Proto commits in google/fscrypt

These 21 commits are when the Protocol Buffers files have changed:

2022-12-04

Update file comment We now create the `*pb.go` files via the makefile instead of though `go generate`. Signed-off-by: Joe Richey <joerichey@google.com>

Add truncation_fixed field to HashingCosts This allows us to fix the bug where Parallelism is inadvertantly truncated to 8 bits in a backwards compatible way. Signed-off-by: Joe Richey <joerichey@google.com>

The documentation is generated from this commit.

2022-10-20

Add support for AES_256_HCTR2 filenames encryption Support for AES_256_HCTR2 filenames encryption was added in kernel version 6.0. The kernel doesn't yet support AES_256_HCTR2 for contents encryption.

2022-04-09

Switch to google.golang.org/protobuf/proto github.com/golang/protobuf/proto has been deprecated in favor of google.golang.org/protobuf/proto, so migrate to the non-deprecated one.

2022-02-23

Strictly validate metadata file ownership by default The metadata validation checks introduced by the previous commits are good, but to reduce the attack surface it would be much better to avoid reading and parsing files owned by other users in the first place. There are some possible use cases for users sharing fscrypt metadata files, but I think that for the vast majority of users it is unneeded and just opens up attack surface. Thus, make fscrypt (and pam_fscrypt) not process policies or protectors owned by other users by default. Specifically, * If fscrypt or pam_fscrypt is running as a non-root user, only policies and protectors owned by the user or by root can be used. * If fscrypt is running as root, any policy or protector can be used. (This is to match user expectations -- starting a sudo session should gain rights, not remove rights.) * If pam_fscrypt is running as root, only policies and protectors owned by root can be used. Note that this only applies when the root user themselves has an fscrypt login protector, which is rare. Add an option 'allow_cross_user_metadata' to /etc/fscrypt.conf which allows restoring the old behavior for anyone who really needs it.

2020-03-23

Simplify choosing the key description prefix There's no real need to allow users to choose the key description prefix (a.k.a. the "service"), since on ext4 and f2fs we can just use "ext4" and "f2fs" for compatibility with all kernels both old and new, and on other filesystems we can just use "fscrypt". So, let's do that. Since this removes the point of the "--legacy" option to 'fscrypt setup' and the "compatibility" field in /etc/fscrypt.conf, remove those too. Specifically, we start ignoring the "compatibility" in existing config files and not writing it to new ones. The corresponding protobuf field number and name are reserved. We stop accepting the "--legacy" option at all, although since it was default true and there was no real reason for anyone to change it to false, probably no one will notice. If anyone does, they should just stop specifying the option. Note that this change only affects user keyrings and thus only affects v1 encryption policies, which are deprecated in favor of v2 anyway.

2020-01-05

Metadata support for v2 encryption policies Linux v5.4 and later supports v2 encryption policies. These have several advantages over v1 encryption policies: - Their encryption keys can be added/removed to/from the filesystem by non-root users, thus gaining the benefits of the filesystem keyring while also retaining support for non-root use. - They use a more standard, secure, and flexible key derivation function. Because of this, some future kernel-level fscrypt features will be implemented for v2 policies only. - They prevent a denial-of-service attack where a user could associate the wrong key with another user's encrypted files. Prepare the fscrypt tool to support v2 encryption policies by: - Adding a policy_version field to the EncryptionOptions, i.e. to the config file and to the policy metadata files. - Using the kernel-specified algorithm to compute the key descriptor for v2 policies. - Handling setting and getting v2 policies. Actually adding/removing the keys for v2 policies to/from the kernel is left for the next patch.

keyring: support filesystem keyring with v1 encryption policies Linux v5.4 and later allows fscrypt keys to be added/removed directly to/from the filesystem via the new ioctls FS_IOC_ADD_ENCRYPTION_KEY and FS_IOC_REMOVE_ENCRYPTION_KEY. Among other benefits, these fix the key visibility problems that many users have been running into, where system services and containers can't access encrypted files. Allow the user to opt-in to using these new ioctls for their existing encrypted directories by setting in their /etc/fscrypt.conf: "use_fs_keyring_for_v1_policies": true Note that it can't really be on by default, since for v1 policies the ioctls require root, whereas user keyrings don't. I.e., setting this to true means that users will need to use 'sudo fscrypt unlock', not 'fscrypt unlock'. v2 policies won't have this restriction.

