[mirror_ubuntu-bionic-kernel.git] / fs / crypto / policy.c

/*
 * Encryption policy functions for per-file encryption support.
 *
 * Copyright (C) 2015, Google, Inc.
 * Copyright (C) 2015, Motorola Mobility.
 *
 * Written by Michael Halcrow, 2015.
 * Modified by Jaegeuk Kim, 2015.
 */

#include <linux/random.h>
#include <linux/string.h>
#include <linux/fscrypto.h>
#include <linux/mount.h>

static int inode_has_encryption_context(struct inode *inode)
{
	if (!inode->i_sb->s_cop->get_context)
		return 0;
	return (inode->i_sb->s_cop->get_context(inode, NULL, 0L) > 0);
}

/*
 * check whether the policy is consistent with the encryption context
 * for the inode
 */
static int is_encryption_context_consistent_with_policy(struct inode *inode,
				const struct fscrypt_policy *policy)
{
	struct fscrypt_context ctx;
	int res;

	if (!inode->i_sb->s_cop->get_context)
		return 0;

	res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
	if (res != sizeof(ctx))
		return 0;

	return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor,
			FS_KEY_DESCRIPTOR_SIZE) == 0 &&
			(ctx.flags == policy->flags) &&
			(ctx.contents_encryption_mode ==
			 policy->contents_encryption_mode) &&
			(ctx.filenames_encryption_mode ==
			 policy->filenames_encryption_mode));
}

static int create_encryption_context_from_policy(struct inode *inode,
				const struct fscrypt_policy *policy)
{
	struct fscrypt_context ctx;
	int res;

	if (!inode->i_sb->s_cop->set_context)
		return -EOPNOTSUPP;

	if (inode->i_sb->s_cop->prepare_context) {
		res = inode->i_sb->s_cop->prepare_context(inode);
		if (res)
			return res;
	}

	ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
	memcpy(ctx.master_key_descriptor, policy->master_key_descriptor,
					FS_KEY_DESCRIPTOR_SIZE);

	if (!fscrypt_valid_contents_enc_mode(
				policy->contents_encryption_mode)) {
		printk(KERN_WARNING
		       "%s: Invalid contents encryption mode %d\n", __func__,
			policy->contents_encryption_mode);
		return -EINVAL;
	}

	if (!fscrypt_valid_filenames_enc_mode(
				policy->filenames_encryption_mode)) {
		printk(KERN_WARNING
			"%s: Invalid filenames encryption mode %d\n", __func__,
			policy->filenames_encryption_mode);
		return -EINVAL;
	}

	if (policy->flags & ~FS_POLICY_FLAGS_VALID)
		return -EINVAL;

	ctx.contents_encryption_mode = policy->contents_encryption_mode;
	ctx.filenames_encryption_mode = policy->filenames_encryption_mode;
	ctx.flags = policy->flags;
	BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);
	get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);

	return inode->i_sb->s_cop->set_context(inode, &ctx, sizeof(ctx), NULL);
}

int fscrypt_process_policy(struct file *filp,
				const struct fscrypt_policy *policy)
{
	struct inode *inode = file_inode(filp);
	int ret;

	if (!inode_owner_or_capable(inode))
		return -EACCES;

	if (policy->version != 0)
		return -EINVAL;

	ret = mnt_want_write_file(filp);
	if (ret)
		return ret;

	if (!inode_has_encryption_context(inode)) {
		if (!S_ISDIR(inode->i_mode))
			ret = -EINVAL;
		else if (!inode->i_sb->s_cop->empty_dir)
			ret = -EOPNOTSUPP;
		else if (!inode->i_sb->s_cop->empty_dir(inode))
			ret = -ENOTEMPTY;
		else
			ret = create_encryption_context_from_policy(inode,
								    policy);
	} else if (!is_encryption_context_consistent_with_policy(inode,
								 policy)) {
		printk(KERN_WARNING
		       "%s: Policy inconsistent with encryption context\n",
		       __func__);
		ret = -EINVAL;
	}

	mnt_drop_write_file(filp);
	return ret;
}
EXPORT_SYMBOL(fscrypt_process_policy);

int fscrypt_get_policy(struct inode *inode, struct fscrypt_policy *policy)
{
	struct fscrypt_context ctx;
	int res;

	if (!inode->i_sb->s_cop->get_context ||
			!inode->i_sb->s_cop->is_encrypted(inode))
		return -ENODATA;

