Commit | Line | Data |
---|---|---|
9bd8212f MH |
1 | /* |
2 | * linux/fs/ext4/crypto_policy.c | |
3 | * | |
4 | * Copyright (C) 2015, Google, Inc. | |
5 | * | |
6 | * This contains encryption policy functions for ext4 | |
7 | * | |
8 | * Written by Michael Halcrow, 2015. | |
9 | */ | |
10 | ||
11 | #include <linux/random.h> | |
12 | #include <linux/string.h> | |
13 | #include <linux/types.h> | |
14 | ||
15 | #include "ext4.h" | |
16 | #include "xattr.h" | |
17 | ||
18 | static int ext4_inode_has_encryption_context(struct inode *inode) | |
19 | { | |
20 | int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION, | |
21 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, NULL, 0); | |
22 | return (res > 0); | |
23 | } | |
24 | ||
25 | /* | |
26 | * check whether the policy is consistent with the encryption context | |
27 | * for the inode | |
28 | */ | |
29 | static int ext4_is_encryption_context_consistent_with_policy( | |
30 | struct inode *inode, const struct ext4_encryption_policy *policy) | |
31 | { | |
32 | struct ext4_encryption_context ctx; | |
33 | int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION, | |
34 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx, | |
35 | sizeof(ctx)); | |
36 | if (res != sizeof(ctx)) | |
37 | return 0; | |
38 | return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor, | |
39 | EXT4_KEY_DESCRIPTOR_SIZE) == 0 && | |
a44cd7a0 TT |
40 | (ctx.flags == |
41 | policy->flags) && | |
9bd8212f MH |
42 | (ctx.contents_encryption_mode == |
43 | policy->contents_encryption_mode) && | |
44 | (ctx.filenames_encryption_mode == | |
45 | policy->filenames_encryption_mode)); | |
46 | } | |
47 | ||
48 | static int ext4_create_encryption_context_from_policy( | |
49 | struct inode *inode, const struct ext4_encryption_policy *policy) | |
50 | { | |
51 | struct ext4_encryption_context ctx; | |
52 | int res = 0; | |
53 | ||
54 | ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1; | |
55 | memcpy(ctx.master_key_descriptor, policy->master_key_descriptor, | |
56 | EXT4_KEY_DESCRIPTOR_SIZE); | |
b30ab0e0 MH |
57 | if (!ext4_valid_contents_enc_mode(policy->contents_encryption_mode)) { |
58 | printk(KERN_WARNING | |
59 | "%s: Invalid contents encryption mode %d\n", __func__, | |
60 | policy->contents_encryption_mode); | |
a44cd7a0 | 61 | return -EINVAL; |
b30ab0e0 | 62 | } |
d5d0e8c7 MH |
63 | if (!ext4_valid_filenames_enc_mode(policy->filenames_encryption_mode)) { |
64 | printk(KERN_WARNING | |
65 | "%s: Invalid filenames encryption mode %d\n", __func__, | |
66 | policy->filenames_encryption_mode); | |
a44cd7a0 | 67 | return -EINVAL; |
d5d0e8c7 | 68 | } |
a44cd7a0 TT |
69 | if (policy->flags & ~EXT4_POLICY_FLAGS_VALID) |
70 | return -EINVAL; | |
9bd8212f MH |
71 | ctx.contents_encryption_mode = policy->contents_encryption_mode; |
72 | ctx.filenames_encryption_mode = policy->filenames_encryption_mode; | |
a44cd7a0 | 73 | ctx.flags = policy->flags; |
9bd8212f MH |
74 | BUILD_BUG_ON(sizeof(ctx.nonce) != EXT4_KEY_DERIVATION_NONCE_SIZE); |
75 | get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE); | |
76 | ||
77 | res = ext4_xattr_set(inode, EXT4_XATTR_INDEX_ENCRYPTION, | |
78 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx, | |
79 | sizeof(ctx), 0); | |
80 | if (!res) | |
81 | ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT); | |
82 | return res; | |
83 | } | |
84 | ||
85 | int ext4_process_policy(const struct ext4_encryption_policy *policy, | |
86 | struct inode *inode) | |
87 | { | |
88 | if (policy->version != 0) | |
89 | return -EINVAL; | |
90 | ||
91 | if (!ext4_inode_has_encryption_context(inode)) { | |
92 | if (!ext4_empty_dir(inode)) | |
93 | return -ENOTEMPTY; | |
94 | return ext4_create_encryption_context_from_policy(inode, | |
95 | policy); | |
96 | } | |
97 | ||
98 | if (ext4_is_encryption_context_consistent_with_policy(inode, policy)) | |
99 | return 0; | |
100 | ||
101 | printk(KERN_WARNING "%s: Policy inconsistent with encryption context\n", | |
102 | __func__); | |
103 | return -EINVAL; | |
104 | } | |
105 | ||
106 | int ext4_get_policy(struct inode *inode, struct ext4_encryption_policy *policy) | |