2019-11-27

Use latest fscrypt declarations from sys/unix Use the new name for fscrypt constants and structures which have been given a new name. Also use the named constant for the DIRECT_KEY fscrypt policy flag. No change in behavior. This is just preparing for future work.

2019-10-26

Delete vendored code and update CI to Go 1.13 (#158) As the Go community transitions to using the modules ecosystem, we want to only support one way of managing dependencies. So this change moves to only using Go modules for dependency management. This means that our effective minimum Go version increases to Go 1.11. To account for this, we also update: - the documentation - Makefile - CI scripts

2019-01-15

Add support for the Adiantum encryption mode Add Adiantum support to the fscrypt userspace tool. Supported in the kernel since v5.0-rc1, Adiantum is a length-preserving encryption mode based primarily on XChaCha12. It is fast even on CPUs without AES instructions. Unlike XTS it is also a wide-block encryption mode. Adiantum is supported for both contents and filenames encryption. For Adiantum encryption policies, also make the fscrypt tool provide the new DIRECT_KEY flag, which further improves performance by requesting that all files be encrypted directly with the policy key. This takes advantage of Adiantum's support for long tweaks. See the kernel commit "fscrypt: add Adiantum support" (https://git.kernel.org/torvalds/c/8094c3ceb21ad938) for more details.

2018-08-30

Update dependancies to lastest version

2018-02-08

dep: Setup Gopkg.toml This change transitions to dep, sets up Gopkg.toml, and purnes the maximum allowable number of files.

2017-10-19

Random changes

2017-09-29

metadata: Add new encryption modes

vendor: Update to latest versions This changes the vendored sources of github.com/golang/protobuf, golang.org/x/crypto/ssh, and golang.org/x/sys/unix to be the current master versions.

2017-07-19

Travis.yml and Makefile now run integration tests.

2017-06-16

metadata: change encryption mode names As new encryption modes are being added to the kernel that use 128 bit keys (see https://patchwork.kernel.org/patch/9741913), we will need the encryption modes to be more descriptive. This change breaks backwards compatibility for the protobuf, but that's fine because we have not released yet. Change-Id: Ifb58d3d5a42db491f1e5393c12f3d260d9a091de

2017-05-31

metadata: reorganize and add consistency checks This commit adds in IsValid() checks for the metadata structures that let us enforce stronger invariants than those imposed by the protobuf package. The main uses of this will be to check that metadata is valid before writing it to the filesystem, and to check that the filesystem contains valid metadata before returning it to the user. These functions also will log the exact reason if the validity checks fail. To have these checks in the metadata package, all of the various constants have been moved to a single metadata/constants.go file. The uses of these constants were changed accordingly. Finally, this commit standardizes our use of errors so that they always begin with an appropriate prefix. Change-Id: I99008e2ee803ebe5f6236eb8d83fc83efcd22718

2017-05-02

metadata: introduce protobuf structures This commit adds in the metadata package. The primary purpose of this package is to provide the on-disk metadata structures in the form of protocol buffers. This includes: - Policy metadata structure - Protector metadata structure - Config file structure - All necessary sub-structures (wrapped keys, parameters, etc) This commit also adds in an example usage of the Config structure, which represents the structure of the global config file. All the package does at this point is convert between the Config structure and a JSON representation. Here we introduce govendor, which is described more in the README. This means we will have all of our Go dependencies in the vendor subdirectory. This means we will have no Go source dependencies, only dependencies on the build tools (Go and govendor). The README describes this in detail. Note that we commit the generated files. see: https://blog.golang.org/generate Change-Id: Iaacd46666b5d3e4e865a0f4045dd63ed7e3d6f96

metadata: get and set policies from go This commit adds in the ability to get and set policy data from go using the GetPolicy and SetPolicy functions. This is done via a patch of the x/sys/unix package that exposes the filesystem encryption structures. Note that not all the fields of the PolicyData protocol buffer are needed to get and set policies. The wrapped_policy_keys are not used and will be written and read by other components of fscrypt. To run the policy tests, the environment variable BASE_TEST_DIR must be set to a directory for testing on a filesystem that supports encryption. Change-Id: I13b1d983356845f3ffc1945cedf53234218f32e5