1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * Filesystem-level keyring for fscrypt |
4 | * |
5 | * Copyright 2019 Google LLC |
6 | */ |
7 | |
8 | /* |
9 | * This file implements management of fscrypt master keys in the |
10 | * filesystem-level keyring, including the ioctls: |
11 | * |
12 | * - FS_IOC_ADD_ENCRYPTION_KEY |
13 | * - FS_IOC_REMOVE_ENCRYPTION_KEY |
14 | * - FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS |
15 | * - FS_IOC_GET_ENCRYPTION_KEY_STATUS |
16 | * |
17 | * See the "User API" section of Documentation/filesystems/fscrypt.rst for more |
18 | * information about these ioctls. |
19 | */ |
20 | |
21 | #include <asm/unaligned.h> |
22 | #include <crypto/skcipher.h> |
23 | #include <linux/key-type.h> |
24 | #include <linux/random.h> |
25 | #include <linux/seq_file.h> |
26 | |
27 | #include "fscrypt_private.h" |
28 | |
29 | /* The master encryption keys for a filesystem (->s_master_keys) */ |
30 | struct fscrypt_keyring { |
31 | /* |
32 | * Lock that protects ->key_hashtable. It does *not* protect the |
33 | * fscrypt_master_key structs themselves. |
34 | */ |
35 | spinlock_t lock; |
36 | |
37 | /* Hash table that maps fscrypt_key_specifier to fscrypt_master_key */ |
38 | struct hlist_head key_hashtable[128]; |
39 | }; |
40 | |
41 | static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret) |
42 | { |
43 | fscrypt_destroy_hkdf(hkdf: &secret->hkdf); |
44 | memzero_explicit(s: secret, count: sizeof(*secret)); |
45 | } |
46 | |
47 | static void move_master_key_secret(struct fscrypt_master_key_secret *dst, |
48 | struct fscrypt_master_key_secret *src) |
49 | { |
50 | memcpy(dst, src, sizeof(*dst)); |
51 | memzero_explicit(s: src, count: sizeof(*src)); |
52 | } |
53 | |
54 | static void fscrypt_free_master_key(struct rcu_head *head) |
55 | { |
56 | struct fscrypt_master_key *mk = |
57 | container_of(head, struct fscrypt_master_key, mk_rcu_head); |
58 | /* |
59 | * The master key secret and any embedded subkeys should have already |
60 | * been wiped when the last active reference to the fscrypt_master_key |
61 | * struct was dropped; doing it here would be unnecessarily late. |
62 | * Nevertheless, use kfree_sensitive() in case anything was missed. |
63 | */ |
64 | kfree_sensitive(objp: mk); |
65 | } |
66 | |
67 | void fscrypt_put_master_key(struct fscrypt_master_key *mk) |
68 | { |
69 | if (!refcount_dec_and_test(r: &mk->mk_struct_refs)) |
70 | return; |
71 | /* |
72 | * No structural references left, so free ->mk_users, and also free the |
73 | * fscrypt_master_key struct itself after an RCU grace period ensures |
74 | * that concurrent keyring lookups can no longer find it. |
75 | */ |
76 | WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 0); |
77 | if (mk->mk_users) { |
78 | /* Clear the keyring so the quota gets released right away. */ |
79 | keyring_clear(keyring: mk->mk_users); |
80 | key_put(key: mk->mk_users); |
81 | mk->mk_users = NULL; |
82 | } |
83 | call_rcu(head: &mk->mk_rcu_head, func: fscrypt_free_master_key); |
84 | } |
85 | |
86 | void fscrypt_put_master_key_activeref(struct super_block *sb, |
87 | struct fscrypt_master_key *mk) |
88 | { |
89 | size_t i; |
90 | |
91 | if (!refcount_dec_and_test(r: &mk->mk_active_refs)) |
92 | return; |
93 | /* |
94 | * No active references left, so complete the full removal of this |
95 | * fscrypt_master_key struct by removing it from the keyring and |
96 | * destroying any subkeys embedded in it. |
97 | */ |
98 | |
99 | if (WARN_ON_ONCE(!sb->s_master_keys)) |
100 | return; |
101 | spin_lock(lock: &sb->s_master_keys->lock); |
102 | hlist_del_rcu(n: &mk->mk_node); |
103 | spin_unlock(lock: &sb->s_master_keys->lock); |
104 | |
105 | /* |
106 | * ->mk_active_refs == 0 implies that ->mk_present is false and |
107 | * ->mk_decrypted_inodes is empty. |
108 | */ |
109 | WARN_ON_ONCE(mk->mk_present); |
110 | WARN_ON_ONCE(!list_empty(&mk->mk_decrypted_inodes)); |
111 | |
112 | for (i = 0; i <= FSCRYPT_MODE_MAX; i++) { |
113 | fscrypt_destroy_prepared_key( |
114 | sb, prep_key: &mk->mk_direct_keys[i]); |
115 | fscrypt_destroy_prepared_key( |
116 | sb, prep_key: &mk->mk_iv_ino_lblk_64_keys[i]); |
117 | fscrypt_destroy_prepared_key( |
118 | sb, prep_key: &mk->mk_iv_ino_lblk_32_keys[i]); |
119 | } |
120 | memzero_explicit(s: &mk->mk_ino_hash_key, |
121 | count: sizeof(mk->mk_ino_hash_key)); |
122 | mk->mk_ino_hash_key_initialized = false; |
123 | |
124 | /* Drop the structural ref associated with the active refs. */ |
125 | fscrypt_put_master_key(mk); |
126 | } |
127 | |
128 | /* |
129 | * This transitions the key state from present to incompletely removed, and then |
130 | * potentially to absent (depending on whether inodes remain). |
131 | */ |
132 | static void fscrypt_initiate_key_removal(struct super_block *sb, |
133 | struct fscrypt_master_key *mk) |
134 | { |
135 | WRITE_ONCE(mk->mk_present, false); |
136 | wipe_master_key_secret(secret: &mk->mk_secret); |
137 | fscrypt_put_master_key_activeref(sb, mk); |
138 | } |
139 | |
140 | static inline bool valid_key_spec(const struct fscrypt_key_specifier *spec) |
141 | { |
142 | if (spec->__reserved) |
143 | return false; |
144 | return master_key_spec_len(spec) != 0; |
145 | } |
146 | |
147 | static int fscrypt_user_key_instantiate(struct key *key, |
148 | struct key_preparsed_payload *prep) |
149 | { |
150 | /* |
151 | * We just charge FSCRYPT_MAX_KEY_SIZE bytes to the user's key quota for |
152 | * each key, regardless of the exact key size. The amount of memory |
153 | * actually used is greater than the size of the raw key anyway. |
154 | */ |
155 | return key_payload_reserve(key, FSCRYPT_MAX_KEY_SIZE); |
156 | } |
157 | |
158 | static void fscrypt_user_key_describe(const struct key *key, struct seq_file *m) |
159 | { |
160 | seq_puts(m, s: key->description); |
161 | } |
162 | |
163 | /* |
164 | * Type of key in ->mk_users. Each key of this type represents a particular |
