diff options
| author | Eric Biggers <ebiggers@google.com> | 2019-12-15 19:31:39 -0800 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2020-01-05 10:02:13 -0800 |
| commit | 2b25de6d445faefc28629603dd754aec9f744e60 (patch) | |
| tree | c2e4dd53a2ed370be5b0699ede59538d508d347d /actions | |
| parent | d0ac36dcea341ff000aca983dd80e7bef9fc30ec (diff) | |
Metadata support for v2 encryption policies
Linux v5.4 and later supports v2 encryption policies. These have
several advantages over v1 encryption policies:
- Their encryption keys can be added/removed to/from the filesystem by
non-root users, thus gaining the benefits of the filesystem keyring
while also retaining support for non-root use.
- They use a more standard, secure, and flexible key derivation
function. Because of this, some future kernel-level fscrypt features
will be implemented for v2 policies only.
- They prevent a denial-of-service attack where a user could associate
the wrong key with another user's encrypted files.
Prepare the fscrypt tool to support v2 encryption policies by:
- Adding a policy_version field to the EncryptionOptions, i.e. to the
config file and to the policy metadata files.
- Using the kernel-specified algorithm to compute the key descriptor for
v2 policies.
- Handling setting and getting v2 policies.
Actually adding/removing the keys for v2 policies to/from the kernel is
left for the next patch.
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/config.go | 4 | ||||
| -rw-r--r-- | actions/policy.go | 8 | ||||
| -rw-r--r-- | actions/protector.go | 6 |
3 files changed, 16 insertions, 2 deletions
diff --git a/actions/config.go b/actions/config.go index 7fdaf5b..6b019df 100644 --- a/actions/config.go +++ b/actions/config.go @@ -133,6 +133,10 @@ func getConfig() (*metadata.Config, error) { config.Options.Filenames = metadata.DefaultOptions.Filenames log.Printf("Falling back to filenames mode of %q", config.Options.Filenames) } + if config.Options.PolicyVersion == 0 { + config.Options.PolicyVersion = metadata.DefaultOptions.PolicyVersion + log.Printf("Falling back to policy version of %d", config.Options.PolicyVersion) + } if err := config.CheckValidity(); err != nil { return nil, errors.Wrap(ErrBadConfigFile, err.Error()) diff --git a/actions/policy.go b/actions/policy.go index b9cd88c..f6d3ea9 100644 --- a/actions/policy.go +++ b/actions/policy.go @@ -95,11 +95,17 @@ func CreatePolicy(ctx *Context, protector *Protector) (*Policy, error) { return nil, err } + keyDescriptor, err := crypto.ComputeKeyDescriptor(key, ctx.Config.Options.PolicyVersion) + if err != nil { + key.Wipe() + return nil, err + } + policy := &Policy{ Context: ctx, data: &metadata.PolicyData{ Options: ctx.Config.Options, - KeyDescriptor: crypto.ComputeDescriptor(key), + KeyDescriptor: keyDescriptor, }, key: key, created: true, diff --git a/actions/protector.go b/actions/protector.go index fe5d694..4bd7c15 100644 --- a/actions/protector.go +++ b/actions/protector.go @@ -140,7 +140,11 @@ func CreateProtector(ctx *Context, name string, keyFn KeyFunc) (*Protector, erro if protector.key, err = crypto.NewRandomKey(metadata.InternalKeyLen); err != nil { return nil, err } - protector.data.ProtectorDescriptor = crypto.ComputeDescriptor(protector.key) + protector.data.ProtectorDescriptor, err = crypto.ComputeKeyDescriptor(protector.key, 1) + if err != nil { + protector.Lock() + return nil, err + } if err = protector.Rewrap(keyFn); err != nil { protector.Lock() |