Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
0b81d077 JK |
2 | /* |
3 | * Encryption policy functions for per-file encryption support. | |
4 | * | |
5 | * Copyright (C) 2015, Google, Inc. | |
6 | * Copyright (C) 2015, Motorola Mobility. | |
7 | * | |
5dae460c | 8 | * Originally written by Michael Halcrow, 2015. |
0b81d077 | 9 | * Modified by Jaegeuk Kim, 2015. |
5dae460c | 10 | * Modified by Eric Biggers, 2019 for v2 policy support. |
0b81d077 JK |
11 | */ |
12 | ||
13 | #include <linux/random.h> | |
ed318a6c | 14 | #include <linux/seq_file.h> |
0b81d077 | 15 | #include <linux/string.h> |
ba63f23d | 16 | #include <linux/mount.h> |
cc4e0df0 | 17 | #include "fscrypt_private.h" |
0b81d077 | 18 | |
5dae460c | 19 | /** |
d2fe9754 EB |
20 | * fscrypt_policies_equal() - check whether two encryption policies are the same |
21 | * @policy1: the first policy | |
22 | * @policy2: the second policy | |
5dae460c EB |
23 | * |
24 | * Return: %true if equal, else %false | |
0b81d077 | 25 | */ |
5dae460c EB |
26 | bool fscrypt_policies_equal(const union fscrypt_policy *policy1, |
27 | const union fscrypt_policy *policy2) | |
0b81d077 | 28 | { |
5dae460c EB |
29 | if (policy1->version != policy2->version) |
30 | return false; | |
31 | ||
32 | return !memcmp(policy1, policy2, fscrypt_policy_size(policy1)); | |
0b81d077 JK |
33 | } |
34 | ||
ef5b18b0 EB |
35 | static bool fscrypt_valid_enc_modes(u32 contents_mode, u32 filenames_mode) |
36 | { | |
37 | if (contents_mode == FSCRYPT_MODE_AES_256_XTS && | |
38 | filenames_mode == FSCRYPT_MODE_AES_256_CTS) | |
39 | return true; | |
40 | ||
41 | if (contents_mode == FSCRYPT_MODE_AES_128_CBC && | |
42 | filenames_mode == FSCRYPT_MODE_AES_128_CTS) | |
43 | return true; | |
44 | ||
45 | if (contents_mode == FSCRYPT_MODE_ADIANTUM && | |
46 | filenames_mode == FSCRYPT_MODE_ADIANTUM) | |
47 | return true; | |
48 | ||
49 | return false; | |
50 | } | |
51 | ||
85af90e5 EB |
52 | static bool supported_direct_key_modes(const struct inode *inode, |
53 | u32 contents_mode, u32 filenames_mode) | |
54 | { | |
55 | const struct fscrypt_mode *mode; | |
56 | ||
57 | if (contents_mode != filenames_mode) { | |
58 | fscrypt_warn(inode, | |
59 | "Direct key flag not allowed with different contents and filenames modes"); | |
60 | return false; | |
61 | } | |
62 | mode = &fscrypt_modes[contents_mode]; | |
63 | ||
64 | if (mode->ivsize < offsetofend(union fscrypt_iv, nonce)) { | |
65 | fscrypt_warn(inode, "Direct key flag not allowed with %s", | |
66 | mode->friendly_name); | |
67 | return false; | |
68 | } | |
69 | return true; | |
70 | } | |
71 | ||
e3b1078b EB |
72 | static bool supported_iv_ino_lblk_policy(const struct fscrypt_policy_v2 *policy, |
73 | const struct inode *inode, | |
74 | const char *type, | |
75 | int max_ino_bits, int max_lblk_bits) | |
b103fb76 EB |
76 | { |
77 | struct super_block *sb = inode->i_sb; | |
78 | int ino_bits = 64, lblk_bits = 64; | |
79 | ||
f000223c EB |
80 | /* |
81 | * IV_INO_LBLK_* exist only because of hardware limitations, and | |
82 | * currently the only known use case for them involves AES-256-XTS. | |
83 | * That's also all we test currently. For these reasons, for now only | |
84 | * allow AES-256-XTS here. This can be relaxed later if a use case for | |
85 | * IV_INO_LBLK_* with other encryption modes arises. | |
86 | */ | |
87 | if (policy->contents_encryption_mode != FSCRYPT_MODE_AES_256_XTS) { | |
88 | fscrypt_warn(inode, | |
89 | "Can't use %s policy with contents mode other than AES-256-XTS", | |
90 | type); | |
91 | return false; | |
92 | } | |
93 | ||
b103fb76 EB |
94 | /* |
95 | * It's unsafe to include inode numbers in the IVs if the filesystem can | |
96 | * potentially renumber inodes, e.g. via filesystem shrinking. | |
97 | */ | |
98 | if (!sb->s_cop->has_stable_inodes || | |
99 | !sb->s_cop->has_stable_inodes(sb)) { | |
100 | fscrypt_warn(inode, | |
e3b1078b EB |
101 | "Can't use %s policy on filesystem '%s' because it doesn't have stable inode numbers", |
