From patchwork Thu Jun 29 22:17:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 13297381 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF42DFBF1 for ; Thu, 29 Jun 2023 22:25:33 +0000 (UTC) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id AF020806B2; Thu, 29 Jun 2023 18:17:33 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1688077054; bh=fo8nuHTnikqI5Ttd77O8Z9DRDF+muN6DTBAVCB+dUP8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=be3WKVnzExiRxmu+ntfmhVSDIkptO2PU7CpXLnKv6WKzGimtbN4RKs818GxQpwdTo aMAD6SpHV29fM3VkBPH4A5IaxjDW/JmPCJ+TuS6hhfcrMk85w1X6fAOdyVsd+uwp/m MLUiJcvQH9EcDDnt1MbgcqOwshu9bavD/4x4CFjZ9ervKamR5iZasAXJfq4ewrBHR2 pwhoPeh3MSqKVkm/1bHxL5MN4fmuxjgFsWHrcw3nbEGnPospbCeXd+gdoJNILPxJl/ B0H/3xYqf3JS+8b9fBz22ojgJ8WTHCd6LkpQiNkV+5UHcHsX4qcRMt59BvmcRpBcMd rklNGwqi4vXTQ== From: Sweet Tea Dorminy To: linux-btrfs@vger.kernel.org, fstests@vger.kernel.org, kernel-team@meta.com, ebiggers@google.com, anand.jain@oracle.com, fdmanana@suse.com, linux-fscrypt@vger.kernel.org, fsverity@lists.linux.dev, zlang@kernel.org Cc: Sweet Tea Dorminy Subject: [RFC PATCH 1/8] common/encrypt: separate data and inode nonces Date: Thu, 29 Jun 2023 18:17:16 -0400 Message-Id: In-Reply-To: References: Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 btrfs will have different inode and data nonces, so we need to be specific about which nonce each use needs. For now, there is no difference in the two functions. Signed-off-by: Sweet Tea Dorminy --- common/encrypt | 33 ++++++++++++++++++++++++++------- tests/generic/613 | 4 ++-- 2 files changed, 28 insertions(+), 9 deletions(-) diff --git a/common/encrypt b/common/encrypt index 1a77e23b..04b6e5ac 100644 --- a/common/encrypt +++ b/common/encrypt @@ -488,7 +488,7 @@ _add_fscrypt_provisioning_key() # Retrieve the encryption nonce of the given inode as a hex string. The nonce # was randomly generated by the filesystem and isn't exposed directly to # userspace. But it can be read using the filesystem's debugging tools. -_get_encryption_nonce() +_get_encryption_file_nonce() { local device=$1 local inode=$2 @@ -532,15 +532,34 @@ _get_encryption_nonce() }' ;; *) - _fail "_get_encryption_nonce() isn't implemented on $FSTYP" + _fail "_get_encryption_file_nonce() isn't implemented on $FSTYP" ;; esac } -# Require support for _get_encryption_nonce() +# Retrieve the encryption nonce used to encrypt the data of the given inode as +# a hex string. The nonce was randomly generated by the filesystem and isn't +# exposed directly to userspace. But it can be read using the filesystem's +# debugging tools. +_get_encryption_data_nonce() +{ + local device=$1 + local inode=$2 + + case $FSTYP in + ext4|f2fs) + _get_encryption_file_nonce $device $inode + ;; + *) + _fail "_get_encryption_data_nonce() isn't implemented on $FSTYP" + ;; + esac +} + +# Require support for _get_encryption_*nonce() _require_get_encryption_nonce_support() { - echo "Checking for _get_encryption_nonce() support for $FSTYP" >> $seqres.full + echo "Checking for _get_encryption_*nonce() support for $FSTYP" >> $seqres.full case $FSTYP in ext4) _require_command "$DEBUGFS_PROG" debugfs @@ -554,7 +573,7 @@ _require_get_encryption_nonce_support() # the test fail in that