linux/fs/crypto
Eric Biggers 5ab7189a31 fscrypt: require that key be added when setting a v2 encryption policy
By looking up the master keys in a filesystem-level keyring rather than
in the calling processes' key hierarchy, it becomes possible for a user
to set an encryption policy which refers to some key they don't actually
know, then encrypt their files using that key.  Cryptographically this
isn't much of a problem, but the semantics of this would be a bit weird.
Thus, enforce that a v2 encryption policy can only be set if the user
has previously added the key, or has capable(CAP_FOWNER).

We tolerate that this problem will continue to exist for v1 encryption
policies, however; there is no way around that.

Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
2019-08-12 19:18:50 -07:00
..
Kconfig fscrypt: add an HKDF-SHA512 implementation 2019-08-12 19:18:50 -07:00
Makefile fscrypt: add an HKDF-SHA512 implementation 2019-08-12 19:18:50 -07:00
bio.c fscrypt: decrypt only the needed blocks in __fscrypt_decrypt_bio() 2019-05-28 10:27:53 -07:00
crypto.c fscrypt: v2 encryption policy support 2019-08-12 19:18:50 -07:00
fname.c fscrypt: v2 encryption policy support 2019-08-12 19:18:50 -07:00
fscrypt_private.h fscrypt: require that key be added when setting a v2 encryption policy 2019-08-12 19:18:50 -07:00
hkdf.c fscrypt: add an HKDF-SHA512 implementation 2019-08-12 19:18:50 -07:00
hooks.c fscrypt: make fscrypt_msg() take inode instead of super_block 2019-08-12 19:04:44 -07:00
keyring.c fscrypt: require that key be added when setting a v2 encryption policy 2019-08-12 19:18:50 -07:00
keysetup.c fscrypt: allow unprivileged users to add/remove keys for v2 policies 2019-08-12 19:18:50 -07:00
keysetup_v1.c fscrypt: v2 encryption policy support 2019-08-12 19:18:50 -07:00
policy.c fscrypt: require that key be added when setting a v2 encryption policy 2019-08-12 19:18:50 -07:00