1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Encryption policy functions for per-file encryption support. 4 * 5 * Copyright (C) 2015, Google, Inc. 6 * Copyright (C) 2015, Motorola Mobility. 7 * 8 * Originally written by Michael Halcrow, 2015. 9 * Modified by Jaegeuk Kim, 2015. 10 * Modified by Eric Biggers, 2019 for v2 policy support. 11 */ 12 13 #include <linux/fs_context.h> 14 #include <linux/random.h> 15 #include <linux/seq_file.h> 16 #include <linux/string.h> 17 #include <linux/mount.h> 18 #include "fscrypt_private.h" 19 20 /** 21 * fscrypt_policies_equal() - check whether two encryption policies are the same 22 * @policy1: the first policy 23 * @policy2: the second policy 24 * 25 * Return: %true if equal, else %false 26 */ 27 bool fscrypt_policies_equal(const union fscrypt_policy *policy1, 28 const union fscrypt_policy *policy2) 29 { 30 if (policy1->version != policy2->version) 31 return false; 32 33 return !memcmp(policy1, policy2, fscrypt_policy_size(policy1)); 34 } 35 36 int fscrypt_policy_to_key_spec(const union fscrypt_policy *policy, 37 struct fscrypt_key_specifier *key_spec) 38 { 39 switch (policy->version) { 40 case FSCRYPT_POLICY_V1: 41 key_spec->type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; 42 memcpy(key_spec->u.descriptor, policy->v1.master_key_descriptor, 43 FSCRYPT_KEY_DESCRIPTOR_SIZE); 44 return 0; 45 case FSCRYPT_POLICY_V2: 46 key_spec->type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER; 47 memcpy(key_spec->u.identifier, policy->v2.master_key_identifier, 48 FSCRYPT_KEY_IDENTIFIER_SIZE); 49 return 0; 50 default: 51 WARN_ON(1); 52 return -EINVAL; 53 } 54 } 55 56 static const union fscrypt_policy * 57 fscrypt_get_dummy_policy(struct super_block *sb) 58 { 59 if (!sb->s_cop->get_dummy_policy) 60 return NULL; 61 return sb->s_cop->get_dummy_policy(sb); 62 } 63 64 static bool fscrypt_valid_enc_modes(u32 contents_mode, u32 filenames_mode) 65 { 66 if (contents_mode == FSCRYPT_MODE_AES_256_XTS && 67 filenames_mode == FSCRYPT_MODE_AES_256_CTS) 68 return true; 69 70 if (contents_mode == FSCRYPT_MODE_AES_128_CBC && 71 filenames_mode == FSCRYPT_MODE_AES_128_CTS) 72 return true; 73 74 if (contents_mode == FSCRYPT_MODE_ADIANTUM && 75 filenames_mode == FSCRYPT_MODE_ADIANTUM) 76 return true; 77 78 return false; 79 } 80 81 static bool supported_direct_key_modes(const struct inode *inode, 82 u32 contents_mode, u32 filenames_mode) 83 { 84 const struct fscrypt_mode *mode; 85 86 if (contents_mode != filenames_mode) { 87 fscrypt_warn(inode, 88 "Direct key flag not allowed with different contents and filenames modes"); 89 return false; 90 } 91 mode = &fscrypt_modes[contents_mode]; 92 93 if (mode->ivsize < offsetofend(union fscrypt_iv, nonce)) { 94 fscrypt_warn(inode, "Direct key flag not allowed with %s", 95 mode->friendly_name); 96 return false; 97 } 98 return true; 99 } 100 101 static bool supported_iv_ino_lblk_policy(const struct fscrypt_policy_v2 *policy, 102 const struct inode *inode, 103 const char *type, 104 int max_ino_bits, int max_lblk_bits) 105 { 106 struct super_block *sb = inode->i_sb; 107 int ino_bits = 64, lblk_bits = 64; 108 109 /* 110 * IV_INO_LBLK_* exist only because of hardware limitations, and 111 * currently the only known use case for them involves AES-256-XTS. 112 * That's also all we test currently. For these reasons, for now only 113 * allow AES-256-XTS here. This can be relaxed later if a use case for 114 * IV_INO_LBLK_* with other encryption modes arises. 