kernel/fs/ext4/crypto_policy.c

   1 /*
   2  * linux/fs/ext4/crypto_policy.c
   3  *
   4  * Copyright (C) 2015, Google, Inc.
   5  *
   6  * This contains encryption policy functions for ext4
   7  *
   8  * Written by Michael Halcrow, 2015.
   9  */
  10
  11 #include <linux/random.h>
  12 #include <linux/string.h>
  13 #include <linux/types.h>
  14
  15 #include "ext4.h"
  16 #include "xattr.h"
  17
  18 static int ext4_inode_has_encryption_context(struct inode *inode)
  19 {
  20         int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
  21                                  EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, NULL, 0);
  22         return (res > 0);
  23 }
  24
  25 /*
  26  * check whether the policy is consistent with the encryption context
  27  * for the inode
  28  */
  29 static int ext4_is_encryption_context_consistent_with_policy(
  30         struct inode *inode, const struct ext4_encryption_policy *policy)
  31 {
  32         struct ext4_encryption_context ctx;
  33         int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
  34                                  EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
  35                                  sizeof(ctx));
  36         if (res != sizeof(ctx))
  37                 return 0;
  38         return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor,
  39                         EXT4_KEY_DESCRIPTOR_SIZE) == 0 &&
  40                 (ctx.flags ==
  41                  policy->flags) &&
  42                 (ctx.contents_encryption_mode ==
  43                  policy->contents_encryption_mode) &&
  44                 (ctx.filenames_encryption_mode ==
  45                  policy->filenames_encryption_mode));
  46 }
  47
  48 static int ext4_create_encryption_context_from_policy(
  49         struct inode *inode, const struct ext4_encryption_policy *policy)
  50 {
  51         struct ext4_encryption_context ctx;
  52         int res = 0;
  53
  54         ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1;
  55         memcpy(ctx.master_key_descriptor, policy->master_key_descriptor,
  56                EXT4_KEY_DESCRIPTOR_SIZE);
  57         if (!ext4_valid_contents_enc_mode(policy->contents_encryption_mode)) {
  58                 printk(KERN_WARNING
  59                        "%s: Invalid contents encryption mode %d\n", __func__,
  60                         policy->contents_encryption_mode);
  61                 return -EINVAL;
  62         }
  63         if (!ext4_valid_filenames_enc_mode(policy->filenames_encryption_mode)) {
  64                 printk(KERN_WARNING
  65                        "%s: Invalid filenames encryption mode %d\n", __func__,
  66                         policy->filenames_encryption_mode);
  67                 return -EINVAL;
  68         }
  69         if (policy->flags & ~EXT4_POLICY_FLAGS_VALID)
  70                 return -EINVAL;
  71         ctx.contents_encryption_mode = policy->contents_encryption_mode;
  72         ctx.filenames_encryption_mode = policy->filenames_encryption_mode;
  73         ctx.flags = policy->flags;
  74         BUILD_BUG_ON(sizeof(ctx.nonce) != EXT4_KEY_DERIVATION_NONCE_SIZE);
  75         get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE);
  76
  77         res = ext4_xattr_set(inode, EXT4_XATTR_INDEX_ENCRYPTION,
  78                              EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
  79                              sizeof(ctx), 0);
  80         if (!res)
  81                 ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
  82         return res;
  83 }
  84
  85 int ext4_process_policy(const struct ext4_encryption_policy *policy,
  86                         struct inode *inode)
  87 {
  88         if (policy->version != 0)
  89                 return -EINVAL;
  90
  91         if (!ext4_inode_has_encryption_context(inode)) {
  92                 if (!ext4_empty_dir(inode))
  93                         return -ENOTEMPTY;
  94                 return ext4_create_encryption_context_from_policy(inode,
  95                                                                   policy);
  96         }
  97
  98         if (ext4_is_encryption_context_consistent_with_policy(inode, policy))
  99                 return 0;
 100
 101         printk(KERN_WARNING "%s: Policy inconsistent with encryption context\n",
 102                __func__);
 103         return -EINVAL;
 104 }
 105
 106 int ext4_get_policy(struct inode *inode, struct ext4_encryption_policy *policy)
