From patchwork Wed Jul 26 18:19:26 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 9865649 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8D0E06038F for ; Wed, 26 Jul 2017 18:22:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 890D0287BA for ; Wed, 26 Jul 2017 18:22:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7DF27287BF; Wed, 26 Jul 2017 18:22:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3098E287BA for ; Wed, 26 Jul 2017 18:22:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751428AbdGZSWW (ORCPT ); Wed, 26 Jul 2017 14:22:22 -0400 Received: from mail-pg0-f68.google.com ([74.125.83.68]:35969 "EHLO mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751365AbdGZSWT (ORCPT ); Wed, 26 Jul 2017 14:22:19 -0400 Received: by mail-pg0-f68.google.com with SMTP id y129so18061890pgy.3; Wed, 26 Jul 2017 11:22:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=tkISRkct3ncU4ydJ71663Aw4p2Lc8Su7MKMiEr6uLHg=; b=kWf8B/Yx1HE4AzCCPKIldxXbGMGAmVzZVWFVfiVEU8zLvkRYKVLHb7HY5b/TR/cHal fz9MsM51TSzxfXGjlMIRL7F7deACFguIErPEv+x1hiIAcVkm1AnoHzB5M+Ey5qL7rMfU fGO1GSnKttB3jgWAU7py5AjJO0E/KTxwCwLm4CkJPhwNvMtt0DhkWnimAPnByptvrn43 37hhLjEuDtmOcOVPa1uFGdQTB8cH43Udc3+so4BLmFejHaaKeOelcoH2q2npTRaQXRi8 3UJUqcxMBuosf2CYgGj/O6lB5nhbqmW5lHiXvPPa/xKOgSzpmju4dfdfkUDOtu00BqQn /0Kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=tkISRkct3ncU4ydJ71663Aw4p2Lc8Su7MKMiEr6uLHg=; b=AK+A4YtiKIu8RxjHYmlDcryLhu2lyDge1QbZHxPGsuiD2djCO0XOZdpf3oYLP7J+Gp schU0dmlcyrwS98y3iq8oezxb32fT1XHCieG+ghd1Dn5JZmLb+TXKQR8SVDl1qI0inr7 Zb4tvFJSbk0JXsXfGkE0efe8qjPlsgvnrKBgrKnYG/yBnBsXt+4cSU8BICaNtVO8cYkB m3FOxkAd+E1v48Hq4yarUefyjnMW8h7pG0PKHr4kC/NLPzGkB+sFZdJPUyNbS94DE5fh lnoD5jvit4bsW3PM6wwt4sQlfetdk/JtWokXevAJ1SqmCObGcxOtEQ7c6rmxTzC4pGw2 O7ww== X-Gm-Message-State: AIVw110in1nun9NU4zorAJM+CboyXYUJadJpZeuZVVF3NTO2vDdFnIBq RIVbI53LB9VtpHxOVvM= X-Received: by 10.99.170.75 with SMTP id x11mr1696251pgo.140.1501093338050; Wed, 26 Jul 2017 11:22:18 -0700 (PDT) Received: from ebiggers-linuxstation.kir.corp.google.com ([100.66.174.81]) by smtp.gmail.com with ESMTPSA id b4sm28394064pgc.9.2017.07.26.11.22.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 26 Jul 2017 11:22:17 -0700 (PDT) From: Eric Biggers To: linux-fscrypt@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, linux-crypto@vger.kernel.org, "Theodore Y . Ts'o" , Jaegeuk Kim , Alex Cope , Michael Halcrow , Eric Biggers Subject: [PATCH v2 4/7] fscrypt: validate modes and flags earlier when setting policy Date: Wed, 26 Jul 2017 11:19:26 -0700 Message-Id: <20170726181929.99880-5-ebiggers3@gmail.com> X-Mailer: git-send-email 2.14.0.rc0.400.g1c36432dff-goog In-Reply-To: <20170726181929.99880-1-ebiggers3@gmail.com> References: <20170726181929.99880-1-ebiggers3@gmail.com> Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers For FS_IOC_SET_ENCRYPTION_POLICY, currently the encryption modes and flags are only validated when a new encryption policy is being set, not when an existing policy is being compared to the one specified. However, we're going to start needing to compute the key_hash in both cases, and for this it's helpful to validate that the master key has the minimum length required by the specified encryption modes. Therefore, move the modes and flags validation earlier in the ioctl, next to where we validate the policy version. Signed-off-by: Eric Biggers --- fs/crypto/policy.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index fe525da9e79c..d1e58798da3c 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -60,13 +60,6 @@ static int create_encryption_context_from_policy(struct inode *inode, { struct fscrypt_context ctx; - if (!fscrypt_valid_enc_modes(policy->contents_encryption_mode, - policy->filenames_encryption_mode)) - return -EINVAL; - - if (policy->flags & ~FS_POLICY_FLAGS_VALID) - return -EINVAL; - ctx.version = context_version_for_policy(policy); ctx.contents_encryption_mode = policy->contents_encryption_mode; ctx.filenames_encryption_mode = policy->filenames_encryption_mode; @@ -100,6 +93,13 @@ int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg) policy.version != FS_POLICY_VERSION_HKDF) return -EINVAL; + if (!fscrypt_valid_enc_modes(policy.contents_encryption_mode, + policy.filenames_encryption_mode)) + return -EINVAL; + + if (policy.flags & ~FS_POLICY_FLAGS_VALID) + return -EINVAL; + ret = mnt_want_write_file(filp); if (ret) return ret;