| Message ID | 20220404102554.6616-1-lhenriques@suse.de (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2] common/encrypt: allow the use of 'fscrypt:' as key prefix | expand |
The code looks fine, but the explanation needs some tweaks: On Mon, Apr 04, 2022 at 11:25:54AM +0100, Luís Henriques wrote: > fscrypt keys have used the $FSTYP as prefix. However this format is being > deprecated -- newer kernels already allow the usage of the generic > 'fscrypt:' prefix for ext4 and f2fs. This patch allows the usage of this > new prefix for testing filesystems that have never supported the old > format, but keeping the $FSTYP prefix for filesystems that support it, so > that old kernels can be tested. This explanation is inconsistent with the code, which uses FSTYP for only ext4 and f2fs, and fscrypt for everything else including ubifs. A better explanation would be something like "Only use $FSTYP on filesystems that never supported the 'fscrypt' prefix, i.e. ext4 and f2fs." > +# Keys are named $FSTYP:KEYDESC where KEYDESC is the 16-character key descriptor > +# hex string. Newer kernels (ext4 4.8 and later, f2fs 4.6 and later) also allow > +# the common key prefix "fscrypt:" in addition to their filesystem-specific key > +# prefix ("ext4:", "f2fs:"). It would be nice to use the common key prefix, but > +# for now use the filesystem- specific prefix for these 2 filesystems to make it > +# possible to test older kernels, and the "fscrypt" prefix for anything else. > +_get_fs_keyprefix() The first part of this comment sort of implies that FSTYP is the default and "fscrypt" is the exception, but it should be the other way around. How about: # When fscrypt keys are added using the legacy mechanism (process-subscribed # keyrings rather than filesystem keyrings), they are normally named # "fscrypt:KEYDESC" where KEYDESC is the 16-character key descriptor hex string. # However, ext4 and f2fs didn't add support for the "fscrypt" prefix until # kernel v4.8 and v4.6, respectively. Before that, they used "ext4" and "f2fs", # respectively. To allow testing ext4 and f2fs encryption on kernels older than # this, we use these filesystem-specific prefixes for ext4 and f2fs.
Eric Biggers <ebiggers@kernel.org> writes: > The code looks fine, but the explanation needs some tweaks: > > On Mon, Apr 04, 2022 at 11:25:54AM +0100, Luís Henriques wrote: >> fscrypt keys have used the $FSTYP as prefix. However this format is being >> deprecated -- newer kernels already allow the usage of the generic >> 'fscrypt:' prefix for ext4 and f2fs. This patch allows the usage of this >> new prefix for testing filesystems that have never supported the old >> format, but keeping the $FSTYP prefix for filesystems that support it, so >> that old kernels can be tested. > > This explanation is inconsistent with the code, which uses FSTYP for only ext4 > and f2fs, and fscrypt for everything else including ubifs. > > A better explanation would be something like "Only use $FSTYP on filesystems > that never supported the 'fscrypt' prefix, i.e. ext4 and f2fs." > >> +# Keys are named $FSTYP:KEYDESC where KEYDESC is the 16-character key descriptor >> +# hex string. Newer kernels (ext4 4.8 and later, f2fs 4.6 and later) also allow >> +# the common key prefix "fscrypt:" in addition to their filesystem-specific key >> +# prefix ("ext4:", "f2fs:"). It would be nice to use the common key prefix, but >> +# for now use the filesystem- specific prefix for these 2 filesystems to make it >> +# possible to test older kernels, and the "fscrypt" prefix for anything else. >> +_get_fs_keyprefix() > > The first part of this comment sort of implies that FSTYP is the default and > "fscrypt" is the