115 */ 116 if (policy->contents_encryption_mode != FSCRYPT_MODE_AES_256_XTS) { 117 fscrypt_warn(inode, 118 "Can't use %s policy with contents mode other than AES-256-XTS", 119 type); 120 return false; 121 } 122 123 /* 124 * It's unsafe to include inode numbers in the IVs if the filesystem can 125 * potentially renumber inodes, e.g. via filesystem shrinking. 126 */ 127 if (!sb->s_cop->has_stable_inodes || 128 !sb->s_cop->has_stable_inodes(sb)) { 129 fscrypt_warn(inode, 130 "Can't use %s policy on filesystem '%s' because it doesn't have stable inode numbers", 131 type, sb->s_id); 132 return false; 133 } 134 if (sb->s_cop->get_ino_and_lblk_bits) 135 sb->s_cop->get_ino_and_lblk_bits(sb, &ino_bits, &lblk_bits); 136 if (ino_bits > max_ino_bits) { 137 fscrypt_warn(inode, 138 "Can't use %s policy on filesystem '%s' because its inode numbers are too long", 139 type, sb->s_id); 140 return false; 141 } 142 if (lblk_bits > max_lblk_bits) { 143 fscrypt_warn(inode, 144 "Can't use %s policy on filesystem '%s' because its block numbers are too long", 145 type, sb->s_id); 146 return false; 147 } 148 return true; 149 } 150 151 static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy, 152 const struct inode *inode) 153 { 154 if (!fscrypt_valid_enc_modes(policy->contents_encryption_mode, 155 policy->filenames_encryption_mode)) { 156 fscrypt_warn(inode, 157 "Unsupported encryption modes (contents %d, filenames %d)", 158 policy->contents_encryption_mode, 159 policy->filenames_encryption_mode); 160 return false; 161 } 162 163 if (policy->flags & ~(FSCRYPT_POLICY_FLAGS_PAD_MASK | 164 FSCRYPT_POLICY_FLAG_DIRECT_KEY)) { 165 fscrypt_warn(inode, "Unsupported encryption flags (0x%02x)", 166 policy->flags); 167 return false; 168 } 169 170 if ((policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) && 171 !supported_direct_key_modes(inode, policy->contents_encryption_mode, 172 policy->filenames_encryption_mode)) 173 return false; 174 175 if (IS_CASEFOLDED(inode)) { 176 /* With v1, there's no way to derive dirhash keys. */ 177 fscrypt_warn(inode, 178 "v1 policies can't be used on casefolded directories"); 179 return false; 180 } 181 182 return true; 183 } 184 185 static bool fscrypt_supported_v2_policy(const struct fscrypt_policy_v2 *policy, 186 const struct inode *inode) 187 { 188 int count = 0; 189 190 if (!fscrypt_valid_enc_modes(policy->contents_encryption_mode, 191 policy->filenames_encryption_mode)) { 192 fscrypt_warn(inode, 193 "Unsupported encryption modes (contents %d, filenames %d)", 194 policy->contents_encryption_mode, 195 policy->filenames_encryption_mode); 196 return false; 197 } 198 199 if (policy->flags & ~(FSCRYPT_POLICY_FLAGS_PAD_MASK | 200 FSCRYPT_POLICY_FLAG_DIRECT_KEY | 201 FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 | 202 FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32)) { 203 fscrypt_warn(inode, "Unsupported encryption flags (0x%02x)", 204 policy->flags); 205 return false; 206 } 207 208 count += !!(policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY); 209 count += !!(policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64); 210 count += !!(policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32); 211 if (count > 1) { 212 fscrypt_warn(inode, "Mutually exclusive encryption flags (0x%02x)", 213 policy->flags); 214 return false; 215 } 216 217 if ((policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) && 218 !supported_direct_key_modes(inode, policy->contents_encryption_mode, 219 policy->filenames_encryption_mode)) 220 return false; 221 222 if ((policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64) && 223 !supported_iv_ino_lblk_policy(policy, inode, "IV_INO_LBLK_64", 224 32, 32)) 225 return false; 226 227 /* 228 * IV_INO_LBLK_32 hashes the inode number, so in principle it can 229 * support any ino_bits. However, currently the inode number is gotten 230 * from inode::i_ino which is 'unsigned long'. So for now the 231 * implementation limit is 32 bits. 232 */ 233 if ((policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) && 234 !supported_iv_ino_lblk_policy(policy, inode, "IV_INO_LBLK_32", 235 32, 32)) 236 return false; 237 238 if (memchr_inv(policy->__reserved, 0, sizeof(policy->__reserved))) { 239 fscrypt_warn(inode, "Reserved bits set in encryption policy"); 240 return false; 241 } 242 243 return true; 244 } 245 246 /** 247 * fscrypt_supported_policy() - check whether an encryption policy is supported 248 * @policy_u: the encryption policy 249 * @inode: the inode on which the policy will be used 250 * 251 * Given an encryption policy, check whether all its encryption modes and other 252 * settings are supported by this kernel on the given inode. (But we don't 253 * currently don't check for crypto API support here, so attempting to use an 254 * algorithm not configured into the crypto API will still fail later.) 255 * 256 * Return: %true if supported, else %false 257 */ 258 bool fscrypt_supported_policy(const union fscrypt_policy *policy_u, 259 const struct inode *inode) 260 { 261 switch (policy_u->version) { 262 case FSCRYPT_POLICY_V1: 263 return fscrypt_supported_v1_policy(&policy_u->v1, inode); 264 case FSCRYPT_POLICY_V2: 265 return fscrypt_supported_v2_policy(&policy_u->v2, inode); 266 } 267 return false; 268 } 269 270 /** 271 * fscrypt_new_context() - create a new fscrypt_context 272 * @ctx_u: output context 273 * @policy_u: input policy 274 * @nonce: nonce to use 275 * 276 * Create an fscrypt_context for an inode that is being assigned the given 277 * encryption policy. @nonce must be a new random nonce. 278 * 279 * Return: the size of the new context in bytes. 280 */ 281 static int fscrypt_new_context(union fscrypt_context *ctx_u, 282 const union fscrypt_policy *policy_u, 283 const u8 nonce[FSCRYPT_FILE_NONCE_SIZE]) 284 { 285 memset(ctx_u, 0, sizeof(*ctx_u)); 286 287 switch (policy_u->version) { 288 case FSCRYPT_POLICY_V1: { 289 const struct fscrypt_policy_v1 *policy = &policy_u->v1; 290 struct fscrypt_context_v1 *ctx = &ctx_u->v1; 291 292 ctx->version = FSCRYPT_CONTEXT_V1; 293 ctx->contents_encryption_mode = 294 policy->contents_encryption_mode; 295 ctx->filenames_encryption_mode = 296 policy->filenames_encryption_mode; 297 ctx->flags = policy->flags; 298 memcpy(ctx->master_key_descriptor, 299 policy->master_key_descriptor, 300 sizeof(ctx->master_key_descriptor)); 301 memcpy(ctx->nonce, nonce, FSCRYPT_FILE_NONCE_SIZE); 302 return sizeof(*ctx); 303 } 304 case FSCRYPT_POLICY_V2: { 305 const struct fscrypt_policy_v2 *policy = &policy_u->v2; 306 struct fscrypt_context_v2 *ctx = &ctx_u->v2; 307 308 ctx->version = FSCRYPT_CONTEXT_V2; 309 ctx->contents_encryption_mode = 310 policy->contents_encryption_mode; 311 ctx->filenames_encryption_mode = 312 policy->filenames_encryption_mode; 313 ctx->flags = policy->flags; 314 memcpy(ctx->master_key_identifier, 315 policy->master_key_identifier, 316 sizeof(ctx->master_key_identifier)); 317 memcpy(ctx->nonce, nonce, FSCRYPT_FILE_NONCE_SIZE); 318 return sizeof(*ctx); 319 } 320 } 321 BUG(); 322 } 323 324 /** 325 * fscrypt_policy_from_context() - convert an fscrypt_context to 326 * an fscrypt_policy 327 * @policy_u: output policy 328 * @ctx_u: input context 329 * @ctx_size: size of input context in bytes 330 * 331 * Given an fscrypt_context, build the corresponding fscrypt_policy. 