case, as it was an f2fs-tools bug... ;; *) - _notrun "_get_encryption_nonce() isn't implemented on $FSTYP" + _notrun "_get_encryption_*nonce() isn't implemented on $FSTYP" ;; esac } @@ -760,7 +779,7 @@ _do_verify_ciphertext_for_encryption_policy() echo "Verifying encrypted file contents" >> $seqres.full for f in "${test_contents_files[@]}"; do read -r src inode blocklist <<< "$f" - nonce=$(_get_encryption_nonce $SCRATCH_DEV $inode) + nonce=$(_get_encryption_data_nonce $SCRATCH_DEV $inode) _dump_ciphertext_blocks $SCRATCH_DEV $blocklist > $tmp.actual_contents $crypt_contents_cmd $contents_encryption_mode $raw_key_hex \ --file-nonce=$nonce --block-size=$blocksize \ @@ -780,7 +799,7 @@ _do_verify_ciphertext_for_encryption_policy() echo "Verifying encrypted file names" >> $seqres.full for f in "${test_filenames_files[@]}"; do read -r name inode dir_inode padding <<< "$f" - nonce=$(_get_encryption_nonce $SCRATCH_DEV $dir_inode) + nonce=$(_get_encryption_file_nonce $SCRATCH_DEV $dir_inode) _get_ciphertext_filename $SCRATCH_DEV $inode $dir_inode \ > $tmp.actual_name echo -n "$name" | \ diff --git a/tests/generic/613 b/tests/generic/613 index 4cf5ccc6..47c60e9c 100755 --- a/tests/generic/613 +++ b/tests/generic/613 @@ -68,10 +68,10 @@ echo -e "\n# Getting encryption nonces from inodes" echo -n > $tmp.nonces_hex echo -n > $tmp.nonces_bin for inode in "${inodes[@]}"; do - nonce=$(_get_encryption_nonce $SCRATCH_DEV $inode) + nonce=$(_get_encryption_data_nonce $SCRATCH_DEV $inode) if (( ${#nonce} != 32 )) || [ -n "$(echo "$nonce" | tr -d 0-9a-fA-F)" ] then - _fail "Expected nonce to be 16 bytes (32 hex characters), but got \"$nonce\"" + _fail "Expected nonce for inode $inode to be 16 bytes (32 hex characters), but got \"$nonce\"" fi echo $nonce >> $tmp.nonces_hex echo -ne "$(echo $nonce | sed 's/[0-9a-fA-F]\{2\}/\\x\0/g')" \ From patchwork Thu Jun 29 22:17:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 13297383 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C49E9101C4 for ; Thu, 29 Jun 2023 22:25:33 +0000 (UTC) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 255AA80763; Thu, 29 Jun 2023 18:17:35 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1688077055; bh=iI6ZwOHoI19L/nPNrvE1QEJ+K/w9Ln/uTFXd1qMKHMU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WNM6kWJifTF48FQh3o/mrl1k7QKsexucF421VvDsScGTshKAWOF2C+DiMQSTv5eyS HNylriLCAlJ2C4pTJoC5vh/c0V2W/3bFK58Ndcp1dypmqhB3dxPZRtP8a0uU3q1axg SORnAH44U4nW6TG75yDAm3217DJr32shNcPzPxH2tRYo5NXL12CHx//gljW1D89VLz rIXaxdcLIphM9b+3ZVQJopB/nTRyo0i70mPCIEfOeef5zrEb6fhGzUtFYid//TyHE+ cXX//Tamw9CHjFnQgT1enfaNYgGyZrmldro+2IjxpM8DbZf6/BYgzMMLW2LmJ+qXcm VbnJsNQaYmNGw== From: Sweet Tea Dorminy To: linux-btrfs@vger.kernel.org, fstests@vger.kernel.org, kernel-team@meta.com, ebiggers@google.com, anand.jain@oracle.com, fdmanana@suse.com, linux-fscrypt@vger.kernel.org, fsverity@lists.linux.dev, zlang@kernel.org Cc: Sweet Tea Dorminy Subject: [RFC PATCH 2/8] common/encrypt: add btrfs to get_encryption_*nonce Date: Thu, 29 Jun 2023 18:17:17 -0400 Message-Id: In-Reply-To: References: Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add the modes of getting the encryption nonces, either inode or extent, to the various get_encryption_nonce