165 | * user who has added a particular master key. |
166 | * |
167 | * Note that the name of this key type really should be something like |
168 | * ".fscrypt-user" instead of simply ".fscrypt". But the shorter name is chosen |
169 | * mainly for simplicity of presentation in /proc/keys when read by a non-root |
170 | * user. And it is expected to be rare that a key is actually added by multiple |
171 | * users, since users should keep their encryption keys confidential. |
172 | */ |
173 | static struct key_type key_type_fscrypt_user = { |
174 | .name = ".fscrypt" , |
175 | .instantiate = fscrypt_user_key_instantiate, |
176 | .describe = fscrypt_user_key_describe, |
177 | }; |
178 | |
179 | #define FSCRYPT_MK_USERS_DESCRIPTION_SIZE \ |
180 | (CONST_STRLEN("fscrypt-") + 2 * FSCRYPT_KEY_IDENTIFIER_SIZE + \ |
181 | CONST_STRLEN("-users") + 1) |
182 | |
183 | #define FSCRYPT_MK_USER_DESCRIPTION_SIZE \ |
184 | (2 * FSCRYPT_KEY_IDENTIFIER_SIZE + CONST_STRLEN(".uid.") + 10 + 1) |
185 | |
186 | static void format_mk_users_keyring_description( |
187 | char description[FSCRYPT_MK_USERS_DESCRIPTION_SIZE], |
188 | const u8 mk_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]) |
189 | { |
190 | sprintf(buf: description, fmt: "fscrypt-%*phN-users" , |
191 | FSCRYPT_KEY_IDENTIFIER_SIZE, mk_identifier); |
192 | } |
193 | |
194 | static void format_mk_user_description( |
195 | char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE], |
196 | const u8 mk_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]) |
197 | { |
198 | |
199 | sprintf(buf: description, fmt: "%*phN.uid.%u" , FSCRYPT_KEY_IDENTIFIER_SIZE, |
200 | mk_identifier, __kuid_val(current_fsuid())); |
201 | } |
202 | |
203 | /* Create ->s_master_keys if needed. Synchronized by fscrypt_add_key_mutex. */ |
204 | static int allocate_filesystem_keyring(struct super_block *sb) |
205 | { |
206 | struct fscrypt_keyring *keyring; |
207 | |
208 | if (sb->s_master_keys) |
209 | return 0; |
210 | |
211 | keyring = kzalloc(size: sizeof(*keyring), GFP_KERNEL); |
212 | if (!keyring) |
213 | return -ENOMEM; |
214 | spin_lock_init(&keyring->lock); |
215 | /* |
216 | * Pairs with the smp_load_acquire() in fscrypt_find_master_key(). |
217 | * I.e., here we publish ->s_master_keys with a RELEASE barrier so that |
218 | * concurrent tasks can ACQUIRE it. |
219 | */ |
220 | smp_store_release(&sb->s_master_keys, keyring); |
221 | return 0; |
222 | } |
223 | |
224 | /* |
225 | * Release all encryption keys that have been added to the filesystem, along |
226 | * with the keyring that contains them. |
227 | * |
228 | * This is called at unmount time, after all potentially-encrypted inodes have |
229 | * been evicted. The filesystem's underlying block device(s) are still |
230 | * available at this time; this is important because after user file accesses |
231 | * have been allowed, this function may need to evict keys from the keyslots of |
232 | * an inline crypto engine, which requires the block device(s). |
233 | */ |
234 | void fscrypt_destroy_keyring(struct super_block *sb) |
235 | { |
236 | struct fscrypt_keyring *keyring = sb->s_master_keys; |
237 | size_t i; |
238 | |
239 | if (!keyring) |
240 | return; |
241 | |
242 | for (i = 0; i < ARRAY_SIZE(keyring->key_hashtable); i++) { |
243 | struct hlist_head *bucket = &keyring->key_hashtable[i]; |
244 | struct fscrypt_master_key *mk; |
245 | struct hlist_node *tmp; |
246 | |
247 | hlist_for_each_entry_safe(mk, tmp, bucket, mk_node) { |
248 | /* |
249 | * Since all potentially-encrypted inodes were already |
250 | * evicted, every key remaining in the keyring should |
251 | * have an empty inode list, and should only still be in |
252 | * the keyring due to the single active ref associated |
253 | * with ->mk_present. There should be no structural |
254 | * refs beyond the one associated with the active ref. |
255 | */ |
256 | WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 1); |
257 | WARN_ON_ONCE(refcount_read(&mk->mk_struct_refs) != 1); |
258 | WARN_ON_ONCE(!mk->mk_present); |
259 | fscrypt_initiate_key_removal(sb, mk); |
260 | } |
261 | } |
262 | kfree_sensitive(objp: keyring); |
263 | sb->s_master_keys = NULL; |
264 | } |
265 | |
266 | static struct hlist_head * |
267 | fscrypt_mk_hash_bucket(struct fscrypt_keyring *keyring, |
268 | const struct fscrypt_key_specifier *mk_spec) |
269 | { |
270 | /* |
271 | * Since key specifiers should be "random" values, it is sufficient to |
272 | * use a trivial hash function that just takes the first several bits of |
273 | * the key specifier. |
274 | */ |
275 | unsigned long i = get_unaligned((unsigned long *)&mk_spec->u); |
276 | |
277 | return &keyring->key_hashtable[i % ARRAY_SIZE(keyring->key_hashtable)]; |
278 | } |
279 | |
280 | /* |
281 | * Find the specified master key struct in ->s_master_keys and take a structural |
282 | * ref to it. The structural ref guarantees that the key struct continues to |
283 | * exist, but it does *not* guarantee that ->s_master_keys continues to contain |
284 | * the key struct. The structural ref needs to be dropped by |
285 | * fscrypt_put_master_key(). Returns NULL if the key struct is not found. |
286 | */ |
287 | struct fscrypt_master_key * |
288 | fscrypt_find_master_key(struct super_block *sb, |
289 | const struct fscrypt_key_specifier *mk_spec) |
290 | { |
291 | struct fscrypt_keyring *keyring; |
292 | struct hlist_head *bucket; |
293 | struct fscrypt_master_key *mk; |
294 | |
295 | /* |
296 | * Pairs with the smp_store_release() in allocate_filesystem_keyring(). |
297 | * I.e., another task can publish ->s_master_keys concurrently, |
298 | * executing a RELEASE barrier. We need to use smp_load_acquire() here |
299 | * to safely ACQUIRE the memory the other task published. |
300 | */ |
301 | keyring = smp_load_acquire(&sb->s_master_keys); |