102 | type, sb->s_id); | |
b103fb76 EB |
103 | return false; |
104 | } | |
105 | if (sb->s_cop->get_ino_and_lblk_bits) | |
106 | sb->s_cop->get_ino_and_lblk_bits(sb, &ino_bits, &lblk_bits); | |
e3b1078b EB |
107 | if (ino_bits > max_ino_bits) { |
108 | fscrypt_warn(inode, | |
109 | "Can't use %s policy on filesystem '%s' because its inode numbers are too long", | |
110 | type, sb->s_id); | |
111 | return false; | |
112 | } | |
113 | if (lblk_bits > max_lblk_bits) { | |
b103fb76 | 114 | fscrypt_warn(inode, |
e3b1078b EB |
115 | "Can't use %s policy on filesystem '%s' because its block numbers are too long", |
116 | type, sb->s_id); | |
b103fb76 EB |
117 | return false; |
118 | } | |
119 | return true; | |
120 | } | |
121 | ||
393a24a7 EB |
122 | static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy, |
123 | const struct inode *inode) | |
124 | { | |
125 | if (!fscrypt_valid_enc_modes(policy->contents_encryption_mode, | |
126 | policy->filenames_encryption_mode)) { | |
127 | fscrypt_warn(inode, | |
128 | "Unsupported encryption modes (contents %d, filenames %d)", | |
129 | policy->contents_encryption_mode, | |
130 | policy->filenames_encryption_mode); | |
131 | return false; | |
132 | } | |
133 | ||
134 | if (policy->flags & ~(FSCRYPT_POLICY_FLAGS_PAD_MASK | | |
135 | FSCRYPT_POLICY_FLAG_DIRECT_KEY)) { | |
136 | fscrypt_warn(inode, "Unsupported encryption flags (0x%02x)", | |
137 | policy->flags); | |
138 | return false; | |
139 | } | |
140 | ||
85af90e5 EB |
141 | if ((policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) && |
142 | !supported_direct_key_modes(inode, policy->contents_encryption_mode, | |
143 | policy->filenames_encryption_mode)) | |
144 | return false; | |
145 | ||
6e1918cf DR |
146 | if (IS_CASEFOLDED(inode)) { |
147 | /* With v1, there's no way to derive dirhash keys. */ | |
148 | fscrypt_warn(inode, | |
149 | "v1 policies can't be used on casefolded directories"); | |
150 | return false; | |
151 | } | |
152 | ||
393a24a7 EB |
153 | return true; |
154 | } | |
155 | ||
156 | static bool fscrypt_supported_v2_policy(const struct fscrypt_policy_v2 *policy, | |
157 | const struct inode *inode) | |
158 | { | |
e3b1078b EB |
159 | int count = 0; |
160 | ||
393a24a7 EB |
161 | if (!fscrypt_valid_enc_modes(policy->contents_encryption_mode, |
162 | policy->filenames_encryption_mode)) { | |
163 | fscrypt_warn(inode, | |
164 | "Unsupported encryption modes (contents %d, filenames %d)", | |
165 | policy->contents_encryption_mode, | |
166 | policy->filenames_encryption_mode); | |
167 | return false; | |
168 | } | |
169 | ||
170 | if (policy->flags & ~FSCRYPT_POLICY_FLAGS_VALID) { | |
171 | fscrypt_warn(inode, "Unsupported encryption flags (0x%02x)", | |
172 | policy->flags); | |
173 | return false; | |
174 | } | |
175 | ||
e3b1078b EB |
176 | count += !!(policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY); |
177 | count += !!(policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64); | |
178 | count += !!(policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32); | |
179 | if (count > 1) { | |
180 | fscrypt_warn(inode, "Mutually exclusive encryption flags (0x%02x)", | |
181 | policy->flags); | |
182 | return false; | |
183 | } | |
184 | ||
85af90e5 EB |
185 | if ((policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) && |
186 | !supported_direct_key_modes(inode, policy->contents_encryption_mode, | |
187 | policy->filenames_encryption_mode)) | |
188 | return false; | |
189 | ||
393a24a7 | 190 | if ((policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64) && |
e3b1078b EB |
191 | !supported_iv_ino_lblk_policy(policy, inode, "IV_INO_LBLK_64", |
192 | 32, 32)) | |
193 | return false; | |
194 | ||
195 | if ((policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) && | |
196 | /* This uses hashed inode numbers, so ino_bits doesn't matter. */ | |
197 | !supported_iv_ino_lblk_policy(policy, inode, "IV_INO_LBLK_32", | |
198 | INT_MAX, 32)) | |
393a24a7 EB |
199 | return false; |
