lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20150518062412.GA21419@jaegeuk-mac02.hsd1.ca.comcast.net>
Date:	Sun, 17 May 2015 23:24:12 -0700
From:	Jaegeuk Kim <jaegeuk@...nel.org>
To:	Tom Marshall <tom@...gn.com>
Cc:	Dave Chinner <david@...morbit.com>, linux-kernel@...r.kernel.org,
	linux-fsdevel@...r.kernel.org,
	linux-f2fs-devel@...ts.sourceforge.net
Subject: Re: [PATCH 03/18] f2fs crypto: declare some definitions for f2fs
 encryption feature

On Fri, May 15, 2015 at 09:47:05PM -0700, Tom Marshall wrote:
> On Fri, May 15, 2015 at 06:14:24PM -0700, Jaegeuk Kim wrote:
> > On Thu, May 14, 2015 at 09:50:44AM -0700, Tom Marshall wrote:
> > > Please keep in mind that I'm also working on transparent
> > > compression.  I'm watching this thread closely so that I can
> > > implement a compression library alongside the crypto library.  If
> > > there is any interest or benefit, I would be glad to work together
> > > so that the two can be done cooperatively at the same time.
> > 
> > I can't imagine quickly how compression code can be shared with crypto.
> > The basic approach for compression would be that X pages can be compressed into
> > small number of pages, Y, which can be a X to Y mapping.
> > But, this per-file encryption supports only 1 to 1 4KB mapping, so that it could
> > be quite a simple implementation.
> 
> No, I don't intend to share actual code with crypto -- at least not much. 
> I'm more interested in looking at how the crypto layer is implemented to
> give me clues about how to implement a compression layer.

Ok, I see.

Currently, I've been writing up fs/crypto having shared crypto codes between
ext4 and f2fs; I refactored existing codes a little bit though.

I'm approaching to introduce a fscypt_operations for each filesystems like this.

struct fscrypt_operations {
	int (*get_context)(struct inode *, void *, size_t, void *);
	int (*set_context)(struct inode *, const void *, size_t, int, void *);
	int (*prepare_new_context)(struct inode *);
	bool (*is_encrypted)(struct inode *);
	bool (*empty_dir)(struct inode *);
	unsigned (*max_namelen)(struct inode *);
};

And, the following two basic functions will be used by filesystems:
fscrypt_encrypt_page() and fscrypt_decrypt_page().

> 
> > Could you elaborate on your approach or design? Or, codes?
> > Whatever, IMO, it needs to implement it by any filesystem first.
> 
> I don't really have any working code yet.  I will probably get to that in
> the coming few weeks.  Right now I'm still working with the ugly VFS
> stacking implementation that I posted initially.
> 
> The thing that I have done is dismissed the standard compression framing
> formats.
> 
> zlib (and gzip) are designed for streaming and it is quite difficult to
> implement random access on it.  See the example code in the zlib source,
> zran.c.  It's not really tenable because 32kb of prior data is required to
> be kept as priming information.  Even doing fully encapsulated blocks with
> Z_FINISH, there is still no way to skip over data without decompressing it
> first to build an index.
> 
> lz4 is somewhat better in that blocks are self contained.  But block lengths
> must be read sequentially.  This means that reading an arbitrary position in
> a file requires a proportional number of reads to find the desired block.
> 
> So, I am working with a simple framing format that I threw together.  The
> header has a compression method (zlib or lz4), block size, original input
> size, and a block map.

Thank you for sharing the approach, and it makes sense to improve random
read performance.

Thanks,
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