302 | if (keyring == NULL) |
303 | return NULL; /* No keyring yet, so no keys yet. */ |
304 | |
305 | bucket = fscrypt_mk_hash_bucket(keyring, mk_spec); |
306 | rcu_read_lock(); |
307 | switch (mk_spec->type) { |
308 | case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR: |
309 | hlist_for_each_entry_rcu(mk, bucket, mk_node) { |
310 | if (mk->mk_spec.type == |
311 | FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR && |
312 | memcmp(p: mk->mk_spec.u.descriptor, |
313 | q: mk_spec->u.descriptor, |
314 | FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && |
315 | refcount_inc_not_zero(r: &mk->mk_struct_refs)) |
316 | goto out; |
317 | } |
318 | break; |
319 | case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER: |
320 | hlist_for_each_entry_rcu(mk, bucket, mk_node) { |
321 | if (mk->mk_spec.type == |
322 | FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER && |
323 | memcmp(p: mk->mk_spec.u.identifier, |
324 | q: mk_spec->u.identifier, |
325 | FSCRYPT_KEY_IDENTIFIER_SIZE) == 0 && |
326 | refcount_inc_not_zero(r: &mk->mk_struct_refs)) |
327 | goto out; |
328 | } |
329 | break; |
330 | } |
331 | mk = NULL; |
332 | out: |
333 | rcu_read_unlock(); |
334 | return mk; |
335 | } |
336 | |
337 | static int allocate_master_key_users_keyring(struct fscrypt_master_key *mk) |
338 | { |
339 | char description[FSCRYPT_MK_USERS_DESCRIPTION_SIZE]; |
340 | struct key *keyring; |
341 | |
342 | format_mk_users_keyring_description(description, |
343 | mk_identifier: mk->mk_spec.u.identifier); |
344 | keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, |
345 | current_cred(), KEY_POS_SEARCH | |
346 | KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW, |
347 | KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); |
348 | if (IS_ERR(keyring)) |
349 | return PTR_ERR(keyring); |
350 | |
351 | mk->mk_users = keyring; |
352 | return 0; |
353 | } |
354 | |
355 | /* |
356 | * Find the current user's "key" in the master key's ->mk_users. |
357 | * Returns ERR_PTR(-ENOKEY) if not found. |
358 | */ |
359 | static struct key *find_master_key_user(struct fscrypt_master_key *mk) |
360 | { |
361 | char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE]; |
362 | key_ref_t keyref; |
363 | |
364 | format_mk_user_description(description, mk_identifier: mk->mk_spec.u.identifier); |
365 | |
366 | /* |
367 | * We need to mark the keyring reference as "possessed" so that we |
368 | * acquire permission to search it, via the KEY_POS_SEARCH permission. |
369 | */ |
370 | keyref = keyring_search(keyring: make_key_ref(key: mk->mk_users, possession: true /*possessed*/), |
371 | type: &key_type_fscrypt_user, description, recurse: false); |
372 | if (IS_ERR(ptr: keyref)) { |
373 | if (PTR_ERR(ptr: keyref) == -EAGAIN || /* not found */ |
374 | PTR_ERR(ptr: keyref) == -EKEYREVOKED) /* recently invalidated */ |
375 | keyref = ERR_PTR(error: -ENOKEY); |
376 | return ERR_CAST(ptr: keyref); |
377 | } |
378 | return key_ref_to_ptr(key_ref: keyref); |
379 | } |
380 | |
381 | /* |
382 | * Give the current user a "key" in ->mk_users. This charges the user's quota |
383 | * and marks the master key as added by the current user, so that it cannot be |
384 | * removed by another user with the key. Either ->mk_sem must be held for |
385 | * write, or the master key must be still undergoing initialization. |
386 | */ |
387 | static int add_master_key_user(struct fscrypt_master_key *mk) |
388 | { |
389 | char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE]; |
390 | struct key *mk_user; |
391 | int err; |
392 | |
393 | format_mk_user_description(description, mk_identifier: mk->mk_spec.u.identifier); |
394 | mk_user = key_alloc(type: &key_type_fscrypt_user, desc: description, |
395 | current_fsuid(), current_gid(), current_cred(), |
396 | KEY_POS_SEARCH | KEY_USR_VIEW, flags: 0, NULL); |
397 | if (IS_ERR(ptr: mk_user)) |
398 | return PTR_ERR(ptr: mk_user); |
399 | |
400 | err = key_instantiate_and_link(key: mk_user, NULL, datalen: 0, keyring: mk->mk_users, NULL); |
401 | key_put(key: mk_user); |
402 | return err; |
403 | } |
404 | |
405 | /* |
406 | * Remove the current user's "key" from ->mk_users. |
407 | * ->mk_sem must be held for write. |
408 | * |
409 | * Returns 0 if removed, -ENOKEY if not found, or another -errno code. |
410 | */ |
411 | static int remove_master_key_user(struct fscrypt_master_key *mk) |
412 | { |
413 | struct key *mk_user; |
414 | int err; |
415 | |
416 | mk_user = find_master_key_user(mk); |
417 | if (IS_ERR(ptr: mk_user)) |
418 | return PTR_ERR(ptr: mk_user); |
419 | err = key_unlink(keyring: mk->mk_users, key: mk_user); |
420 | key_put(key: mk_user); |
421 | return err; |
422 | } |
423 | |
424 | /* |
425 | * Allocate a new fscrypt_master_key, transfer the given secret over to it, and |
426 | * insert it into sb->s_master_keys. |
427 | */ |
428 | static int add_new_master_key(struct super_block *sb, |
429 | struct fscrypt_master_key_secret *secret, |
430 | const struct fscrypt_key_specifier *mk_spec) |
431 | { |
432 | struct fscrypt_keyring *keyring = sb->s_master_keys; |
433 | struct fscrypt_master_key *mk; |
434 | int err; |
435 | |
436 | mk = kzalloc(size: sizeof(*mk), GFP_KERNEL); |
437 | if (!mk) |
438 | return -ENOMEM; |
439 | |
440 | init_rwsem(&mk->mk_sem); |
441 | refcount_set(r: &mk->mk_struct_refs, n: 1); |
442 | mk->mk_spec = *mk_spec; |
443 | |
444 | INIT_LIST_HEAD(list: &mk->mk_decrypted_inodes); |
445 | spin_lock_init(&mk->mk_decrypted_inodes_lock); |
446 | |
447 | if (mk_spec->type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER) { |
448 | err = allocate_master_key_users_keyring(mk); |
449 | if (err) |
450 | goto out_put; |
451 | err = add_master_key_user(mk); |
452 | if (err) |
453 | goto out_put; |
454 | } |
455 | |
456 | move_master_key_secret(dst: &mk->mk_secret, src: secret); |
457 | mk->mk_present = true; |