200 | ||
201 | if (memchr_inv(policy->__reserved, 0, sizeof(policy->__reserved))) { | |
202 | fscrypt_warn(inode, "Reserved bits set in encryption policy"); | |
203 | return false; | |
204 | } | |
205 | ||
206 | return true; | |
207 | } | |
208 | ||
5dae460c | 209 | /** |
d2fe9754 EB |
210 | * fscrypt_supported_policy() - check whether an encryption policy is supported |
211 | * @policy_u: the encryption policy | |
212 | * @inode: the inode on which the policy will be used | |
5dae460c EB |
213 | * |
214 | * Given an encryption policy, check whether all its encryption modes and other | |
393a24a7 EB |
215 | * settings are supported by this kernel on the given inode. (But we don't |
216 | * currently don't check for crypto API support here, so attempting to use an | |
217 | * algorithm not configured into the crypto API will still fail later.) | |
5dae460c EB |
218 | * |
219 | * Return: %true if supported, else %false | |
220 | */ | |
221 | bool fscrypt_supported_policy(const union fscrypt_policy *policy_u, | |
222 | const struct inode *inode) | |
0b81d077 | 223 | { |
5dae460c | 224 | switch (policy_u->version) { |
393a24a7 EB |
225 | case FSCRYPT_POLICY_V1: |
226 | return fscrypt_supported_v1_policy(&policy_u->v1, inode); | |
227 | case FSCRYPT_POLICY_V2: | |
228 | return fscrypt_supported_v2_policy(&policy_u->v2, inode); | |
5dae460c EB |
229 | } |
230 | return false; | |
231 | } | |
232 | ||
233 | /** | |
d2fe9754 EB |
234 | * fscrypt_new_context_from_policy() - create a new fscrypt_context from |
235 | * an fscrypt_policy | |
236 | * @ctx_u: output context | |
237 | * @policy_u: input policy | |
5dae460c EB |
238 | * |
239 | * Create an fscrypt_context for an inode that is being assigned the given | |
240 | * encryption policy. A new nonce is randomly generated. | |
241 | * | |
242 | * Return: the size of the new context in bytes. | |
243 | */ | |
244 | static int fscrypt_new_context_from_policy(union fscrypt_context *ctx_u, | |
245 | const union fscrypt_policy *policy_u) | |
246 | { | |
247 | memset(ctx_u, 0, sizeof(*ctx_u)); | |
248 | ||
249 | switch (policy_u->version) { | |
250 | case FSCRYPT_POLICY_V1: { | |
251 | const struct fscrypt_policy_v1 *policy = &policy_u->v1; | |
252 | struct fscrypt_context_v1 *ctx = &ctx_u->v1; | |
253 | ||
254 | ctx->version = FSCRYPT_CONTEXT_V1; | |
255 | ctx->contents_encryption_mode = | |
256 | policy->contents_encryption_mode; | |
257 | ctx->filenames_encryption_mode = | |
258 | policy->filenames_encryption_mode; | |
259 | ctx->flags = policy->flags; | |
260 | memcpy(ctx->master_key_descriptor, | |
261 | policy->master_key_descriptor, | |
262 | sizeof(ctx->master_key_descriptor)); | |
263 | get_random_bytes(ctx->nonce, sizeof(ctx->nonce)); | |
264 | return sizeof(*ctx); | |
265 | } | |
266 | case FSCRYPT_POLICY_V2: { | |
267 | const struct fscrypt_policy_v2 *policy = &policy_u->v2; | |
268 | struct fscrypt_context_v2 *ctx = &ctx_u->v2; | |
269 | ||
270 | ctx->version = FSCRYPT_CONTEXT_V2; | |
271 | ctx->contents_encryption_mode = | |
272 | policy->contents_encryption_mode; | |
273 | ctx->filenames_encryption_mode = | |
274 | policy->filenames_encryption_mode; | |
275 | ctx->flags = policy->flags; | |
276 | memcpy(ctx->master_key_identifier, | |
277 | policy->master_key_identifier, | |
278 | sizeof(ctx->master_key_identifier)); | |
279 | get_random_bytes(ctx->nonce, sizeof(ctx->nonce)); | |
280 | return sizeof(*ctx); | |
281 | } | |
282 | } | |
283 | BUG(); | |
284 | } | |
0b81d077 | 285 | |
5dae460c | 286 | /** |
d2fe9754 EB |
287 | * fscrypt_policy_from_context() - convert an fscrypt_context to |
288 | * an fscrypt_policy | |
289 | * @policy_u: output policy | |
290 | * @ctx_u: input context | |
291 | * @ctx_size: size of input context in bytes | |
5dae460c EB |
292 | * |
293 | * Given an fscrypt_context, build the corresponding fscrypt_policy. | |
294 | * | |
295 | * Return: 0 on success, or -EINVAL if the fscrypt_context has an unrecognized | |
296 | * version number or size. | |