functions. For now, no encrypt test makes a file with more than one extent, so we can just grab the first extent's nonce for the data nonce; when we write a bigger file test, we'll need to change that. Signed-off-by: Sweet Tea Dorminy --- common/encrypt | 31 +++++++++++++++++++++++++++++++ tests/generic/613 | 4 ++++ 2 files changed, 35 insertions(+) diff --git a/common/encrypt b/common/encrypt index 04b6e5ac..fc1c8cc7 100644 --- a/common/encrypt +++ b/common/encrypt @@ -531,6 +531,17 @@ _get_encryption_file_nonce() found = 0; }' ;; + btrfs) + # Retrieve the fscrypt context for an inode as a hex string. + # btrfs prints these like: + # item 14 key ($inode FSCRYPT_CTXT_ITEM 0) itemoff 15491 itemsize 40 + # value: 02010400000000008fabf3dd745d41856e812458cd765bf0140f41d62853f4c0351837daff4dcc8f + + $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \ + grep -A 1 "key ($inode FSCRYPT_CTXT_ITEM 0)" | \ + grep --only-matching 'value: [[:xdigit:]]\+' | \ + tr -d ' \n' | tail -c 32 + ;; *) _fail "_get_encryption_file_nonce() isn't implemented on $FSTYP" ;; @@ -550,6 +561,23 @@ _get_encryption_data_nonce() ext4|f2fs) _get_encryption_file_nonce $device $inode ;; + btrfs) + # Retrieve the encryption IV of the first file extent in an inode as a hex + # string. btrfs prints the file extents (for simple unshared + # inodes) like: + # item 21 key ($inode EXTENT_DATA 0) itemoff 2534 itemsize 69 + # generation 7 type 1 (regular) + # extent data disk byte 5304320 nr 1048576 + # extent data offset 0 nr 1048576 ram 1048576 + # extent compression 0 (none) + # extent encryption 161 ((1, 40: context 0201040200000000116a77667261d7422a4b1ed8c427e685edb7a0d370d0c9d40030333033333330)) + + + $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \ + grep -A 5 "key ($inode EXTENT_DATA 0)" | \ + grep --only-matching 'context [[:xdigit:]]\+' | \ + tr -d ' \n' | tail -c 32 + ;; *) _fail "_get_encryption_data_nonce() isn't implemented on $FSTYP" ;; @@ -572,6 +600,9 @@ _require_get_encryption_nonce_support() # Otherwise the xattr is incorrectly parsed as v1. But just let # the test fail in that case, as it was an f2fs-tools bug... ;; + btrfs) + _require_command "$BTRFS_UTIL_PROG" btrfs + ;; *) _notrun "_get_encryption_*nonce() isn't implemented on $FSTYP" ;; diff --git a/tests/generic/613 b/tests/generic/613 index 47c60e9c..279b1bfb 100755 --- a/tests/generic/613 +++ b/tests/generic/613 @@ -69,6 +69,10 @@ echo -n > $tmp.nonces_hex echo -n > $tmp.nonces_bin for inode in "${inodes[@]}"; do nonce=$(_get_encryption_data_nonce $SCRATCH_DEV $inode) + if [ "$FSTYP" == "btrfs" ] && [ "$nonce" == "" ] + then + nonce=$(_get_encryption_file_nonce $SCRATCH_DEV $inode) + fi if (( ${#nonce} != 32 )) || [ -n "$(echo "$nonce" | tr -d 0-9a-fA-F)" ] then _fail "Expected nonce for inode $inode to be 16 bytes (32 hex characters), but got \"$nonce\"" From patchwork Thu Jun 29 22:17:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 13297382 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CBA76101C6 for ; Thu, 29 Jun 2023 22:25:33 +0000 (UTC) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 85C7080778; Thu, 29 Jun 2023 18:17:36 