332 * 333 * Return: 0 on success, or -EINVAL if the fscrypt_context has an unrecognized 334 * version number or size. 335 * 336 * This does *not* validate the settings within the policy itself, e.g. the 337 * modes, flags, and reserved bits. Use fscrypt_supported_policy() for that. 338 */ 339 int fscrypt_policy_from_context(union fscrypt_policy *policy_u, 340 const union fscrypt_context *ctx_u, 341 int ctx_size) 342 { 343 memset(policy_u, 0, sizeof(*policy_u)); 344 345 if (!fscrypt_context_is_valid(ctx_u, ctx_size)) 346 return -EINVAL; 347 348 switch (ctx_u->version) { 349 case FSCRYPT_CONTEXT_V1: { 350 const struct fscrypt_context_v1 *ctx = &ctx_u->v1; 351 struct fscrypt_policy_v1 *policy = &policy_u->v1; 352 353 policy->version = FSCRYPT_POLICY_V1; 354 policy->contents_encryption_mode = 355 ctx->contents_encryption_mode; 356 policy->filenames_encryption_mode = 357 ctx->filenames_encryption_mode; 358 policy->flags = ctx->flags; 359 memcpy(policy->master_key_descriptor, 360 ctx->master_key_descriptor, 361 sizeof(policy->master_key_descriptor)); 362 return 0; 363 } 364 case FSCRYPT_CONTEXT_V2: { 365 const struct fscrypt_context_v2 *ctx = &ctx_u->v2; 366 struct fscrypt_policy_v2 *policy = &policy_u->v2; 367 368 policy->version = FSCRYPT_POLICY_V2; 369 policy->contents_encryption_mode = 370 ctx->contents_encryption_mode; 371 policy->filenames_encryption_mode = 372 ctx->filenames_encryption_mode; 373 policy->flags = ctx->flags; 374 memcpy(policy->__reserved, ctx->__reserved, 375 sizeof(policy->__reserved)); 376 memcpy(policy->master_key_identifier, 377 ctx->master_key_identifier, 378 sizeof(policy->master_key_identifier)); 379 return 0; 380 } 381 } 382 /* unreachable */ 383 return -EINVAL; 384 } 385 386 /* Retrieve an inode's encryption policy */ 387 static int fscrypt_get_policy(struct inode *inode, union fscrypt_policy *policy) 388 { 389 const struct fscrypt_info *ci; 390 union fscrypt_context ctx; 391 int ret; 392 393 ci = fscrypt_get_info(inode); 394 if (ci) { 395 /* key available, use the cached policy */ 396 *policy = ci->ci_policy; 397 return 0; 398 } 399 400 if (!IS_ENCRYPTED(inode)) 401 return -ENODATA; 402 403 ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); 404 if (ret < 0) 405 return (ret == -ERANGE) ? -EINVAL : ret; 406 407 return fscrypt_policy_from_context(policy, &ctx, ret); 408 } 409 410 static int set_encryption_policy(struct inode *inode, 411 const union fscrypt_policy *policy) 412 { 413 u8 nonce[FSCRYPT_FILE_NONCE_SIZE]; 414 union fscrypt_context ctx; 415 int ctxsize; 416 int err; 417 418 if (!fscrypt_supported_policy(policy, inode)) 419 return -EINVAL; 420 421 switch (policy->version) { 422 case FSCRYPT_POLICY_V1: 423 /* 424 * The original encryption policy version provided no way of 425 * verifying that the correct master key was supplied, which was 426 * insecure in scenarios where multiple users have access to the 427 * same encrypted files (even just read-only access). The new 428 * encryption policy version fixes this and also implies use of 429 * an improved key derivation function and allows non-root users 430 * to securely remove keys. So as long as compatibility with 431 * old kernels isn't required, it is recommended to use the new 432 * policy version for all new encrypted directories. 