297 | * | |
298 | * This does *not* validate the settings within the policy itself, e.g. the | |
299 | * modes, flags, and reserved bits. Use fscrypt_supported_policy() for that. | |
300 | */ | |
301 | int fscrypt_policy_from_context(union fscrypt_policy *policy_u, | |
302 | const union fscrypt_context *ctx_u, | |
303 | int ctx_size) | |
304 | { | |
305 | memset(policy_u, 0, sizeof(*policy_u)); | |
0b81d077 | 306 | |
e98ad464 | 307 | if (!fscrypt_context_is_valid(ctx_u, ctx_size)) |
0b81d077 | 308 | return -EINVAL; |
0b81d077 | 309 | |
5dae460c EB |
310 | switch (ctx_u->version) { |
311 | case FSCRYPT_CONTEXT_V1: { | |
312 | const struct fscrypt_context_v1 *ctx = &ctx_u->v1; | |
313 | struct fscrypt_policy_v1 *policy = &policy_u->v1; | |
314 | ||
315 | policy->version = FSCRYPT_POLICY_V1; | |
316 | policy->contents_encryption_mode = | |
317 | ctx->contents_encryption_mode; | |
318 | policy->filenames_encryption_mode = | |
319 | ctx->filenames_encryption_mode; | |
320 | policy->flags = ctx->flags; | |
321 | memcpy(policy->master_key_descriptor, | |
322 | ctx->master_key_descriptor, | |
323 | sizeof(policy->master_key_descriptor)); | |
324 | return 0; | |
325 | } | |
326 | case FSCRYPT_CONTEXT_V2: { | |
327 | const struct fscrypt_context_v2 *ctx = &ctx_u->v2; | |
328 | struct fscrypt_policy_v2 *policy = &policy_u->v2; | |
329 | ||
330 | policy->version = FSCRYPT_POLICY_V2; | |
331 | policy->contents_encryption_mode = | |
332 | ctx->contents_encryption_mode; | |
333 | policy->filenames_encryption_mode = | |
334 | ctx->filenames_encryption_mode; | |
335 | policy->flags = ctx->flags; | |
336 | memcpy(policy->__reserved, ctx->__reserved, | |
337 | sizeof(policy->__reserved)); | |
338 | memcpy(policy->master_key_identifier, | |
339 | ctx->master_key_identifier, | |
340 | sizeof(policy->master_key_identifier)); | |
341 | return 0; | |
342 | } | |
343 | } | |
344 | /* unreachable */ | |
345 | return -EINVAL; | |
346 | } | |
347 | ||
348 | /* Retrieve an inode's encryption policy */ | |
349 | static int fscrypt_get_policy(struct inode *inode, union fscrypt_policy *policy) | |
350 | { | |
351 | const struct fscrypt_info *ci; | |
352 | union fscrypt_context ctx; | |
353 | int ret; | |
354 | ||
ab673b98 | 355 | ci = fscrypt_get_info(inode); |
5dae460c EB |
356 | if (ci) { |
357 | /* key available, use the cached policy */ | |
358 | *policy = ci->ci_policy; | |
359 | return 0; | |
360 | } | |
361 | ||
362 | if (!IS_ENCRYPTED(inode)) | |
363 | return -ENODATA; | |
364 | ||
365 | ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); | |
366 | if (ret < 0) | |
367 | return (ret == -ERANGE) ? -EINVAL : ret; | |
368 | ||
369 | return fscrypt_policy_from_context(policy, &ctx, ret); | |
370 | } | |
371 | ||
372 | static int set_encryption_policy(struct inode *inode, | |
373 | const union fscrypt_policy *policy) | |
374 | { | |
375 | union fscrypt_context ctx; | |
376 | int ctxsize; | |
5ab7189a | 377 | int err; |
5dae460c EB |
378 | |
379 | if (!fscrypt_supported_policy(policy, inode)) | |
0b81d077 JK |
380 | return -EINVAL; |
381 | ||
5ab7189a EB |
382 | switch (policy->version) { |
383 | case FSCRYPT_POLICY_V1: | |
5dae460c EB |
384 | /* |
385 | * The original encryption policy version provided no way of | |
386 | * verifying that the correct master key was supplied, which was | |
387 | * insecure in scenarios where multiple users have access to the | |
388 | * same encrypted files (even just read-only access). The new | |
389 | * encryption policy version fixes this and also implies use of | |
390 | * an improved key derivation function and allows non-root users | |
391 | * to securely remove keys. So as long as compatibility with | |
392 | * old kernels isn't required, it is recommended to use the new | |
393 | * policy version for all new encrypted directories. | |
394 | */ | |
395 | pr_warn_once("%s (pid %d) is setting deprecated v1 encryption policy; recommend upgrading to v2.\n", | |
396 | current->comm, current->pid); | |
5ab7189a EB |