 107 {
 108         struct ext4_encryption_context ctx;
 109
 110         int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
 111                                  EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
 112                                  &ctx, sizeof(ctx));
 113         if (res != sizeof(ctx))
 114                 return -ENOENT;
 115         if (ctx.format != EXT4_ENCRYPTION_CONTEXT_FORMAT_V1)
 116                 return -EINVAL;
 117         policy->version = 0;
 118         policy->contents_encryption_mode = ctx.contents_encryption_mode;
 119         policy->filenames_encryption_mode = ctx.filenames_encryption_mode;
 120         policy->flags = ctx.flags;
 121         memcpy(&policy->master_key_descriptor, ctx.master_key_descriptor,
 122                EXT4_KEY_DESCRIPTOR_SIZE);
 123         return 0;
 124 }
 125
 126 int ext4_is_child_context_consistent_with_parent(struct inode *parent,
 127                                                  struct inode *child)
 128 {
 129         struct ext4_encryption_context parent_ctx, child_ctx;
 130         int res;
 131
 132         if ((parent == NULL) || (child == NULL)) {
 133                 pr_err("parent %p child %p\n", parent, child);
 134                 BUG_ON(1);
 135         }
 136         /* no restrictions if the parent directory is not encrypted */
 137         if (!ext4_encrypted_inode(parent))
 138                 return 1;
 139         res = ext4_xattr_get(parent, EXT4_XATTR_INDEX_ENCRYPTION,
 140                              EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
 141                              &parent_ctx, sizeof(parent_ctx));
 142         if (res != sizeof(parent_ctx))
 143                 return 0;
 144         /* if the child directory is not encrypted, this is always a problem */
 145         if (!ext4_encrypted_inode(child))
 146                 return 0;
 147         res = ext4_xattr_get(child, EXT4_XATTR_INDEX_ENCRYPTION,
 148                              EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
 149                              &child_ctx, sizeof(child_ctx));
 150         if (res != sizeof(child_ctx))
 151                 return 0;
 152         return (memcmp(parent_ctx.master_key_descriptor,
 153                        child_ctx.master_key_descriptor,
 154                        EXT4_KEY_DESCRIPTOR_SIZE) == 0 &&
 155                 (parent_ctx.contents_encryption_mode ==
 156                  child_ctx.contents_encryption_mode) &&
 157                 (parent_ctx.filenames_encryption_mode ==
 158                  child_ctx.filenames_encryption_mode));
 159 }
 160
 161 /**
 162  * ext4_inherit_context() - Sets a child context from its parent
 163  * @parent: Parent inode from which the context is inherited.
 164  * @child:  Child inode that inherits the context from @parent.
 165  *
 166  * Return: Zero on success, non-zero otherwise
 167  */
 168 int ext4_inherit_context(struct inode *parent, struct inode *child)
 169 {
 170         struct ext4_encryption_context ctx;
 171         int res = ext4_xattr_get(parent, EXT4_XATTR_INDEX_ENCRYPTION,
 172                                  EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
 173                                  &ctx, sizeof(ctx));
 174
 175         if (res != sizeof(ctx)) {
 176                 if (DUMMY_ENCRYPTION_ENABLED(EXT4_SB(parent->i_sb))) {
 177                         ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1;
 178                         ctx.contents_encryption_mode =
 179                                 EXT4_ENCRYPTION_MODE_AES_256_XTS;
 180                         ctx.filenames_encryption_mode =
 181                                 EXT4_ENCRYPTION_MODE_AES_256_CTS;
 182                         ctx.flags = 0;
 183                         memset(ctx.master_key_descriptor, 0x42,
 184                                EXT4_KEY_DESCRIPTOR_SIZE);
 185                         res = 0;
 186                 } else {
 187                         goto out;
 188                 }
 189         }
 190         get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE);
 191         res = ext4_xattr_set(child, EXT4_XATTR_INDEX_ENCRYPTION,
 192                              EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
 193                              sizeof(ctx), 0);
 194 out:
 195         if (!res)
 196                 ext4_set_inode_flag(child, EXT4_INODE_ENCRYPT);
 197         return res;
 198 }