Commit | Line | Data |
---|---|---|
9bd8212f MH |
1 | /* |
2 | * linux/fs/ext4/crypto_policy.c | |
3 | * | |
4 | * Copyright (C) 2015, Google, Inc. | |
5 | * | |
6 | * This contains encryption policy functions for ext4 | |
7 | * | |
8 | * Written by Michael Halcrow, 2015. | |
9 | */ | |
10 | ||
11 | #include <linux/random.h> | |
12 | #include <linux/string.h> | |
13 | #include <linux/types.h> | |
14 | ||
806c24ad | 15 | #include "ext4_jbd2.h" |
9bd8212f MH |
16 | #include "ext4.h" |
17 | #include "xattr.h" | |
18 | ||
19 | static int ext4_inode_has_encryption_context(struct inode *inode) | |
20 | { | |
21 | int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION, | |
22 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, NULL, 0); | |
23 | return (res > 0); | |
24 | } | |
25 | ||
26 | /* | |
27 | * check whether the policy is consistent with the encryption context | |
28 | * for the inode | |
29 | */ | |
30 | static int ext4_is_encryption_context_consistent_with_policy( | |
31 | struct inode *inode, const struct ext4_encryption_policy *policy) | |
32 | { | |
33 | struct ext4_encryption_context ctx; | |
34 | int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION, | |
35 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx, | |
36 | sizeof(ctx)); | |
37 | if (res != sizeof(ctx)) | |
38 | return 0; | |
39 | return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor, | |
40 | EXT4_KEY_DESCRIPTOR_SIZE) == 0 && | |
a44cd7a0 TT |
41 | (ctx.flags == |
42 | policy->flags) && | |
9bd8212f MH |
43 | (ctx.contents_encryption_mode == |
44 | policy->contents_encryption_mode) && | |
45 | (ctx.filenames_encryption_mode == | |
46 | policy->filenames_encryption_mode)); | |
47 | } | |
48 | ||
49 | static int ext4_create_encryption_context_from_policy( | |
50 | struct inode *inode, const struct ext4_encryption_policy *policy) | |
51 | { | |
52 | struct ext4_encryption_context ctx; | |
806c24ad TT |
53 | handle_t *handle; |
54 | int res, res2; | |
9bd8212f | 55 | |
f5aed2c2 TT |
56 | res = ext4_convert_inline_data(inode); |
57 | if (res) | |
58 | return res; | |
59 | ||
9bd8212f MH |
60 | ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1; |
61 | memcpy(ctx.master_key_descriptor, policy->master_key_descriptor, | |
62 | EXT4_KEY_DESCRIPTOR_SIZE); | |
b30ab0e0 MH |
63 | if (!ext4_valid_contents_enc_mode(policy->contents_encryption_mode)) { |
64 | printk(KERN_WARNING | |
65 | "%s: Invalid contents encryption mode %d\n", __func__, | |
66 | policy->contents_encryption_mode); | |
a44cd7a0 | 67 | return -EINVAL; |
b30ab0e0 | 68 | } |
d5d0e8c7 MH |
69 | if (!ext4_valid_filenames_enc_mode(policy->filenames_encryption_mode)) { |
70 | printk(KERN_WARNING | |
71 | "%s: Invalid filenames encryption mode %d\n", __func__, | |
72 | policy->filenames_encryption_mode); | |
a44cd7a0 | 73 | return -EINVAL; |
d5d0e8c7 | 74 | } |
a44cd7a0 TT |
75 | if (policy->flags & ~EXT4_POLICY_FLAGS_VALID) |
76 | return -EINVAL; | |
9bd8212f MH |
77 | ctx.contents_encryption_mode = policy->contents_encryption_mode; |
78 | ctx.filenames_encryption_mode = policy->filenames_encryption_mode; | |