397 | break; |
398 | case FSCRYPT_POLICY_V2: | |
399 | err = fscrypt_verify_key_added(inode->i_sb, | |
400 | policy->v2.master_key_identifier); | |
401 | if (err) | |
402 | return err; | |
e3b1078b EB |
403 | if (policy->v2.flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) |
404 | pr_warn_once("%s (pid %d) is setting an IV_INO_LBLK_32 encryption policy. This should only be used if there are certain hardware limitations.\n", | |
405 | current->comm, current->pid); | |
5ab7189a EB |
406 | break; |
407 | default: | |
408 | WARN_ON(1); | |
409 | return -EINVAL; | |
5dae460c | 410 | } |
0b81d077 | 411 | |
5dae460c EB |
412 | ctxsize = fscrypt_new_context_from_policy(&ctx, policy); |
413 | ||
414 | return inode->i_sb->s_cop->set_context(inode, &ctx, ctxsize, NULL); | |
0b81d077 JK |
415 | } |
416 | ||
db717d8e | 417 | int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg) |
0b81d077 | 418 | { |
5dae460c EB |
419 | union fscrypt_policy policy; |
420 | union fscrypt_policy existing_policy; | |
ba63f23d | 421 | struct inode *inode = file_inode(filp); |
5dae460c EB |
422 | u8 version; |
423 | int size; | |
ba63f23d EB |
424 | int ret; |
425 | ||
5dae460c | 426 | if (get_user(policy.version, (const u8 __user *)arg)) |
db717d8e EB |
427 | return -EFAULT; |
428 | ||
5dae460c EB |
429 | size = fscrypt_policy_size(&policy); |
430 | if (size <= 0) | |
431 | return -EINVAL; | |
432 | ||
433 | /* | |
434 | * We should just copy the remaining 'size - 1' bytes here, but a | |
435 | * bizarre bug in gcc 7 and earlier (fixed by gcc r255731) causes gcc to | |
436 | * think that size can be 0 here (despite the check above!) *and* that | |
437 | * it's a compile-time constant. Thus it would think copy_from_user() | |
438 | * is passed compile-time constant ULONG_MAX, causing the compile-time | |
439 | * buffer overflow check to fail, breaking the build. This only occurred | |
440 | * when building an i386 kernel with -Os and branch profiling enabled. | |
441 | * | |
442 | * Work around it by just copying the first byte again... | |
443 | */ | |
444 | version = policy.version; | |
445 | if (copy_from_user(&policy, arg, size)) | |
446 | return -EFAULT; | |
447 | policy.version = version; | |
448 | ||
163ae1c6 EB |
449 | if (!inode_owner_or_capable(inode)) |
450 | return -EACCES; | |
451 | ||
ba63f23d EB |
452 | ret = mnt_want_write_file(filp); |
453 | if (ret) | |
454 | return ret; | |
455 | ||
8906a822 EB |
456 | inode_lock(inode); |
457 | ||
5dae460c | 458 | ret = fscrypt_get_policy(inode, &existing_policy); |
efee590e | 459 | if (ret == -ENODATA) { |
002ced4b | 460 | if (!S_ISDIR(inode->i_mode)) |
dffd0cfa | 461 | ret = -ENOTDIR; |
5858bdad HF |
462 | else if (IS_DEADDIR(inode)) |
463 | ret = -ENOENT; | |
ba63f23d EB |
464 | else if (!inode->i_sb->s_cop->empty_dir(inode)) |
465 | ret = -ENOTEMPTY; | |
466 | else | |
5dae460c EB |
467 | ret = set_encryption_policy(inode, &policy); |
468 | } else if (ret == -EINVAL || | |
469 | (ret == 0 && !fscrypt_policies_equal(&policy, | |
470 | &existing_policy))) { | |
efee590e | 471 | /* The file already uses a different encryption policy. */ |
8488cd96 | 472 | ret = -EEXIST; |
0b81d077 JK |
473 | } |
474 | ||
8906a822 EB |
475 | inode_unlock(inode); |
476 | ||
ba63f23d EB |
477 | mnt_drop_write_file(filp); |
478 | return ret; | |
0b81d077 | 479 | } |
db717d8e | 480 | EXPORT_SYMBOL(fscrypt_ioctl_set_policy); |
0b81d077 | 481 | |
5dae460c | 482 | /* Original ioctl version; can only get the original policy version */ |
db717d8e | 483 | int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg) |
0b81d077 | 484 | { |
5dae460c EB |
485 | union fscrypt_policy policy; |
486 | int err; | |
0b81d077 | 487 | |
5dae460c EB |
488 | err = fscrypt_get_policy(file_inode(filp), &policy); |
489 | if (err) | |
490 | return err; | |
0b81d077 | 491 | |
5dae460c | 492 | if (policy.version != FSCRYPT_POLICY_V1) |
0b81d077 JK |
493 | return -EINVAL; |
494 | ||
5dae460c | 495 | if (copy_to_user(arg, &policy, sizeof(policy.v1))) |
