrypt_symlink_data *)disk_link->name; | |
227 | } else { | |
228 | sd = kmalloc(disk_link->len, GFP_NOFS); | |
229 | if (!sd) | |
230 | return -ENOMEM; | |
231 | } | |
232 | ciphertext_len = disk_link->len - sizeof(*sd); | |
233 | sd->len = cpu_to_le16(ciphertext_len); | |
234 | ||
1b3b827e EB |
235 | err = fscrypt_fname_encrypt(inode, &iname, sd->encrypted_path, |
236 | ciphertext_len); | |
2c58d548 EB |
237 | if (err) |
238 | goto err_free_sd; | |
239 | ||
76e81d6d EB |
240 | /* |
241 | * Null-terminating the ciphertext doesn't make sense, but we still | |
242 | * count the null terminator in the length, so we might as well | |
243 | * initialize it just in case the filesystem writes it out. | |
244 | */ | |
245 | sd->encrypted_path[ciphertext_len] = '\0'; | |
246 | ||
2c58d548 EB |
247 | /* Cache the plaintext symlink target for later use by get_link() */ |
248 | err = -ENOMEM; | |
249 | inode->i_link = kmemdup(target, len + 1, GFP_NOFS); | |
250 | if (!inode->i_link) | |
251 | goto err_free_sd; | |
252 | ||
76e81d6d EB |
253 | if (!disk_link->name) |
254 | disk_link->name = (unsigned char *)sd; | |
255 | return 0; | |
2c58d548 EB |
256 | |
257 | err_free_sd: | |
258 | if (!disk_link->name) | |
259 | kfree(sd); | |
260 | return err; | |
76e81d6d EB |
261 | } |
262 | EXPORT_SYMBOL_GPL(__fscrypt_encrypt_symlink); | |
3b0d8837 EB |
263 | |
264 | /** | |
d2fe9754 | 265 | * fscrypt_get_symlink() - get the target of an encrypted symlink |
3b0d8837 EB |
266 | * @inode: the symlink inode |
267 | * @caddr: the on-disk contents of the symlink | |
268 | * @max_size: size of @caddr buffer | |
2c58d548 | 269 | * @done: if successful, will be set up to free the returned target if needed |
3b0d8837 EB |
270 | * |
271 | * If the symlink's encryption key is available, we decrypt its target. | |
272 | * Otherwise, we encode its target for presentation. | |
273 | * | |
274 | * This may sleep, so the filesystem must have dropped out of RCU mode already. | |
275 | * | |
276 | * Return: the presentable symlink target or an ERR_PTR() | |
277 | */ | |
278 | const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, | |
279 | unsigned int max_size, | |
280 | struct delayed_call *done) | |
281 | { | |
282 | const struct fscrypt_symlink_data *sd; | |
283 | struct fscrypt_str cstr, pstr; | |
2c58d548 | 284 | bool has_key; |
3b0d8837 EB |
285 | int err; |
286 | ||
287 | /* This is for encrypted symlinks only */ | |
288 | if (WARN_ON(!IS_ENCRYPTED(inode))) | |
289 | return ERR_PTR(-EINVAL); | |
290 | ||
2c58d548 EB |
291 | /* If the decrypted target is already cached, just return it. */ |
292 | pstr.name = READ_ONCE(inode->i_link); | |
293 | if (pstr.name) | |
294 | return pstr.name; | |
295 | ||
3b0d8837 EB |
296 | /* |
297 | * Try to set up the symlink's encryption key, but we can continue | |
298 | * regardless of whether the key is available or not. | |
299 | */ | |
300 | err = fscrypt_get_encryption_info(inode); | |
301 | if (err) | |
302 | return ERR_PTR(err); | |
2c58d548 | 303 | has_key = fscrypt_has_encryption_key(inode); |
3b0d8837 EB |
304 | |
305 | /* | |
306 | * For historical reasons, encrypted symlink targets are prefixed with | |
307 | * the ciphertext length, even though this is redundant with i_size. | |
308 | */ | |
309 | ||
310 | if (max_size < sizeof(*sd)) | |
311 | return ERR_PTR(-EUCLEAN); | |
312 | sd = caddr; | |
313 | cstr.name = (unsigned char *)sd->encrypted_path; | |
314 | cstr.len = le16_to_cpu(sd->len); | |
315 | ||
316 | if (cstr.len == 0) | |
317 | return ERR_PTR(-EUCLEAN); | |
318 | ||
319 | if (cstr.len + sizeof(*sd) - 1 > max_size) | |
320 | return ERR_PTR(-EUCLEAN); | |
321 | ||
322 | err = fscrypt_fname_alloc_buffer(inode, cstr.len, &pstr); | |
323 | if (err) | |
324 | return ERR_PTR(err); | |
325 | ||
326 | err = fscrypt_fname_disk_to_usr(inode, 0, 0, &cstr, &pstr); | |
327 | if (err) | |
328 | goto err_kfree; | |
329 | ||
330 | err = -EUCLEAN; | |
331 | if (pstr.name[0] == '\0') | |
332 | goto err_kfree; | |
333 | ||
334 | pstr.name[pstr.len] = '\0'; | |
2c58d548 EB |
335 | |
336 | /* | |
337 | * Cache decrypted symlink targets in i_link for later use. Don't cache | |
338 | * symlink targets encoded without the key, since those become outdated | |
339 | * once the key is added. This pairs with the READ_ONCE() above and in | |
340 | * the VFS path lookup code. | |
341 | */ | |
342 | if (!has_key || | |
343 | cmpxchg_release(&inode->i_link, NULL, pstr.name) != NULL) | |
344 | set_delayed_call(done, kfree_link, pstr.name); | |
345 | ||
3b0d8837 EB |
346 | return pstr.name; |
347 | ||
348 | err_kfree: | |
349 | kfree(pstr.name); | |
350 | return ERR_PTR(err); | |
351 | } | |
352 | EXPORT_SYMBOL_GPL(fscrypt_get_symlink); |