3  * Encryption policy functions for per-file encryption support.
10  * Modified by Eric Biggers, 2019 for v2 policy support.
21  * @policy1: the first policy
22  * @policy2: the second policy
80 static bool supported_iv_ino_lblk_policy(const struct fscrypt_policy_v2 *policy,  in supported_iv_ino_lblk_policy()  argument
95 	if (policy->contents_encryption_mode != FSCRYPT_MODE_AES_256_XTS) {  in supported_iv_ino_lblk_policy()
97 			     "Can't use %s policy with contents mode other than AES-256-XTS",  in supported_iv_ino_lblk_policy()
109 			     "Can't use %s policy on filesystem '%s' because it doesn't have stable inode numbers",  in supported_iv_ino_lblk_policy()
117 			     "Can't use %s policy on filesystem '%s' because its inode numbers are too long",  in supported_iv_ino_lblk_policy()
123 			     "Can't use %s policy on filesystem '%s' because its block numbers are too long",  in supported_iv_ino_lblk_policy()
130 static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy,  in fscrypt_supported_v1_policy()  argument
133 	if (!fscrypt_valid_enc_modes(policy->contents_encryption_mode,  in fscrypt_supported_v1_policy()
134 				     policy->filenames_encryption_mode)) {  in fscrypt_supported_v1_policy()
137 			     policy->contents_encryption_mode,  in fscrypt_supported_v1_policy()
138 			     policy->filenames_encryption_mode);  in fscrypt_supported_v1_policy()
142 	if (policy->flags & ~(FSCRYPT_POLICY_FLAGS_PAD_MASK |  in fscrypt_supported_v1_policy()
145 			     policy->flags);  in fscrypt_supported_v1_policy()
149 	if ((policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) &&  in fscrypt_supported_v1_policy()
150 	    !supported_direct_key_modes(inode, policy->contents_encryption_mode,  in fscrypt_supported_v1_policy()
151 					policy->filenames_encryption_mode))  in fscrypt_supported_v1_policy()
164 static bool fscrypt_supported_v2_policy(const struct fscrypt_policy_v2 *policy,  in fscrypt_supported_v2_policy()  argument
169 	if (!fscrypt_valid_enc_modes(policy->contents_encryption_mode,  in fscrypt_supported_v2_policy()
170 				     policy->filenames_encryption_mode)) {  in fscrypt_supported_v2_policy()
173 			     policy->contents_encryption_mode,  in fscrypt_supported_v2_policy()
174 			     policy->filenames_encryption_mode);  in fscrypt_supported_v2_policy()
178 	if (policy->flags & ~(FSCRYPT_POLICY_FLAGS_PAD_MASK |  in fscrypt_supported_v2_policy()
183 			     policy->flags);  in fscrypt_supported_v2_policy()
187 	count += !!(policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY);  in fscrypt_supported_v2_policy()
188 	count += !!(policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64);  in fscrypt_supported_v2_policy()
189 	count += !!(policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32);  in fscrypt_supported_v2_policy()
192 			     policy->flags);  in fscrypt_supported_v2_policy()
196 	if ((policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) &&  in fscrypt_supported_v2_policy()
197 	    !supported_direct_key_modes(inode, policy->contents_encryption_mode,  in fscrypt_supported_v2_policy()
198 					policy->filenames_encryption_mode))  in fscrypt_supported_v2_policy()
201 	if ((policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64) &&  in fscrypt_supported_v2_policy()
202 	    !supported_iv_ino_lblk_policy(policy, inode, "IV_INO_LBLK_64",  in fscrypt_supported_v2_policy()
212 	if ((policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) &&  in fscrypt_supported_v2_policy()
213 	    !supported_iv_ino_lblk_policy(policy, inode, "IV_INO_LBLK_32",  in fscrypt_supported_v2_policy()
217 	if (memchr_inv(policy->__reserved, 0, sizeof(policy->__reserved))) {  in fscrypt_supported_v2_policy()
218 		fscrypt_warn(inode, "Reserved bits set in encryption policy");  in fscrypt_supported_v2_policy()
226  * fscrypt_supported_policy() - check whether an encryption policy is supported
227  * @policy_u: the encryption policy
228  * @inode: the inode on which the policy will be used
230  * Given an encryption policy, check whether all its encryption modes and other
252  * @policy_u: input policy
256  * encryption policy.  @nonce must be a new random nonce.