107 | { | |
108 | struct ext4_encryption_context ctx; | |
109 | ||
110 | int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION, | |
111 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, | |
112 | &ctx, sizeof(ctx)); | |
113 | if (res != sizeof(ctx)) | |
114 | return -ENOENT; | |
115 | if (ctx.format != EXT4_ENCRYPTION_CONTEXT_FORMAT_V1) | |
116 | return -EINVAL; | |
117 | policy->version = 0; | |
118 | policy->contents_encryption_mode = ctx.contents_encryption_mode; | |
119 | policy->filenames_encryption_mode = ctx.filenames_encryption_mode; | |
a44cd7a0 | 120 | policy->flags = ctx.flags; |
9bd8212f MH |
121 | memcpy(&policy->master_key_descriptor, ctx.master_key_descriptor, |
122 | EXT4_KEY_DESCRIPTOR_SIZE); | |
123 | return 0; | |
124 | } | |
125 | ||
126 | int ext4_is_child_context_consistent_with_parent(struct inode *parent, | |
127 | struct inode *child) | |
128 | { | |
b7236e21 | 129 | struct ext4_crypt_info *parent_ci, *child_ci; |
9bd8212f MH |
130 | int res; |
131 | ||
132 | if ((parent == NULL) || (child == NULL)) { | |
133 | pr_err("parent %p child %p\n", parent, child); | |
134 | BUG_ON(1); | |
135 | } | |
136 | /* no restrictions if the parent directory is not encrypted */ | |
137 | if (!ext4_encrypted_inode(parent)) | |
138 | return 1; | |
9bd8212f MH |
139 | /* if the child directory is not encrypted, this is always a problem */ |
140 | if (!ext4_encrypted_inode(child)) | |
141 | return 0; | |
b7236e21 TT |
142 | res = ext4_get_encryption_info(parent); |
143 | if (res) | |
144 | return 0; | |
145 | res = ext4_get_encryption_info(child); | |
146 | if (res) | |
147 | return 0; | |
148 | parent_ci = EXT4_I(parent)->i_crypt_info; | |
149 | child_ci = EXT4_I(child)->i_crypt_info; | |
150 | if (!parent_ci && !child_ci) | |
151 | return 1; | |
152 | if (!parent_ci || !child_ci) | |
9bd8212f | 153 | return 0; |
b7236e21 TT |
154 | |
155 | return (memcmp(parent_ci->ci_master_key, | |
156 | child_ci->ci_master_key, | |
9bd8212f | 157 | EXT4_KEY_DESCRIPTOR_SIZE) == 0 && |
b7236e21 TT |
158 | (parent_ci->ci_data_mode == child_ci->ci_data_mode) && |
159 | (parent_ci->ci_filename_mode == child_ci->ci_filename_mode) && | |
160 | (parent_ci->ci_flags == child_ci->ci_flags)); | |
9bd8212f MH |
161 | } |
162 | ||
163 | /** | |
164 | * ext4_inherit_context() - Sets a child context from its parent | |
165 | * @parent: Parent inode from which the context is inherited. | |
166 | * @child: Child inode that inherits the context from @parent. | |
167 | * | |
168 | * Return: Zero on success, non-zero otherwise | |
169 | */ | |
170 | int ext4_inherit_context(struct inode *parent, struct inode *child) | |
171 | { | |
172 | struct ext4_encryption_context ctx; | |
b7236e21 TT |
173 | struct ext4_crypt_info *ci; |
174 | int res; | |
175 | ||
176 | res = ext4_get_encryption_info(parent); | |
177 | if (res < 0) | |
178 | return res; | |
179 | ci = EXT4_I(parent)->i_crypt_info; | |
180 | BUG_ON(ci == NULL); | |
9bd8212f | 181 | |
b7236e21 TT |
182 | ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1; |
183 | if (DUMMY_ENCRYPTION_ENABLED(EXT4_SB(parent->i_sb))) { | |
184 | ctx.contents_encryption_mode = EXT4_ENCRYPTION_MODE_AES_256_XTS; | |
185 | ctx.filenames_encryption_mode = | |
186 | EXT4_ENCRYPTION_MODE_AES_256_CTS; | |
187 | ctx.flags = 0; | |
188 | memset(ctx.master_key_descriptor, 0x42, | |
189 | EXT4_KEY_DESCRIPTOR_SIZE); | |
190 | res = 0; | |
191 | } else { | |
192 | ctx.contents_encryption_mode = ci->ci_data_mode; | |
193 | ctx.filenames_encryption_mode = ci->ci_filename_mode; | |
194 | ctx.flags = ci->ci_flags; | |
195 | memcpy(ctx.master_key_descriptor, ci->ci_master_key, | |
196 | EXT4_KEY_DESCRIPTOR_SIZE); | |
6ddb2447 | 197 | } |
9bd8212f MH |
198 | get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE); |
199 | res = ext4_xattr_set(child, EXT4_XATTR_INDEX_ENCRYPTION, | |
200 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx, | |
201 | sizeof(ctx), 0); | |
202 | if (!res) | |
203 | ext4_set_inode_flag(child, EXT4_INODE_ENCRYPT); | |
204 | return res; | |
b7236e21 | 205 | |
9bd8212f | 206 | } |