From patchwork Wed Jul 26 18:19:26 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 9865659 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 939166038F for ; Wed, 26 Jul 2017 18:22:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 90AAD287BD for ; Wed, 26 Jul 2017 18:22:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 85858287C0; Wed, 26 Jul 2017 18:22:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 31A3A287BD for ; Wed, 26 Jul 2017 18:22:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751420AbdGZSWV (ORCPT ); Wed, 26 Jul 2017 14:22:21 -0400 Received: from mail-pg0-f68.google.com ([74.125.83.68]:35969 "EHLO mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751365AbdGZSWT (ORCPT ); Wed, 26 Jul 2017 14:22:19 -0400 Received: by mail-pg0-f68.google.com with SMTP id y129so18061890pgy.3; Wed, 26 Jul 2017 11:22:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=tkISRkct3ncU4ydJ71663Aw4p2Lc8Su7MKMiEr6uLHg=; b=kWf8B/Yx1HE4AzCCPKIldxXbGMGAmVzZVWFVfiVEU8zLvkRYKVLHb7HY5b/TR/cHal fz9MsM51TSzxfXGjlMIRL7F7deACFguIErPEv+x1hiIAcVkm1AnoHzB5M+Ey5qL7rMfU fGO1GSnKttB3jgWAU7py5AjJO0E/KTxwCwLm4CkJPhwNvMtt0DhkWnimAPnByptvrn43 37hhLjEuDtmOcOVPa1uFGdQTB8cH43Udc3+so4BLmFejHaaKeOelcoH2q2npTRaQXRi8 3UJUqcxMBuosf2CYgGj/O6lB5nhbqmW5lHiXvPPa/xKOgSzpmju4dfdfkUDOtu00BqQn /0Kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=tkISRkct3ncU4ydJ71663Aw4p2Lc8Su7MKMiEr6uLHg=; b=AK+A4YtiKIu8RxjHYmlDcryLhu2lyDge1QbZHxPGsuiD2djCO0XOZdpf3oYLP7J+Gp schU0dmlcyrwS98y3iq8oezxb32fT1XHCieG+ghd1Dn5JZmLb+TXKQR8SVDl1qI0inr7 Zb4tvFJSbk0JXsXfGkE0efe8qjPlsgvnrKBgrKnYG/yBnBsXt+4cSU8BICaNtVO8cYkB m3FOxkAd+E1v48Hq4yarUefyjnMW8h7pG0PKHr4kC/NLPzGkB+sFZdJPUyNbS94DE5fh lnoD5jvit4bsW3PM6wwt4sQlfetdk/JtWokXevAJ1SqmCObGcxOtEQ7c6rmxTzC4pGw2 O7ww== X-Gm-Message-State: AIVw110in1nun9NU4zorAJM+CboyXYUJadJpZeuZVVF3NTO2vDdFnIBq RIVbI53LB9VtpHxOVvM= X-Received: by 10.99.170.75 with SMTP id x11mr1696251pgo.140.1501093338050; Wed, 26 Jul 2017 11:22:18 -0700 (PDT) Received: from ebiggers-linuxstation.kir.corp.google.com ([100.66.174.81]) by smtp.gmail.com with ESMTPSA id b4sm28394064pgc.9.2017.07.26.11.22.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 26 Jul 2017 11:22:17 -0700 (PDT) From: Eric Biggers To: linux-fscrypt@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, linux-crypto@vger.kernel.org, "Theodore Y . Ts'o" , Jaegeuk Kim , Alex Cope , Michael Halcrow , Eric Biggers Subject: [PATCH v2 4/7] fscrypt: validate modes and flags earlier when setting policy Date: Wed, 26 Jul 2017 11:19:26 -0700 Message-Id: <20170726181929.99880-5-ebiggers3@gmail.com> X-Mailer: git-send-email 2.14.0.rc0.400.g1c36432dff-goog In-Reply-To: <20170726181929.99880-1-ebiggers3@gmail.com> References: <20170726181929.99880-1-ebiggers3@gmail.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers For FS_IOC_SET_ENCRYPTION_POLICY, currently the encryption modes and flags are only validated when a new encryption policy is being set, not when an existing policy is being compared to the one specified. However, we're going to start needing to compute the key_hash in both cases, and for this it's helpful to validate that the master key has the minimum length required by the specified encryption modes. Therefore, move the modes and flags validation earlier in the ioctl, next to where we validate the policy version. Signed-off-by: Eric Biggers --- fs/crypto/policy.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index fe525da9e79c..d1e58798da3c 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -60,13 +60,6 @@ static int create_encryption_context_from_policy(struct inode *inode, { struct fscrypt_context ctx; - if (!fscrypt_valid_enc_modes(policy->contents_encryption_mode, - policy->filenames_encryption_mode)) - return -EINVAL; - - if (policy->flags & ~FS_POLICY_FLAGS_VALID) - return -EINVAL; - ctx.version = context_version_for_policy(policy); ctx.contents_encryption_mode = policy->contents_encryption_mode; ctx.filenames_encryption_mode = policy->filenames_encryption_mode; @@ -100,6 +93,13 @@ int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg) policy.version != FS_POLICY_VERSION_HKDF) return -EINVAL; + if (!fscrypt_valid_enc_modes(policy.contents_encryption_mode, + policy.filenames_encryption_mode)) + return -EINVAL; + + if (policy.flags & ~FS_POLICY_FLAGS_VALID) + return -EINVAL; + ret = mnt_want_write_file(filp); if (ret) return ret;