268 		const struct fscrypt_policy_v1 *policy = &policy_u->v1;  in fscrypt_new_context()  local
273 			policy->contents_encryption_mode;  in fscrypt_new_context()
275 			policy->filenames_encryption_mode;  in fscrypt_new_context()
276 		ctx->flags = policy->flags;  in fscrypt_new_context()
278 		       policy->master_key_descriptor,  in fscrypt_new_context()
284 		const struct fscrypt_policy_v2 *policy = &policy_u->v2;  in fscrypt_new_context()  local
289 			policy->contents_encryption_mode;  in fscrypt_new_context()
291 			policy->filenames_encryption_mode;  in fscrypt_new_context()
292 		ctx->flags = policy->flags;  in fscrypt_new_context()
294 		       policy->master_key_identifier,  in fscrypt_new_context()
306  * @policy_u: output policy
315  * This does *not* validate the settings within the policy itself, e.g. the
330 		struct fscrypt_policy_v1 *policy = &policy_u->v1;  in fscrypt_policy_from_context()  local
332 		policy->version = FSCRYPT_POLICY_V1;  in fscrypt_policy_from_context()
333 		policy->contents_encryption_mode =  in fscrypt_policy_from_context()
335 		policy->filenames_encryption_mode =  in fscrypt_policy_from_context()
337 		policy->flags = ctx->flags;  in fscrypt_policy_from_context()
338 		memcpy(policy->master_key_descriptor,  in fscrypt_policy_from_context()
340 		       sizeof(policy->master_key_descriptor));  in fscrypt_policy_from_context()
345 		struct fscrypt_policy_v2 *policy = &policy_u->v2;  in fscrypt_policy_from_context()  local
347 		policy->version = FSCRYPT_POLICY_V2;  in fscrypt_policy_from_context()
348 		policy->contents_encryption_mode =  in fscrypt_policy_from_context()
350 		policy->filenames_encryption_mode =  in fscrypt_policy_from_context()
352 		policy->flags = ctx->flags;  in fscrypt_policy_from_context()
353 		memcpy(policy->__reserved, ctx->__reserved,  in fscrypt_policy_from_context()
354 		       sizeof(policy->__reserved));  in fscrypt_policy_from_context()
355 		memcpy(policy->master_key_identifier,  in fscrypt_policy_from_context()
357 		       sizeof(policy->master_key_identifier));  in fscrypt_policy_from_context()
365 /* Retrieve an inode's encryption policy */
366 static int fscrypt_get_policy(struct inode *inode, union fscrypt_policy *policy)  in fscrypt_get_policy()  argument
374 		/* key available, use the cached policy */  in fscrypt_get_policy()
375 		*policy = ci->ci_policy;  in fscrypt_get_policy()
386 	return fscrypt_policy_from_context(policy, &ctx, ret);  in fscrypt_get_policy()
390 				 const union fscrypt_policy *policy)  in set_encryption_policy()  argument
397 	if (!fscrypt_supported_policy(policy, inode))  in set_encryption_policy()
400 	switch (policy->version) {  in set_encryption_policy()
403 		 * The original encryption policy version provided no way of  in set_encryption_policy()
407 		 * encryption policy version fixes this and also implies use of  in set_encryption_policy()
411 		 * policy version for all new encrypted directories.  in set_encryption_policy()
413 …pr_warn_once("%s (pid %d) is setting deprecated v1 encryption policy; recommend upgrading to v2.\n…  in set_encryption_policy()
418 					       policy->v2.master_key_identifier);  in set_encryption_policy()
421 		if (policy->v2.flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32)  in set_encryption_policy()
422 …pr_warn_once("%s (pid %d) is setting an IV_INO_LBLK_32 encryption policy.  This should only be use…  in set_encryption_policy()
431 	ctxsize = fscrypt_new_context(&ctx, policy, nonce);  in set_encryption_policy()
438 	union fscrypt_policy policy;  in fscrypt_ioctl_set_policy()  local
445 	if (get_user(policy.version, (const u8 __user *)arg))  in fscrypt_ioctl_set_policy()
448 	size = fscrypt_policy_size(&policy);  in fscrypt_ioctl_set_policy()