433 */ 434 pr_warn_once("%s (pid %d) is setting deprecated v1 encryption policy; recommend upgrading to v2.\n", 435 current->comm, current->pid); 436 break; 437 case FSCRYPT_POLICY_V2: 438 err = fscrypt_verify_key_added(inode->i_sb, 439 policy->v2.master_key_identifier); 440 if (err) 441 return err; 442 if (policy->v2.flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) 443 pr_warn_once("%s (pid %d) is setting an IV_INO_LBLK_32 encryption policy. This should only be used if there are certain hardware limitations.\n", 444 current->comm, current->pid); 445 break; 446 default: 447 WARN_ON(1); 448 return -EINVAL; 449 } 450 451 get_random_bytes(nonce, FSCRYPT_FILE_NONCE_SIZE); 452 ctxsize = fscrypt_new_context(&ctx, policy, nonce); 453 454 return inode->i_sb->s_cop->set_context(inode, &ctx, ctxsize, NULL); 455 } 456 457 int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg) 458 { 459 union fscrypt_policy policy; 460 union fscrypt_policy existing_policy; 461 struct inode *inode = file_inode(filp); 462 u8 version; 463 int size; 464 int ret; 465 466 if (get_user(policy.version, (const u8 __user *)arg)) 467 return -EFAULT; 468 469 size = fscrypt_policy_size(&policy); 470 if (size <= 0) 471 return -EINVAL; 472 473 /* 474 * We should just copy the remaining 'size - 1' bytes here, but a 475 * bizarre bug in gcc 7 and earlier (fixed by gcc r255731) causes gcc to 476 * think that size can be 0 here (despite the check above!) *and* that 477 * it's a compile-time constant. Thus it would think copy_from_user() 478 * is passed compile-time constant ULONG_MAX, causing the compile-time 479 * buffer overflow check to fail, breaking the build. This only occurred 480 * when building an i386 kernel with -Os and branch profiling enabled. 481 * 482 * Work around it by just copying the first byte again... 483 */ 484 version = policy.version; 485 if (copy_from_user(&policy, arg, size)) 486 return -EFAULT; 487 policy.version = version; 488 489 if (!inode_owner_or_capable(&init_user_ns, inode)) 490 return -EACCES; 491 492 ret = mnt_want_write_file(filp); 493 if (ret) 494 return ret; 495 496 inode_lock(inode); 497 498 ret = fscrypt_get_policy(inode, &existing_policy); 499 if (ret == -ENODATA) { 500 if (!S_ISDIR(inode->i_mode)) 501 ret = -ENOTDIR; 502 else if (IS_DEADDIR(inode)) 503 ret = -ENOENT; 504 else if (!inode->i_sb->s_cop->empty_dir(inode)) 505 ret = -ENOTEMPTY; 506 else 507 ret = set_encryption_policy(inode, &policy); 508 } else if (ret == -EINVAL || 509 (ret == 0 && !fscrypt_policies_equal(&policy, 510 &existing_policy))) { 511 /* The file already uses a different encryption policy. */ 512 ret = -EEXIST; 513 } 514 515 inode_unlock(inode); 516 517 mnt_drop_write_file(filp); 518 return ret; 519 } 520 EXPORT_SYMBOL(fscrypt_ioctl_set_policy); 521 522 /* Original ioctl version; can only get the original policy version */ 523 int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg) 524 { 525 union fscrypt_policy policy; 526 int err; 527 528 err = fscrypt_get_policy(file_inode(filp), &policy); 529 if (err) 530 return err; 531 532 if (policy.version != FSCRYPT_POLICY_V1) 533 return -EINVAL; 534 535 if (copy_to_user(arg, &policy, sizeof(policy.v1))) 536 return -EFAULT; 537 return 0; 538 } 539 EXPORT_SYMBOL(fscrypt_ioctl_get_policy); 540 541 /* Extended ioctl version; can get policies of any version */ 542 int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *uarg) 