a44cd7a0 | 79 | ctx.flags = policy->flags; |
9bd8212f MH |
80 | BUILD_BUG_ON(sizeof(ctx.nonce) != EXT4_KEY_DERIVATION_NONCE_SIZE); |
81 | get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE); | |
82 | ||
806c24ad TT |
83 | handle = ext4_journal_start(inode, EXT4_HT_MISC, |
84 | ext4_jbd2_credits_xattr(inode)); | |
85 | if (IS_ERR(handle)) | |
86 | return PTR_ERR(handle); | |
9bd8212f MH |
87 | res = ext4_xattr_set(inode, EXT4_XATTR_INDEX_ENCRYPTION, |
88 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx, | |
89 | sizeof(ctx), 0); | |
806c24ad | 90 | if (!res) { |
9bd8212f | 91 | ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT); |
806c24ad TT |
92 | res = ext4_mark_inode_dirty(handle, inode); |
93 | if (res) | |
94 | EXT4_ERROR_INODE(inode, "Failed to mark inode dirty"); | |
95 | } | |
96 | res2 = ext4_journal_stop(handle); | |
97 | if (!res) | |
98 | res = res2; | |
9bd8212f MH |
99 | return res; |
100 | } | |
101 | ||
102 | int ext4_process_policy(const struct ext4_encryption_policy *policy, | |
103 | struct inode *inode) | |
104 | { | |
105 | if (policy->version != 0) | |
106 | return -EINVAL; | |
107 | ||
108 | if (!ext4_inode_has_encryption_context(inode)) { | |
d87f6d78 TT |
109 | if (!S_ISDIR(inode->i_mode)) |
110 | return -EINVAL; | |
9bd8212f MH |
111 | if (!ext4_empty_dir(inode)) |
112 | return -ENOTEMPTY; | |
113 | return ext4_create_encryption_context_from_policy(inode, | |
114 | policy); | |
115 | } | |
116 | ||
117 | if (ext4_is_encryption_context_consistent_with_policy(inode, policy)) | |
118 | return 0; | |
119 | ||
120 | printk(KERN_WARNING "%s: Policy inconsistent with encryption context\n", | |
121 | __func__); | |
122 | return -EINVAL; | |
123 | } | |
124 | ||
125 | int ext4_get_policy(struct inode *inode, struct ext4_encryption_policy *policy) | |
126 | { | |
127 | struct ext4_encryption_context ctx; | |
128 | ||
129 | int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION, | |
130 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, | |
131 | &ctx, sizeof(ctx)); | |
132 | if (res != sizeof(ctx)) | |
133 | return -ENOENT; | |
134 | if (ctx.format != EXT4_ENCRYPTION_CONTEXT_FORMAT_V1) | |
135 | return -EINVAL; | |
136 | policy->version = 0; | |
137 | policy->contents_encryption_mode = ctx.contents_encryption_mode; | |
138 | policy->filenames_encryption_mode = ctx.filenames_encryption_mode; | |
a44cd7a0 | 139 | policy->flags = ctx.flags; |
9bd8212f MH |
140 | memcpy(&policy->master_key_descriptor, ctx.master_key_descriptor, |
141 | EXT4_KEY_DESCRIPTOR_SIZE); | |
142 | return 0; | |
143 | } | |
144 | ||
145 | int ext4_is_child_context_consistent_with_parent(struct inode *parent, | |
146 | struct inode *child) | |
147 | { | |
b7236e21 | 148 | struct ext4_crypt_info *parent_ci, *child_ci; |
9bd8212f MH |
149 | int res; |
150 | ||
151 | if ((parent == NULL) || (child == NULL)) { | |
152 | pr_err("parent %p child %p\n", parent, child); | |
687c3c36 TT |
153 | WARN_ON(1); /* Should never happen */ |
154 | return 0; | |
9bd8212f MH |
155 | } |
156 | /* no restrictions if the parent directory is not encrypted */ | |
