[mirror_ubuntu-artful-kernel.git] / fs / crypto / policy.c

/*
 * Encryption policy functions for per-file encryption support.
 *
 * Copyright (C) 2015, Google, Inc.
 * Copyright (C) 2015, Motorola Mobility.
 *
 * Written by Michael Halcrow, 2015.
 * Modified by Jaegeuk Kim, 2015.
 */

#include <linux/random.h>
#include <linux/string.h>
#include <linux/fscrypto.h>

static int inode_has_encryption_context(struct inode *inode)
{
	if (!inode->i_sb->s_cop->get_context)
		return 0;
	return (inode->i_sb->s_cop->get_context(inode, NULL, 0L) > 0);
}

/*
 * check whether the policy is consistent with the encryption context
 * for the inode
 */
static int is_encryption_context_consistent_with_policy(struct inode *inode,
				const struct fscrypt_policy *policy)
{
	struct fscrypt_context ctx;
	int res;

	if (!inode->i_sb->s_cop->get_context)
		return 0;

	res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
	if (res != sizeof(ctx))
		return 0;

	return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor,
			FS_KEY_DESCRIPTOR_SIZE) == 0 &&
			(ctx.flags == policy->flags) &&
			(ctx.contents_encryption_mode ==
			 policy->contents_encryption_mode) &&
			(ctx.filenames_encryption_mode ==
			 policy->filenames_encryption_mode));
}

static int create_encryption_context_from_policy(struct inode *inode,
				const struct fscrypt_policy *policy)
{
	struct fscrypt_context ctx;
	int res;

	if (!inode->i_sb->s_cop->set_context)
		return -EOPNOTSUPP;

	if (inode->i_sb->s_cop->prepare_context) {
		res = inode->i_sb->s_cop->prepare_context(inode);
		if (res)
			return res;
	}

	ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
	memcpy(ctx.master_key_descriptor, policy->master_key_descriptor,
					FS_KEY_DESCRIPTOR_SIZE);

	if (!fscrypt_valid_contents_enc_mode(
				policy->contents_encryption_mode)) {
		printk(KERN_WARNING
		       "%s: Invalid contents encryption mode %d\n", __func__,
			policy->contents_encryption_mode);
		return -EINVAL;
	}

	if (!fscrypt_valid_filenames_enc_mode(
				policy->filenames_encryption_mode)) {
		printk(KERN_WARNING
			"%s: Invalid filenames encryption mode %d\n", __func__,
			policy->filenames_encryption_mode);
		return -EINVAL;
	}

	if (policy->flags & ~FS_POLICY_FLAGS_VALID)
		return -EINVAL;

	ctx.contents_encryption_mode = policy->contents_encryption_mode;
	ctx.filenames_encryption_mode = policy->filenames_encryption_mode;
	ctx.flags = policy->flags;
	BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);
	get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);

	return inode->i_sb->s_cop->set_context(inode, &ctx, sizeof(ctx), NULL);
}

int fscrypt_process_policy(struct inode *inode,
				const struct fscrypt_policy *policy)
{
	if (!inode_owner_or_capable(inode))
		return -EACCES;

	if (policy->version != 0)
		return -EINVAL;

	if (!inode_has_encryption_context(inode)) {
		if (!S_ISDIR(inode->i_mode))
			return -EINVAL;
		if (!inode->i_sb->s_cop->empty_dir)
			return -EOPNOTSUPP;
		if (!inode->i_sb->s_cop->empty_dir(inode))
			return -ENOTEMPTY;
		return create_encryption_context_from_policy(inode, policy);
	}

	if (is_encryption_context_consistent_with_policy(inode, policy))
		return 0;

	printk(KERN_WARNING "%s: Policy inconsistent with encryption context\n",
	       __func__);
	return -EINVAL;
}
EXPORT_SYMBOL(fscrypt_process_policy);

int fscrypt_get_policy(struct inode *inode, struct fscrypt_policy *policy)
{
	struct fscrypt_context ctx;
	int res;

	if (!inode->i_sb->s_cop->get_context ||
			!inode->i_sb->s_cop->is_encrypted(inode))
		return -ENODATA;

	res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
	if (res != sizeof(ctx))
		return -ENODATA;
	if (ctx.format != FS_ENCRYPTION_CONTEXT_FORMAT_V1)
		return -EINVAL;

