fscrypt.git/crypto, branch v0.3.3 Go tool for managing Linux filesystem encryption crypto: improve errors 2020-05-09T22:21:31+00:00 Eric Biggers ebiggers@google.com 2020-05-09T21:52:07+00:00 9383d4be92981a4c956c775479bb48b7eec9db79 ErrKeyLock: Rename to ErrMlockUlimit for clarity. ErrGetrandomFail: ErrKeyAlloc: ErrKeyFree: ErrNegativeLength: Replace these with one-off unnamed errors because these were all returned in only one place and were never checked for. Also these were all either wrapped backwards or discarded an underlying error, so fix that too. 
ErrKeyLock:
	Rename to ErrMlockUlimit for clarity.

ErrGetrandomFail:
ErrKeyAlloc:
ErrKeyFree:
ErrNegativeLength:
	Replace these with one-off unnamed errors because these were all
	returned in only one place and were never checked for.  Also
	these were all either wrapped backwards or discarded an
	underlying error, so fix that too.
Automatically generate recovery passphrase when useful 2020-01-23T03:05:06+00:00 Eric Biggers ebiggers@google.com 2019-11-27T20:04:13+00:00 8cd1b3ba2e7a12cd68e2dfd0cbb5ec09ff92783b If a user re-installs their system (or otherwise loses the /.fscrypt directory on the root filesystem) they also lose access to any login passphrase-protected directories on other filesystems, unless additional protectors were manually added. This can be unexpected, as it may be expected that the old login passphrase would still work. We can't really fix this by storing a login protector on every filesystem because: - If a user were to have N login protectors, it would take them N times longer to log in, as every login protector would need to be unlocked. - If a user were to change their login passphrase while any external volumes were unmounted, login protectors would get out of sync. - It's preferable that an external volume isn't unlockable by itself using only a login passphrase, as login passphrases are often weak. Instead, generate a recovery passphrase when creating a login passphrase-protected directory on a non-root filesystem. The recovery passphrase is added as a custom_passphrase protector, thus giving the policy two protectors: one pam_passphrase and one custom_passphrase. Then this passphrase is written to a file in the new encrypted directory. Writing the passphrase to a file here is okay since it's encrypted, but it's obviously useless by itself; it's up to the user to store this passphrase somewhere else if they need it. Use a recovery passphrase instead of a "recovery code" that encodes the policy key directly because a passphrase is more user-friendly: it can safely be made much shorter than a key, and it works just like any other fscrypt protector. Also, it's not as critical to allow recovery when the .fscrypt directory on the *same* filesystem is deleted. Resolves https://github.com/google/fscrypt/issues/164 
If a user re-installs their system (or otherwise loses the /.fscrypt
directory on the root filesystem) they also lose access to any login
passphrase-protected directories on other filesystems, unless additional
protectors were manually added.  This can be unexpected, as it may be
expected that the old login passphrase would still work.

We can't really fix this by storing a login protector on every
filesystem because:

- If a user were to have N login protectors, it would take them N times
  longer to log in, as every login protector would need to be unlocked.

- If a user were to change their login passphrase while any external
  volumes were unmounted, login protectors would get out of sync.

- It's preferable that an external volume isn't unlockable by itself
  using only a login passphrase, as login passphrases are often weak.

Instead, generate a recovery passphrase when creating a login
passphrase-protected directory on a non-root filesystem.

The recovery passphrase is added as a custom_passphrase protector, thus
giving the policy two protectors: one pam_passphrase and one
custom_passphrase.  Then this passphrase is written to a file in the new
encrypted directory.  Writing the passphrase to a file here is okay
since it's encrypted, but it's obviously useless by itself; it's up to
the user to store this passphrase somewhere else if they need it.

Use a recovery passphrase instead of a "recovery code" that encodes the
policy key directly because a passphrase is more user-friendly: it can
safely be made much shorter than a key, and it works just like any other
fscrypt protector.  Also, it's not as critical to allow recovery when
the .fscrypt directory on the *same* filesystem is deleted.

Resolves https://github.com/google/fscrypt/issues/164
Metadata support for v2 encryption policies 2020-01-05T18:02:13+00:00 Eric Biggers ebiggers@google.com 2019-12-16T03:31:39+00:00 2b25de6d445faefc28629603dd754aec9f744e60 Linux v5.4 and later supports v2 encryption policies. These have several advantages over v1 encryption policies: - Their encryption keys can be added/removed to/from the filesystem by non-root users, thus gaining the benefits of the filesystem keyring while also retaining support for non-root use. - They use a more standard, secure, and flexible key derivation function. Because of this, some future kernel-level fscrypt features will be implemented for v2 policies only. - They prevent a denial-of-service attack where a user could associate the wrong key with another user's encrypted files. Prepare the fscrypt tool to support v2 encryption policies by: - Adding a policy_version field to the EncryptionOptions, i.e. to the config file and to the policy metadata files. - Using the kernel-specified algorithm to compute the key descriptor for v2 policies. - Handling setting and getting v2 policies. Actually adding/removing the keys for v2 policies to/from the kernel is left for the next patch. 
Linux v5.4 and later supports v2 encryption policies.  These have
several advantages over v1 encryption policies:

- Their encryption keys can be added/removed to/from the filesystem by
  non-root users, thus gaining the benefits of the filesystem keyring
  while also retaining support for non-root use.

