]>
Commit | Line | Data |
---|---|---|
0b81d077 JK |
1 | /* |
2 | * Encryption policy functions for per-file encryption support. | |
3 | * | |
4 | * Copyright (C) 2015, Google, Inc. | |
5 | * Copyright (C) 2015, Motorola Mobility. | |
6 | * | |
7 | * Written by Michael Halcrow, 2015. | |
8 | * Modified by Jaegeuk Kim, 2015. | |
9 | */ | |
10 | ||
11 | #include <linux/random.h> | |
12 | #include <linux/string.h> | |
13 | #include <linux/fscrypto.h> | |
14 | ||
15 | static int inode_has_encryption_context(struct inode *inode) | |
16 | { | |
17 | if (!inode->i_sb->s_cop->get_context) | |
18 | return 0; | |
19 | return (inode->i_sb->s_cop->get_context(inode, NULL, 0L) > 0); | |
20 | } | |
21 | ||
22 | /* | |
23 | * check whether the policy is consistent with the encryption context | |
24 | * for the inode | |
25 | */ | |
26 | static int is_encryption_context_consistent_with_policy(struct inode *inode, | |
27 | const struct fscrypt_policy *policy) | |
28 | { | |
29 | struct fscrypt_context ctx; | |
30 | int res; | |
31 | ||
32 | if (!inode->i_sb->s_cop->get_context) | |
33 | return 0; | |
34 | ||
35 | res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); | |
36 | if (res != sizeof(ctx)) | |
37 | return 0; | |
38 | ||
39 | return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor, | |
40 | FS_KEY_DESCRIPTOR_SIZE) == 0 && | |
41 | (ctx.flags == policy->flags) && | |
42 | (ctx.contents_encryption_mode == | |
43 | policy->contents_encryption_mode) && | |
44 | (ctx.filenames_encryption_mode == | |
45 | policy->filenames_encryption_mode)); | |
46 | } | |
47 | ||
48 | static int create_encryption_context_from_policy(struct inode *inode, | |
49 | const struct fscrypt_policy *policy) | |
50 | { | |
51 | struct fscrypt_context ctx; | |
52 | int res; | |
53 | ||
54 | if (!inode->i_sb->s_cop->set_context) | |
55 | return -EOPNOTSUPP; | |
56 | ||
57 | if (inode->i_sb->s_cop->prepare_context) { | |
58 | res = inode->i_sb->s_cop->prepare_context(inode); | |
59 | if (res) | |
60 | return res; | |
61 | } | |
62 | ||
63 | ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; | |
64 | memcpy(ctx.master_key_descriptor, policy->master_key_descriptor, | |
65 | FS_KEY_DESCRIPTOR_SIZE); | |
66 | ||
67 | if (!fscrypt_valid_contents_enc_mode( | |
68 | policy->contents_encryption_mode)) { | |
69 | printk(KERN_WARNING | |
70 | "%s: Invalid contents encryption mode %d\n", __func__, | |
71 | policy->contents_encryption_mode); | |
72 | return -EINVAL; | |
73 | } | |
74 | ||
75 | if (!fscrypt_valid_filenames_enc_mode( | |
76 | policy->filenames_encryption_mode)) { | |
77 | printk(KERN_WARNING | |
78 | "%s: Invalid filenames encryption mode %d\n", __func__, | |
79 | policy->filenames_encryption_mode); | |
80 | return -EINVAL; | |
81 | } | |
82 | ||
83 | if (policy->flags & ~FS_POLICY_FLAGS_VALID) | |
84 | return -EINVAL; | |
85 | ||
86 | ctx.contents_encryption_mode = policy->contents_encryption_mode; | |
87 | ctx.filenames_encryption_mode = policy->filenames_encryption_mode; | |
88 | ctx.flags = policy->flags; | |
89 | BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); | |
90 | get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); | |
91 | ||
92 | return inode->i_sb->s_cop->set_context(inode, &ctx, sizeof(ctx), NULL); | |
93 | } | |
94 | ||
95 | int fscrypt_process_policy(struct inode *inode, | |
96 | const struct fscrypt_policy *policy) | |
97 | { | |
163ae1c6 EB |
98 | if (!inode_owner_or_capable(inode)) |
99 | return -EACCES; | |
100 | ||
0b81d077 JK |
101 | if (policy->version != 0) |
102 | return -EINVAL; | |
103 | ||
104 | if (!inode_has_encryption_context(inode)) { | |
002ced4b EB |
105 | if (!S_ISDIR(inode->i_mode)) |
106 | return -EINVAL; | |
0b81d077 JK |
107 | if (!inode->i_sb->s_cop->empty_dir) |
108 | return -EOPNOTSUPP; | |
109 | if (!inode->i_sb->s_cop->empty_dir(inode)) | |
110 | return -ENOTEMPTY; | |
111 | return create_encryption_context_from_policy(inode, policy); | |
112 | } | |
113 | ||
114 | if (is_encryption_context_consistent_with_policy(inode, policy)) | |
115 | return 0; | |
116 | ||
117 | printk(KERN_WARNING "%s: Policy inconsistent with encryption context\n", | |
118 | __func__); | |
119 | return -EINVAL; | |
120 | } | |
121 | EXPORT_SYMBOL(fscrypt_process_policy); | |
122 | ||
