1 /* 2 * Encryption policy functions for per-file encryption support. 3 * 4 * Copyright (C) 2015, Google, Inc. 5 * Copyright (C) 2015, Motorola Mobility. 6 * 7 * Written by Michael Halcrow, 2015. 8 * Modified by Jaegeuk Kim, 2015. 9 */ 10 11 #include <linux/random.h> 12 #include <linux/string.h> 13 #include <linux/fscrypto.h> 14 #include <linux/mount.h> 15 16 static int inode_has_encryption_context(struct inode *inode) 17 { 18 if (!inode->i_sb->s_cop->get_context) 19 return 0; 20 return (inode->i_sb->s_cop->get_context(inode, NULL, 0L) > 0); 21 } 22 23 /* 24 * check whether the policy is consistent with the encryption context 25 * for the inode 26 */ 27 static int is_encryption_context_consistent_with_policy(struct inode *inode, 28 const struct fscrypt_policy *policy) 29 { 30 struct fscrypt_context ctx; 31 int res; 32 33 if (!inode->i_sb->s_cop->get_context) 34 return 0; 35 36 res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); 37 if (res != sizeof(ctx)) 38 return 0; 39 40 return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor, 41 FS_KEY_DESCRIPTOR_SIZE) == 0 && 42 (ctx.flags == policy->flags) && 43 (ctx.contents_encryption_mode == 44 policy->contents_encryption_mode) && 45 (ctx.filenames_encryption_mode == 46 policy->filenames_encryption_mode)); 47 } 48 49 static int create_encryption_context_from_policy(struct inode *inode, 50 const struct fscrypt_policy *policy) 51 { 52 struct fscrypt_context ctx; 53 int res; 54 55 if (!inode->i_sb->s_cop->set_context) 56 return -EOPNOTSUPP; 57 58 if (inode->i_sb->s_cop->prepare_context) { 59 res = inode->i_sb->s_cop->prepare_context(inode); 60 if (res) 61 return res; 62 } 63 64 ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; 65 memcpy(ctx.master_key_descriptor, policy->master_key_descriptor, 66 FS_KEY_DESCRIPTOR_SIZE); 67 68 if (!fscrypt_valid_contents_enc_mode( 69 policy->contents_encryption_mode)) { 70 printk(KERN_WARNING 71 "%s: Invalid contents encryption mode %d\n", __func__, 72 policy->contents_encryption_mode); 73 return -EINVAL; 74 } 75 76 if (!fscrypt_valid_filenames_enc_mode( 77 policy->filenames_encryption_mode)) { 78 printk(KERN_WARNING 79 "%s: Invalid filenames encryption mode %d\n", __func__, 80 policy->filenames_encryption_mode); 81 return -EINVAL; 82 } 83 84 if (policy->flags & ~FS_POLICY_FLAGS_VALID) 85 return -EINVAL; 86 87 ctx.contents_encryption_mode = policy->contents_encryption_mode; 88 ctx.filenames_encryption_mode = policy->filenames_encryption_mode; 89 ctx.flags = policy->flags; 90 BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); 91 get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); 92 93 return inode->i_sb->s_cop->set_context(inode, &ctx, sizeof(ctx), NULL); 94 } 95 96 int fscrypt_process_policy(struct file *filp, 97 const struct fscrypt_policy *policy) 98 { 99 struct inode *inode = file_inode(filp); 100 int ret; 101 102 if (!inode_owner_or_capable(inode)) 103 return -EACCES; 104 105 if (policy->version != 0) 106 return -EINVAL; 107 108 ret = mnt_want_write_file(filp); 109 if (ret) 110 return ret; 111 112 if (!inode_has_encryption_context(inode)) { 113 if (!S_ISDIR(inode->i_mode)) 114 ret = -EINVAL; 115 else if (!inode->i_sb->s_cop->empty_dir) 116 ret = -EOPNOTSUPP; 117 else if (!inode->i_sb->s_cop->empty_dir(inode)) 118 ret = -ENOTEMPTY; 119 else 120 ret = create_encryption_context_from_policy(inode, 121 policy); 122 } else if (!is_encryption_context_consistent_with_policy(inode, 123 policy)) { 124 printk(KERN_WARNING 125 "%s: Policy inconsistent with encryption context\n", 126 __func__); 127 ret = -EINVAL; 128 } 129 130 mnt_drop_write_file(filp); 131 return ret; 132 } 133 EXPORT_SYMBOL(fscrypt_process_policy); 134 