463 	version = policy.version;  in fscrypt_ioctl_set_policy()
464 	if (copy_from_user(&policy, arg, size))  in fscrypt_ioctl_set_policy()
466 	policy.version = version;  in fscrypt_ioctl_set_policy()
486 			ret = set_encryption_policy(inode, &policy);  in fscrypt_ioctl_set_policy()
488 		   (ret == 0 && !fscrypt_policies_equal(&policy,  in fscrypt_ioctl_set_policy()
490 		/* The file already uses a different encryption policy. */  in fscrypt_ioctl_set_policy()
501 /* Original ioctl version; can only get the original policy version */
504 	union fscrypt_policy policy;  in fscrypt_ioctl_get_policy()  local
507 	err = fscrypt_get_policy(file_inode(filp), &policy);  in fscrypt_ioctl_get_policy()
511 	if (policy.version != FSCRYPT_POLICY_V1)  in fscrypt_ioctl_get_policy()
514 	if (copy_to_user(arg, &policy, sizeof(policy.v1)))  in fscrypt_ioctl_get_policy()
524 	union fscrypt_policy *policy = (union fscrypt_policy *)&arg.policy;  in fscrypt_ioctl_get_policy_ex()  local
528 	/* arg is policy_size, then policy */  in fscrypt_ioctl_get_policy_ex()
531 		     offsetof(typeof(arg), policy));  in fscrypt_ioctl_get_policy_ex()
532 	BUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy));  in fscrypt_ioctl_get_policy_ex()
534 	err = fscrypt_get_policy(file_inode(filp), policy);  in fscrypt_ioctl_get_policy_ex()
537 	policy_size = fscrypt_policy_size(policy);  in fscrypt_ioctl_get_policy_ex()
572  * fscrypt_has_permitted_context() - is a file's encryption policy permitted
584  * same encryption policy.  The pre-access check is needed to detect potentially
610 	 * encryption policy.  Compare the fscrypt_info structs if the keys are  in fscrypt_has_permitted_context()
643  * Return the encryption policy that new files in the directory will inherit, or
700  * @dummy_policy: the filesystem's current dummy policy (input/output, see
704  * policy, saving it in @dummy_policy, and adding the corresponding dummy
709  * Return: 0 on success (dummy policy set, or the same policy is already set);
710  *         -EEXIST if a different dummy policy is already set;
718 	union fscrypt_policy *policy = NULL;  in fscrypt_set_test_dummy_encryption()  local
738 	policy = kzalloc(sizeof(*policy), GFP_KERNEL);  in fscrypt_set_test_dummy_encryption()
739 	if (!policy) {  in fscrypt_set_test_dummy_encryption()
748 	policy->version = version;  in fscrypt_set_test_dummy_encryption()
749 	switch (policy->version) {  in fscrypt_set_test_dummy_encryption()
751 		policy->v1.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS;  in fscrypt_set_test_dummy_encryption()
752 		policy->v1.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS;  in fscrypt_set_test_dummy_encryption()
753 		memcpy(policy->v1.master_key_descriptor, key_spec.u.descriptor,  in fscrypt_set_test_dummy_encryption()
757 		policy->v2.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS;  in fscrypt_set_test_dummy_encryption()
758 		policy->v2.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS;  in fscrypt_set_test_dummy_encryption()
759 		memcpy(policy->v2.master_key_identifier, key_spec.u.identifier,  in fscrypt_set_test_dummy_encryption()
768 	if (dummy_policy->policy) {  in fscrypt_set_test_dummy_encryption()
769 		if (fscrypt_policies_equal(policy, dummy_policy->policy))  in fscrypt_set_test_dummy_encryption()
775 	dummy_policy->policy = policy;  in fscrypt_set_test_dummy_encryption()
776 	policy = NULL;  in fscrypt_set_test_dummy_encryption()
779 	kfree(policy);  in fscrypt_set_test_dummy_encryption()
796 	const union fscrypt_policy *policy = fscrypt_get_dummy_policy(sb);  in fscrypt_show_test_dummy_encryption()  local
799 	if (!policy)  in fscrypt_show_test_dummy_encryption()
802 	vers = policy->version;  in fscrypt_show_test_dummy_encryption()