123 | int fscrypt_get_policy(struct inode *inode, struct fscrypt_policy *policy) | |
124 | { | |
125 | struct fscrypt_context ctx; | |
126 | int res; | |
127 | ||
128 | if (!inode->i_sb->s_cop->get_context || | |
129 | !inode->i_sb->s_cop->is_encrypted(inode)) | |
130 | return -ENODATA; | |
131 | ||
132 | res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); | |
133 | if (res != sizeof(ctx)) | |
134 | return -ENODATA; | |
135 | if (ctx.format != FS_ENCRYPTION_CONTEXT_FORMAT_V1) | |
136 | return -EINVAL; | |
137 | ||
138 | policy->version = 0; | |
139 | policy->contents_encryption_mode = ctx.contents_encryption_mode; | |
140 | policy->filenames_encryption_mode = ctx.filenames_encryption_mode; | |
141 | policy->flags = ctx.flags; | |
142 | memcpy(&policy->master_key_descriptor, ctx.master_key_descriptor, | |
143 | FS_KEY_DESCRIPTOR_SIZE); | |
144 | return 0; | |
145 | } | |
146 | EXPORT_SYMBOL(fscrypt_get_policy); | |
147 | ||
148 | int fscrypt_has_permitted_context(struct inode *parent, struct inode *child) | |
149 | { | |
150 | struct fscrypt_info *parent_ci, *child_ci; | |
151 | int res; | |
152 | ||
153 | if ((parent == NULL) || (child == NULL)) { | |
154 | printk(KERN_ERR "parent %p child %p\n", parent, child); | |
155 | BUG_ON(1); | |
156 | } | |
157 | ||
158 | /* no restrictions if the parent directory is not encrypted */ | |
159 | if (!parent->i_sb->s_cop->is_encrypted(parent)) | |
160 | return 1; | |
161 | /* if the child directory is not encrypted, this is always a problem */ | |
162 | if (!parent->i_sb->s_cop->is_encrypted(child)) | |
163 | return 0; | |
164 | res = fscrypt_get_encryption_info(parent); | |
165 | if (res) | |
166 | return 0; | |
167 | res = fscrypt_get_encryption_info(child); | |
168 | if (res) | |
169 | return 0; | |
170 | parent_ci = parent->i_crypt_info; | |
171 | child_ci = child->i_crypt_info; | |
172 | if (!parent_ci && !child_ci) | |
173 | return 1; | |
174 | if (!parent_ci || !child_ci) | |
175 | return 0; | |
176 | ||
177 | return (memcmp(parent_ci->ci_master_key, | |
178 | child_ci->ci_master_key, | |
179 | FS_KEY_DESCRIPTOR_SIZE) == 0 && | |
180 | (parent_ci->ci_data_mode == child_ci->ci_data_mode) && | |
181 | (parent_ci->ci_filename_mode == child_ci->ci_filename_mode) && | |
182 | (parent_ci->ci_flags == child_ci->ci_flags)); | |
183 | } | |
184 | EXPORT_SYMBOL(fscrypt_has_permitted_context); | |
185 | ||
186 | /** | |
187 | * fscrypt_inherit_context() - Sets a child context from its parent | |
188 | * @parent: Parent inode from which the context is inherited. | |
189 | * @child: Child inode that inherits the context from @parent. | |
190 | * @fs_data: private data given by FS. | |
191 | * @preload: preload child i_crypt_info | |
192 | * | |
193 | * Return: Zero on success, non-zero otherwise | |
194 | */ | |
195 | int fscrypt_inherit_context(struct inode *parent, struct inode *child, | |
196 | void *fs_data, bool preload) | |
197 | { | |
198 | struct fscrypt_context ctx; | |
199 | struct fscrypt_info *ci; | |
200 | int res; | |
201 | ||
202 | if (!parent->i_sb->s_cop->set_context) | |
203 | return -EOPNOTSUPP; | |
204 | ||
205 | res = fscrypt_get_encryption_info(parent); | |
206 | if (res < 0) | |
207 | return res; | |
208 | ||
209 | ci = parent->i_crypt_info; | |
210 | if (ci == NULL) | |
211 | return -ENOKEY; | |
212 | ||
213 | ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; | |
214 | if (fscrypt_dummy_context_enabled(parent)) { | |
215 | ctx.contents_encryption_mode = FS_ENCRYPTION_MODE_AES_256_XTS; | |
216 | ctx.filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_256_CTS; | |
217 | ctx.flags = 0; | |
218 | memset(ctx.master_key_descriptor, 0x42, FS_KEY_DESCRIPTOR_SIZE); | |
219 | res = 0; | |
220 | } else { | |
221 | ctx.contents_encryption_mode = ci->ci_data_mode; | |
222 | ctx.filenames_encryption_mode = ci->ci_filename_mode; | |
223 | ctx.flags = ci->ci_flags; | |
224 | memcpy(ctx.master_key_descriptor, ci->ci_master_key, | |
225 | FS_KEY_DESCRIPTOR_SIZE); | |
226 | } | |
227 | get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); | |
228 | res = parent->i_sb->s_cop->set_context(child, &ctx, | |
229 | sizeof(ctx), fs_data); | |
230 | if (res) | |
231 | return res; | |
232 | return preload ? fscrypt_get_encryption_info(child): 0; | |
233 | } | |
234 | EXPORT_SYMBOL(fscrypt_inherit_context); |