root/fs/crypto/policy.c

DEFINITIONS

1. fscrypt_policies_equal
2. fscrypt_supported_policy
3. fscrypt_new_context_from_policy
4. fscrypt_policy_from_context
5. fscrypt_get_policy
6. set_encryption_policy
7. fscrypt_ioctl_set_policy
8. fscrypt_ioctl_get_policy
9. fscrypt_ioctl_get_policy_ex
10. fscrypt_has_permitted_context
11. fscrypt_inherit_context

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * Encryption policy functions for per-file encryption support.
   4  *
   5  * Copyright (C) 2015, Google, Inc.
   6  * Copyright (C) 2015, Motorola Mobility.
   7  *
   8  * Originally written by Michael Halcrow, 2015.
   9  * Modified by Jaegeuk Kim, 2015.
  10  * Modified by Eric Biggers, 2019 for v2 policy support.
  11  */
  12 
  13 #include <linux/random.h>
  14 #include <linux/string.h>
  15 #include <linux/mount.h>
  16 #include "fscrypt_private.h"
  17 
  18 /**
  19  * fscrypt_policies_equal - check whether two encryption policies are the same
  20  *
  21  * Return: %true if equal, else %false
  22  */
  23 bool fscrypt_policies_equal(const union fscrypt_policy *policy1,
  24                             const union fscrypt_policy *policy2)
  25 {
  26         if (policy1->version != policy2->version)
  27                 return false;
  28 
  29         return !memcmp(policy1, policy2, fscrypt_policy_size(policy1));
  30 }
  31 
  32 /**
  33  * fscrypt_supported_policy - check whether an encryption policy is supported
  34  *
  35  * Given an encryption policy, check whether all its encryption modes and other
  36  * settings are supported by this kernel.  (But we don't currently don't check
  37  * for crypto API support here, so attempting to use an algorithm not configured
  38  * into the crypto API will still fail later.)
  39  *
  40  * Return: %true if supported, else %false
  41  */
  42 bool fscrypt_supported_policy(const union fscrypt_policy *policy_u,
  43                               const struct inode *inode)
  44 {
  45         switch (policy_u->version) {
  46         case FSCRYPT_POLICY_V1: {
  47                 const struct fscrypt_policy_v1 *policy = &policy_u->v1;
  48 
  49                 if (!fscrypt_valid_enc_modes(policy->contents_encryption_mode,
  50                                              policy->filenames_encryption_mode)) {
  51                         fscrypt_warn(inode,
  52                                      "Unsupported encryption modes (contents %d, filenames %d)",
  53                                      policy->contents_encryption_mode,
  54                                      policy->filenames_encryption_mode);
  55                         return false;
  56                 }
  57 
  58                 if (policy->flags & ~FSCRYPT_POLICY_FLAGS_VALID) {
  59                         fscrypt_warn(inode,
  60                                      "Unsupported encryption flags (0x%02x)",
  61                                      policy->flags);
  62                         return false;
  63                 }
  64 
  65                 return true;
  66         }
  67         case FSCRYPT_POLICY_V2: {
  68                 const struct fscrypt_policy_v2 *policy = &policy_u->v2;
  69 
  70                 if (!fscrypt_valid_enc_modes(policy->contents_encryption_mode,
  71                                              policy->filenames_encryption_mode)) {
  72                         fscrypt_warn(inode,
  73                                      "Unsupported encryption modes (contents %d, filenames %d)",
  74                                      policy->contents_encryption_mode,
  75                                      policy->filenames_encryption_mode);
  76                         return false;
  77                 }
  78 
  79                 if (policy->flags & ~FSCRYPT_POLICY_FLAGS_VALID) {
  80                         fscrypt_warn(inode,
  81                                      "Unsupported encryption flags (0x%02x)",
  82                                      policy->flags);
  83                         return false;
  84                 }
  85 
  86                 if (memchr_inv(policy->__reserved, 0,
  87                                sizeof(policy->__reserved))) {
  88                         fscrypt_warn(inode,
  89                                      "Reserved bits set in encryption policy");
  90                         return false;
  91                 }
  92 
  93                 return true;
  94         }
  95         }
  96         return false;
  97 }
  98 
  99 /**
 100  * fscrypt_new_context_from_policy - create a new fscrypt_context from a policy
 101  *
 102  * Create an fscrypt_context for an inode that is being assigned the given
 103  * encryption policy.  A new nonce is randomly generated.