	res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
	if (res != sizeof(ctx))
		return -ENODATA;
	if (ctx.format != FS_ENCRYPTION_CONTEXT_FORMAT_V1)
		return -EINVAL;

	policy->version = 0;
	policy->contents_encryption_mode = ctx.contents_encryption_mode;
	policy->filenames_encryption_mode = ctx.filenames_encryption_mode;
	policy->flags = ctx.flags;
	memcpy(&policy->master_key_descriptor, ctx.master_key_descriptor,
				FS_KEY_DESCRIPTOR_SIZE);
	return 0;
}
EXPORT_SYMBOL(fscrypt_get_policy);

int fscrypt_has_permitted_context(struct inode *parent, struct inode *child)
{
	struct fscrypt_info *parent_ci, *child_ci;
	int res;

	if ((parent == NULL) || (child == NULL)) {
		printk(KERN_ERR	"parent %p child %p\n", parent, child);
		BUG_ON(1);
	}

	/* no restrictions if the parent directory is not encrypted */
	if (!parent->i_sb->s_cop->is_encrypted(parent))
		return 1;
	/* if the child directory is not encrypted, this is always a problem */
	if (!parent->i_sb->s_cop->is_encrypted(child))
		return 0;
	res = fscrypt_get_encryption_info(parent);
	if (res)
		return 0;
	res = fscrypt_get_encryption_info(child);
	if (res)
		return 0;
	parent_ci = parent->i_crypt_info;
	child_ci = child->i_crypt_info;
	if (!parent_ci && !child_ci)
		return 1;
	if (!parent_ci || !child_ci)
		return 0;

	return (memcmp(parent_ci->ci_master_key,
			child_ci->ci_master_key,
			FS_KEY_DESCRIPTOR_SIZE) == 0 &&
		(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&
		(parent_ci->ci_filename_mode == child_ci->ci_filename_mode) &&
		(parent_ci->ci_flags == child_ci->ci_flags));
}
EXPORT_SYMBOL(fscrypt_has_permitted_context);

/**
 * fscrypt_inherit_context() - Sets a child context from its parent
 * @parent: Parent inode from which the context is inherited.
 * @child:  Child inode that inherits the context from @parent.
 * @fs_data:  private data given by FS.
 * @preload:  preload child i_crypt_info
 *
 * Return: Zero on success, non-zero otherwise
 */
int fscrypt_inherit_context(struct inode *parent, struct inode *child,
						void *fs_data, bool preload)
{
	struct fscrypt_context ctx;
	struct fscrypt_info *ci;
	int res;

	if (!parent->i_sb->s_cop->set_context)
		return -EOPNOTSUPP;

	res = fscrypt_get_encryption_info(parent);
	if (res < 0)
		return res;

	ci = parent->i_crypt_info;
	if (ci == NULL)
		return -ENOKEY;

	ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
	if (fscrypt_dummy_context_enabled(parent)) {
		ctx.contents_encryption_mode = FS_ENCRYPTION_MODE_AES_256_XTS;
		ctx.filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_256_CTS;
		ctx.flags = 0;
		memset(ctx.master_key_descriptor, 0x42, FS_KEY_DESCRIPTOR_SIZE);
		res = 0;
	} else {
		ctx.contents_encryption_mode = ci->ci_data_mode;
		ctx.filenames_encryption_mode = ci->ci_filename_mode;
		ctx.flags = ci->ci_flags;
		memcpy(ctx.master_key_descriptor, ci->ci_master_key,
				FS_KEY_DESCRIPTOR_SIZE);
	}
	get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);
	res = parent->i_sb->s_cop->set_context(child, &ctx,
						sizeof(ctx), fs_data);
	if (res)
		return res;
	return preload ? fscrypt_get_encryption_info(child): 0;
}
EXPORT_SYMBOL(fscrypt_inherit_context);
Commit	Line	Data
0b81d077 JK	1	/*
	2	* Encryption policy functions for per-file encryption support.
	3	*
	4	* Copyright (C) 2015, Google, Inc.
	5	* Copyright (C) 2015, Motorola Mobility.
	6	*
	7	* Written by Michael Halcrow, 2015.
	8	* Modified by Jaegeuk Kim, 2015.
	9	*/
	10
	11	#include <linux/random.h>
	12	#include <linux/string.h>
	13	#include <linux/fscrypto.h>
ba63f23d	14	#include <linux/mount.h>
0b81d077 JK	15
	16	static int inode_has_encryption_context(struct inode *inode)
	17	{
	18	if (!inode->i_sb->s_cop->get_context)
	19	return 0;
	20	return (inode->i_sb->s_cop->get_context(inode, NULL, 0L) > 0);
	21	}
	22
	23	/*
	24	* check whether the policy is consistent with the encryption context
	25	* for the inode
	26	*/
	27	static int is_encryption_context_consistent_with_policy(struct inode *inode,
	28	const struct fscrypt_policy *policy)
	29	{
	30	struct fscrypt_context ctx;
	31	int res;
	32
	33	if (!inode->i_sb->s_cop->get_context)
	34	return 0;
	35
	36	res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
	37	if (res != sizeof(ctx))
	38	return 0;
	39
	40	return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor,
	41	FS_KEY_DESCRIPTOR_SIZE) == 0 &&
	42	(ctx.flags == policy->flags) &&
	43	(ctx.contents_encryption_mode ==
	44	policy->contents_encryption_mode) &&
	45	(ctx.filenames_encryption_mode ==
	46	policy->filenames_encryption_mode));
	47	}
	48
	49	static int create_encryption_context_from_policy(struct inode *inode,
	50	const struct fscrypt_policy *policy)
	51	{
	52	struct fscrypt_context ctx;
	53	int res;
	54
	55	if (!inode->i_sb->s_cop->set_context)
	56	return -EOPNOTSUPP;
	57
	58	if (inode->i_sb->s_cop->prepare_context) {
	59	res = inode->i_sb->s_cop->prepare_context(inode);
	60	if (res)
	61	return res;
	62	}
	63
	64	ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
	65	memcpy(ctx.master_key_descriptor, policy->master_key_descriptor,
	66	FS_KEY_DESCRIPTOR_SIZE);
	67
	68	if (!fscrypt_valid_contents_enc_mode(
	69	policy->contents_encryption_mode)) {
	70	printk(KERN_WARNING
	71	"%s: Invalid contents encryption mode %d\n", __func__,
	72	policy->contents_encryption_mode);
	73	return -EINVAL;
	74	}
	75
	76	if (!fscrypt_valid_filenames_enc_mode(
	77	policy->filenames_encryption_mode)) {
	78	printk(KERN_WARNING
79	"%s: Invalid filenames encryption mode %d\n", __func__,
80	policy->filenames_encryption_mode);
81	return -EINVAL;
82	}
83
84	if (policy->flags & ~FS_POLICY_FLAGS_VALID)
85	return -EINVAL;
86
87	ctx.contents_encryption_mode = policy->contents_encryption_mode;
88	ctx.filenames_encryption_mode = policy->filenames_encryption_mode;
89	ctx.flags = policy->flags;
90	BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);
91	get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);
92
93	return inode->i_sb->s_cop->set_context(inode, &ctx, sizeof(ctx), NULL);
94	}
95
ba63f23d	96	int fscrypt_process_policy(struct file *filp,
0b81d077 JK	97	const struct fscrypt_policy *policy)
0b81d077 JK	98	{
ba63f23d EB	99	struct inode *inode = file_inode(filp);
	100	int ret;
	101
163ae1c6 EB	102	if (!inode_owner_or_capable(inode))
	103	return -EACCES;
	104
0b81d077 JK	105	if (policy->version != 0)
	106	return -EINVAL;
	107
ba63f23d EB	108	ret = mnt_want_write_file(filp);
	109	if (ret)
	110	return ret;
	111
0b81d077	112	if (!inode_has_encryption_context(inode)) {
002ced4b	113	if (!S_ISDIR(inode->i_mode))
ba63f23d EB	114	ret = -EINVAL;
	115	else if (!inode->i_sb->s_cop->empty_dir)
