xref: /openbmc/linux/fs/crypto/policy.c (revision bc5aa3a0)
1 /*
2  * Encryption policy functions for per-file encryption support.
3  *
4  * Copyright (C) 2015, Google, Inc.
5  * Copyright (C) 2015, Motorola Mobility.
6  *
7  * Written by Michael Halcrow, 2015.
8  * Modified by Jaegeuk Kim, 2015.
9  */
10 
11 #include <linux/random.h>
12 #include <linux/string.h>
13 #include <linux/fscrypto.h>
14 #include <linux/mount.h>
15 
16 static int inode_has_encryption_context(struct inode *inode)
17 {
18 	if (!inode->i_sb->s_cop->get_context)
19 		return 0;
20 	return (inode->i_sb->s_cop->get_context(inode, NULL, 0L) > 0);
21 }
22 
23 /*
24  * check whether the policy is consistent with the encryption context
25  * for the inode
26  */
27 static int is_encryption_context_consistent_with_policy(struct inode *inode,
28 				const struct fscrypt_policy *policy)
29 {
30 	struct fscrypt_context ctx;
31 	int res;
32 
33 	if (!inode->i_sb->s_cop->get_context)
34 		return 0;
35 
36 	res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
37 	if (res != sizeof(ctx))
38 		return 0;
39 
40 	return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor,
41 			FS_KEY_DESCRIPTOR_SIZE) == 0 &&
42 			(ctx.flags == policy->flags) &&
43 			(ctx.contents_encryption_mode ==
44 			 policy->contents_encryption_mode) &&
45 			(ctx.filenames_encryption_mode ==
46 			 policy->filenames_encryption_mode));
47 }
48 
49 static int create_encryption_context_from_policy(struct inode *inode,
50 				const struct fscrypt_policy *policy)
51 {
52 	struct fscrypt_context ctx;
53 	int res;
54 
55 	if (!inode->i_sb->s_cop->set_context)
56 		return -EOPNOTSUPP;
57 
58 	if (inode->i_sb->s_cop->prepare_context) {
59 		res = inode->i_sb->s_cop->prepare_context(inode);
60 		if (res)
61 			return res;
62 	}
63 
64 	ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
65 	memcpy(ctx.master_key_descriptor, policy->master_key_descriptor,
66 					FS_KEY_DESCRIPTOR_SIZE);
67 
68 	if (!fscrypt_valid_contents_enc_mode(
69 				policy->contents_encryption_mode)) {
70 		printk(KERN_WARNING
71 		       "%s: Invalid contents encryption mode %d\n", __func__,
72 			policy->contents_encryption_mode);
73 		return -EINVAL;
74 	}
75 
76 	if (!fscrypt_valid_filenames_enc_mode(
77 				policy->filenames_encryption_mode)) {
78 		printk(KERN_WARNING
79 			"%s: Invalid filenames encryption mode %d\n", __func__,
80 			policy->filenames_encryption_mode);
81 		return -EINVAL;
82 	}
83 
84 	if (policy->flags & ~FS_POLICY_FLAGS_VALID)
85 		return -EINVAL;
86 
87 	ctx.contents_encryption_mode = policy->contents_encryption_mode;
88 	ctx.filenames_encryption_mode = policy->filenames_encryption_mode;
89 	ctx.flags = policy->flags;
90 	BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);
91 	get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);
92 
93 	return inode->i_sb->s_cop->set_context(inode, &ctx, sizeof(ctx), NULL);
94 }
95 
96 int fscrypt_process_policy(struct file *filp,
97 				const struct fscrypt_policy *policy)
98 {
99 	struct inode *inode = file_inode(filp);
100 	int ret;
101 
102 	if (!inode_owner_or_capable(inode))
103 		return -EACCES;
104 
105 	if (policy->version != 0)
106 		return -EINVAL;
107 
108 	ret = mnt_want_write_file(filp);
109 	if (ret)
110 		return ret;
111 
112 	if (!inode_has_encryption_context(inode)) {
113 		if (!S_ISDIR(inode->i_mode))
114 			ret = -EINVAL;
115 		else if (!inode->i_sb->s_cop->empty_dir)
116 			ret = -EOPNOTSUPP;
117 		else if (!inode->i_sb->s_cop->empty_dir(inode))
118 			ret = -ENOTEMPTY;
119 		else
120 			ret = create_encryption_context_from_policy(inode,
121 								    policy);
122 	} else if (!is_encryption_context_consistent_with_policy(inode,
123 								 policy)) {
124 		printk(KERN_WARNING
125 		       "%s: Policy inconsistent with encryption context\n",
126 		       __func__);
127 		ret = -EINVAL;
128 	}
129 
130 	mnt_drop_write_file(filp);