db717d8e | 496 | return -EFAULT; |
0b81d077 JK |
497 | return 0; |
498 | } | |
db717d8e | 499 | EXPORT_SYMBOL(fscrypt_ioctl_get_policy); |
0b81d077 | 500 | |
5dae460c EB |
501 | /* Extended ioctl version; can get policies of any version */ |
502 | int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *uarg) | |
503 | { | |
504 | struct fscrypt_get_policy_ex_arg arg; | |
505 | union fscrypt_policy *policy = (union fscrypt_policy *)&arg.policy; | |
506 | size_t policy_size; | |
507 | int err; | |
508 | ||
509 | /* arg is policy_size, then policy */ | |
510 | BUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0); | |
511 | BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) != | |
512 | offsetof(typeof(arg), policy)); | |
513 | BUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy)); | |
514 | ||
515 | err = fscrypt_get_policy(file_inode(filp), policy); | |
516 | if (err) | |
517 | return err; | |
518 | policy_size = fscrypt_policy_size(policy); | |
519 | ||
520 | if (copy_from_user(&arg, uarg, sizeof(arg.policy_size))) | |
521 | return -EFAULT; | |
522 | ||
523 | if (policy_size > arg.policy_size) | |
524 | return -EOVERFLOW; | |
525 | arg.policy_size = policy_size; | |
526 | ||
527 | if (copy_to_user(uarg, &arg, sizeof(arg.policy_size) + policy_size)) | |
528 | return -EFAULT; | |
529 | return 0; | |
530 | } | |
531 | EXPORT_SYMBOL_GPL(fscrypt_ioctl_get_policy_ex); | |
532 | ||
e98ad464 EB |
533 | /* FS_IOC_GET_ENCRYPTION_NONCE: retrieve file's encryption nonce for testing */ |
534 | int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg) | |
535 | { | |
536 | struct inode *inode = file_inode(filp); | |
537 | union fscrypt_context ctx; | |
538 | int ret; | |
539 | ||
540 | ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); | |
541 | if (ret < 0) | |
542 | return ret; | |
543 | if (!fscrypt_context_is_valid(&ctx, ret)) | |
544 | return -EINVAL; | |
545 | if (copy_to_user(arg, fscrypt_context_nonce(&ctx), | |
1d6217a4 | 546 | FSCRYPT_FILE_NONCE_SIZE)) |
e98ad464 EB |
547 | return -EFAULT; |
548 | return 0; | |
549 | } | |
550 | EXPORT_SYMBOL_GPL(fscrypt_ioctl_get_nonce); | |
551 | ||
272f98f6 EB |
552 | /** |
553 | * fscrypt_has_permitted_context() - is a file's encryption policy permitted | |
554 | * within its directory? | |
555 | * | |
556 | * @parent: inode for parent directory | |
557 | * @child: inode for file being looked up, opened, or linked into @parent | |
558 | * | |
559 | * Filesystems must call this before permitting access to an inode in a | |
560 | * situation where the parent directory is encrypted (either before allowing | |
561 | * ->lookup() to succeed, or for a regular file before allowing it to be opened) | |
562 | * and before any operation that involves linking an inode into an encrypted | |
563 | * directory, including link, rename, and cross rename. It enforces the | |
564 | * constraint that within a given encrypted directory tree, all files use the | |
565 | * same encryption policy. The pre-access check is needed to detect potentially | |
566 | * malicious offline violations of this constraint, while the link and rename | |
567 | * checks are needed to prevent online violations of this constraint. | |
568 | * | |
f5e55e77 | 569 | * Return: 1 if permitted, 0 if forbidden. |
272f98f6 | 570 | */ |
0b81d077 JK |
571 | int fscrypt_has_permitted_context(struct inode *parent, struct inode *child) |
572 | { | |
5dae460c EB |
573 | union fscrypt_policy parent_policy, child_policy; |
574 | int err; | |
0b81d077 | 575 | |
42d97eb0 EB |
576 | /* No restrictions on file types which are never encrypted */ |
577 | if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) && | |
578 | !S_ISLNK(child->i_mode)) | |
579 | return 1; | |
580 | ||
272f98f6 | 581 | /* No restrictions if the parent directory is unencrypted */ |
e0428a26 | 582 | if (!IS_ENCRYPTED(parent)) |
0b81d077 | 583 | return 1; |
272f98f6 EB |
584 | |
585 | /* Encrypted directories must not contain unencrypted files */ | |
