1 /* 2 * Encryption policy functions for per-file encryption support. 3 * 4 * Copyright (C) 2015, Google, Inc. 5 * Copyright (C) 2015, Motorola Mobility. 6 * 7 * Written by Michael Halcrow, 2015. 8 * Modified by Jaegeuk Kim, 2015. 9 */ 10 11 #include <linux/random.h> 12 #include <linux/string.h> 13 #include <linux/mount.h> 14 #include "fscrypt_private.h" 15 16 static int inode_has_encryption_context(struct inode *inode) 17 { 18 if (!inode->i_sb->s_cop->get_context) 19 return 0; 20 return (inode->i_sb->s_cop->get_context(inode, NULL, 0L) > 0); 21 } 22 23 /* 24 * check whether the policy is consistent with the encryption context 25 * for the inode 26 */ 27 static int is_encryption_context_consistent_with_policy(struct inode *inode, 28 const struct fscrypt_policy *policy) 29 { 30 struct fscrypt_context ctx; 31 int res; 32 33 if (!inode->i_sb->s_cop->get_context) 34 return 0; 35 36 res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); 37 if (res != sizeof(ctx)) 38 return 0; 39 40 return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor, 41 FS_KEY_DESCRIPTOR_SIZE) == 0 && 42 (ctx.flags == policy->flags) && 43 (ctx.contents_encryption_mode == 44 policy->contents_encryption_mode) && 45 (ctx.filenames_encryption_mode == 46 policy->filenames_encryption_mode)); 47 } 48 49 static int create_encryption_context_from_policy(struct inode *inode, 50 const struct fscrypt_policy *policy) 51 { 52 struct fscrypt_context ctx; 53 int res; 54 55 if (!inode->i_sb->s_cop->set_context) 56 return -EOPNOTSUPP; 57 58 if (inode->i_sb->s_cop->prepare_context) { 59 res = inode->i_sb->s_cop->prepare_context(inode); 60 if (res) 61 return res; 62 } 63 64 ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; 65 memcpy(ctx.master_key_descriptor, policy->master_key_descriptor, 66 FS_KEY_DESCRIPTOR_SIZE); 67 68 if (!fscrypt_valid_contents_enc_mode( 69 policy->contents_encryption_mode)) { 70 printk(KERN_WARNING 71 "%s: Invalid contents encryption mode %d\n", __func__, 72 policy->contents_encryption_mode); 73 return -EINVAL; 74 } 75 76 if (!fscrypt_valid_filenames_enc_mode( 77 policy->filenames_encryption_mode)) { 78 printk(KERN_WARNING 79 "%s: Invalid filenames encryption mode %d\n", __func__, 80 policy->filenames_encryption_mode); 81 return -EINVAL; 82 } 83 84 if (policy->flags & ~FS_POLICY_FLAGS_VALID) 85 return -EINVAL; 86 87 ctx.contents_encryption_mode = policy->contents_encryption_mode; 88 ctx.filenames_encryption_mode = policy->filenames_encryption_mode; 89 ctx.flags = policy->flags; 90 BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); 91 get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); 92 93 return inode->i_sb->s_cop->set_context(inode, &ctx, sizeof(ctx), NULL); 94 } 95 96 int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg) 97 { 98 struct fscrypt_policy policy; 99 struct inode *inode = file_inode(filp); 100 int ret; 101 102 if (copy_from_user(&policy, arg, sizeof(policy))) 103 return -EFAULT; 104 105 if (!inode_owner_or_capable(inode)) 106 return -EACCES; 107 108 if (policy.version != 0) 109 return -EINVAL; 110 111 ret = mnt_want_write_file(filp); 112 if (ret) 113 return ret; 114 115 inode_lock(inode); 116 117 if (!inode_has_encryption_context(inode)) { 118 if (!S_ISDIR(inode->i_mode)) 119 ret = -EINVAL; 120 else if (!inode->i_sb->s_cop->empty_dir) 121 ret = -EOPNOTSUPP; 122 else if (!inode->i_sb->s_cop->empty_dir(inode)) 123 ret = -ENOTEMPTY; 124 else 125 ret = create_encryption_context_from_policy(inode, 126 &policy); 127 } else if (!is_encryption_context_consistent_with_policy(inode, 128 &policy)) { 129 printk(KERN_WARNING 130 "%s: Policy inconsistent with encryption context\n", 131 __func__); 132 ret = -EINVAL; 133 } 134 135 inode_unlock(inode); 136 137 mnt_drop_write_file(filp); 138 return ret; 139 } 140 EXPORT_SYMBOL(fscrypt_ioctl_set_policy); 