lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <99BE7D1C-67E3-4F74-BB05-3EA772B7C363@dilger.ca>
Date:	Sun, 25 Jan 2015 16:03:25 -0800
From:	Andreas Dilger <adilger@...ger.ca>
To:	Theodore Ts'o <tytso@....edu>
Cc:	Ext4 Developers List <linux-ext4@...r.kernel.org>,
	"mhalcrow@...gle.com" <mhalcrow@...gle.com>,
	"savagaon@...gle.com" <savagaon@...gle.com>,
	"muslukhovi@...il.com" <muslukhovi@...il.com>
Subject: Re: [PATCH] ext4: reserve codepoints used by the ext4 encryption feature

Is one of the encryption types able to be hardware accelerated by
newer CPUs, as we do for CRC32c?  My recollection is that AES-NI
can be hardware accelerated, but I don't know whether that maps
to the AES-256-{XTS, GCM, CBC} modes that are included with
this patch. It would be worthwhile to confirm this before hard-coding
the supported encryption types in the kernel.

Cheers, Andreas

> On Jan 23, 2015, at 11:36, Theodore Ts'o <tytso@....edu> wrote:
> 
> Signed-off-by: Theodore Ts'o <tytso@....edu>
> ---
> fs/ext4/ext4.h | 17 +++++++++++++----
> 1 file changed, 13 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
> index a75fba6..b7f393d 100644
> --- a/fs/ext4/ext4.h
> +++ b/fs/ext4/ext4.h
> @@ -364,7 +364,8 @@ struct flex_groups {
> #define EXT4_DIRTY_FL            0x00000100
> #define EXT4_COMPRBLK_FL        0x00000200 /* One or more compressed clusters */
> #define EXT4_NOCOMPR_FL            0x00000400 /* Don't compress */
> -#define EXT4_ECOMPR_FL            0x00000800 /* Compression error */
> +    /* nb: was previously EXT2_ECOMPR_FL */
> +#define EXT4_ENCRYPT_FL            0x00000800 /* encrypted file */
> /* End compression flags --- maybe not all used */
> #define EXT4_INDEX_FL            0x00001000 /* hash-indexed directory */
> #define EXT4_IMAGIC_FL            0x00002000 /* AFS directory */
> @@ -421,7 +422,7 @@ enum {
>    EXT4_INODE_DIRTY    = 8,
>    EXT4_INODE_COMPRBLK    = 9,    /* One or more compressed clusters */
>    EXT4_INODE_NOCOMPR    = 10,    /* Don't compress */
> -    EXT4_INODE_ECOMPR    = 11,    /* Compression error */
> +    EXT4_INODE_ENCRYPT    = 11,    /* Compression error */
> /* End compression flags --- maybe not all used */
>    EXT4_INODE_INDEX    = 12,    /* hash-indexed directory */
>    EXT4_INODE_IMAGIC    = 13,    /* AFS directory */
> @@ -466,7 +467,7 @@ static inline void ext4_check_flag_values(void)
>    CHECK_FLAG_VALUE(DIRTY);
>    CHECK_FLAG_VALUE(COMPRBLK);
>    CHECK_FLAG_VALUE(NOCOMPR);
> -    CHECK_FLAG_VALUE(ECOMPR);
> +    CHECK_FLAG_VALUE(ENCRYPT);
>    CHECK_FLAG_VALUE(INDEX);
>    CHECK_FLAG_VALUE(IMAGIC);
>    CHECK_FLAG_VALUE(JOURNAL_DATA);
> @@ -1043,6 +1044,12 @@ extern void ext4_set_bits(void *bm, int cur, int len);
> /* Metadata checksum algorithm codes */
> #define EXT4_CRC32C_CHKSUM        1
> 
> +/* Encryption algorithms */
> +#define EXT4_ENCRYPTION_MODE_INVALID        0
> +#define EXT4_ENCRYPTION_MODE_AES_256_XTS    1
> +#define EXT4_ENCRYPTION_MODE_AES_256_GCM    2
> +#define EXT4_ENCRYPTION_MODE_AES_256_CBC    3
> +
> /*
>  * Structure of the super block
>  */
> @@ -1156,7 +1163,8 @@ struct ext4_super_block {
>    __le32    s_grp_quota_inum;    /* inode for tracking group quota */
>    __le32    s_overhead_clusters;    /* overhead blocks/clusters in fs */
>    __le32    s_backup_bgs[2];    /* groups with sparse_super2 SBs */
> -    __le32    s_reserved[106];    /* Padding to the end of the block */
> +    __u8    s_encrypt_algos[4];    /* Encryption algorithms in use  */
> +    __le32    s_reserved[105];    /* Padding to the end of the block */
>    __le32    s_checksum;        /* crc32c(superblock) */
> };
> 
> @@ -1537,6 +1545,7 @@ static inline void ext4_clear_state_flags(struct ext4_inode_info *ei)
> #define EXT4_FEATURE_INCOMPAT_BG_USE_META_CSUM    0x2000 /* use crc32c for bg */
> #define EXT4_FEATURE_INCOMPAT_LARGEDIR        0x4000 /* >2GB or 3-lvl htree */
> #define EXT4_FEATURE_INCOMPAT_INLINE_DATA    0x8000 /* data in inode */
> +#define EXT4_FEATURE_INCOMPAT_ENCRYPT        0x10000
> 
> #define EXT2_FEATURE_COMPAT_SUPP    EXT4_FEATURE_COMPAT_EXT_ATTR
> #define EXT2_FEATURE_INCOMPAT_SUPP    (EXT4_FEATURE_INCOMPAT_FILETYPE| \
> -- 
> 2.1.0
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