157 | if (!ext4_encrypted_inode(parent)) | |
158 | return 1; | |
9bd8212f MH |
159 | /* if the child directory is not encrypted, this is always a problem */ |
160 | if (!ext4_encrypted_inode(child)) | |
161 | return 0; | |
b7236e21 TT |
162 | res = ext4_get_encryption_info(parent); |
163 | if (res) | |
164 | return 0; | |
165 | res = ext4_get_encryption_info(child); | |
166 | if (res) | |
167 | return 0; | |
168 | parent_ci = EXT4_I(parent)->i_crypt_info; | |
169 | child_ci = EXT4_I(child)->i_crypt_info; | |
170 | if (!parent_ci && !child_ci) | |
171 | return 1; | |
172 | if (!parent_ci || !child_ci) | |
9bd8212f | 173 | return 0; |
b7236e21 TT |
174 | |
175 | return (memcmp(parent_ci->ci_master_key, | |
176 | child_ci->ci_master_key, | |
9bd8212f | 177 | EXT4_KEY_DESCRIPTOR_SIZE) == 0 && |
b7236e21 TT |
178 | (parent_ci->ci_data_mode == child_ci->ci_data_mode) && |
179 | (parent_ci->ci_filename_mode == child_ci->ci_filename_mode) && | |
180 | (parent_ci->ci_flags == child_ci->ci_flags)); | |
9bd8212f MH |
181 | } |
182 | ||
183 | /** | |
184 | * ext4_inherit_context() - Sets a child context from its parent | |
185 | * @parent: Parent inode from which the context is inherited. | |
186 | * @child: Child inode that inherits the context from @parent. | |
187 | * | |
188 | * Return: Zero on success, non-zero otherwise | |
189 | */ | |
190 | int ext4_inherit_context(struct inode *parent, struct inode *child) | |
191 | { | |
192 | struct ext4_encryption_context ctx; | |
b7236e21 TT |
193 | struct ext4_crypt_info *ci; |
194 | int res; | |
195 | ||
196 | res = ext4_get_encryption_info(parent); | |
197 | if (res < 0) | |
198 | return res; | |
199 | ci = EXT4_I(parent)->i_crypt_info; | |
abdd438b TT |
200 | if (ci == NULL) |
201 | return -ENOKEY; | |
9bd8212f | 202 | |
b7236e21 TT |
203 | ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1; |
204 | if (DUMMY_ENCRYPTION_ENABLED(EXT4_SB(parent->i_sb))) { | |
205 | ctx.contents_encryption_mode = EXT4_ENCRYPTION_MODE_AES_256_XTS; | |
206 | ctx.filenames_encryption_mode = | |
207 | EXT4_ENCRYPTION_MODE_AES_256_CTS; | |
208 | ctx.flags = 0; | |
209 | memset(ctx.master_key_descriptor, 0x42, | |
210 | EXT4_KEY_DESCRIPTOR_SIZE); | |
211 | res = 0; | |
212 | } else { | |
213 | ctx.contents_encryption_mode = ci->ci_data_mode; | |
214 | ctx.filenames_encryption_mode = ci->ci_filename_mode; | |
215 | ctx.flags = ci->ci_flags; | |
216 | memcpy(ctx.master_key_descriptor, ci->ci_master_key, | |
217 | EXT4_KEY_DESCRIPTOR_SIZE); | |
6ddb2447 | 218 | } |
9bd8212f MH |
219 | get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE); |
220 | res = ext4_xattr_set(child, EXT4_XATTR_INDEX_ENCRYPTION, | |
221 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx, | |
222 | sizeof(ctx), 0); | |
f5aed2c2 | 223 | if (!res) { |
9bd8212f | 224 | ext4_set_inode_flag(child, EXT4_INODE_ENCRYPT); |
f5aed2c2 | 225 | ext4_clear_inode_state(child, EXT4_STATE_MAY_INLINE_DATA); |
55557029 | 226 | res = ext4_get_encryption_info(child); |
f5aed2c2 | 227 | } |
9bd8212f MH |
228 | return res; |
229 | } |