543 { 544 struct fscrypt_get_policy_ex_arg arg; 545 union fscrypt_policy *policy = (union fscrypt_policy *)&arg.policy; 546 size_t policy_size; 547 int err; 548 549 /* arg is policy_size, then policy */ 550 BUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0); 551 BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) != 552 offsetof(typeof(arg), policy)); 553 BUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy)); 554 555 err = fscrypt_get_policy(file_inode(filp), policy); 556 if (err) 557 return err; 558 policy_size = fscrypt_policy_size(policy); 559 560 if (copy_from_user(&arg, uarg, sizeof(arg.policy_size))) 561 return -EFAULT; 562 563 if (policy_size > arg.policy_size) 564 return -EOVERFLOW; 565 arg.policy_size = policy_size; 566 567 if (copy_to_user(uarg, &arg, sizeof(arg.policy_size) + policy_size)) 568 return -EFAULT; 569 return 0; 570 } 571 EXPORT_SYMBOL_GPL(fscrypt_ioctl_get_policy_ex); 572 573 /* FS_IOC_GET_ENCRYPTION_NONCE: retrieve file's encryption nonce for testing */ 574 int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg) 575 { 576 struct inode *inode = file_inode(filp); 577 union fscrypt_context ctx; 578 int ret; 579 580 ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); 581 if (ret < 0) 582 return ret; 583 if (!fscrypt_context_is_valid(&ctx, ret)) 584 return -EINVAL; 585 if (copy_to_user(arg, fscrypt_context_nonce(&ctx), 586 FSCRYPT_FILE_NONCE_SIZE)) 587 return -EFAULT; 588 return 0; 589 } 590 EXPORT_SYMBOL_GPL(fscrypt_ioctl_get_nonce); 591 592 /** 593 * fscrypt_has_permitted_context() - is a file's encryption policy permitted 594 * within its directory? 595 * 596 * @parent: inode for parent directory 597 * @child: inode for file being looked up, opened, or linked into @parent 598 * 599 * Filesystems must call this before permitting access to an inode in a 600 * situation where the parent directory is encrypted (either before allowing 601 * ->lookup() to succeed, or for a regular file before allowing it to be opened) 602 * and before any operation that involves linking an inode into an encrypted 603 * directory, including link, rename, and cross rename. It enforces the 604 * constraint that within a given encrypted directory tree, all files use the 605 * same encryption policy. The pre-access check is needed to detect potentially 606 * malicious offline violations of this constraint, while the link and rename 607 * checks are needed to prevent online violations of this constraint. 608 * 609 * Return: 1 if permitted, 0 if forbidden. 610 */ 611 int fscrypt_has_permitted_context(struct inode *parent, struct inode *child) 612 { 613 union fscrypt_policy parent_policy, child_policy; 614 int err, err1, err2; 615 616 /* No restrictions on file types which are never encrypted */ 617 if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) && 618 !S_ISLNK(child->i_mode)) 619 return 1; 620 621 /* No restrictions if the parent directory is unencrypted */ 622 if (!IS_ENCRYPTED(parent)) 623 return 1; 624 625 /* Encrypted directories must not contain unencrypted files */ 626 if (!IS_ENCRYPTED(child)) 627 return 0; 628 629 /* 630 * Both parent and child are encrypted, so verify they use the same 631 * encryption policy. Compare the fscrypt_info structs if the keys are 632 * available, otherwise retrieve and compare the fscrypt_contexts. 