From patchwork Fri Apr 1 10:45:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Luis Henriques X-Patchwork-Id: 12798137 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E890C433EF for ; Fri, 1 Apr 2022 10:45:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345153AbiDAKr3 (ORCPT ); Fri, 1 Apr 2022 06:47:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46356 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345144AbiDAKrZ (ORCPT ); Fri, 1 Apr 2022 06:47:25 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B48171D7D80; Fri, 1 Apr 2022 03:45:33 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 310BD21A97; Fri, 1 Apr 2022 10:45:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1648809932; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dSa6lUbtlcUWa6YkCzcLLpuhGobQruaSMXkd+E+FfX8=; b=wzW0FkeJy4LLBnuR5qiaUv5f+2z0Xb1bnXDSec9Tdr3rQmjN7SfqJpM+h5QfN0ca18SaN3 NZZbfBCpiipaJQ3MrdziG1zcxEQPRDoKUgdwIdfFR5DWUowwi71ufryGZTrmHyVR13rNiy FuKZnxUxJBYdKPUEc8xjIW9htjy8eug= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1648809932; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dSa6lUbtlcUWa6YkCzcLLpuhGobQruaSMXkd+E+FfX8=; b=GVNnqhiIgeX/LjcTY/1DAxcy0bKPXoRHAnOSRCTV+fu5zhEubdGHwWIL4kK968on6C58N2 IoSjJtU6l25JWuCw== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id BF788132C1; Fri, 1 Apr 2022 10:45:31 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id PBnJK8vXRmJeAwAAMHmgww (envelope-from ); Fri, 01 Apr 2022 10:45:31 +0000 Received: from localhost (brahms.olymp [local]) by brahms.olymp (OpenSMTPD) with ESMTPA id 89546f7b; Fri, 1 Apr 2022 10:45:54 +0000 (UTC) From: =?utf-8?q?Lu=C3=ADs_Henriques?= To: Eric Biggers , Jeff Layton Cc: ceph-devel@vger.kernel.org, fstests@vger.kernel.org, =?utf-8?q?Lu=C3=ADs?= =?utf-8?q?_Henriques?= Subject: [PATCH] common/encrypt: allow the use of 'fscrypt:' as key prefix Date: Fri, 1 Apr 2022 11:45:53 +0100 Message-Id: <20220401104553.32036-1-lhenriques@suse.de> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org fscrypt keys have used the $FSTYP as prefix. However this format is being deprecated -- newer kernels already allow the usage of the generic 'fscrypt:' prefix for ext4 and f2fs. This patch allows the usage of this new prefix for testing filesystems that have never supported the old format, but keeping the $FSTYP prefix for filesystems that support it, so that old kernels can be tested. Signed-off-by: Luís Henriques Reviewed-by: Jeff Layton --- common/encrypt | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/common/encrypt b/common/encrypt index f90c4ef05a3f..897c97e0f6fa 100644 --- a/common/encrypt +++ b/common/encrypt @@ -250,6 +250,27 @@ _num_to_hex() fi } +# Keys are named $FSTYP:KEYDESC where KEYDESC is the 16-character key descriptor +# hex string. Newer kernels (ext4 4.8 and later, f2fs 4.6 and later) also allow +# the common key prefix "fscrypt:" in addition to their filesystem-specific key +# prefix ("ext4:", "f2fs:"). It would be nice to use the common key prefix, but +# for now use the filesystem- specific prefix for these 2 filesystems to make it +# possible to test older kernels, and the "fscrypt" prefix for anything else. +_get_fs_keyprefix() +{ + local prefix="" + + case $FSTYP in + ext4|f2fs|ubifs) + prefix="$FSTYP" + ;; + *) + prefix="fscrypt" + ;; + esac + echo $prefix +} + # Add the specified raw encryption key to the session keyring, using the # specified key descriptor. _add_session_encryption_key() @@ -268,18 +289,11 @@ _add_session_encryption_key() # }; # # The kernel ignores 'mode' but requires that 'size' be 64. - # - # Keys are named $FSTYP:KEYDESC where KEYDESC is the 16-character key - # descriptor hex string. Newer kernels (ext4 4.8 and later, f2fs 4.6 - # and later) also allow the common key prefix "fscrypt:" in addition to - # their filesystem-specific key prefix ("ext4:", "f2fs:"). It would be - # nice to use the common key prefix, but for now use the filesystem- - # specific prefix to make it possible to test older kernels... - # local mode=$(_num_to_hex 0 4) local size=$(_num_to_hex 64 4) + local prefix=$(_get_fs_keyprefix) echo -n -e "${mode}${raw}${size}" | - $KEYCTL_PROG padd logon $FSTYP:$keydesc @s >>$seqres.full + $KEYCTL_PROG padd logon $prefix:$keydesc @s >>$seqres.full } # @@ -302,7 +316,8 @@ _generate_session_encryption_key() _unlink_session_encryption_key() { local keydesc=$1 - local keyid=$($KEYCTL_PROG search @s logon $FSTYP:$keydesc) + local prefix=$(_get_fs_keyprefix) + local keyid=$($KEYCTL_PROG search @s logon $prefix:$keydesc) $KEYCTL_PROG unlink $keyid >>$seqres.full } @@ -310,7 +325,8 @@ _unlink_session_encryption_key() _revoke_session_encryption_key() { local keydesc=$1 - local keyid=$($KEYCTL_PROG search @s logon $FSTYP:$keydesc) + local prefix=$(_get_fs_keyprefix) + local keyid=$($KEYCTL_PROG search @s logon $prefix:$keydesc) $KEYCTL_PROG revoke $keyid >>$seqres.full }