458 | refcount_set(r: &mk->mk_active_refs, n: 1); /* ->mk_present is true */ |
459 | |
460 | spin_lock(lock: &keyring->lock); |
461 | hlist_add_head_rcu(n: &mk->mk_node, |
462 | h: fscrypt_mk_hash_bucket(keyring, mk_spec)); |
463 | spin_unlock(lock: &keyring->lock); |
464 | return 0; |
465 | |
466 | out_put: |
467 | fscrypt_put_master_key(mk); |
468 | return err; |
469 | } |
470 | |
471 | #define KEY_DEAD 1 |
472 | |
473 | static int add_existing_master_key(struct fscrypt_master_key *mk, |
474 | struct fscrypt_master_key_secret *secret) |
475 | { |
476 | int err; |
477 | |
478 | /* |
479 | * If the current user is already in ->mk_users, then there's nothing to |
480 | * do. Otherwise, we need to add the user to ->mk_users. (Neither is |
481 | * applicable for v1 policy keys, which have NULL ->mk_users.) |
482 | */ |
483 | if (mk->mk_users) { |
484 | struct key *mk_user = find_master_key_user(mk); |
485 | |
486 | if (mk_user != ERR_PTR(error: -ENOKEY)) { |
487 | if (IS_ERR(ptr: mk_user)) |
488 | return PTR_ERR(ptr: mk_user); |
489 | key_put(key: mk_user); |
490 | return 0; |
491 | } |
492 | err = add_master_key_user(mk); |
493 | if (err) |
494 | return err; |
495 | } |
496 | |
497 | /* If the key is incompletely removed, make it present again. */ |
498 | if (!mk->mk_present) { |
499 | if (!refcount_inc_not_zero(r: &mk->mk_active_refs)) { |
500 | /* |
501 | * Raced with the last active ref being dropped, so the |
502 | * key has become, or is about to become, "absent". |
503 | * Therefore, we need to allocate a new key struct. |
504 | */ |
505 | return KEY_DEAD; |
506 | } |
507 | move_master_key_secret(dst: &mk->mk_secret, src: secret); |
508 | WRITE_ONCE(mk->mk_present, true); |
509 | } |
510 | |
511 | return 0; |
512 | } |
513 | |
514 | static int do_add_master_key(struct super_block *sb, |
515 | struct fscrypt_master_key_secret *secret, |
516 | const struct fscrypt_key_specifier *mk_spec) |
517 | { |
518 | static DEFINE_MUTEX(fscrypt_add_key_mutex); |
519 | struct fscrypt_master_key *mk; |
520 | int err; |
521 | |
522 | mutex_lock(&fscrypt_add_key_mutex); /* serialize find + link */ |
523 | |
524 | mk = fscrypt_find_master_key(sb, mk_spec); |
525 | if (!mk) { |
526 | /* Didn't find the key in ->s_master_keys. Add it. */ |
527 | err = allocate_filesystem_keyring(sb); |
528 | if (!err) |
529 | err = add_new_master_key(sb, secret, mk_spec); |
530 | } else { |
531 | /* |
532 | * Found the key in ->s_master_keys. Add the user to ->mk_users |
533 | * if needed, and make the key "present" again if possible. |
534 | */ |
535 | down_write(sem: &mk->mk_sem); |
536 | err = add_existing_master_key(mk, secret); |
537 | up_write(sem: &mk->mk_sem); |
538 | if (err == KEY_DEAD) { |
539 | /* |
540 | * We found a key struct, but it's already been fully |
541 | * removed. Ignore the old struct and add a new one. |
542 | * fscrypt_add_key_mutex means we don't need to worry |
543 | * about concurrent adds. |
544 | */ |
545 | err = add_new_master_key(sb, secret, mk_spec); |
546 | } |
547 | fscrypt_put_master_key(mk); |
548 | } |
549 | mutex_unlock(lock: &fscrypt_add_key_mutex); |
550 | return err; |
551 | } |
552 | |
553 | static int add_master_key(struct super_block *sb, |
554 | struct fscrypt_master_key_secret *secret, |
555 | struct fscrypt_key_specifier *key_spec) |
556 | { |
557 | int err; |
558 | |
559 | if (key_spec->type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER) { |
560 | err = fscrypt_init_hkdf(hkdf: &secret->hkdf, master_key: secret->raw, |
561 | master_key_size: secret->size); |
562 | if (err) |
563 | return err; |
564 | |
565 | /* |
566 | * Now that the HKDF context is initialized, the raw key is no |
567 | * longer needed. |
568 | */ |
569 | memzero_explicit(s: secret->raw, count: secret->size); |
570 | |
571 | /* Calculate the key identifier */ |
572 | err = fscrypt_hkdf_expand(hkdf: &secret->hkdf, |
573 | HKDF_CONTEXT_KEY_IDENTIFIER, NULL, infolen: 0, |
574 | okm: key_spec->u.identifier, |
575 | FSCRYPT_KEY_IDENTIFIER_SIZE); |
576 | if (err) |
577 | return err; |
578 | } |
579 | return do_add_master_key(sb, secret, mk_spec: key_spec); |
580 | } |
581 | |
582 | static int fscrypt_provisioning_key_preparse(struct key_preparsed_payload *prep) |
583 | { |
584 | const struct fscrypt_provisioning_key_payload *payload = prep->data; |
585 | |
586 | if (prep->datalen < sizeof(*payload) + FSCRYPT_MIN_KEY_SIZE || |
587 | prep->datalen > sizeof(*payload) + FSCRYPT_MAX_KEY_SIZE) |
588 | return -EINVAL; |
589 | |
590 | if (payload->type != FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR && |
591 | payload->type != FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER) |
592 | return -EINVAL; |
593 | |
594 | if (payload->__reserved) |
595 | return -EINVAL; |
596 | |
597 | prep->payload.data[0] = kmemdup(p: payload, size: prep->datalen, GFP_KERNEL); |
598 | if (!prep->payload.data[0]) |
599 | return -ENOMEM; |
600 | |
601 | prep->quotalen = prep->datalen; |
602 | return 0; |
603 | } |
604 | |
605 | static void fscrypt_provisioning_key_free_preparse( |
606 | struct key_preparsed_payload *prep) |
607 | { |
608 | kfree_sensitive(objp: prep->payload.data[0]); |
609 | } |
610 | |
611 | static void fscrypt_provisioning_key_describe(const struct key *key, |
612 | struct seq_file *m) |
613 | { |
614 | seq_puts(m, s: key->description); |
615 | if (key_is_positive(key)) { |
616 | const struct fscrypt_provisioning_key_payload *payload = |
617 | key->payload.data[0]; |
618 | |
619 | seq_printf(m, fmt: ": %u [%u]" , key->datalen, payload->type); |
620 | } |
621 | } |
622 | |
623 | static void fscrypt_provisioning_key_destroy(struct key *key) |
624 | { |
625 | kfree_sensitive(objp: key->payload.data[0]); |
626 | } |
627 | |
628 | static struct key_type key_type_fscrypt_provisioning = { |
629 | .name = "fscrypt-provisioning" , |
630 | .preparse = fscrypt_provisioning_key_preparse, |