 104  *
 105  * Return: the size of the new context in bytes.
 106  */
 107 static int fscrypt_new_context_from_policy(union fscrypt_context *ctx_u,
 108                                            const union fscrypt_policy *policy_u)
 109 {
 110         memset(ctx_u, 0, sizeof(*ctx_u));
 111 
 112         switch (policy_u->version) {
 113         case FSCRYPT_POLICY_V1: {
 114                 const struct fscrypt_policy_v1 *policy = &policy_u->v1;
 115                 struct fscrypt_context_v1 *ctx = &ctx_u->v1;
 116 
 117                 ctx->version = FSCRYPT_CONTEXT_V1;
 118                 ctx->contents_encryption_mode =
 119                         policy->contents_encryption_mode;
 120                 ctx->filenames_encryption_mode =
 121                         policy->filenames_encryption_mode;
 122                 ctx->flags = policy->flags;
 123                 memcpy(ctx->master_key_descriptor,
 124                        policy->master_key_descriptor,
 125                        sizeof(ctx->master_key_descriptor));
 126                 get_random_bytes(ctx->nonce, sizeof(ctx->nonce));
 127                 return sizeof(*ctx);
 128         }
 129         case FSCRYPT_POLICY_V2: {
 130                 const struct fscrypt_policy_v2 *policy = &policy_u->v2;
 131                 struct fscrypt_context_v2 *ctx = &ctx_u->v2;
 132 
 133                 ctx->version = FSCRYPT_CONTEXT_V2;
 134                 ctx->contents_encryption_mode =
 135                         policy->contents_encryption_mode;
 136                 ctx->filenames_encryption_mode =
 137                         policy->filenames_encryption_mode;
 138                 ctx->flags = policy->flags;
 139                 memcpy(ctx->master_key_identifier,
 140                        policy->master_key_identifier,
 141                        sizeof(ctx->master_key_identifier));
 142                 get_random_bytes(ctx->nonce, sizeof(ctx->nonce));
 143                 return sizeof(*ctx);
 144         }
 145         }
 146         BUG();
 147 }
 148 
 149 /**
 150  * fscrypt_policy_from_context - convert an fscrypt_context to an fscrypt_policy
 151  *
 152  * Given an fscrypt_context, build the corresponding fscrypt_policy.
 153  *
 154  * Return: 0 on success, or -EINVAL if the fscrypt_context has an unrecognized
 155  * version number or size.
 156  *
 157  * This does *not* validate the settings within the policy itself, e.g. the
 158  * modes, flags, and reserved bits.  Use fscrypt_supported_policy() for that.
