| Message ID | 20191024215438.138489-1-ebiggers@kernel.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | fscrypt: support for IV_INO_LBLK_64 policies | expand |
On Thu, Oct 24, 2019 at 02:54:35PM -0700, Eric Biggers wrote: > Hello, > > In preparation for adding inline encryption support to fscrypt, this > patchset adds a new fscrypt policy flag which modifies the encryption to > be optimized for inline encryption hardware compliant with the UFS v2.1 > standard or the upcoming version of the eMMC standard. > > This means using per-mode keys instead of per-file keys, and in > compensation including the inode number in the IVs. For ext4, this > precludes filesystem shrinking, so I've also added a compat feature > which will prevent the filesystem from being shrunk. > > I've separated this from the full "Inline Encryption Support" patchset > (https://lkml.kernel.org/linux-fsdevel/20190821075714.65140-1-satyat@google.com/) > to avoid conflating an implementation (inline encryption) with a new > on-disk format (IV_INO_LBLK_64). This patchset purely adds support for > IV_INO_LBLK_64 policies to fscrypt, but implements them using the > existing filesystem layer crypto. > > We're planning to make the *implementation* (filesystem layer or inline > crypto) be controlled by a mount option '-o inlinecrypt'. > > This patchset applies to fscrypt.git#master and can also be retrieved from > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=inline-crypt-optimized-v2 > > I've written a ciphertext verification test for this new type of policy: > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/xfstests-dev.git/log/?h=inline-encryption > > Work-in-progress patches for the inline encryption implementation of > both IV_INO_LBLK_64 and regular policies can be found at > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=inline-encryption-wip > > Changes v1 => v2: > > - Rename the flag from INLINE_CRYPT_OPTIMIZED to IV_INO_LBLK_64. > > - Use the same key derivation and IV generation scheme for filenames > encryption too. > > - Improve the documentation and commit messages. > > Eric Biggers (3): > fscrypt: add support for IV_INO_LBLK_64 policies > ext4: add support for IV_INO_LBLK_64 encryption policies > f2fs: add support for IV_INO_LBLK_64 encryption policies > Does anyone have any more comments on these patches? - Eric
On Thu, Oct 24, 2019 at 02:54:35PM -0700, Eric Biggers wrote: > Hello, > > In preparation for adding inline encryption support to fscrypt, this > patchset adds a new fscrypt policy flag which modifies the encryption to > be optimized for inline encryption hardware compliant with the UFS v2.1 > standard or the upcoming version of the eMMC standard. > > This means using per-mode keys instead of per-file keys, and in > compensation including the inode number in the IVs. For ext4, this > precludes filesystem shrinking, so I've also added a compat feature > which will prevent the filesystem from being shrunk. > > I've separated this from the full "Inline Encryption Support" patchset > (https://lkml.kernel.org/linux-fsdevel/20190821075714.65140-1-satyat@google.com/) > to avoid conflating an implementation (inline encryption) with a new > on-disk format (IV_INO_LBLK_64). This patchset purely adds support for > IV_INO_LBLK_64 policies to fscrypt, but implements them using the > existing filesystem layer crypto. > > We're planning to make the *implementation* (filesystem layer or inline > crypto) be controlled by a mount option '-o inlinecrypt'. > > This patchset applies to fscrypt.git#master and can also be retrieved from > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=inline-crypt-optimized-v2 > > I've written a ciphertext verification test for this new type of policy: > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/xfstests-dev.git/log/?h=inline-encryption > > Work-in-progress patches for the inline encryption implementation of > both IV_INO_LBLK_64 and regular policies can be found at > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=inline-encryption-wip > > Changes v1 => v2: > > - Rename the flag from INLINE_CRYPT_OPTIMIZED to IV_INO_LBLK_64. > > - Use the same key derivation and IV generation scheme for filenames > encryption too. > > - Improve the documentation and commit messages. > > Eric Biggers (3): > fscrypt: add support for IV_INO_LBLK_64 policies > ext4: add support for IV_INO_LBLK_64 encryption policies > f2fs: add support for IV_INO_LBLK_64 encryption policies > > Documentation/filesystems/fscrypt.rst | 63 +++++++++++++++++---------- > fs/crypto/crypto.c | 10 ++++- > fs/crypto/fscrypt_private.h | 16 +++++-- > fs/crypto/keyring.c | 6 ++- > fs/crypto/keysetup.c | 45 ++++++++++++++----- > fs/crypto/policy.c | 41 ++++++++++++++++- > fs/ext4/ext4.h | 2 + > fs/ext4/super.c | 14 ++++++ > fs/f2fs/super.c | 26 ++++++++--- > include/linux/fscrypt.h | 3 ++ > include/uapi/linux/fscrypt.h | 3 +- > 11 files changed, 182 insertions(+), 47 deletions(-) > > -- Applied to fscrypt.git#master for 5.5. - Eric