e0428a26 | 586 | if (!IS_ENCRYPTED(child)) |
0b81d077 | 587 | return 0; |
272f98f6 EB |
588 | |
589 | /* | |
590 | * Both parent and child are encrypted, so verify they use the same | |
591 | * encryption policy. Compare the fscrypt_info structs if the keys are | |
592 | * available, otherwise retrieve and compare the fscrypt_contexts. | |
593 | * | |
594 | * Note that the fscrypt_context retrieval will be required frequently | |
595 | * when accessing an encrypted directory tree without the key. | |
596 | * Performance-wise this is not a big deal because we already don't | |
597 | * really optimize for file access without the key (to the extent that | |
598 | * such access is even possible), given that any attempted access | |
599 | * already causes a fscrypt_context retrieval and keyring search. | |
600 | * | |
601 | * In any case, if an unexpected error occurs, fall back to "forbidden". | |
602 | */ | |
603 | ||
5dae460c EB |
604 | err = fscrypt_get_encryption_info(parent); |
605 | if (err) | |
0b81d077 | 606 | return 0; |
5dae460c EB |
607 | err = fscrypt_get_encryption_info(child); |
608 | if (err) | |
0b81d077 | 609 | return 0; |
272f98f6 | 610 | |
5dae460c EB |
611 | err = fscrypt_get_policy(parent, &parent_policy); |
612 | if (err) | |
272f98f6 EB |
613 | return 0; |
614 | ||
5dae460c EB |
615 | err = fscrypt_get_policy(child, &child_policy); |
616 | if (err) | |
0b81d077 JK |
617 | return 0; |
618 | ||
5dae460c | 619 | return fscrypt_policies_equal(&parent_policy, &child_policy); |
0b81d077 JK |
620 | } |
621 | EXPORT_SYMBOL(fscrypt_has_permitted_context); | |
622 | ||
623 | /** | |
624 | * fscrypt_inherit_context() - Sets a child context from its parent | |
625 | * @parent: Parent inode from which the context is inherited. | |
626 | * @child: Child inode that inherits the context from @parent. | |
627 | * @fs_data: private data given by FS. | |
5bbdcbbb | 628 | * @preload: preload child i_crypt_info if true |
0b81d077 | 629 | * |
5bbdcbbb | 630 | * Return: 0 on success, -errno on failure |
0b81d077 JK |
631 | */ |
632 | int fscrypt_inherit_context(struct inode *parent, struct inode *child, | |
633 | void *fs_data, bool preload) | |
634 | { | |
5dae460c EB |
635 | union fscrypt_context ctx; |
636 | int ctxsize; | |
0b81d077 JK |
637 | struct fscrypt_info *ci; |
638 | int res; | |
639 | ||
0b81d077 JK |
640 | res = fscrypt_get_encryption_info(parent); |
641 | if (res < 0) | |
642 | return res; | |
643 | ||
ab673b98 | 644 | ci = fscrypt_get_info(parent); |
0b81d077 JK |
645 | if (ci == NULL) |
646 | return -ENOKEY; | |
647 | ||
5dae460c EB |
648 | ctxsize = fscrypt_new_context_from_policy(&ctx, &ci->ci_policy); |
649 | ||
af65207c | 650 | BUILD_BUG_ON(sizeof(ctx) != FSCRYPT_SET_CONTEXT_MAX_SIZE); |
5dae460c | 651 | res = parent->i_sb->s_cop->set_context(child, &ctx, ctxsize, fs_data); |
0b81d077 JK |
652 | if (res) |
653 | return res; | |
654 | return preload ? fscrypt_get_encryption_info(child): 0; | |
655 | } | |
656 | EXPORT_SYMBOL(fscrypt_inherit_context); | |
ed318a6c EB |
657 | |
658 | /** | |
659 | * fscrypt_set_test_dummy_encryption() - handle '-o test_dummy_encryption' | |
660 | * @sb: the filesystem on which test_dummy_encryption is being specified | |
661 | * @arg: the argument to the test_dummy_encryption option. | |
662 | * If no argument was specified, then @arg->from == NULL. | |
663 | * @dummy_ctx: the filesystem's current dummy context (input/output, see below) | |
664 | * | |
665 | * Handle the test_dummy_encryption mount option by creating a dummy encryption | |
666 | * context, saving it in @dummy_ctx, and adding the corresponding dummy | |
667 | * encryption key to the filesystem. If the @dummy_ctx is already set, then | |
668 | * instead validate that it matches @arg. Don't support changing it via | |
669 | * remount, as that is difficult to do safely. | |
670 | * | |
671 | * The reason we use an fscrypt_context rather than an fscrypt_policy is because | |
