Metadata support for v2 encryption policies

Linux v5.4 and later supports v2 encryption policies.  These have
several advantages over v1 encryption policies:

- Their encryption keys can be added/removed to/from the filesystem by
  non-root users, thus gaining the benefits of the filesystem keyring
  while also retaining support for non-root use.

- They use a more standard, secure, and flexible key derivation
  function.  Because of this, some future kernel-level fscrypt features
  will be implemented for v2 policies only.

- They prevent a denial-of-service attack where a user could associate
  the wrong key with another user's encrypted files.

Prepare the fscrypt tool to support v2 encryption policies by:

- Adding a policy_version field to the EncryptionOptions, i.e. to the
  config file and to the policy metadata files.

- Using the kernel-specified algorithm to compute the key descriptor for
  v2 policies.

- Handling setting and getting v2 policies.

Actually adding/removing the keys for v2 policies to/from the kernel is
left for the next patch.

1 files changed, 7 insertions, 1 deletions

diff --git a/actions/policy.go b/actions/policy.go
index b9cd88c..f6d3ea9 100644
--- a/actions/policy.go
+++ b/actions/policy.go
@@ -95,11 +95,17 @@ func CreatePolicy(ctx *Context, protector *Protector) (*Policy, error) {
 		return nil, err
 	}
 
+	keyDescriptor, err := crypto.ComputeKeyDescriptor(key, ctx.Config.Options.PolicyVersion)
+	if err != nil {
+		key.Wipe()
+		return nil, err
+	}
+
 	policy := &Policy{
 		Context: ctx,
 		data: &metadata.PolicyData{
 			Options:       ctx.Config.Options,
-			KeyDescriptor: crypto.ComputeDescriptor(key),
+			KeyDescriptor: keyDescriptor,
 		},
 		key:     key,
 		created: true,