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1688077057; bh=i0KcUcAyrGMIC1rkAvJHWWPwsKlFh9C7E3KShPZecpQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FmKY/PEVkr8Lggi8AWIn5/LeqkL7CmYkv/qtytB645XYxd279Ow1Pr0ejCMk/Nr2x CMHkVuqCIgdlC3C3lEwYfxpJG9lOnfPJkT8WtT/S83m9qDwbQejl97T/US/UNhoXZu oZApUSt5cvQIujFC1ALCmOqDaie6pF79TWvAfDFFACuk5VgOxD4M1Xi7lNYk3k3QQH XReu0Hw7hinuv1nN3fSVOXs6ivwUFohzdvYAoGysgGpXwsaBhtyICM95NEsAHtuW7k GiybeQBSGMY9QheNzgGlNCMbNPIvUYFB4ocOPB4+imA7s4gGbEHS8UQANqWBRTY41z zgyaLsVPypm2Q== From: Sweet Tea Dorminy To: linux-btrfs@vger.kernel.org, fstests@vger.kernel.org, kernel-team@meta.com, ebiggers@google.com, anand.jain@oracle.com, fdmanana@suse.com, linux-fscrypt@vger.kernel.org, fsverity@lists.linux.dev, zlang@kernel.org Cc: Sweet Tea Dorminy Subject: [RFC PATCH 3/8] common/encrypt: add btrfs to get_ciphertext_filename Date: Thu, 29 Jun 2023 18:17:18 -0400 Message-Id: <023efcfc72f3ebe66ed66513529c207334ab9eea.1688076612.git.sweettea-kernel@dorminy.me> In-Reply-To: References: Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add the relevant call to get an encrypted filename from btrfs. Signed-off-by: Sweet Tea Dorminy --- common/encrypt | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/common/encrypt b/common/encrypt index fc1c8cc7..2c1925da 100644 --- a/common/encrypt +++ b/common/encrypt @@ -618,6 +618,19 @@ _get_ciphertext_filename() local dir_inode=$3 case $FSTYP in + btrfs) + # Extract the filename from the inode_ref object, similar to: + # item 24 key (259 INODE_REF 257) itemoff 14826 itemsize 26 + # index 3 namelen 16 name: J\xf7\x15tD\x8eL\xae/\x98\x9f\x09\xc1\xb6\x09> + # + $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \ + grep -A 1 "key ($inode INODE_REF " | tail -n 1 | \ + perl -ne ' + s/.*?name: //; + chomp; + s/\\x([[:xdigit:]]{2})/chr hex $1/eg; + print;' + ;; ext4) # Extract the filename from the debugfs output line like: # @@ -715,6 +728,9 @@ _require_get_ciphertext_filename_support() _notrun "dump.f2fs (f2fs-tools) is too old; doesn't support showing unambiguous on-disk filenames" fi ;; + btrfs) + _require_command "$BTRFS_UTIL_PROG" btrfs + ;; *) _notrun "_get_ciphertext_filename() isn't implemented on $FSTYP" ;; From patchwork Thu Jun 29 22:17:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 13297347 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 42F5AFBF1 for ; Thu, 29 Jun 2023 22:17:38 +0000 (UTC) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 4858980845; Thu, 29 Jun 2023 18:17:38 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1688077058; bh=Glc1SgrRxVy/DWhD2BYtb2GOsC9vCs2yRmXOeAyo0vc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cj7HBJkkM+s4x6SPaSzMhtnCp95yaZa5mLrhItfZjeLx7m42d3mNpgnY9ZsmhIaIi kUECWxeXBM+lixPEXiNCtqt+5s6Pg3KNMMC65q257zNB4JYgD4kDEOqDDtwjKttv44 8NlY1ZshIy/vUH4MnA7/6Qf+E6iPcrpWem7OHO71bzioai1gkD7QC4ck/j5bSS/Rn0 f6lSnNtvpwkrJSozgLYHc4jFAlowdl3HGXqEUpYaVRWEE1VyIkH2YIo011lNKpdjUf MoHdz7CMvMacnCyxxYaz+eAbatmySR8XWcL3aty6nil9A45DqNVE/fkoggNB2Hhhjx 02R4DDHtLhHxA== From: Sweet Tea Dorminy To: linux-btrfs@vger.kernel.org, fstests@vger.kernel.org, kernel-team@meta.com, ebiggers@google.com, anand.jain@oracle.com, fdmanana@suse.com, linux-fscrypt@vger.kernel.org, fsverity@lists.linux.dev, zlang@kernel.org Cc: Sweet Tea Dorminy