From 2b25de6d445faefc28629603dd754aec9f744e60 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 15 Dec 2019 19:31:39 -0800 Subject: Metadata support for v2 encryption policies Linux v5.4 and later supports v2 encryption policies. These have several advantages over v1 encryption policies: - Their encryption keys can be added/removed to/from the filesystem by non-root users, thus gaining the benefits of the filesystem keyring while also retaining support for non-root use. - They use a more standard, secure, and flexible key derivation function. Because of this, some future kernel-level fscrypt features will be implemented for v2 policies only. - They prevent a denial-of-service attack where a user could associate the wrong key with another user's encrypted files. Prepare the fscrypt tool to support v2 encryption policies by: - Adding a policy_version field to the EncryptionOptions, i.e. to the config file and to the policy metadata files. - Using the kernel-specified algorithm to compute the key descriptor for v2 policies. - Handling setting and getting v2 policies. Actually adding/removing the keys for v2 policies to/from the kernel is left for the next patch. --- metadata/config_test.go | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) (limited to 'metadata/config_test.go') diff --git a/metadata/config_test.go b/metadata/config_test.go index 3c20c51..83c1eb0 100644 --- a/metadata/config_test.go +++ b/metadata/config_test.go @@ -48,7 +48,8 @@ var testConfigString = `{ "options": { "padding": "32", "contents": "AES_256_XTS", - "filenames": "AES_256_CTS" + "filenames": "AES_256_CTS", + "policy_version": "1" }, "use_fs_keyring_for_v1_policies": false } @@ -78,3 +79,41 @@ func TestRead(t *testing.T) { t.Errorf("did not match: %s", testConfig) } } + +// Makes sure we can parse a legacy config file that doesn't have the fields +// that were added later. +func TestOptionalFields(t *testing.T) { + contents := `{ + "source": "custom_passphrase", + "hash_costs": { + "time": "10", + "memory": "4096", + "parallelism": "8" + }, + "compatibility": "", + "options": { + "padding": "32", + "contents": "AES_256_XTS", + "filenames": "AES_256_CTS" + } + } + ` + buf := bytes.NewBufferString(contents) + cfg, err := ReadConfig(buf) + if err != nil { + t.Fatal(err) + } + if cfg.GetUseFsKeyringForV1Policies() { + t.Error("use_fs_keyring_for_v1_policies should be false, but was true") + } + if cfg.Options.PolicyVersion != 0 { + t.Errorf("policy version should be 0, but was %d", cfg.Options.PolicyVersion) + } + if err = cfg.CheckValidity(); err != nil { + t.Error(err) + } + // CheckValidity() should change an unset policy version to 1. + if cfg.Options.PolicyVersion != 1 { + t.Errorf("policy version should be 1 now, but was %d", cfg.Options.PolicyVersion) + } +} -- cgit v1.2.3