633 * 634 * Note that the fscrypt_context retrieval will be required frequently 635 * when accessing an encrypted directory tree without the key. 636 * Performance-wise this is not a big deal because we already don't 637 * really optimize for file access without the key (to the extent that 638 * such access is even possible), given that any attempted access 639 * already causes a fscrypt_context retrieval and keyring search. 640 * 641 * In any case, if an unexpected error occurs, fall back to "forbidden". 642 */ 643 644 err = fscrypt_get_encryption_info(parent, true); 645 if (err) 646 return 0; 647 err = fscrypt_get_encryption_info(child, true); 648 if (err) 649 return 0; 650 651 err1 = fscrypt_get_policy(parent, &parent_policy); 652 err2 = fscrypt_get_policy(child, &child_policy); 653 654 /* 655 * Allow the case where the parent and child both have an unrecognized 656 * encryption policy, so that files with an unrecognized encryption 657 * policy can be deleted. 658 */ 659 if (err1 == -EINVAL && err2 == -EINVAL) 660 return 1; 661 662 if (err1 || err2) 663 return 0; 664 665 return fscrypt_policies_equal(&parent_policy, &child_policy); 666 } 667 EXPORT_SYMBOL(fscrypt_has_permitted_context); 668 669 /* 670 * Return the encryption policy that new files in the directory will inherit, or 671 * NULL if none, or an ERR_PTR() on error. If the directory is encrypted, also 672 * ensure that its key is set up, so that the new filename can be encrypted. 673 */ 674 const union fscrypt_policy *fscrypt_policy_to_inherit(struct inode *dir) 675 { 676 int err; 677 678 if (IS_ENCRYPTED(dir)) { 679 err = fscrypt_require_key(dir); 680 if (err) 681 return ERR_PTR(err); 682 return &dir->i_crypt_info->ci_policy; 683 } 684 685 return fscrypt_get_dummy_policy(dir->i_sb); 686 } 687 688 /** 689 * fscrypt_set_context() - Set the fscrypt context of a new inode 690 * @inode: a new inode 691 * @fs_data: private data given by FS and passed to ->set_context() 692 * 693 * This should be called after fscrypt_prepare_new_inode(), generally during a 694 * filesystem transaction. Everything here must be %GFP_NOFS-safe. 695 * 696 * Return: 0 on success, -errno on failure 697 */ 698 int fscrypt_set_context(struct inode *inode, void *fs_data) 699 { 700 struct fscrypt_info *ci = inode->i_crypt_info; 701 union fscrypt_context ctx; 702 int ctxsize; 703 704 /* fscrypt_prepare_new_inode() should have set up the key already. */ 705 if (WARN_ON_ONCE(!ci)) 706 return -ENOKEY; 707 708 BUILD_BUG_ON(sizeof(ctx) != FSCRYPT_SET_CONTEXT_MAX_SIZE); 709 ctxsize = fscrypt_new_context(&ctx, &ci->ci_policy, ci->ci_nonce); 710 711 /* 712 * This may be the first time the inode number is available, so do any 713 * delayed key setup that requires the inode number. 714 */ 715 if (ci->ci_policy.version == FSCRYPT_POLICY_V2 && 716 (ci->ci_policy.v2.flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32)) { 717 const struct fscrypt_master_key *mk = 718 ci->ci_master_key->payload.data[0]; 719 720 fscrypt_hash_inode_number(ci, mk); 721 } 722 723 return inode->i_sb->s_cop->set_context(inode, &ctx, ctxsize, fs_data); 724 } 725 EXPORT_SYMBOL_GPL(fscrypt_set_context); 726 727 /** 728 * fscrypt_parse_test_dummy_encryption() - parse the test_dummy_encryption mount option 729 * @param: the mount option 730 * @dummy_policy: (input/output) the place to write the dummy policy that will 731 * result from parsing the option. Zero-initialize this. If a policy is 732 * already set here (due to test_dummy_encryption being given multiple 733 * times), then this function will verify that the policies are the same. 734 * 735 * Return: 0 on success; -EINVAL if the argument is invalid; -EEXIST if the 736 * argument conflicts with one already specified; or -ENOMEM. 