Subject: [RFC PATCH 4/8] common/encrypt: enable making a encrypted btrfs filesystem Date: Thu, 29 Jun 2023 18:17:19 -0400 Message-Id: In-Reply-To: References: Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Signed-off-by: Sweet Tea Dorminy --- common/encrypt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/common/encrypt b/common/encrypt index 2c1925da..1372af66 100644 --- a/common/encrypt +++ b/common/encrypt @@ -153,6 +153,9 @@ _scratch_mkfs_encrypted() # erase the UBI volume; reformated automatically on next mount $UBIUPDATEVOL_PROG ${SCRATCH_DEV} -t ;; + btrfs) + _scratch_mkfs + ;; ceph) _scratch_cleanup_files ;; @@ -168,6 +171,9 @@ _scratch_mkfs_sized_encrypted() ext4|f2fs) MKFS_OPTIONS="$MKFS_OPTIONS -O encrypt" _scratch_mkfs_sized $* ;; + btrfs) + _scratch_mkfs_sized $* + ;; *) _notrun "Filesystem $FSTYP not supported in _scratch_mkfs_sized_encrypted" ;; From patchwork Thu Jun 29 22:17:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 13297348 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ECE9BFC1A for ; Thu, 29 Jun 2023 22:17:40 +0000 (UTC) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 0CC9F80914; Thu, 29 Jun 2023 18:17:39 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1688077060; bh=hRco+aZiR6zV/s62lKw1LnEYYKOCoUoqvQXPvj2ZlrQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vuIqxToMglK02MrFL5y+Xub1vxVFFnOM/mHIMHpYxkgQda0MTneevXKyRbPrrDS4N Lz+V+NO8tBpJk+snLq3c7rQWOoWW9mZHaAUE9o4iVOKAjapqucZWzX8DMMCnS5R5vz a5JcLghZjjZeDfaQNkDZRsS0euBp843nKK3Te+5uC3cvHU02FWHD22awLeh5oEILfg vZOerJtCOQDjzzcdRN/6hkpsZGlVK3hRYluryWhrgafYZ2DT74Pz6youFA8cat/QtX aNckrX1erchgaDwp50zVEI0XIdTg5G8T82+3L7iJEamDVSJEAJJcouT+c0iPwDF495 1vTyAvhKEFWRQ== From: Sweet Tea Dorminy To: linux-btrfs@vger.kernel.org, fstests@vger.kernel.org, kernel-team@meta.com, ebiggers@google.com, anand.jain@oracle.com, fdmanana@suse.com, linux-fscrypt@vger.kernel.org, fsverity@lists.linux.dev, zlang@kernel.org Cc: Sweet Tea Dorminy Subject: [RFC PATCH 5/8] generic/613: write some actual data for btrfs Date: Thu, 29 Jun 2023 18:17:20 -0400 Message-Id: <548d104df621ba7532ff1b4ba2076cd3a24a98a0.1688076612.git.sweettea-kernel@dorminy.me> In-Reply-To: References: Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Currently, the test touches a file and assumes that that is sufficient to generate a new nonce to test for that file. However, btrfs doesn't store an encryption context for a leaf inode, and doesn't store an encryption context for data within a leaf inode until data is actually written. Thus, merely touching the file on btrfs doesn't actually generate a testable nonce. Instead, write a trivial bit of data to each file, which provokes btrfs to generate a encryption context for the data and thus a testable nonce. Signed-off-by: Sweet Tea Dorminy --- tests/generic/613 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/generic/613 b/tests/generic/613 index 279b1bfb..11f28c74 100755 --- a/tests/generic/613 +++ b/tests/generic/613 @@ -53,11 +53,11 @@ for i in {1..50}; do done for i in {1..50}; do file=$SCRATCH_MNT/v1_policy_dir_1/$i - touch $file + echo "0" > $file inodes+=("$(stat -c %i $file)") file=$SCRATCH_MNT/v2_policy_dir_1/$i - touch $file + echo "0" > $file inodes+=("$(stat -c %i $file)") done _scratch_unmount From patchwork Thu Jun 29 22:17:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 13297349 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 074F1FBF1 for ; Thu, 29 Jun 2023 22:17:42 +0000 (UTC) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 57FC180853; Thu, 29 Jun 2023 18:17:41 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1688077061; bh=25iYtADJPd2nrRlUwLh/2stsRklypj/QDkXQHfukXX4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PTwpYiDQL3qwq+UkbDqMfqnKI7TMQYsoLsB86zYkCciyq/Sx9Gij/rTvSEYBQ1sJh vaT04+aVMK/Z860oaSNyJGbSJiJ7zwKsZqQIeH3jHGQkzYYs8wJ1SCkVoEkLH0OaXa Iy+WZ7HuwxpRsW9TAuuGMBLOAqVfEn3tqRSNiEwpSMS51fFYWFnAxTQesMQKB4Oyf2 V/exQx93awiIYA0pwLs8HIrjtlS2I7qXEInU9vPXazY6CyYuviIFXC2HkGVFFuLGv8 XfU+otAtzun72t1sa9XDbIH+73emmT/wEGiR6rXGpnnQcE7Q+3PwLzgGZBOItll1rP y3hclLXeLSb2A== From: Sweet Tea Dorminy To: linux-btrfs@vger.kernel.org, fstests@vger.kernel.org, kernel-team@meta.com, ebiggers@google.com, anand.jain@oracle.com, fdmanana@suse.com, linux-fscrypt@vger.kernel.org, fsverity@lists.linux.dev, zlang@kernel.org Cc: Sweet Tea Dorminy Subject: [RFC PATCH 6/8] tests: adjust encryption tests for extent encryption Date: Thu, 29 Jun 2023 18:17:21 -0400 Message-Id: In-Reply-To: References: Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Extent encryption is different from the existing inode-based encryption insofar as it only generates encryption keys for data encryption at the moment at which the data is written. This means that when a key is removed, even if there's an open file using it, that file immediately becomes unreadable and unwritable. This contradicts the assumptions in three tests. In generic/429, we can issue a sync to push the dirty data to the filesystem before dropping the key. However, generic/580 explicitly wants to write data after dropping the key, and generic/595 wants to intermingle key removals and data writes, which is unpredictable in effect. So just disable those two. Signed-off-by: Sweet Tea Dorminy --- tests/generic/429 | 6 ++++++ tests/generic/580 | 4 ++++ tests/generic/595 | 4 ++++ 3 files changed, 14 insertions(+) diff --git a/tests/generic/429 b/tests/generic/429 index 2cf12316..1d26deda 100755 --- a/tests/generic/429 +++ b/tests/generic/429 @@ -68,6 +68,12 @@ show_directory_with_key() show_file_contents } +# btrfs needs to have dirty data pushed into it before session keyring +# is unlinked, as it doesn't set up the data encryption key until then. +if [ "$FSTYP" = "btrfs" ]; then + sync +fi + # View the directory without the encryption key. The plaintext names shouldn't # exist, but 'cat' each to verify this, which also should create negative # dentries. The no-key names are unpredictable by design, but verify that the diff --git a/tests/generic/580 b/tests/generic/580 index 73f32ff9..abaf8c3e 100755 --- a/tests/generic/580 +++ b/tests/generic/580 @@ -23,6 +23,10 @@ _require_scratch_encryption -v 2 _scratch_mkfs_encrypted &>> $seqres.full _scratch_mount +if [ $FSTYP = "btrfs" ]; then + _notrun "extent encryption locks open files immediately on key removal" +fi + test_with_policy_version() { local vers=$1 diff --git a/tests/generic/595 b/tests/generic/595 index