141 142 int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg) 143 { 144 struct inode *inode = file_inode(filp); 145 struct fscrypt_context ctx; 146 struct fscrypt_policy policy; 147 int res; 148 149 if (!inode->i_sb->s_cop->get_context || 150 !inode->i_sb->s_cop->is_encrypted(inode)) 151 return -ENODATA; 152 153 res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); 154 if (res != sizeof(ctx)) 155 return -ENODATA; 156 if (ctx.format != FS_ENCRYPTION_CONTEXT_FORMAT_V1) 157 return -EINVAL; 158 159 policy.version = 0; 160 policy.contents_encryption_mode = ctx.contents_encryption_mode; 161 policy.filenames_encryption_mode = ctx.filenames_encryption_mode; 162 policy.flags = ctx.flags; 163 memcpy(policy.master_key_descriptor, ctx.master_key_descriptor, 164 FS_KEY_DESCRIPTOR_SIZE); 165 166 if (copy_to_user(arg, &policy, sizeof(policy))) 167 return -EFAULT; 168 return 0; 169 } 170 EXPORT_SYMBOL(fscrypt_ioctl_get_policy); 171 172 int fscrypt_has_permitted_context(struct inode *parent, struct inode *child) 173 { 174 struct fscrypt_info *parent_ci, *child_ci; 175 int res; 176 177 if ((parent == NULL) || (child == NULL)) { 178 printk(KERN_ERR "parent %p child %p\n", parent, child); 179 BUG_ON(1); 180 } 181 182 /* no restrictions if the parent directory is not encrypted */ 183 if (!parent->i_sb->s_cop->is_encrypted(parent)) 184 return 1; 185 /* if the child directory is not encrypted, this is always a problem */ 186 if (!parent->i_sb->s_cop->is_encrypted(child)) 187 return 0; 188 res = fscrypt_get_encryption_info(parent); 189 if (res) 190 return 0; 191 res = fscrypt_get_encryption_info(child); 192 if (res) 193 return 0; 194 parent_ci = parent->i_crypt_info; 195 child_ci = child->i_crypt_info; 196 if (!parent_ci && !child_ci) 197 return 1; 198 if (!parent_ci || !child_ci) 199 return 0; 200 201 return (memcmp(parent_ci->ci_master_key, 202 child_ci->ci_master_key, 203 FS_KEY_DESCRIPTOR_SIZE) == 0 && 204 (parent_ci->ci_data_mode == child_ci->ci_data_mode) && 205 (parent_ci->ci_filename_mode == child_ci->ci_filename_mode) && 206 (parent_ci->ci_flags == child_ci->ci_flags)); 207 } 208 EXPORT_SYMBOL(fscrypt_has_permitted_context); 209 210 /** 211 * fscrypt_inherit_context() - Sets a child context from its parent 212 * @parent: Parent inode from which the context is inherited. 213 * @child: Child inode that inherits the context from @parent. 214 * @fs_data: private data given by FS. 215 * @preload: preload child i_crypt_info 216 * 217 * Return: Zero on success, non-zero otherwise 218 */ 219 int fscrypt_inherit_context(struct inode *parent, struct inode *child, 220 void *fs_data, bool preload) 221 { 222 struct fscrypt_context ctx; 223 struct fscrypt_info *ci; 224 int res; 225 226 if (!parent->i_sb->s_cop->set_context) 227 return -EOPNOTSUPP; 228 229 res = fscrypt_get_encryption_info(parent); 230 if (res < 0) 231 return res; 232 233 ci = parent->i_crypt_info; 234 if (ci == NULL) 235 return -ENOKEY; 236 237 ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; 238 if (fscrypt_dummy_context_enabled(parent)) { 239 ctx.contents_encryption_mode = FS_ENCRYPTION_MODE_AES_256_XTS; 240 ctx.filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_256_CTS; 241 ctx.flags = 0; 242 memset(ctx.master_key_descriptor, 0x42, FS_KEY_DESCRIPTOR_SIZE); 243 res = 0; 244 } else { 245 ctx.contents_encryption_mode = ci->ci_data_mode; 246 ctx.filenames_encryption_mode = ci->ci_filename_mode; 247 ctx.flags = ci->ci_flags; 248 memcpy(ctx.master_key_descriptor, ci->ci_master_key, 249 FS_KEY_DESCRIPTOR_SIZE); 250 } 251 get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); 252 res = parent->i_sb->s_cop->set_context(child, &ctx, 253 sizeof(ctx), fs_data); 254 if (res) 255 return res; 256 return preload ? fscrypt_get_encryption_info(child): 0; 257 } 258 EXPORT_SYMBOL(fscrypt_inherit_context); 259