1/*
  2 * linux/fs/ext4/crypto_policy.c
  3 *
  4 * Copyright (C) 2015, Google, Inc.
  5 *
  6 * This contains encryption policy functions for ext4
  7 *
  8 * Written by Michael Halcrow, 2015.
  9 */
 10
 11#include <linux/random.h>
 12#include <linux/string.h>
 13#include <linux/types.h>
 14
 15#include "ext4_jbd2.h"
 16#include "ext4.h"
 17#include "xattr.h"
 18
 19static int ext4_inode_has_encryption_context(struct inode *inode)
 20{
 21	int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
 22				 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, NULL, 0);
 23	return (res > 0);
 24}
 25
 26/*
 27 * check whether the policy is consistent with the encryption context
 28 * for the inode
 29 */
 30static int ext4_is_encryption_context_consistent_with_policy(
 31	struct inode *inode, const struct ext4_encryption_policy *policy)
 32{
 33	struct ext4_encryption_context ctx;
 34	int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
 35				 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
 36				 sizeof(ctx));
 37	if (res != sizeof(ctx))
 38		return 0;
 39	return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor,
 40			EXT4_KEY_DESCRIPTOR_SIZE) == 0 &&
 41		(ctx.flags ==
 42		 policy->flags) &&
 43		(ctx.contents_encryption_mode ==
 44		 policy->contents_encryption_mode) &&
 45		(ctx.filenames_encryption_mode ==
 46		 policy->filenames_encryption_mode));
 47}
 48
 49static int ext4_create_encryption_context_from_policy(
 50	struct inode *inode, const struct ext4_encryption_policy *policy)
 51{
 52	struct ext4_encryption_context ctx;
 53	handle_t *handle;
 54	int res, res2;
 55
 56	res = ext4_convert_inline_data(inode);
 57	if (res)
 58		return res;
 59
 60	ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1;
 61	memcpy(ctx.master_key_descriptor, policy->master_key_descriptor,
 62	       EXT4_KEY_DESCRIPTOR_SIZE);
 63	if (!ext4_valid_contents_enc_mode(policy->contents_encryption_mode)) {
 64		printk(KERN_WARNING
 65		       "%s: Invalid contents encryption mode %d\n", __func__,
 66			policy->contents_encryption_mode);
 67		return -EINVAL;
 68	}
 69	if (!ext4_valid_filenames_enc_mode(policy->filenames_encryption_mode)) {
 70		printk(KERN_WARNING
 71		       "%s: Invalid filenames encryption mode %d\n", __func__,
 72			policy->filenames_encryption_mode);
 73		return -EINVAL;
 74	}
 75	if (policy->flags & ~EXT4_POLICY_FLAGS_VALID)
 76		return -EINVAL;
 77	ctx.contents_encryption_mode = policy->contents_encryption_mode;
 78	ctx.filenames_encryption_mode = policy->filenames_encryption_mode;
 79	ctx.flags = policy->flags;
 80	BUILD_BUG_ON(sizeof(ctx.nonce) != EXT4_KEY_DERIVATION_NONCE_SIZE);
 81	get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE);
 82
 83	handle = ext4_journal_start(inode, EXT4_HT_MISC,
 84				    ext4_jbd2_credits_xattr(inode));
 85	if (IS_ERR(handle))
 86		return PTR_ERR(handle);
 87	res = ext4_xattr_set(inode, EXT4_XATTR_INDEX_ENCRYPTION,
 88			     EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
 89			     sizeof(ctx), 0);
 90	if (!res) {
 91		ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
 92		res = ext4_mark_inode_dirty(handle, inode);
 93		if (res)
 94			EXT4_ERROR_INODE(inode, "Failed to mark inode dirty");
 95	}
 96	res2 = ext4_journal_stop(handle);
 97	if (!res)
 98		res = res2;
 99	return res;
100}
101
102int ext4_process_policy(const struct ext4_encryption_policy *policy,
103			struct inode *inode)
104{
105	if (policy->version != 0)
106		return -EINVAL;
107
108	if (!ext4_inode_has_encryption_context(inode)) {
109		if (!S_ISDIR(inode->i_mode))
110			return -EINVAL;
111		if (!ext4_empty_dir(inode))
112			return -ENOTEMPTY;
113		return ext4_create_encryption_context_from_policy(inode,
114								  policy);
115	}
116
117	if (ext4_is_encryption_context_consistent_with_policy(inode, policy))