 159  */
 160 int fscrypt_policy_from_context(union fscrypt_policy *policy_u,
 161                                 const union fscrypt_context *ctx_u,
 162                                 int ctx_size)
 163 {
 164         memset(policy_u, 0, sizeof(*policy_u));
 165 
 166         if (ctx_size <= 0 || ctx_size != fscrypt_context_size(ctx_u))
 167                 return -EINVAL;
 168 
 169         switch (ctx_u->version) {
 170         case FSCRYPT_CONTEXT_V1: {
 171                 const struct fscrypt_context_v1 *ctx = &ctx_u->v1;
 172                 struct fscrypt_policy_v1 *policy = &policy_u->v1;
 173 
 174                 policy->version = FSCRYPT_POLICY_V1;
 175                 policy->contents_encryption_mode =
 176                         ctx->contents_encryption_mode;
 177                 policy->filenames_encryption_mode =
 178                         ctx->filenames_encryption_mode;
 179                 policy->flags = ctx->flags;
 180                 memcpy(policy->master_key_descriptor,
 181                        ctx->master_key_descriptor,
 182                        sizeof(policy->master_key_descriptor));
 183                 return 0;
 184         }
 185         case FSCRYPT_CONTEXT_V2: {
 186                 const struct fscrypt_context_v2 *ctx = &ctx_u->v2;
 187                 struct fscrypt_policy_v2 *policy = &policy_u->v2;
 188 
 189                 policy->version = FSCRYPT_POLICY_V2;
 190                 policy->contents_encryption_mode =
 191                         ctx->contents_encryption_mode;
 192                 policy->filenames_encryption_mode =
 193                         ctx->filenames_encryption_mode;
 194                 policy->flags = ctx->flags;
 195                 memcpy(policy->__reserved, ctx->__reserved,
 196                        sizeof(policy->__reserved));
 197                 memcpy(policy->master_key_identifier,
 198                        ctx->master_key_identifier,
 199                        sizeof(policy->master_key_identifier));
 200                 return 0;
 201         }
 202         }
 203         /* unreachable */
 204         return -EINVAL;
 205 }
 206 
 207 /* Retrieve an inode's encryption policy */
 208 static int fscrypt_get_policy(struct inode *inode, union fscrypt_policy *policy)
 209 {
 210         const struct fscrypt_info *ci;
 211         union fscrypt_context ctx;
 212         int ret;
 213 
 214         ci = READ_ONCE(inode->i_crypt_info);
 215         if (ci) {
 216                 /* key available, use the cached policy */
 217                 *policy = ci->ci_policy;
 218                 return 0;
 219         }
 220 
 221         if (!IS_ENCRYPTED(inode))
 222                 return -ENODATA;
 223 
 224         ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
 225         if (ret < 0)
 226                 return (ret == -ERANGE) ? -EINVAL : ret;
 227 
 228         return fscrypt_policy_from_context(policy, &ctx, ret);
 229 }
 230 
 231 static int set_encryption_policy(struct inode *inode,
 232                                  const union fscrypt_policy *policy)
 233 {
 234         union fscrypt_context ctx;
 235         int ctxsize;
 236         int err;
 237 
 238         if (!fscrypt_supported_policy(policy, inode))
 239                 return -EINVAL;
 240 
 241         switch (policy->version) {
 242         case FSCRYPT_POLICY_V1:
 243                 /*
 244                  * The original encryption policy version provided no way of
 245                  * verifying that the correct master key was supplied, which was
 246                  * insecure in scenarios where multiple users have access to the
 247                  * same encrypted files (even just read-only access).  The new
 248                  * encryption policy version fixes this and also implies use of
 249                  * an improved key derivation function and allows non-root users
 250                  * to securely remove keys.  So as long as compatibility with
 251                  * old kernels isn't required, it is recommended to use the new
 252                  * policy version for all new encrypted directories.
 253                  */
 254                 pr_warn_once("%s (pid %d) is setting deprecated v1 encryption policy; recommend upgrading to v2.\n",
 255                              current->comm, current->pid);
 256                 break;
 257         case FSCRYPT_POLICY_V2:
 258                 err = fscrypt_verify_key_added(inode->i_sb,
 259                                                policy->v2.master_key_identifier);
 260                 if (err)
 261                         return err;
 262                 break;
 263         default:
 264                 WARN_ON(1);
 265                 return -EINVAL;
 266         }
 267 
 268         ctxsize = fscrypt_new_context_from_policy(&ctx, policy);
 269 
 270         return inode->i_sb->s_cop->set_context(inode, &ctx, ctxsize, NULL);
 271 }
 272 
 273 int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg)
 274 {
 275         union fscrypt_policy policy;
 276         union fscrypt_policy existing_policy;
 277         struct inode *inode = file_inode(filp);
 278         u8 version;
 279         int size;
 280         int ret;
 281 
 282         if (get_user(policy.version, (const u8 __user *)arg))
 283                 return -EFAULT;
 284 
 285         size = fscrypt_policy_size(&policy);
 286         if (size <= 0)
 287                 return -EINVAL;
 288 
 289         /*
 290          * We should just copy the remaining 'size - 1' bytes here, but a
 291          * bizarre bug in gcc 7 and earlier (fixed by gcc r255731) causes gcc to
 292          * think that size can be 0 here (despite the check above!) *and* that
 293          * it's a compile-time constant.  Thus it would think copy_from_user()
 294          * is passed compile-time constant ULONG_MAX, causing the compile-time
 295          * buffer overflow check to fail, breaking the build. This only occurred
 296          * when building an i386 kernel with -Os and branch profiling enabled.