131 	return ret;
132 }
133 EXPORT_SYMBOL(fscrypt_process_policy);
134 
135 int fscrypt_get_policy(struct inode *inode, struct fscrypt_policy *policy)
136 {
137 	struct fscrypt_context ctx;
138 	int res;
139 
140 	if (!inode->i_sb->s_cop->get_context ||
141 			!inode->i_sb->s_cop->is_encrypted(inode))
142 		return -ENODATA;
143 
144 	res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
145 	if (res != sizeof(ctx))
146 		return -ENODATA;
147 	if (ctx.format != FS_ENCRYPTION_CONTEXT_FORMAT_V1)
148 		return -EINVAL;
149 
150 	policy->version = 0;
151 	policy->contents_encryption_mode = ctx.contents_encryption_mode;
152 	policy->filenames_encryption_mode = ctx.filenames_encryption_mode;
153 	policy->flags = ctx.flags;
154 	memcpy(&policy->master_key_descriptor, ctx.master_key_descriptor,
155 				FS_KEY_DESCRIPTOR_SIZE);
156 	return 0;
157 }
158 EXPORT_SYMBOL(fscrypt_get_policy);
159 
160 int fscrypt_has_permitted_context(struct inode *parent, struct inode *child)
161 {
162 	struct fscrypt_info *parent_ci, *child_ci;
163 	int res;
164 
165 	if ((parent == NULL) || (child == NULL)) {
166 		printk(KERN_ERR	"parent %p child %p\n", parent, child);
167 		BUG_ON(1);
168 	}
169 
170 	/* no restrictions if the parent directory is not encrypted */
171 	if (!parent->i_sb->s_cop->is_encrypted(parent))
172 		return 1;
173 	/* if the child directory is not encrypted, this is always a problem */
174 	if (!parent->i_sb->s_cop->is_encrypted(child))
175 		return 0;
176 	res = fscrypt_get_encryption_info(parent);
177 	if (res)
178 		return 0;
179 	res = fscrypt_get_encryption_info(child);
180 	if (res)
181 		return 0;
182 	parent_ci = parent->i_crypt_info;
183 	child_ci = child->i_crypt_info;
184 	if (!parent_ci && !child_ci)
185 		return 1;
186 	if (!parent_ci || !child_ci)
187 		return 0;
188 
189 	return (memcmp(parent_ci->ci_master_key,
190 			child_ci->ci_master_key,
191 			FS_KEY_DESCRIPTOR_SIZE) == 0 &&
192 		(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&
193 		(parent_ci->ci_filename_mode == child_ci->ci_filename_mode) &&
194 		(parent_ci->ci_flags == child_ci->ci_flags));
195 }
196 EXPORT_SYMBOL(fscrypt_has_permitted_context);
197 
198 /**
199  * fscrypt_inherit_context() - Sets a child context from its parent
200  * @parent: Parent inode from which the context is inherited.
201  * @child:  Child inode that inherits the context from @parent.
202  * @fs_data:  private data given by FS.
203  * @preload:  preload child i_crypt_info
204  *
205  * Return: Zero on success, non-zero otherwise
206  */
207 int fscrypt_inherit_context(struct inode *parent, struct inode *child,
208 						void *fs_data, bool preload)
209 {
210 	struct fscrypt_context ctx;
211 	struct fscrypt_info *ci;
212 	int res;
213 
214 	if (!parent->i_sb->s_cop->set_context)
215 		return -EOPNOTSUPP;
216 
217 	res = fscrypt_get_encryption_info(parent);
218 	if (res < 0)
219 		return res;
220 
221 	ci = parent->i_crypt_info;
222 	if (ci == NULL)
223 		return -ENOKEY;
224 
225 	ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
226 	if (fscrypt_dummy_context_enabled(parent)) {
227 		ctx.contents_encryption_mode = FS_ENCRYPTION_MODE_AES_256_XTS;
228 		ctx.filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_256_CTS;
229 		ctx.flags = 0;
230 		memset(ctx.master_key_descriptor, 0x42, FS_KEY_DESCRIPTOR_SIZE);
231 		res = 0;
232 	} else {
233 		ctx.contents_encryption_mode = ci->ci_data_mode;
234 		ctx.filenames_encryption_mode = ci->ci_filename_mode;
235 		ctx.flags = ci->ci_flags;
236 		memcpy(ctx.master_key_descriptor, ci->ci_master_key,
237 				FS_KEY_DESCRIPTOR_SIZE);
238 	}
239 	get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);
240 	res = parent->i_sb->s_cop->set_context(child, &ctx,
241 						sizeof(ctx), fs_data);
242 	if (res)
243 		return res;
244 	return preload ? fscrypt_get_encryption_info(child): 0;
245 }
246 EXPORT_SYMBOL(fscrypt_inherit_context);
247