631 | .free_preparse = fscrypt_provisioning_key_free_preparse, |
632 | .instantiate = generic_key_instantiate, |
633 | .describe = fscrypt_provisioning_key_describe, |
634 | .destroy = fscrypt_provisioning_key_destroy, |
635 | }; |
636 | |
637 | /* |
638 | * Retrieve the raw key from the Linux keyring key specified by 'key_id', and |
639 | * store it into 'secret'. |
640 | * |
641 | * The key must be of type "fscrypt-provisioning" and must have the field |
642 | * fscrypt_provisioning_key_payload::type set to 'type', indicating that it's |
643 | * only usable with fscrypt with the particular KDF version identified by |
644 | * 'type'. We don't use the "logon" key type because there's no way to |
645 | * completely restrict the use of such keys; they can be used by any kernel API |
646 | * that accepts "logon" keys and doesn't require a specific service prefix. |
647 | * |
648 | * The ability to specify the key via Linux keyring key is intended for cases |
649 | * where userspace needs to re-add keys after the filesystem is unmounted and |
650 | * re-mounted. Most users should just provide the raw key directly instead. |
651 | */ |
652 | static int get_keyring_key(u32 key_id, u32 type, |
653 | struct fscrypt_master_key_secret *secret) |
654 | { |
655 | key_ref_t ref; |
656 | struct key *key; |
657 | const struct fscrypt_provisioning_key_payload *payload; |
658 | int err; |
659 | |
660 | ref = lookup_user_key(id: key_id, flags: 0, need_perm: KEY_NEED_SEARCH); |
661 | if (IS_ERR(ptr: ref)) |
662 | return PTR_ERR(ptr: ref); |
663 | key = key_ref_to_ptr(key_ref: ref); |
664 | |
665 | if (key->type != &key_type_fscrypt_provisioning) |
666 | goto bad_key; |
667 | payload = key->payload.data[0]; |
668 | |
669 | /* Don't allow fscrypt v1 keys to be used as v2 keys and vice versa. */ |
670 | if (payload->type != type) |
671 | goto bad_key; |
672 | |
673 | secret->size = key->datalen - sizeof(*payload); |
674 | memcpy(secret->raw, payload->raw, secret->size); |
675 | err = 0; |
676 | goto out_put; |
677 | |
678 | bad_key: |
679 | err = -EKEYREJECTED; |
680 | out_put: |
681 | key_ref_put(key_ref: ref); |
682 | return err; |
683 | } |
684 | |
685 | /* |
686 | * Add a master encryption key to the filesystem, causing all files which were |
687 | * encrypted with it to appear "unlocked" (decrypted) when accessed. |
688 | * |
689 | * When adding a key for use by v1 encryption policies, this ioctl is |
690 | * privileged, and userspace must provide the 'key_descriptor'. |
691 | * |
692 | * When adding a key for use by v2+ encryption policies, this ioctl is |
693 | * unprivileged. This is needed, in general, to allow non-root users to use |
694 | * encryption without encountering the visibility problems of process-subscribed |
695 | * keyrings and the inability to properly remove keys. This works by having |
696 | * each key identified by its cryptographically secure hash --- the |
697 | * 'key_identifier'. The cryptographic hash ensures that a malicious user |
698 | * cannot add the wrong key for a given identifier. Furthermore, each added key |
699 | * is charged to the appropriate user's quota for the keyrings service, which |
700 | * prevents a malicious user from adding too many keys. Finally, we forbid a |
701 | * user from removing a key while other users have added it too, which prevents |
702 | * a user who knows another user's key from causing a denial-of-service by |
703 | * removing it at an inopportune time. (We tolerate that a user who knows a key |
704 | * can prevent other users from removing it.) |
705 | * |
706 | * For more details, see the "FS_IOC_ADD_ENCRYPTION_KEY" section of |
707 | * Documentation/filesystems/fscrypt.rst. |
708 | */ |
709 | int fscrypt_ioctl_add_key(struct file *filp, void __user *_uarg) |
710 | { |
711 | struct super_block *sb = file_inode(f: filp)->i_sb; |
712 | struct fscrypt_add_key_arg __user *uarg = _uarg; |
713 | struct fscrypt_add_key_arg arg; |
714 | struct fscrypt_master_key_secret secret; |
715 | int err; |
716 | |
717 | if (copy_from_user(to: &arg, from: uarg, n: sizeof(arg))) |
718 | return -EFAULT; |
719 | |
720 | if (!valid_key_spec(spec: &arg.key_spec)) |
721 | return -EINVAL; |
722 | |
723 | if (memchr_inv(p: arg.__reserved, c: 0, size: sizeof(arg.__reserved))) |
724 | return -EINVAL; |
725 | |
726 | /* |
727 | * Only root can add keys that are identified by an arbitrary descriptor |
728 | * rather than by a cryptographic hash --- since otherwise a malicious |
729 | * user could add the wrong key. |
730 | */ |
731 | if (arg.key_spec.type == FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR && |
732 | !capable(CAP_SYS_ADMIN)) |
733 | return -EACCES; |
734 | |
735 | memset(&secret, 0, sizeof(secret)); |
736 | if (arg.key_id) { |
737 | if (arg.raw_size != 0) |
738 | return -EINVAL; |
739 | err = get_keyring_key(key_id: arg.key_id, type: arg.key_spec.type, secret: &secret); |
740 | if (err) |
741 | goto out_wipe_secret; |
742 | } else { |
743 | if (arg.raw_size < FSCRYPT_MIN_KEY_SIZE || |
744 | arg.raw_size > FSCRYPT_MAX_KEY_SIZE) |
745 | return -EINVAL; |
746 | secret.size = arg.raw_size; |
747 | err = -EFAULT; |
748 | if (copy_from_user(to: secret.raw, from: uarg->raw, n: secret.size)) |
749 | goto out_wipe_secret; |
750 | } |
751 | |
752 | err = add_master_key(sb, secret: &secret, key_spec: &arg.key_spec); |
753 | if (err) |
754 | goto out_wipe_secret; |
755 | |
756 | /* Return the key identifier to userspace, if applicable */ |
757 | err = -EFAULT; |
758 | if (arg.key_spec.type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER && |
759 | copy_to_user(to: uarg->key_spec.u.identifier, from: arg.key_spec.u.identifier, |
760 | FSCRYPT_KEY_IDENTIFIER_SIZE)) |
761 | goto out_wipe_secret; |
762 | err = 0; |
763 | out_wipe_secret: |
764 | wipe_master_key_secret(secret: &secret); |
765 | return err; |
766 | } |
767 | EXPORT_SYMBOL_GPL(fscrypt_ioctl_add_key); |
