1// SPDX-License-Identifier: GPL-2.0
  2/*
  3 * Encryption policy functions for per-file encryption support.
  4 *
  5 * Copyright (C) 2015, Google, Inc.
  6 * Copyright (C) 2015, Motorola Mobility.
  7 *
  8 * Written by Michael Halcrow, 2015.
  9 * Modified by Jaegeuk Kim, 2015.
 10 */
 11
 12#include <linux/random.h>
 13#include <linux/string.h>
 14#include <linux/mount.h>
 15#include "fscrypt_private.h"
 16
 17/*
 18 * check whether an encryption policy is consistent with an encryption context
 19 */
 20static bool is_encryption_context_consistent_with_policy(
 21				const struct fscrypt_context *ctx,
 22				const struct fscrypt_policy *policy)
 23{
 24	return memcmp(ctx->master_key_descriptor, policy->master_key_descriptor,
 25		      FS_KEY_DESCRIPTOR_SIZE) == 0 &&
 26		(ctx->flags == policy->flags) &&
 27		(ctx->contents_encryption_mode ==
 28		 policy->contents_encryption_mode) &&
 29		(ctx->filenames_encryption_mode ==
 30		 policy->filenames_encryption_mode);
 31}
 32
 33static int create_encryption_context_from_policy(struct inode *inode,
 34				const struct fscrypt_policy *policy)
 35{
 36	struct fscrypt_context ctx;
 37
 38	ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
 39	memcpy(ctx.master_key_descriptor, policy->master_key_descriptor,
 40					FS_KEY_DESCRIPTOR_SIZE);
 41
 42	if (!fscrypt_valid_enc_modes(policy->contents_encryption_mode,
 43				     policy->filenames_encryption_mode))
 44		return -EINVAL;
 45
 46	if (policy->flags & ~FS_POLICY_FLAGS_VALID)
 47		return -EINVAL;
 48
 49	ctx.contents_encryption_mode = policy->contents_encryption_mode;
 50	ctx.filenames_encryption_mode = policy->filenames_encryption_mode;
 51	ctx.flags = policy->flags;
 52	BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);
 53	get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);
 54
 55	return inode->i_sb->s_cop->set_context(inode, &ctx, sizeof(ctx), NULL);
 56}
 57
 58int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg)
 59{
 60	struct fscrypt_policy policy;
 61	struct inode *inode = file_inode(filp);
 62	int ret;
 63	struct fscrypt_context ctx;
 64
 65	if (copy_from_user(&policy, arg, sizeof(policy)))
 66		return -EFAULT;
 67
 68	if (!inode_owner_or_capable(inode))
 69		return -EACCES;
 70
 71	if (policy.version != 0)
 72		return -EINVAL;
 73
 74	ret = mnt_want_write_file(filp);
 75	if (ret)
 76		return ret;
 77
 78	inode_lock(inode);
 79
 80	ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
 81	if (ret == -ENODATA) {
 82		if (!S_ISDIR(inode->i_mode))
 83			ret = -ENOTDIR;
 84		else if (!inode->i_sb->s_cop->empty_dir(inode))
 85			ret = -ENOTEMPTY;
 86		else
 87			ret = create_encryption_context_from_policy(inode,
 88								    &policy);
 89	} else if (ret == sizeof(ctx) &&
 90		   is_encryption_context_consistent_with_policy(&ctx,
 91								&policy)) {
 92		/* The file already uses the same encryption policy. */
 93		ret = 0;
 94	} else if (ret >= 0 || ret == -ERANGE) {
 95		/* The file already uses a different encryption policy. */
 96		ret = -EEXIST;
 97	}
 98
 99	inode_unlock(inode);
100
101	mnt_drop_write_file(filp);
102	return ret;
103}
104EXPORT_SYMBOL(fscrypt_ioctl_set_policy);
105
106int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg)
107{
108	struct inode *inode = file_inode(filp);
109	struct fscrypt_context ctx;
110	struct fscrypt_policy policy;
111	int res;
112
113	if (!IS_ENCRYPTED(inode))
114		return -ENODATA;
115
116	res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
117	if (res < 0 && res != -ERANGE)
118		return res;
119	if (res != sizeof(ctx))
120		return -EINVAL;
121	if (ctx.format != FS_ENCRYPTION_CONTEXT_FORMAT_V1)
122		return -EINVAL;
123
124	policy.version = 0;
125	policy.contents_encryption_mode = ctx.contents_encryption_mode;
126	policy.filenames_encryption_mode = ctx.filenames_encryption_mode;
127	policy.flags = ctx.flags;
128	memcpy(policy.master_key_descriptor, ctx.master_key_descriptor,
129				FS_KEY_DESCRIPTOR_SIZE);
130
131	if (copy_to_user(arg, &policy, sizeof(policy)))
132		return -EFAULT;
133	return 0;
134}
135EXPORT_SYMBOL(fscrypt_ioctl_get_policy);
136
137/**
138 * fscrypt_has_permitted_context() - is a file's encryption policy permitted
139 *				     within its directory?