672 | * we mustn't generate a new nonce each time we access a dummy-encrypted | |
673 | * directory, as that would change the way filenames are encrypted. | |
674 | * | |
675 | * Return: 0 on success (dummy context set, or the same context is already set); | |
676 | * -EEXIST if a different dummy context is already set; | |
677 | * or another -errno value. | |
678 | */ | |
679 | int fscrypt_set_test_dummy_encryption(struct super_block *sb, | |
680 | const substring_t *arg, | |
681 | struct fscrypt_dummy_context *dummy_ctx) | |
682 | { | |
0ca2ddb0 | 683 | const char *argstr = "v2"; |
ed318a6c EB |
684 | const char *argstr_to_free = NULL; |
685 | struct fscrypt_key_specifier key_spec = { 0 }; | |
686 | int version; | |
687 | union fscrypt_context *ctx = NULL; | |
688 | int err; | |
689 | ||
690 | if (arg->from) { | |
691 | argstr = argstr_to_free = match_strdup(arg); | |
692 | if (!argstr) | |
693 | return -ENOMEM; | |
694 | } | |
695 | ||
696 | if (!strcmp(argstr, "v1")) { | |
697 | version = FSCRYPT_CONTEXT_V1; | |
698 | key_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; | |
699 | memset(key_spec.u.descriptor, 0x42, | |
700 | FSCRYPT_KEY_DESCRIPTOR_SIZE); | |
701 | } else if (!strcmp(argstr, "v2")) { | |
702 | version = FSCRYPT_CONTEXT_V2; | |
703 | key_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER; | |
704 | /* key_spec.u.identifier gets filled in when adding the key */ | |
705 | } else { | |
706 | err = -EINVAL; | |
707 | goto out; | |
708 | } | |
709 | ||
710 | if (dummy_ctx->ctx) { | |
711 | /* | |
712 | * Note: if we ever make test_dummy_encryption support | |
713 | * specifying other encryption settings, such as the encryption | |
714 | * modes, we'll need to compare those settings here. | |
715 | */ | |
716 | if (dummy_ctx->ctx->version == version) | |
717 | err = 0; | |
718 | else | |
719 | err = -EEXIST; | |
720 | goto out; | |
721 | } | |
722 | ||
723 | ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); | |
724 | if (!ctx) { | |
725 | err = -ENOMEM; | |
726 | goto out; | |
727 | } | |
728 | ||
729 | err = fscrypt_add_test_dummy_key(sb, &key_spec); | |
730 | if (err) | |
731 | goto out; | |
732 | ||
733 | ctx->version = version; | |
734 | switch (ctx->version) { | |
735 | case FSCRYPT_CONTEXT_V1: | |
736 | ctx->v1.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS; | |
737 | ctx->v1.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS; | |
738 | memcpy(ctx->v1.master_key_descriptor, key_spec.u.descriptor, | |
739 | FSCRYPT_KEY_DESCRIPTOR_SIZE); | |
740 | break; | |
741 | case FSCRYPT_CONTEXT_V2: | |
742 | ctx->v2.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS; | |
743 | ctx->v2.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS; | |
744 | memcpy(ctx->v2.master_key_identifier, key_spec.u.identifier, | |
745 | FSCRYPT_KEY_IDENTIFIER_SIZE); | |
746 | break; | |
747 | default: | |
748 | WARN_ON(1); | |
749 | err = -EINVAL; | |
750 | goto out; | |
751 | } | |
752 | dummy_ctx->ctx = ctx; | |
753 | ctx = NULL; | |
754 | err = 0; | |
755 | out: | |
756 | kfree(ctx); | |
757 | kfree(argstr_to_free); | |
758 | return err; | |
759 | } | |
760 | EXPORT_SYMBOL_GPL(fscrypt_set_test_dummy_encryption); | |
761 | ||
762 | /** | |
763 | * fscrypt_show_test_dummy_encryption() - show '-o test_dummy_encryption' | |
764 | * @seq: the seq_file to print the option to | |
765 | * @sep: the separator character to use | |
766 | * @sb: the filesystem whose options are being shown | |
767 | * | |
768 | * Show the test_dummy_encryption mount option, if it was specified. | |
769 | * This is mainly used for /proc/mounts. | |
770 | */ | |
771 | void fscrypt_show_test_dummy_encryption(struct seq_file *seq, char sep, | |
772 | struct super_block *sb) | |
773 | { | |
774 | const union fscrypt_context *ctx = fscrypt_get_dummy_context(sb); | |
775 | ||
776 | if (!ctx) | |
777 | return; | |
778 | seq_printf(seq, "%ctest_dummy_encryption=v%d", sep, ctx->version); | |
779 | } | |
780 | EXPORT_SYMBOL_GPL(fscrypt_show_test_dummy_encryption); |