768 | |
769 | static void |
770 | fscrypt_get_test_dummy_secret(struct fscrypt_master_key_secret *secret) |
771 | { |
772 | static u8 test_key[FSCRYPT_MAX_KEY_SIZE]; |
773 | |
774 | get_random_once(test_key, FSCRYPT_MAX_KEY_SIZE); |
775 | |
776 | memset(secret, 0, sizeof(*secret)); |
777 | secret->size = FSCRYPT_MAX_KEY_SIZE; |
778 | memcpy(secret->raw, test_key, FSCRYPT_MAX_KEY_SIZE); |
779 | } |
780 | |
781 | int fscrypt_get_test_dummy_key_identifier( |
782 | u8 key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]) |
783 | { |
784 | struct fscrypt_master_key_secret secret; |
785 | int err; |
786 | |
787 | fscrypt_get_test_dummy_secret(secret: &secret); |
788 | |
789 | err = fscrypt_init_hkdf(hkdf: &secret.hkdf, master_key: secret.raw, master_key_size: secret.size); |
790 | if (err) |
791 | goto out; |
792 | err = fscrypt_hkdf_expand(hkdf: &secret.hkdf, HKDF_CONTEXT_KEY_IDENTIFIER, |
793 | NULL, infolen: 0, okm: key_identifier, |
794 | FSCRYPT_KEY_IDENTIFIER_SIZE); |
795 | out: |
796 | wipe_master_key_secret(secret: &secret); |
797 | return err; |
798 | } |
799 | |
800 | /** |
801 | * fscrypt_add_test_dummy_key() - add the test dummy encryption key |
802 | * @sb: the filesystem instance to add the key to |
803 | * @key_spec: the key specifier of the test dummy encryption key |
804 | * |
805 | * Add the key for the test_dummy_encryption mount option to the filesystem. To |
806 | * prevent misuse of this mount option, a per-boot random key is used instead of |
807 | * a hardcoded one. This makes it so that any encrypted files created using |
808 | * this option won't be accessible after a reboot. |
809 | * |
810 | * Return: 0 on success, -errno on failure |
811 | */ |
812 | int fscrypt_add_test_dummy_key(struct super_block *sb, |
813 | struct fscrypt_key_specifier *key_spec) |
814 | { |
815 | struct fscrypt_master_key_secret secret; |
816 | int err; |
817 | |
818 | fscrypt_get_test_dummy_secret(secret: &secret); |
819 | err = add_master_key(sb, secret: &secret, key_spec); |
820 | wipe_master_key_secret(secret: &secret); |
821 | return err; |
822 | } |
823 | |
824 | /* |
825 | * Verify that the current user has added a master key with the given identifier |
826 | * (returns -ENOKEY if not). This is needed to prevent a user from encrypting |
827 | * their files using some other user's key which they don't actually know. |
828 | * Cryptographically this isn't much of a problem, but the semantics of this |
829 | * would be a bit weird, so it's best to just forbid it. |
830 | * |
831 | * The system administrator (CAP_FOWNER) can override this, which should be |
832 | * enough for any use cases where encryption policies are being set using keys |
833 | * that were chosen ahead of time but aren't available at the moment. |
834 | * |
835 | * Note that the key may have already removed by the time this returns, but |
836 | * that's okay; we just care whether the key was there at some point. |
837 | * |
838 | * Return: 0 if the key is added, -ENOKEY if it isn't, or another -errno code |
839 | */ |
840 | int fscrypt_verify_key_added(struct super_block *sb, |
841 | const u8 identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]) |
842 | { |
843 | struct fscrypt_key_specifier mk_spec; |
844 | struct fscrypt_master_key *mk; |
845 | struct key *mk_user; |
846 | int err; |
847 | |
848 | mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER; |
849 | memcpy(mk_spec.u.identifier, identifier, FSCRYPT_KEY_IDENTIFIER_SIZE); |
850 | |
851 | mk = fscrypt_find_master_key(sb, mk_spec: &mk_spec); |
852 | if (!mk) { |
853 | err = -ENOKEY; |
854 | goto out; |
855 | } |
856 | down_read(sem: &mk->mk_sem); |
857 | mk_user = find_master_key_user(mk); |
858 | if (IS_ERR(ptr: mk_user)) { |
859 | err = PTR_ERR(ptr: mk_user); |
860 | } else { |
861 | key_put(key: mk_user); |
862 | err = 0; |
863 | } |
864 | up_read(sem: &mk->mk_sem); |
865 | fscrypt_put_master_key(mk); |
866 | out: |
867 | if (err == -ENOKEY && capable(CAP_FOWNER)) |
868 | err = 0; |
869 | return err; |
870 | } |
871 | |
872 | /* |
873 | * Try to evict the inode's dentries from the dentry cache. If the inode is a |
874 | * directory, then it can have at most one dentry; however, that dentry may be |
875 | * pinned by child dentries, so first try to evict the children too. |
876 | */ |
877 | static void shrink_dcache_inode(struct inode *inode) |
878 | { |
879 | struct dentry *dentry; |
880 | |
881 | if (S_ISDIR(inode->i_mode)) { |
882 | dentry = d_find_any_alias(inode); |
883 | if (dentry) { |
884 | shrink_dcache_parent(dentry); |
885 | dput(dentry); |
886 | } |
887 | } |
888 | d_prune_aliases(inode); |
889 | } |
890 | |
891 | static void evict_dentries_for_decrypted_inodes(struct fscrypt_master_key *mk) |
892 | { |
893 | struct fscrypt_inode_info *ci; |
894 | struct inode *inode; |
895 | struct inode *toput_inode = NULL; |
896 | |
897 | spin_lock(lock: &mk->mk_decrypted_inodes_lock); |
898 | |
899 | list_for_each_entry(ci, &mk->mk_decrypted_inodes, ci_master_key_link) { |
900 | inode = ci->ci_inode; |
901 | spin_lock(lock: &inode->i_lock); |
902 | if (inode->i_state & (I_FREEING | I_WILL_FREE | I_NEW)) { |
903 | spin_unlock(lock: &inode->i_lock); |
904 | continue; |
905 | } |
906 | __iget(inode); |
907 | spin_unlock(lock: &inode->i_lock); |
908 | spin_unlock(lock: &mk->mk_decrypted_inodes_lock); |
909 | |
910 | shrink_dcache_inode(inode); |
911 | iput(toput_inode); |
912 | toput_inode = inode; |
913 | |
914 | spin_lock(lock: &mk->mk_decrypted_inodes_lock); |
915 | } |
916 | |
917 | spin_unlock(lock: &mk->mk_decrypted_inodes_lock); |
918 | iput(toput_inode); |
919 | } |
920 | |
921 | static int check_for_busy_inodes(struct super_block *sb, |
922 | struct fscrypt_master_key *mk) |
923 | { |
924 | struct list_head *pos; |
925 | size_t busy_count = 0; |
926 | unsigned long ino; |
927 | char ino_str[50] = "" ; |