140 *
141 * @parent: inode for parent directory
142 * @child: inode for file being looked up, opened, or linked into @parent
143 *
144 * Filesystems must call this before permitting access to an inode in a
145 * situation where the parent directory is encrypted (either before allowing
146 * ->lookup() to succeed, or for a regular file before allowing it to be opened)
147 * and before any operation that involves linking an inode into an encrypted
148 * directory, including link, rename, and cross rename.  It enforces the
149 * constraint that within a given encrypted directory tree, all files use the
150 * same encryption policy.  The pre-access check is needed to detect potentially
151 * malicious offline violations of this constraint, while the link and rename
152 * checks are needed to prevent online violations of this constraint.
153 *
154 * Return: 1 if permitted, 0 if forbidden.  If forbidden, the caller must fail
155 * the filesystem operation with EPERM.
156 */
157int fscrypt_has_permitted_context(struct inode *parent, struct inode *child)
158{
159	const struct fscrypt_operations *cops = parent->i_sb->s_cop;
160	const struct fscrypt_info *parent_ci, *child_ci;
161	struct fscrypt_context parent_ctx, child_ctx;
162	int res;
163
164	/* No restrictions on file types which are never encrypted */
165	if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) &&
166	    !S_ISLNK(child->i_mode))
167		return 1;
168
169	/* No restrictions if the parent directory is unencrypted */
170	if (!IS_ENCRYPTED(parent))
171		return 1;
172
173	/* Encrypted directories must not contain unencrypted files */
174	if (!IS_ENCRYPTED(child))
175		return 0;
176
177	/*
178	 * Both parent and child are encrypted, so verify they use the same
179	 * encryption policy.  Compare the fscrypt_info structs if the keys are
180	 * available, otherwise retrieve and compare the fscrypt_contexts.
181	 *
182	 * Note that the fscrypt_context retrieval will be required frequently
183	 * when accessing an encrypted directory tree without the key.
184	 * Performance-wise this is not a big deal because we already don't
185	 * really optimize for file access without the key (to the extent that
186	 * such access is even possible), given that any attempted access
187	 * already causes a fscrypt_context retrieval and keyring search.
188	 *
189	 * In any case, if an unexpected error occurs, fall back to "forbidden".
190	 */
191
192	res = fscrypt_get_encryption_info(parent);
193	if (res)
194		return 0;
195	res = fscrypt_get_encryption_info(child);
196	if (res)
197		return 0;
198	parent_ci = parent->i_crypt_info;
199	child_ci = child->i_crypt_info;
200
201	if (parent_ci && child_ci) {
202		return memcmp(parent_ci->ci_master_key, child_ci->ci_master_key,
203			      FS_KEY_DESCRIPTOR_SIZE) == 0 &&
204			(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&
205			(parent_ci->ci_filename_mode ==
206			 child_ci->ci_filename_mode) &&
207			(parent_ci->ci_flags == child_ci->ci_flags);
208	}
209
210	res = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx));
211	if (res != sizeof(parent_ctx))
212		return 0;
213
214	res = cops->get_context(child, &child_ctx, sizeof(child_ctx));
215	if (res != sizeof(child_ctx))
216		return 0;
217
218	return memcmp(parent_ctx.master_key_descriptor,
219		      child_ctx.master_key_descriptor,
220		      FS_KEY_DESCRIPTOR_SIZE) == 0 &&
221		(parent_ctx.contents_encryption_mode ==
222		 child_ctx.contents_encryption_mode) &&
223		(parent_ctx.filenames_encryption_mode ==
224		 child_ctx.filenames_encryption_mode) &&
225		(parent_ctx.flags == child_ctx.flags);
226}
227EXPORT_SYMBOL(fscrypt_has_permitted_context);
228
229/**
230 * fscrypt_inherit_context() - Sets a child context from its parent
231 * @parent: Parent inode from which the context is inherited.
232 * @child:  Child inode that inherits the context from @parent.
233 * @fs_data:  private data given by FS.
234 * @preload:  preload child i_crypt_info if true
235 *
236 * Return: 0 on success, -errno on failure
237 */
238int fscrypt_inherit_context(struct inode *parent, struct inode *child,
239						void *fs_data, bool preload)
240{
241	struct fscrypt_context ctx;
242	struct fscrypt_info *ci;
243	int res;
244
245	res = fscrypt_get_encryption_info(parent);
246	if (res < 0)
247		return res;
248
249	ci = parent->i_crypt_info;
250	if (ci == NULL)
251		return -ENOKEY;
252
253	ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
254	ctx.contents_encryption_mode = ci->ci_data_mode;
255	ctx.filenames_encryption_mode = ci->ci_filename_mode;
256	ctx.flags = ci->ci_flags;
257	memcpy(ctx.master_key_descriptor, ci->ci_master_key,
258	       FS_KEY_DESCRIPTOR_SIZE);
259	get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);
260	BUILD_BUG_ON(sizeof(ctx) != FSCRYPT_SET_CONTEXT_MAX_SIZE);
261	res = parent->i_sb->s_cop->set_context(child, &ctx,
262						sizeof(ctx), fs_data);
263	if (res)
264		return res;
265	return preload ? fscrypt_get_encryption_info(child): 0;
266}
267EXPORT_SYMBOL(fscrypt_inherit_context);