- They use a more standard, secure, and flexible key derivation
  function.  Because of this, some future kernel-level fscrypt features
  will be implemented for v2 policies only.

- They prevent a denial-of-service attack where a user could associate
  the wrong key with another user's encrypted files.

Prepare the fscrypt tool to support v2 encryption policies by:

- Adding a policy_version field to the EncryptionOptions, i.e. to the
  config file and to the policy metadata files.

- Using the kernel-specified algorithm to compute the key descriptor for
  v2 policies.

- Handling setting and getting v2 policies.

Actually adding/removing the keys for v2 policies to/from the kernel is
left for the next patch.
Add keyring package 2020-01-05T18:02:13+00:00 Eric Biggers ebiggers@google.com 2019-12-16T03:31:39+00:00 462d166d5355d33a05271d24de4d52f30dd62f67 In preparation for introducing support for the new filesystem-level keyrings, move the existing user keyring management code from security/keyring.go and crypto/crypto.go into a new package, 'keyring'. This package provides functions AddEncryptionKey, RemoveEncryptionKey, and GetEncryptionKeyStatus which delegate to either the filesystem keyring (added by a later patch) or to the user keyring. This provides a common interface to both types of keyrings, to the extent possible. 
In preparation for introducing support for the new filesystem-level
keyrings, move the existing user keyring management code from
security/keyring.go and crypto/crypto.go into a new package, 'keyring'.

This package provides functions AddEncryptionKey, RemoveEncryptionKey,
and GetEncryptionKeyStatus which delegate to either the filesystem
keyring (added by a later patch) or to the user keyring.  This provides
a common interface to both types of keyrings, to the extent possible.
Rename some variables from 'target' to 'targetUser' 2019-11-27T19:40:47+00:00 Eric Biggers ebiggers@google.com 2019-11-27T19:40:47+00:00 03d3a29b70c85f083adf3c12cba60c0374f06d3e Refer to the target User as 'targetUser' rather than simply 'target'. This will help avoid confusion when we add support for the filesystem keyring, since then the Mount will also be a "target". 
Refer to the target User as 'targetUser' rather than simply 'target'.
This will help avoid confusion when we add support for the filesystem
keyring, since then the Mount will also be a "target".
Use latest fscrypt declarations from sys/unix 2019-11-27T19:28:14+00:00 Eric Biggers ebiggers@google.com 2019-11-27T19:28:14+00:00 82d01438a66212ce802721397a62c18a0b71b7ea Use the new name for fscrypt constants and structures which have been given a new name. Also use the named constant for the DIRECT_KEY fscrypt policy flag. No change in behavior. This is just preparing for future work. 
Use the new name for fscrypt constants and structures which have been
given a new name.

Also use the named constant for the DIRECT_KEY fscrypt policy flag.

No change in behavior.  This is just preparing for future work.
Fix various typos and grammatical errors (#141) 2019-09-09T02:46:59+00:00 ebiggers ebiggers@google.com 2019-09-09T02:46:59+00:00 6445dad7d66fa6a1867090fcd9602c98863649f6 These were found by a combination of manual review and a custom script that checks for common errors. Also removed an outdated sentence from the comment for setupBefore(). 
These were found by a combination of manual review and a custom script
that checks for common errors.

Also removed an outdated sentence from the comment for setupBefore().
 vet: eliminate unnecessary shadowing 2018-02-12T07:56:49+00:00 Joseph Richey joerichey94@gmail.com 2018-02-12T07:56:49+00:00 69630f37fcebe894b15872148bd8b2496806b60c Running "go vet -shadow ./..." finds all places where a variable might be incorrectly or unnecessarily shadowed. This fixes some of them. 
Running "go vet -shadow ./..." finds all places where a variable might
be incorrectly or unnecessarily shadowed. This fixes some of them.
crypto: Move from libargon2 -> x/crypto/argon2 2018-02-09T11:36:11+00:00 Joseph Richey joerichey94@gmail.com 2018-02-08T10:37:42+00:00 5d71e1d16b069d7f6f22b7978f696af493a3c846 Use the golang library for the hashing function instead of the reference C implementation. This removes the dependancy on libargon2. As we are no longer doing our own error checking, we also eliminate those tests. 
Use the golang library for the hashing function instead of the reference
C implementation. This removes the dependancy on libargon2. As we are no
longer doing our own error checking, we also eliminate those tests.
crypto: Updated to include user parameter 2017-08-31T00:57:38+00:00 Joe Richey joerichey@google.com 2017-08-31T00:57:38+00:00 d685f6b232485a0dc0cc8b915561b9be37d32722