	policy->version = 0;
	policy->contents_encryption_mode = ctx.contents_encryption_mode;
	policy->filenames_encryption_mode = ctx.filenames_encryption_mode;
	policy->flags = ctx.flags;
	memcpy(&policy->master_key_descriptor, ctx.master_key_descriptor,
				FS_KEY_DESCRIPTOR_SIZE);
	return 0;
}
EXPORT_SYMBOL(fscrypt_get_policy);

int fscrypt_has_permitted_context(struct inode *parent, struct inode *child)
{
	struct fscrypt_info *parent_ci, *child_ci;
	int res;

	if ((parent == NULL) || (child == NULL)) {
		printk(KERN_ERR	"parent %p child %p\n", parent, child);
		BUG_ON(1);
	}

	/* no restrictions if the parent directory is not encrypted */
	if (!parent->i_sb->s_cop->is_encrypted(parent))
		return 1;
	/* if the child directory is not encrypted, this is always a problem */
	if (!parent->i_sb->s_cop->is_encrypted(child))
		return 0;
	res = fscrypt_get_encryption_info(parent);
	if (res)
		return 0;
	res = fscrypt_get_encryption_info(child);
	if (res)
		return 0;
	parent_ci = parent->i_crypt_info;
	child_ci = child->i_crypt_info;
	if (!parent_ci && !child_ci)
		return 1;
	if (!parent_ci || !child_ci)
		return 0;

	return (memcmp(parent_ci->ci_master_key,
			child_ci->ci_master_key,
			FS_KEY_DESCRIPTOR_SIZE) == 0 &&
		(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&
		(parent_ci->ci_filename_mode == child_ci->ci_filename_mode) &&
		(parent_ci->ci_flags == child_ci->ci_flags));
}
EXPORT_SYMBOL(fscrypt_has_permitted_context);

/**
 * fscrypt_inherit_context() - Sets a child context from its parent
 * @parent: Parent inode from which the context is inherited.
 * @child:  Child inode that inherits the context from @parent.
 * @fs_data:  private data given by FS.
 * @preload:  preload child i_crypt_info
 *
 * Return: Zero on success, non-zero otherwise
 */
int fscrypt_inherit_context(struct inode *parent, struct inode *child,
						void *fs_data, bool preload)
{
	struct fscrypt_context ctx;
	struct fscrypt_info *ci;
	int res;

	if (!parent->i_sb->s_cop->set_context)
		return -EOPNOTSUPP;

	res = fscrypt_get_encryption_info(parent);
	if (res < 0)
		return res;

	ci = parent->i_crypt_info;
	if (ci == NULL)
		return -ENOKEY;

	ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
	if (fscrypt_dummy_context_enabled(parent)) {
		ctx.contents_encryption_mode = FS_ENCRYPTION_MODE_AES_256_XTS;
		ctx.filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_256_CTS;
		ctx.flags = 0;
		memset(ctx.master_key_descriptor, 0x42, FS_KEY_DESCRIPTOR_SIZE);
		res = 0;
	} else {
		ctx.contents_encryption_mode = ci->ci_data_mode;
		ctx.filenames_encryption_mode = ci->ci_filename_mode;
		ctx.flags = ci->ci_flags;
		memcpy(ctx.master_key_descriptor, ci->ci_master_key,
				FS_KEY_DESCRIPTOR_SIZE);
	}
	get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);
	res = parent->i_sb->s_cop->set_context(child, &ctx,
						sizeof(ctx), fs_data);
	if (res)
		return res;
	return preload ? fscrypt_get_encryption_info(child): 0;
}
EXPORT_SYMBOL(fscrypt_inherit_context);
Commit	Line	Data
0b81d077 JK	1	/*
	2	* Encryption policy functions for per-file encryption support.
	3	*
	4	* Copyright (C) 2015, Google, Inc.
	5	* Copyright (C) 2015, Motorola Mobility.
	6	*
	7	* Written by Michael Halcrow, 2015.
	8	* Modified by Jaegeuk Kim, 2015.
	9	*/
	10
	11	#include <linux/random.h>
	12	#include <linux/string.h>
	13	#include <linux/fscrypto.h>
	14
	15	static int inode_has_encryption_context(struct inode *inode)
	16	{
	17	if (!inode->i_sb->s_cop->get_context)
	18	return 0;
	19	return (inode->i_sb->s_cop->get_context(inode, NULL, 0L) > 0);
	20	}
	21
	22	/*
	23	* check whether the policy is consistent with the encryption context
	24	* for the inode
	25	*/
	26	static int is_encryption_context_consistent_with_policy(struct inode *inode,
	27	const struct fscrypt_policy *policy)
	28	{
	29	struct fscrypt_context ctx;
	30	int res;
	31
	32	if (!inode->i_sb->s_cop->get_context)
	33	return 0;
	34
	35	res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
	36	if (res != sizeof(ctx))
	37	return 0;
	38
	39	return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor,
	40	FS_KEY_DESCRIPTOR_SIZE) == 0 &&
	41	(ctx.flags == policy->flags) &&
	42	(ctx.contents_encryption_mode ==
	43	policy->contents_encryption_mode) &&
	44	(ctx.filenames_encryption_mode ==
	45	policy->filenames_encryption_mode));
	46	}
	47
	48	static int create_encryption_context_from_policy(struct inode *inode,
	49	const struct fscrypt_policy *policy)
	50	{
	51	struct fscrypt_context ctx;
	52	int res;
	53
	54	if (!inode->i_sb->s_cop->set_context)
	55	return -EOPNOTSUPP;
	56
	57	if (inode->i_sb->s_cop->prepare_context) {
	58	res = inode->i_sb->s_cop->prepare_context(inode);
	59	if (res)
	60	return res;
	61	}
	62
	63	ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
	64	memcpy(ctx.master_key_descriptor, policy->master_key_descriptor,
65	FS_KEY_DESCRIPTOR_SIZE);
66
67	if (!fscrypt_valid_contents_enc_mode(
68	policy->contents_encryption_mode)) {
69	printk(KERN_WARNING
70	"%s: Invalid contents encryption mode %d\n", __func__,
71	policy->contents_encryption_mode);
72	return -EINVAL;
73	}
74
75	if (!fscrypt_valid_filenames_enc_mode(
76	policy->filenames_encryption_mode)) {
77	printk(KERN_WARNING
78	"%s: Invalid filenames encryption mode %d\n", __func__,
79	policy->filenames_encryption_mode);
80	return -EINVAL;
81	}
82
83	if (policy->flags & ~FS_POLICY_FLAGS_VALID)
84	return -EINVAL;
85
86	ctx.contents_encryption_mode = policy->contents_encryption_mode;
87	ctx.filenames_encryption_mode = policy->filenames_encryption_mode;
88	ctx.flags = policy->flags;
89	BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);
90	get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);
91
92	return inode->i_sb->s_cop->set_context(inode, &ctx, sizeof(ctx), NULL);
93	}
94
95	int fscrypt_process_policy(struct inode *inode,
96	const struct fscrypt_policy *policy)
97	{
163ae1c6 EB	98	if (!inode_owner_or_capable(inode))
	99	return -EACCES;
	100
0b81d077 JK	101	if (policy->version != 0)
	102	return -EINVAL;
	103
	104	if (!inode_has_encryption_context(inode)) {
002ced4b EB	105	if (!S_ISDIR(inode->i_mode))
002ced4b EB	106	return -EINVAL;
0b81d077 JK	107	if (!inode->i_sb->s_cop->empty_dir)
	108	return -EOPNOTSUPP;
	109	if (!inode->i_sb->s_cop->empty_dir(inode))