135 int fscrypt_get_policy(struct inode *inode, struct fscrypt_policy *policy) 136 { 137 struct fscrypt_context ctx; 138 int res; 139 140 if (!inode->i_sb->s_cop->get_context || 141 !inode->i_sb->s_cop->is_encrypted(inode)) 142 return -ENODATA; 143 144 res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); 145 if (res != sizeof(ctx)) 146 return -ENODATA; 147 if (ctx.format != FS_ENCRYPTION_CONTEXT_FORMAT_V1) 148 return -EINVAL; 149 150 policy->version = 0; 151 policy->contents_encryption_mode = ctx.contents_encryption_mode; 152 policy->filenames_encryption_mode = ctx.filenames_encryption_mode; 153 policy->flags = ctx.flags; 154 memcpy(&policy->master_key_descriptor, ctx.master_key_descriptor, 155 FS_KEY_DESCRIPTOR_SIZE); 156 return 0; 157 } 158 EXPORT_SYMBOL(fscrypt_get_policy); 159 160 int fscrypt_has_permitted_context(struct inode *parent, struct inode *child) 161 { 162 struct fscrypt_info *parent_ci, *child_ci; 163 int res; 164 165 if ((parent == NULL) || (child == NULL)) { 166 printk(KERN_ERR "parent %p child %p\n", parent, child); 167 BUG_ON(1); 168 } 169 170 /* no restrictions if the parent directory is not encrypted */ 171 if (!parent->i_sb->s_cop->is_encrypted(parent)) 172 return 1; 173 /* if the child directory is not encrypted, this is always a problem */ 174 if (!parent->i_sb->s_cop->is_encrypted(child)) 175 return 0; 176 res = fscrypt_get_encryption_info(parent); 177 if (res) 178 return 0; 179 res = fscrypt_get_encryption_info(child); 180 if (res) 181 return 0; 182 parent_ci = parent->i_crypt_info; 183 child_ci = child->i_crypt_info; 184 if (!parent_ci && !child_ci) 185 return 1; 186 if (!parent_ci || !child_ci) 187 return 0; 188 189 return (memcmp(parent_ci->ci_master_key, 190 child_ci->ci_master_key, 191 FS_KEY_DESCRIPTOR_SIZE) == 0 && 192 (parent_ci->ci_data_mode == child_ci->ci_data_mode) && 193 (parent_ci->ci_filename_mode == child_ci->ci_filename_mode) && 194 (parent_ci->ci_flags == child_ci->ci_flags)); 195 } 196 EXPORT_SYMBOL(fscrypt_has_permitted_context); 197 198 /** 199 * fscrypt_inherit_context() - Sets a child context from its parent 200 * @parent: Parent inode from which the context is inherited. 201 * @child: Child inode that inherits the context from @parent. 202 * @fs_data: private data given by FS. 203 * @preload: preload child i_crypt_info 204 * 205 * Return: Zero on success, non-zero otherwise 206 */ 207 int fscrypt_inherit_context(struct inode *parent, struct inode *child, 208 void *fs_data, bool preload) 209 { 210 struct fscrypt_context ctx; 211 struct fscrypt_info *ci; 212 int res; 213 214 if (!parent->i_sb->s_cop->set_context) 215 return -EOPNOTSUPP; 216 217 res = fscrypt_get_encryption_info(parent); 218 if (res < 0) 219 return res; 220 221 ci = parent->i_crypt_info; 222 if (ci == NULL) 223 return -ENOKEY; 224 225 ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; 226 if (fscrypt_dummy_context_enabled(parent)) { 227 ctx.contents_encryption_mode = FS_ENCRYPTION_MODE_AES_256_XTS; 228 ctx.filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_256_CTS; 229 ctx.flags = 0; 230 memset(ctx.master_key_descriptor, 0x42, FS_KEY_DESCRIPTOR_SIZE); 231 res = 0; 232 } else { 233 ctx.contents_encryption_mode = ci->ci_data_mode; 234 ctx.filenames_encryption_mode = ci->ci_filename_mode; 235 ctx.flags = ci->ci_flags; 236 memcpy(ctx.master_key_descriptor, ci->ci_master_key, 237 FS_KEY_DESCRIPTOR_SIZE); 238 } 239 get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); 240 res = parent->i_sb->s_cop->set_context(child, &ctx, 241 sizeof(ctx), fs_data); 242 if (res) 243 return res; 244 return preload ? fscrypt_get_encryption_info(child): 0; 245 } 246 EXPORT_SYMBOL(fscrypt_inherit_context); 247