exception, but it should be the other way around. > > How about: > > # When fscrypt keys are added using the legacy mechanism (process-subscribed > # keyrings rather than filesystem keyrings), they are normally named > # "fscrypt:KEYDESC" where KEYDESC is the 16-character key descriptor hex string. > # However, ext4 and f2fs didn't add support for the "fscrypt" prefix until > # kernel v4.8 and v4.6, respectively. Before that, they used "ext4" and "f2fs", > # respectively. To allow testing ext4 and f2fs encryption on kernels older than > # this, we use these filesystem-specific prefixes for ext4 and f2fs. Doh! Yes, of course I need to adjust the documentation. Sorry, I'll send v3 shortly. Thanks! Cheers,
diff --git a/common/encrypt b/common/encrypt index f90c4ef05a3f..6dae7708d52b 100644 --- a/common/encrypt +++ b/common/encrypt @@ -250,6 +250,24 @@ _num_to_hex() fi } +# Keys are named $FSTYP:KEYDESC where KEYDESC is the 16-character key descriptor +# hex string. Newer kernels (ext4 4.8 and later, f2fs 4.6 and later) also allow +# the common key prefix "fscrypt:" in addition to their filesystem-specific key +# prefix ("ext4:", "f2fs:"). It would be nice to use the common key prefix, but +# for now use the filesystem- specific prefix for these 2 filesystems to make it +# possible to test older kernels, and the "fscrypt" prefix for anything else. +_get_fs_keyprefix() +{ + case $FSTYP in + ext4|f2fs) + echo $FSTYP + ;; + *) + echo fscrypt + ;; + esac +} + # Add the specified raw encryption key to the session keyring, using the # specified key descriptor. _add_session_encryption_key() @@ -268,18 +286,11 @@ _add_session_encryption_key() # }; # # The kernel ignores 'mode' but requires that 'size' be 64. - # - # Keys are named $FSTYP:KEYDESC where KEYDESC is the 16-character key - # descriptor hex string. Newer kernels (ext4 4.8 and later, f2fs 4.6 - # and later) also allow the common key prefix "fscrypt:" in addition to - # their filesystem-specific key prefix ("ext4:", "f2fs:"). It would be - # nice to use the common key prefix, but for now use the filesystem- - # specific prefix to make it possible to test older kernels... - # local mode=$(_num_to_hex 0 4) local size=$(_num_to_hex 64 4) + local prefix=$(_get_fs_keyprefix) echo -n -e "${mode}${raw}${size}" | - $KEYCTL_PROG padd logon $FSTYP:$keydesc @s >>$seqres.full + $KEYCTL_PROG padd logon $prefix:$keydesc @s >>$seqres.full } # @@ -302,7 +313,8 @@ _generate_session_encryption_key() _unlink_session_encryption_key() { local keydesc=$1 - local keyid=$($KEYCTL_PROG search @s logon $FSTYP:$keydesc) + local prefix=$(_get_fs_keyprefix) + local keyid=$($KEYCTL_PROG search @s logon $prefix:$keydesc) $KEYCTL_PROG unlink $keyid >>$seqres.full } @@ -310,7 +322,8 @@ _unlink_session_encryption_key() _revoke_session_encryption_key() { local keydesc=$1 - local keyid=$($KEYCTL_PROG search @s logon $FSTYP:$keydesc) + local prefix=$(_get_fs_keyprefix) + local keyid=$($KEYCTL_PROG search @s logon $prefix:$keydesc) $KEYCTL_PROG revoke $keyid >>$seqres.full }
fscrypt keys have used the $FSTYP as prefix. However this format is being deprecated -- newer kernels already allow the usage of the generic 'fscrypt:' prefix for ext4 and f2fs. This patch allows the usage of this new prefix for testing filesystems that have never supported the old format, but keeping the $FSTYP prefix for filesystems that support it, so that old kernels can be tested. Signed-off-by: Luís Henriques <lhenriques@suse.de> --- common/encrypt | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) Changes since v1: - ubifs now follows into the default case (i.e. to use the 'fscrypt' key prefix) - dropped local variable from _get_fs_keyprefix()