 297          *
 298          * Work around it by just copying the first byte again...
 299          */
 300         version = policy.version;
 301         if (copy_from_user(&policy, arg, size))
 302                 return -EFAULT;
 303         policy.version = version;
 304 
 305         if (!inode_owner_or_capable(inode))
 306                 return -EACCES;
 307 
 308         ret = mnt_want_write_file(filp);
 309         if (ret)
 310                 return ret;
 311 
 312         inode_lock(inode);
 313 
 314         ret = fscrypt_get_policy(inode, &existing_policy);
 315         if (ret == -ENODATA) {
 316                 if (!S_ISDIR(inode->i_mode))
 317                         ret = -ENOTDIR;
 318                 else if (IS_DEADDIR(inode))
 319                         ret = -ENOENT;
 320                 else if (!inode->i_sb->s_cop->empty_dir(inode))
 321                         ret = -ENOTEMPTY;
 322                 else
 323                         ret = set_encryption_policy(inode, &policy);
 324         } else if (ret == -EINVAL ||
 325                    (ret == 0 && !fscrypt_policies_equal(&policy,
 326                                                         &existing_policy))) {
 327                 /* The file already uses a different encryption policy. */
 328                 ret = -EEXIST;
 329         }
 330 
 331         inode_unlock(inode);
 332 
 333         mnt_drop_write_file(filp);
 334         return ret;
 335 }
 336 EXPORT_SYMBOL(fscrypt_ioctl_set_policy);
 337 
 338 /* Original ioctl version; can only get the original policy version */
 339 int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg)
 340 {
 341         union fscrypt_policy policy;
 342         int err;
 343 
 344         err = fscrypt_get_policy(file_inode(filp), &policy);
 345         if (err)
 346                 return err;
 347 
 348         if (policy.version != FSCRYPT_POLICY_V1)
 349                 return -EINVAL;
 350 
 351         if (copy_to_user(arg, &policy, sizeof(policy.v1)))
 352                 return -EFAULT;
 353         return 0;
 354 }
 355 EXPORT_SYMBOL(fscrypt_ioctl_get_policy);
 356 
 357 /* Extended ioctl version; can get policies of any version */
 358 int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *uarg)
 359 {
 360         struct fscrypt_get_policy_ex_arg arg;
 361         union fscrypt_policy *policy = (union fscrypt_policy *)&arg.policy;
 362         size_t policy_size;
 363         int err;
 364 
 365         /* arg is policy_size, then policy */
 366         BUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0);
 367         BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !=
 368                      offsetof(typeof(arg), policy));
 369         BUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy));
 370 
 371         err = fscrypt_get_policy(file_inode(filp), policy);
 372         if (err)
 373                 return err;
 374         policy_size = fscrypt_policy_size(policy);
 375 
 376         if (copy_from_user(&arg, uarg, sizeof(arg.policy_size)))
 377                 return -EFAULT;
 378 
 379         if (policy_size > arg.policy_size)
 380                 return -EOVERFLOW;
 381         arg.policy_size = policy_size;
 382 
 383         if (copy_to_user(uarg, &arg, sizeof(arg.policy_size) + policy_size))
 384                 return -EFAULT;
 385         return 0;
 386 }
 387 EXPORT_SYMBOL_GPL(fscrypt_ioctl_get_policy_ex);
 388 
 389 /**
 390  * fscrypt_has_permitted_context() - is a file's encryption policy permitted
 391  *                                   within its directory?