737 */ 738 int fscrypt_parse_test_dummy_encryption(const struct fs_parameter *param, 739 struct fscrypt_dummy_policy *dummy_policy) 740 { 741 const char *arg = "v2"; 742 union fscrypt_policy *policy; 743 int err; 744 745 if (param->type == fs_value_is_string && *param->string) 746 arg = param->string; 747 748 policy = kzalloc(sizeof(*policy), GFP_KERNEL); 749 if (!policy) 750 return -ENOMEM; 751 752 if (!strcmp(arg, "v1")) { 753 policy->version = FSCRYPT_POLICY_V1; 754 policy->v1.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS; 755 policy->v1.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS; 756 memset(policy->v1.master_key_descriptor, 0x42, 757 FSCRYPT_KEY_DESCRIPTOR_SIZE); 758 } else if (!strcmp(arg, "v2")) { 759 policy->version = FSCRYPT_POLICY_V2; 760 policy->v2.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS; 761 policy->v2.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS; 762 err = fscrypt_get_test_dummy_key_identifier( 763 policy->v2.master_key_identifier); 764 if (err) 765 goto out; 766 } else { 767 err = -EINVAL; 768 goto out; 769 } 770 771 if (dummy_policy->policy) { 772 if (fscrypt_policies_equal(policy, dummy_policy->policy)) 773 err = 0; 774 else 775 err = -EEXIST; 776 goto out; 777 } 778 dummy_policy->policy = policy; 779 policy = NULL; 780 err = 0; 781 out: 782 kfree(policy); 783 return err; 784 } 785 EXPORT_SYMBOL_GPL(fscrypt_parse_test_dummy_encryption); 786 787 /** 788 * fscrypt_dummy_policies_equal() - check whether two dummy policies are equal 789 * @p1: the first test dummy policy (may be unset) 790 * @p2: the second test dummy policy (may be unset) 791 * 792 * Return: %true if the dummy policies are both set and equal, or both unset. 793 */ 794 bool fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy *p1, 795 const struct fscrypt_dummy_policy *p2) 796 { 797 if (!p1->policy && !p2->policy) 798 return true; 799 if (!p1->policy || !p2->policy) 800 return false; 801 return fscrypt_policies_equal(p1->policy, p2->policy); 802 } 803 EXPORT_SYMBOL_GPL(fscrypt_dummy_policies_equal); 804 805 /* Deprecated, do not use */ 806 int fscrypt_set_test_dummy_encryption(struct super_block *sb, const char *arg, 807 struct fscrypt_dummy_policy *dummy_policy) 808 { 809 struct fs_parameter param = { 810 .type = fs_value_is_string, 811 .string = arg ? (char *)arg : "", 812 }; 813 return fscrypt_parse_test_dummy_encryption(¶m, dummy_policy) ?: 814 fscrypt_add_test_dummy_key(sb, dummy_policy); 815 } 816 EXPORT_SYMBOL_GPL(fscrypt_set_test_dummy_encryption); 817 818 /** 819 * fscrypt_show_test_dummy_encryption() - show '-o test_dummy_encryption' 820 * @seq: the seq_file to print the option to 821 * @sep: the separator character to use 822 * @sb: the filesystem whose options are being shown 823 * 824 * Show the test_dummy_encryption mount option, if it was specified. 825 * This is mainly used for /proc/mounts. 826 */ 827 void fscrypt_show_test_dummy_encryption(struct seq_file *seq, char sep, 828 struct super_block *sb) 829 { 830 const union fscrypt_policy *policy = fscrypt_get_dummy_policy(sb); 831 int vers; 832 833 if (!policy) 834 return; 835 836 vers = policy->version; 837 if (vers == FSCRYPT_POLICY_V1) /* Handle numbering quirk */ 838 vers = 1; 839 840 seq_printf(seq, "%ctest_dummy_encryption=v%d", sep, vers); 841 } 842 EXPORT_SYMBOL_GPL(fscrypt_show_test_dummy_encryption); 843