d559e3bb..9040f0c4 100755 --- a/tests/generic/595 +++ b/tests/generic/595 @@ -35,6 +35,10 @@ _require_command "$KEYCTL_PROG" keyctl _scratch_mkfs_encrypted &>> $seqres.full _scratch_mount +if [ $FSTYP = "btrfs" ]; then + _notrun "extent encryption locks open files immediately on key removal" +fi + dir=$SCRATCH_MNT/dir runtime=$((4 * TIME_FACTOR)) From patchwork Thu Jun 29 22:17:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 13297350 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F1A7CFBF1 for ; Thu, 29 Jun 2023 22:17:43 +0000 (UTC) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 418048082B; Thu, 29 Jun 2023 18:17:43 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1688077063; bh=KsB5sQbySYMhE+PMRxhIhPEsjLq+a0xS6NkFqRAT2JM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Gy5MvQKnjArRiu9JZMSBgQ4sQMwGCZFCPvgKafVg/j4tHWSO0NsHfqWmBaZ3g7vyW nmsrXQFocRQuxsc0HACBkI3Jex5sr1r6p0UIocF7tVI6qc6tRGAUjOfSH9OkRN67eS 6WtfKKB7DizkqdJEY+ZLLR4rntD/x8W8/OdBVfN473YfVpVUWvUFoObtinm/5NqOkW hLutD4sWe9P8+PiOJl0MenXVn2KImgLo+JEONzHHKX46KJ1ALtxrdhv3R74f0Esvei ahRajI1yBzjeNwyw4EwRDfWmnuvYRyqD8mFZU3G0hBYJbRAWXIOa53TWQw97whqAPY 61aDrhMsuZ5Eg== From: Sweet Tea Dorminy To: linux-btrfs@vger.kernel.org, fstests@vger.kernel.org, kernel-team@meta.com, ebiggers@google.com, anand.jain@oracle.com, fdmanana@suse.com, linux-fscrypt@vger.kernel.org, fsverity@lists.linux.dev, zlang@kernel.org Cc: Sweet Tea Dorminy Subject: [RFC PATCH 7/8] common/verity: explicitly don't allow btrfs encryption Date: Thu, 29 Jun 2023 18:17:22 -0400 Message-Id: In-Reply-To: References: Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Currently btrfs encryption doesn't support verity, but it is planned to one day. To be explicit about the lack of support, add a custom error message to the combination. Signed-off-by: Sweet Tea Dorminy --- common/verity | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/common/verity b/common/verity index 77c257d3..5002dd71 100644 --- a/common/verity +++ b/common/verity @@ -218,6 +218,10 @@ _scratch_mkfs_encrypted_verity() # features with -O. Instead -O must be supplied multiple times. _scratch_mkfs -O encrypt -O verity ;; + btrfs) + # currently verity + encryption is not supported + _notrun "btrfs doesn't currently support verity + encryption" + ;; *) _notrun "$FSTYP not supported in _scratch_mkfs_encrypted_verity" ;; From patchwork Thu Jun 29 22:17:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 13297351 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9945AFBF1 for ; Thu, 29 Jun 2023 22:17:45 +0000 (UTC) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 067A5809D5; Thu, 29 Jun 2023 18:17:44 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1688077065; bh=s9IkOPswFcoMbSUPlHIx6NlUBPocYX+B+nK2H9PE4AU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MAlqqSWscwBcr8WOLjtTPx1/YFsQfdyqL/1NtKBq/Dj74Zn0WWltXR0T0RaHQbntM zu4mqa3UaFN7Sz2TpJhX5dU4aBOpwuqDdTfKHIHuWXGArhHUvrfhI9tW+Wi3fWXcku wpVIxQyCDbSb6T8AqfzXejfunhVqtS5PjHlZTR234WbI9+sGaCdY16HrEuaH+b5pxJ Vi0SJsdPTIpu9q2OpXtGPYVd5jUK5LulEeAuNQRlLcUo7y57Vsh8Uu+BR5YAhGsD8s gpwD+R/RJK0FmXJfgvgLnGjeBelT2sedNILdkiZf/mv4ik8s8pzyNk3wJ+RaGg13Ww WCLctJLwlM+kg== From: Sweet Tea Dorminy To: linux-btrfs@vger.kernel.org, fstests@vger.kernel.org, kernel-team@meta.com, ebiggers@google.com, anand.jain@oracle.com, fdmanana@suse.com, linux-fscrypt@vger.kernel.org, fsverity@lists.linux.dev, zlang@kernel.org Cc: Sweet Tea Dorminy Subject: [RFC PATCH 8/8] btrfs: add simple test of reflink of encrypted data Date: Thu, 29 Jun 2023 18:17:23 -0400 Message-Id: In-Reply-To: References: Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Make sure that we succeed at reflinking encrypted data. Test deliberately numbered with a high number so it won't conflict with tests between now and merge. --- tests/btrfs/613 | 62 +++++++++++++++++++++++++++++++++++++++++++++ tests/btrfs/613.out | 13 ++++++++++ 2 files changed, 75 insertions(+) create mode 100755 tests/btrfs/613 create mode 100644 tests/btrfs/613.out diff --git a/tests/btrfs/613 b/tests/btrfs/613 new file mode 100755 index 00000000..93c209c4 --- /dev/null +++ b/tests/btrfs/613 @@ -0,0 +1,62 @@ +#! /bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (c) 2023 YOUR NAME HERE. All Rights Reserved. +# +# FS QA Test 613 +# +# Check if reflinking one encrypted file on btrfs succeeds. +# +. ./common/preamble +_begin_fstest auto encrypt + +# Import common functions. +. ./common/encrypt +. ./common/filter +. ./common/reflink + +# real QA test starts here + +# Modify as appropriate. +_supported_fs btrfs + +_require_test +_require_scratch +_require_cp_reflink +_require_scratch_encryption -v 2 +_require_command "$KEYCTL_PROG" keyctl + +_scratch_mkfs_encrypted &>> $seqres.full +_scratch_mount + +dir=$SCRATCH_MNT/dir +mkdir $dir +_set_encpolicy $dir $TEST_KEY_IDENTIFIER +_add_enckey $SCRATCH_MNT "$TEST_RAW_KEY" +echo "Creating and reflinking a file" +$XFS_IO_PROG -t -f -c "pwrite 0 33k" $dir/test > /dev/null +sync +cp --reflink=always $dir/test $dir/test2 +sync + +echo "Can't reflink encrypted and unencrypted" +cp --reflink=always $dir/test $SCRATCH_MNT/fail |& _filter_scratch + +echo "Diffing the file and its copy" +diff $dir/test $dir/test2 + +echo "Verifying the files are reflinked" +_verify_reflink $dir/test $dir/test2 + +echo "Diffing the files after remount" +_scratch_cycle_mount +_add_enckey $SCRATCH_MNT "$TEST_RAW_KEY" +diff $dir/test $dir/test2 + +echo "Diffing the files after key remove" +echo 2 > /proc/sys/vm/drop_caches +_rm_enckey $SCRATCH_MNT $TEST_KEY_IDENTIFIER +diff $dir/test $dir/test2 |& _filter_scratch + +# success, all done +status=0 +exit diff --git a/tests/btrfs/613.out b/tests/btrfs/613.out new file mode 100644 index 00000000..4895d6dd --- /dev/null +++ b/tests/btrfs/613.out @@ -0,0 +1,13 @@ +QA output created by 613 +Added encryption key with identifier 69b2f6edeee720cce0577937eb8a6751 +Creating and reflinking a file +Can't reflink encrypted and unencrypted +cp: failed to clone 'SCRATCH_MNT/fail' from 'SCRATCH_MNT/dir/test': Invalid argument +Diffing the file and its copy +Verifying the files are reflinked +Diffing the files after remount +Added encryption key with identifier 69b2f6edeee720cce0577937eb8a6751 +Diffing the files after key remove +Removed encryption key with identifier 69b2f6edeee720cce0577937eb8a6751 +diff: SCRATCH_MNT/dir/test: No such file or directory +diff: SCRATCH_MNT/dir/test2: No such file or directory