 392  *
 393  * @parent: inode for parent directory
 394  * @child: inode for file being looked up, opened, or linked into @parent
 395  *
 396  * Filesystems must call this before permitting access to an inode in a
 397  * situation where the parent directory is encrypted (either before allowing
 398  * ->lookup() to succeed, or for a regular file before allowing it to be opened)
 399  * and before any operation that involves linking an inode into an encrypted
 400  * directory, including link, rename, and cross rename.  It enforces the
 401  * constraint that within a given encrypted directory tree, all files use the
 402  * same encryption policy.  The pre-access check is needed to detect potentially
 403  * malicious offline violations of this constraint, while the link and rename
 404  * checks are needed to prevent online violations of this constraint.
 405  *
 406  * Return: 1 if permitted, 0 if forbidden.
 407  */
 408 int fscrypt_has_permitted_context(struct inode *parent, struct inode *child)
 409 {
 410         union fscrypt_policy parent_policy, child_policy;
 411         int err;
 412 
 413         /* No restrictions on file types which are never encrypted */
 414         if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) &&
 415             !S_ISLNK(child->i_mode))
 416                 return 1;
 417 
 418         /* No restrictions if the parent directory is unencrypted */
 419         if (!IS_ENCRYPTED(parent))
 420                 return 1;
 421 
 422         /* Encrypted directories must not contain unencrypted files */
 423         if (!IS_ENCRYPTED(child))
 424                 return 0;
 425 
 426         /*
 427          * Both parent and child are encrypted, so verify they use the same
 428          * encryption policy.  Compare the fscrypt_info structs if the keys are
 429          * available, otherwise retrieve and compare the fscrypt_contexts.
 430          *
 431          * Note that the fscrypt_context retrieval will be required frequently
 432          * when accessing an encrypted directory tree without the key.
 433          * Performance-wise this is not a big deal because we already don't
 434          * really optimize for file access without the key (to the extent that
 435          * such access is even possible), given that any attempted access
 436          * already causes a fscrypt_context retrieval and keyring search.
 437          *
 438          * In any case, if an unexpected error occurs, fall back to "forbidden".
 439          */
 440 
 441         err = fscrypt_get_encryption_info(parent);
 442         if (err)
 443                 return 0;
 444         err = fscrypt_get_encryption_info(child);
 445         if (err)
 446                 return 0;
 447 
 448         err = fscrypt_get_policy(parent, &parent_policy);
 449         if (err)
 450                 return 0;
 451 
 452         err = fscrypt_get_policy(child, &child_policy);
 453         if (err)
 454                 return 0;
 455 
 456         return fscrypt_policies_equal(&parent_policy, &child_policy);
 457 }
 458 EXPORT_SYMBOL(fscrypt_has_permitted_context);
 459 
 460 /**
 461  * fscrypt_inherit_context() - Sets a child context from its parent
 462  * @parent: Parent inode from which the context is inherited.
 463  * @child:  Child inode that inherits the context from @parent.
 464  * @fs_data:  private data given by FS.
 465  * @preload:  preload child i_crypt_info if true
 466  *
 467  * Return: 0 on success, -errno on failure
 468  */
 469 int fscrypt_inherit_context(struct inode *parent, struct inode *child,
 470                                                 void *fs_data, bool preload)
 471 {
 472         union fscrypt_context ctx;
 473         int ctxsize;
 474         struct fscrypt_info *ci;
 475         int res;
 476 
 477         res = fscrypt_get_encryption_info(parent);
 478         if (res < 0)
 479                 return res;
 480 
 481         ci = READ_ONCE(parent->i_crypt_info);
 482         if (ci == NULL)
 483                 return -ENOKEY;
 484 
 485         ctxsize = fscrypt_new_context_from_policy(&ctx, &ci->ci_policy);
 486 
 487         BUILD_BUG_ON(sizeof(ctx) != FSCRYPT_SET_CONTEXT_MAX_SIZE);
 488         res = parent->i_sb->s_cop->set_context(child, &ctx, ctxsize, fs_data);
 489         if (res)
 490                 return res;
 491         return preload ? fscrypt_get_encryption_info(child): 0;
 492 }
 493 EXPORT_SYMBOL(fscrypt_inherit_context);