928 | |
929 | spin_lock(lock: &mk->mk_decrypted_inodes_lock); |
930 | |
931 | list_for_each(pos, &mk->mk_decrypted_inodes) |
932 | busy_count++; |
933 | |
934 | if (busy_count == 0) { |
935 | spin_unlock(lock: &mk->mk_decrypted_inodes_lock); |
936 | return 0; |
937 | } |
938 | |
939 | { |
940 | /* select an example file to show for debugging purposes */ |
941 | struct inode *inode = |
942 | list_first_entry(&mk->mk_decrypted_inodes, |
943 | struct fscrypt_inode_info, |
944 | ci_master_key_link)->ci_inode; |
945 | ino = inode->i_ino; |
946 | } |
947 | spin_unlock(lock: &mk->mk_decrypted_inodes_lock); |
948 | |
949 | /* If the inode is currently being created, ino may still be 0. */ |
950 | if (ino) |
951 | snprintf(buf: ino_str, size: sizeof(ino_str), fmt: ", including ino %lu" , ino); |
952 | |
953 | fscrypt_warn(NULL, |
954 | "%s: %zu inode(s) still busy after removing key with %s %*phN%s" , |
955 | sb->s_id, busy_count, master_key_spec_type(&mk->mk_spec), |
956 | master_key_spec_len(&mk->mk_spec), (u8 *)&mk->mk_spec.u, |
957 | ino_str); |
958 | return -EBUSY; |
959 | } |
960 | |
961 | static int try_to_lock_encrypted_files(struct super_block *sb, |
962 | struct fscrypt_master_key *mk) |
963 | { |
964 | int err1; |
965 | int err2; |
966 | |
967 | /* |
968 | * An inode can't be evicted while it is dirty or has dirty pages. |
969 | * Thus, we first have to clean the inodes in ->mk_decrypted_inodes. |
970 | * |
971 | * Just do it the easy way: call sync_filesystem(). It's overkill, but |
972 | * it works, and it's more important to minimize the amount of caches we |
973 | * drop than the amount of data we sync. Also, unprivileged users can |
974 | * already call sync_filesystem() via sys_syncfs() or sys_sync(). |
975 | */ |
976 | down_read(sem: &sb->s_umount); |
977 | err1 = sync_filesystem(sb); |
978 | up_read(sem: &sb->s_umount); |
979 | /* If a sync error occurs, still try to evict as much as possible. */ |
980 | |
981 | /* |
982 | * Inodes are pinned by their dentries, so we have to evict their |
983 | * dentries. shrink_dcache_sb() would suffice, but would be overkill |
984 | * and inappropriate for use by unprivileged users. So instead go |
985 | * through the inodes' alias lists and try to evict each dentry. |
986 | */ |
987 | evict_dentries_for_decrypted_inodes(mk); |
988 | |
989 | /* |
990 | * evict_dentries_for_decrypted_inodes() already iput() each inode in |
991 | * the list; any inodes for which that dropped the last reference will |
992 | * have been evicted due to fscrypt_drop_inode() detecting the key |
993 | * removal and telling the VFS to evict the inode. So to finish, we |
994 | * just need to check whether any inodes couldn't be evicted. |
995 | */ |
996 | err2 = check_for_busy_inodes(sb, mk); |
997 | |
998 | return err1 ?: err2; |
999 | } |
1000 | |
1001 | /* |
1002 | * Try to remove an fscrypt master encryption key. |
1003 | * |
1004 | * FS_IOC_REMOVE_ENCRYPTION_KEY (all_users=false) removes the current user's |
1005 | * claim to the key, then removes the key itself if no other users have claims. |
1006 | * FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS (all_users=true) always removes the |
1007 | * key itself. |
1008 | * |
1009 | * To "remove the key itself", first we transition the key to the "incompletely |
1010 | * removed" state, so that no more inodes can be unlocked with it. Then we try |
1011 | * to evict all cached inodes that had been unlocked with the key. |
1012 | * |
1013 | * If all inodes were evicted, then we unlink the fscrypt_master_key from the |
1014 | * keyring. Otherwise it remains in the keyring in the "incompletely removed" |
1015 | * state where it tracks the list of remaining inodes. Userspace can execute |
1016 | * the ioctl again later to retry eviction, or alternatively can re-add the key. |
1017 | * |
1018 | * For more details, see the "Removing keys" section of |
1019 | * Documentation/filesystems/fscrypt.rst. |
1020 | */ |
1021 | static int do_remove_key(struct file *filp, void __user *_uarg, bool all_users) |
1022 | { |
1023 | struct super_block *sb = file_inode(f: filp)->i_sb; |
1024 | struct fscrypt_remove_key_arg __user *uarg = _uarg; |
1025 | struct fscrypt_remove_key_arg arg; |
1026 | struct fscrypt_master_key *mk; |
1027 | u32 status_flags = 0; |
1028 | int err; |
1029 | bool inodes_remain; |
1030 | |
1031 | if (copy_from_user(to: &arg, from: uarg, n: sizeof(arg))) |
1032 | return -EFAULT; |
1033 | |
1034 | if (!valid_key_spec(spec: &arg.key_spec)) |
1035 | return -EINVAL; |
1036 | |
1037 | if (memchr_inv(p: arg.__reserved, c: 0, size: sizeof(arg.__reserved))) |
1038 | return -EINVAL; |
1039 | |
1040 | /* |
1041 | * Only root can add and remove keys that are identified by an arbitrary |
1042 | * descriptor rather than by a cryptographic hash. |
1043 | */ |
1044 | if (arg.key_spec.type == FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR && |
1045 | !capable(CAP_SYS_ADMIN)) |
1046 | return -EACCES; |
1047 | |
1048 | /* Find the key being removed. */ |
1049 | mk = fscrypt_find_master_key(sb, mk_spec: &arg.key_spec); |
1050 | if (!mk) |
1051 | return -ENOKEY; |
1052 | down_write(sem: &mk->mk_sem); |
1053 | |
1054 | /* If relevant, remove current user's (or all users) claim to the key */ |
1055 | if (mk->mk_users && mk->mk_users->keys.nr_leaves_on_tree != 0) { |
1056 | if (all_users) |
1057 | err = keyring_clear(keyring: mk->mk_users); |
1058 | else |
1059 | err = remove_master_key_user(mk); |
1060 | if (err) { |
1061 | up_write(sem: &mk->mk_sem); |
1062 | goto out_put_key; |
1063 | } |
1064 | if (mk->mk_users->keys.nr_leaves_on_tree != 0) { |
1065 | /* |
1066 | * Other users have still added the key too. We removed |
1067 | * the current user's claim to the key, but we still |
1068 | * can't remove the key itself. |
1069 | */ |
1070 | status_flags |= |
1071 | FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS; |