	116	ret = -EOPNOTSUPP;
	117	else if (!inode->i_sb->s_cop->empty_dir(inode))
	118	ret = -ENOTEMPTY;
	119	else
	120	ret = create_encryption_context_from_policy(inode,
	121	policy);
	122	} else if (!is_encryption_context_consistent_with_policy(inode,
	123	policy)) {
	124	printk(KERN_WARNING
	125	"%s: Policy inconsistent with encryption context\n",
	126	__func__);
	127	ret = -EINVAL;
0b81d077 JK	128	}
0b81d077 JK	129
ba63f23d EB	130	mnt_drop_write_file(filp);
ba63f23d EB	131	return ret;
0b81d077 JK	132	}
	133	EXPORT_SYMBOL(fscrypt_process_policy);
	134
	135	int fscrypt_get_policy(struct inode inode, struct fscrypt_policy policy)
	136	{
	137	struct fscrypt_context ctx;
	138	int res;
	139
	140	if (!inode->i_sb->s_cop->get_context \|\|
	141	!inode->i_sb->s_cop->is_encrypted(inode))
	142	return -ENODATA;
	143
	144	res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
	145	if (res != sizeof(ctx))
	146	return -ENODATA;
	147	if (ctx.format != FS_ENCRYPTION_CONTEXT_FORMAT_V1)
	148	return -EINVAL;
	149
	150	policy->version = 0;
	151	policy->contents_encryption_mode = ctx.contents_encryption_mode;
	152	policy->filenames_encryption_mode = ctx.filenames_encryption_mode;
	153	policy->flags = ctx.flags;
	154	memcpy(&policy->master_key_descriptor, ctx.master_key_descriptor,
	155	FS_KEY_DESCRIPTOR_SIZE);
	156	return 0;
	157	}
	158	EXPORT_SYMBOL(fscrypt_get_policy);
	159
	160	int fscrypt_has_permitted_context(struct inode parent, struct inode child)
	161	{
	162	struct fscrypt_info parent_ci, child_ci;
	163	int res;
	164
	165	if ((parent == NULL) \|\| (child == NULL)) {
	166	printk(KERN_ERR "parent %p child %p\n", parent, child);
	167	BUG_ON(1);
	168	}
	169
	170	/* no restrictions if the parent directory is not encrypted */
	171	if (!parent->i_sb->s_cop->is_encrypted(parent))
	172	return 1;
	173	/* if the child directory is not encrypted, this is always a problem */
	174	if (!parent->i_sb->s_cop->is_encrypted(child))
	175	return 0;
	176	res = fscrypt_get_encryption_info(parent);
	177	if (res)
	178	return 0;
	179	res = fscrypt_get_encryption_info(child);
	180	if (res)
	181	return 0;
	182	parent_ci = parent->i_crypt_info;
	183	child_ci = child->i_crypt_info;
	184	if (!parent_ci && !child_ci)
	185	return 1;
	186	if (!parent_ci \|\| !child_ci)
	187	return 0;
	188
	189	return (memcmp(parent_ci->ci_master_key,
	190	child_ci->ci_master_key,
	191	FS_KEY_DESCRIPTOR_SIZE) == 0 &&
	192	(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&
	193	(parent_ci->ci_filename_mode == child_ci->ci_filename_mode) &&
	194	(parent_ci->ci_flags == child_ci->ci_flags));
	195	}
196	EXPORT_SYMBOL(fscrypt_has_permitted_context);
197
198	/**
199	* fscrypt_inherit_context() - Sets a child context from its parent
200	* @parent: Parent inode from which the context is inherited.
201	* @child: Child inode that inherits the context from @parent.
202	* @fs_data: private data given by FS.
203	* @preload: preload child i_crypt_info
204	*
205	* Return: Zero on success, non-zero otherwise
206	*/
207	int fscrypt_inherit_context(struct inode parent, struct inode child,
208	void *fs_data, bool preload)
209	{
210	struct fscrypt_context ctx;
211	struct fscrypt_info *ci;
212	int res;
213
214	if (!parent->i_sb->s_cop->set_context)
215	return -EOPNOTSUPP;
216
217	res = fscrypt_get_encryption_info(parent);
218	if (res < 0)
219	return res;
220
221	ci = parent->i_crypt_info;
222	if (ci == NULL)
223	return -ENOKEY;
224
225	ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
226	if (fscrypt_dummy_context_enabled(parent)) {
227	ctx.contents_encryption_mode = FS_ENCRYPTION_MODE_AES_256_XTS;
228	ctx.filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_256_CTS;
229	ctx.flags = 0;
230	memset(ctx.master_key_descriptor, 0x42, FS_KEY_DESCRIPTOR_SIZE);
231	res = 0;
232	} else {
233	ctx.contents_encryption_mode = ci->ci_data_mode;
234	ctx.filenames_encryption_mode = ci->ci_filename_mode;
235	ctx.flags = ci->ci_flags;
236	memcpy(ctx.master_key_descriptor, ci->ci_master_key,
237	FS_KEY_DESCRIPTOR_SIZE);
238	}
239	get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);
240	res = parent->i_sb->s_cop->set_context(child, &ctx,
241	sizeof(ctx), fs_data);
242	if (res)
243	return res;
244	return preload ? fscrypt_get_encryption_info(child): 0;
245	}
246	EXPORT_SYMBOL(fscrypt_inherit_context);