118		return 0;
119
120	printk(KERN_WARNING "%s: Policy inconsistent with encryption context\n",
121	       __func__);
122	return -EINVAL;
123}
124
125int ext4_get_policy(struct inode *inode, struct ext4_encryption_policy *policy)
126{
127	struct ext4_encryption_context ctx;
128
129	int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
130				 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
131				 &ctx, sizeof(ctx));
132	if (res != sizeof(ctx))
133		return -ENOENT;
134	if (ctx.format != EXT4_ENCRYPTION_CONTEXT_FORMAT_V1)
135		return -EINVAL;
136	policy->version = 0;
137	policy->contents_encryption_mode = ctx.contents_encryption_mode;
138	policy->filenames_encryption_mode = ctx.filenames_encryption_mode;
139	policy->flags = ctx.flags;
140	memcpy(&policy->master_key_descriptor, ctx.master_key_descriptor,
141	       EXT4_KEY_DESCRIPTOR_SIZE);
142	return 0;
143}
144
145int ext4_is_child_context_consistent_with_parent(struct inode *parent,
146						 struct inode *child)
147{
148	struct ext4_crypt_info *parent_ci, *child_ci;
149	int res;
150
151	if ((parent == NULL) || (child == NULL)) {
152		pr_err("parent %p child %p\n", parent, child);
153		WARN_ON(1);	/* Should never happen */
154		return 0;
155	}
156	/* no restrictions if the parent directory is not encrypted */
157	if (!ext4_encrypted_inode(parent))
158		return 1;
159	/* if the child directory is not encrypted, this is always a problem */
160	if (!ext4_encrypted_inode(child))
161		return 0;
162	res = ext4_get_encryption_info(parent);
163	if (res)
164		return 0;
165	res = ext4_get_encryption_info(child);
166	if (res)
167		return 0;
168	parent_ci = EXT4_I(parent)->i_crypt_info;
169	child_ci = EXT4_I(child)->i_crypt_info;
170	if (!parent_ci && !child_ci)
171		return 1;
172	if (!parent_ci || !child_ci)
173		return 0;
174
175	return (memcmp(parent_ci->ci_master_key,
176		       child_ci->ci_master_key,
177		       EXT4_KEY_DESCRIPTOR_SIZE) == 0 &&
178		(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&
179		(parent_ci->ci_filename_mode == child_ci->ci_filename_mode) &&
180		(parent_ci->ci_flags == child_ci->ci_flags));
181}
182
183/**
184 * ext4_inherit_context() - Sets a child context from its parent
185 * @parent: Parent inode from which the context is inherited.
186 * @child:  Child inode that inherits the context from @parent.
187 *
188 * Return: Zero on success, non-zero otherwise
189 */
190int ext4_inherit_context(struct inode *parent, struct inode *child)
191{
192	struct ext4_encryption_context ctx;
193	struct ext4_crypt_info *ci;
194	int res;
195
196	res = ext4_get_encryption_info(parent);
197	if (res < 0)
198		return res;
199	ci = EXT4_I(parent)->i_crypt_info;
200	if (ci == NULL)
201		return -ENOKEY;
202
203	ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1;
204	if (DUMMY_ENCRYPTION_ENABLED(EXT4_SB(parent->i_sb))) {
205		ctx.contents_encryption_mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
206		ctx.filenames_encryption_mode =
207			EXT4_ENCRYPTION_MODE_AES_256_CTS;
208		ctx.flags = 0;
209		memset(ctx.master_key_descriptor, 0x42,
210		       EXT4_KEY_DESCRIPTOR_SIZE);
211		res = 0;
212	} else {
213		ctx.contents_encryption_mode = ci->ci_data_mode;
214		ctx.filenames_encryption_mode = ci->ci_filename_mode;
215		ctx.flags = ci->ci_flags;
216		memcpy(ctx.master_key_descriptor, ci->ci_master_key,
217		       EXT4_KEY_DESCRIPTOR_SIZE);
218	}
219	get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE);
220	res = ext4_xattr_set(child, EXT4_XATTR_INDEX_ENCRYPTION,
221			     EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
222			     sizeof(ctx), 0);
223	if (!res) {
224		ext4_set_inode_flag(child, EXT4_INODE_ENCRYPT);
225		ext4_clear_inode_state(child, EXT4_STATE_MAY_INLINE_DATA);
226		res = ext4_get_encryption_info(child);
227	}
228	return res;
229}