1072 | err = 0; |
1073 | up_write(sem: &mk->mk_sem); |
1074 | goto out_put_key; |
1075 | } |
1076 | } |
1077 | |
1078 | /* No user claims remaining. Initiate removal of the key. */ |
1079 | err = -ENOKEY; |
1080 | if (mk->mk_present) { |
1081 | fscrypt_initiate_key_removal(sb, mk); |
1082 | err = 0; |
1083 | } |
1084 | inodes_remain = refcount_read(r: &mk->mk_active_refs) > 0; |
1085 | up_write(sem: &mk->mk_sem); |
1086 | |
1087 | if (inodes_remain) { |
1088 | /* Some inodes still reference this key; try to evict them. */ |
1089 | err = try_to_lock_encrypted_files(sb, mk); |
1090 | if (err == -EBUSY) { |
1091 | status_flags |= |
1092 | FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY; |
1093 | err = 0; |
1094 | } |
1095 | } |
1096 | /* |
1097 | * We return 0 if we successfully did something: removed a claim to the |
1098 | * key, initiated removal of the key, or tried locking the files again. |
1099 | * Users need to check the informational status flags if they care |
1100 | * whether the key has been fully removed including all files locked. |
1101 | */ |
1102 | out_put_key: |
1103 | fscrypt_put_master_key(mk); |
1104 | if (err == 0) |
1105 | err = put_user(status_flags, &uarg->removal_status_flags); |
1106 | return err; |
1107 | } |
1108 | |
1109 | int fscrypt_ioctl_remove_key(struct file *filp, void __user *uarg) |
1110 | { |
1111 | return do_remove_key(filp, uarg: uarg, all_users: false); |
1112 | } |
1113 | EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key); |
1114 | |
1115 | int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *uarg) |
1116 | { |
1117 | if (!capable(CAP_SYS_ADMIN)) |
1118 | return -EACCES; |
1119 | return do_remove_key(filp, uarg: uarg, all_users: true); |
1120 | } |
1121 | EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key_all_users); |
1122 | |
1123 | /* |
1124 | * Retrieve the status of an fscrypt master encryption key. |
1125 | * |
1126 | * We set ->status to indicate whether the key is absent, present, or |
1127 | * incompletely removed. (For an explanation of what these statuses mean and |
1128 | * how they are represented internally, see struct fscrypt_master_key.) This |
1129 | * field allows applications to easily determine the status of an encrypted |
1130 | * directory without using a hack such as trying to open a regular file in it |
1131 | * (which can confuse the "incompletely removed" status with absent or present). |
1132 | * |
1133 | * In addition, for v2 policy keys we allow applications to determine, via |
1134 | * ->status_flags and ->user_count, whether the key has been added by the |
1135 | * current user, by other users, or by both. Most applications should not need |
1136 | * this, since ordinarily only one user should know a given key. However, if a |
1137 | * secret key is shared by multiple users, applications may wish to add an |
1138 | * already-present key to prevent other users from removing it. This ioctl can |
1139 | * be used to check whether that really is the case before the work is done to |
1140 | * add the key --- which might e.g. require prompting the user for a passphrase. |
1141 | * |
1142 | * For more details, see the "FS_IOC_GET_ENCRYPTION_KEY_STATUS" section of |
1143 | * Documentation/filesystems/fscrypt.rst. |
1144 | */ |
1145 | int fscrypt_ioctl_get_key_status(struct file *filp, void __user *uarg) |
1146 | { |
1147 | struct super_block *sb = file_inode(f: filp)->i_sb; |
1148 | struct fscrypt_get_key_status_arg arg; |
1149 | struct fscrypt_master_key *mk; |
1150 | int err; |
1151 | |
1152 | if (copy_from_user(to: &arg, from: uarg, n: sizeof(arg))) |
1153 | return -EFAULT; |
1154 | |
1155 | if (!valid_key_spec(spec: &arg.key_spec)) |
1156 | return -EINVAL; |
1157 | |
1158 | if (memchr_inv(p: arg.__reserved, c: 0, size: sizeof(arg.__reserved))) |
1159 | return -EINVAL; |
1160 | |
1161 | arg.status_flags = 0; |
1162 | arg.user_count = 0; |
1163 | memset(arg.__out_reserved, 0, sizeof(arg.__out_reserved)); |
1164 | |
1165 | mk = fscrypt_find_master_key(sb, mk_spec: &arg.key_spec); |
1166 | if (!mk) { |
1167 | arg.status = FSCRYPT_KEY_STATUS_ABSENT; |
1168 | err = 0; |
1169 | goto out; |
1170 | } |
1171 | down_read(sem: &mk->mk_sem); |
1172 | |
1173 | if (!mk->mk_present) { |
1174 | arg.status = refcount_read(r: &mk->mk_active_refs) > 0 ? |
1175 | FSCRYPT_KEY_STATUS_INCOMPLETELY_REMOVED : |
1176 | FSCRYPT_KEY_STATUS_ABSENT /* raced with full removal */; |
1177 | err = 0; |
1178 | goto out_release_key; |
1179 | } |
1180 | |
1181 | arg.status = FSCRYPT_KEY_STATUS_PRESENT; |
1182 | if (mk->mk_users) { |
1183 | struct key *mk_user; |
1184 | |
1185 | arg.user_count = mk->mk_users->keys.nr_leaves_on_tree; |
1186 | mk_user = find_master_key_user(mk); |
1187 | if (!IS_ERR(ptr: mk_user)) { |
1188 | arg.status_flags |= |
1189 | FSCRYPT_KEY_STATUS_FLAG_ADDED_BY_SELF; |
1190 | key_put(key: mk_user); |
1191 | } else if (mk_user != ERR_PTR(error: -ENOKEY)) { |
1192 | err = PTR_ERR(ptr: mk_user); |
1193 | goto out_release_key; |
1194 | } |
1195 | } |
1196 | err = 0; |
1197 | out_release_key: |
1198 | up_read(sem: &mk->mk_sem); |
1199 | fscrypt_put_master_key(mk); |
1200 | out: |
1201 | if (!err && copy_to_user(to: uarg, from: &arg, n: sizeof(arg))) |
1202 | err = -EFAULT; |
1203 | return err; |
1204 | } |
1205 | EXPORT_SYMBOL_GPL(fscrypt_ioctl_get_key_status); |
1206 | |
1207 | int __init fscrypt_init_keyring(void) |
1208 | { |
1209 | int err; |
1210 | |
1211 | err = register_key_type(ktype: &key_type_fscrypt_user); |
1212 | if (err) |
1213 | return err; |
1214 | |
1215 | err = register_key_type(ktype: &key_type_fscrypt_provisioning); |
1216 | if (err) |
1217 | goto err_unregister_fscrypt_user; |
1218 | |
1219 | return 0; |
1220 | |
1221 | err_unregister_fscrypt_user: |
1222 | unregister_key_type(ktype: &key_type_fscrypt_user); |
1223 | return err; |
1224 | } |
1225 | |