	110	return -ENOTEMPTY;
	111	return create_encryption_context_from_policy(inode, policy);
	112	}
	113
	114	if (is_encryption_context_consistent_with_policy(inode, policy))
	115	return 0;
	116
	117	printk(KERN_WARNING "%s: Policy inconsistent with encryption context\n",
	118	__func__);
	119	return -EINVAL;
	120	}
	121	EXPORT_SYMBOL(fscrypt_process_policy);
	122
	123	int fscrypt_get_policy(struct inode inode, struct fscrypt_policy policy)
	124	{
	125	struct fscrypt_context ctx;
	126	int res;
	127
	128	if (!inode->i_sb->s_cop->get_context \|\|
	129	!inode->i_sb->s_cop->is_encrypted(inode))
	130	return -ENODATA;
	131
	132	res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
	133	if (res != sizeof(ctx))
	134	return -ENODATA;
	135	if (ctx.format != FS_ENCRYPTION_CONTEXT_FORMAT_V1)
	136	return -EINVAL;
	137
	138	policy->version = 0;
	139	policy->contents_encryption_mode = ctx.contents_encryption_mode;
	140	policy->filenames_encryption_mode = ctx.filenames_encryption_mode;
	141	policy->flags = ctx.flags;
	142	memcpy(&policy->master_key_descriptor, ctx.master_key_descriptor,
	143	FS_KEY_DESCRIPTOR_SIZE);
	144	return 0;
	145	}
	146	EXPORT_SYMBOL(fscrypt_get_policy);
	147
	148	int fscrypt_has_permitted_context(struct inode parent, struct inode child)
	149	{
	150	struct fscrypt_info parent_ci, child_ci;
	151	int res;
	152
	153	if ((parent == NULL) \|\| (child == NULL)) {
	154	printk(KERN_ERR "parent %p child %p\n", parent, child);
	155	BUG_ON(1);
	156	}
	157
	158	/* no restrictions if the parent directory is not encrypted */
	159	if (!parent->i_sb->s_cop->is_encrypted(parent))
	160	return 1;
	161	/* if the child directory is not encrypted, this is always a problem */
	162	if (!parent->i_sb->s_cop->is_encrypted(child))
	163	return 0;
	164	res = fscrypt_get_encryption_info(parent);
	165	if (res)
	166	return 0;
	167	res = fscrypt_get_encryption_info(child);
	168	if (res)
	169	return 0;
	170	parent_ci = parent->i_crypt_info;
171	child_ci = child->i_crypt_info;
172	if (!parent_ci && !child_ci)
173	return 1;
174	if (!parent_ci \|\| !child_ci)
175	return 0;
176
177	return (memcmp(parent_ci->ci_master_key,
178	child_ci->ci_master_key,
179	FS_KEY_DESCRIPTOR_SIZE) == 0 &&
180	(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&
181	(parent_ci->ci_filename_mode == child_ci->ci_filename_mode) &&
182	(parent_ci->ci_flags == child_ci->ci_flags));
183	}
184	EXPORT_SYMBOL(fscrypt_has_permitted_context);
185
186	/**
187	* fscrypt_inherit_context() - Sets a child context from its parent
188	* @parent: Parent inode from which the context is inherited.
189	* @child: Child inode that inherits the context from @parent.
190	* @fs_data: private data given by FS.
191	* @preload: preload child i_crypt_info
192	*
193	* Return: Zero on success, non-zero otherwise
194	*/
195	int fscrypt_inherit_context(struct inode parent, struct inode child,
196	void *fs_data, bool preload)
197	{
198	struct fscrypt_context ctx;
199	struct fscrypt_info *ci;
200	int res;
201
202	if (!parent->i_sb->s_cop->set_context)
203	return -EOPNOTSUPP;
204
205	res = fscrypt_get_encryption_info(parent);
206	if (res < 0)
207	return res;
208
209	ci = parent->i_crypt_info;
210	if (ci == NULL)
211	return -ENOKEY;
212
213	ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
214	if (fscrypt_dummy_context_enabled(parent)) {
215	ctx.contents_encryption_mode = FS_ENCRYPTION_MODE_AES_256_XTS;
216	ctx.filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_256_CTS;
217	ctx.flags = 0;
218	memset(ctx.master_key_descriptor, 0x42, FS_KEY_DESCRIPTOR_SIZE);
219	res = 0;
220	} else {
221	ctx.contents_encryption_mode = ci->ci_data_mode;
222	ctx.filenames_encryption_mode = ci->ci_filename_mode;
223	ctx.flags = ci->ci_flags;
224	memcpy(ctx.master_key_descriptor, ci->ci_master_key,
225	FS_KEY_DESCRIPTOR_SIZE);
226	}
227	get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);
228	res = parent->i_sb->s_cop->set_context(child, &ctx,
229	sizeof(ctx), fs_data);
230	if (res)
231	return res;
232	return preload ? fscrypt_get_encryption_info(child): 0;
233	}
234	EXPORT_SYMBOL(fscrypt_inherit_context);