lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 23 Jul 2022 20:53:45 -0400
From:   Sweet Tea Dorminy <sweettea-kernel@...miny.me>
To:     Chris Mason <clm@...com>, Josef Bacik <josef@...icpanda.com>,
        David Sterba <dsterba@...e.com>, linux-btrfs@...r.kernel.org,
        linux-kernel@...r.kernel.org, osandov@...ndov.com,
        kernel-team@...com
Cc:     Sweet Tea Dorminy <sweettea-kernel@...miny.me>
Subject: [PATCH RFC v2 00/16] btrfs: add fscrypt integration

This is a draft set of changes adding fscrypt integration to btrfs.

Last October, Omar sent out a design document for having fscrypt
integration with btrfs [1]. In summary, it proposes btrfs storing its
own encryption IVs on a per-file-extent basis. fscrypt usually encrypts
files using an IV derived from per-inode information; this would prevent
snapshotting or reflinking or data relocation for btrfs, but by using an
IV associated with each file extent, all the inodes sharing a particular
key and file extent may decrypt successfully.

This series starts implementing it on the kernel side for the simple
case, non-compressed data extents. My goal in sending out this RFC is to
get feedback on whether these are going in a reasonable direction; while
there are a couple of additional parts, they're fundamentally minor
compared to this.

Not included are a couple of minor changes to btrfs-progs; additionally,
none of the fscrypt tool changes needed to use the new encryption policy
are included. Obviously, additional fstests will be needed. Also not yet
included are encryption for inline data extents, verity items, and
compressed data.

[1]
https://lore.kernel.org/linux-btrfs/YXGyq+buM79A1S0L@relinquished.localdomain/

Changelog:

v2: 
 - Fixed all warnings and known incorrectnesses.
 - Split fscrypt changes into their own patchset:
    https://lore.kernel.org/linux-fscrypt/cover.1658623235.git.sweettea-kernel@dorminy.me
 - Combined and reordered changes so that enabling fscrypt is the last change.
 - Removed unnecessary factoring.
 - Split a cleanup change off.

v1:
 - https://lore.kernel.org/linux-btrfs/cover.1657707686.git.sweettea-kernel@dorminy.me

Omar Sandoval (13):
  btrfs: store directories' encryption state
  btrfs: factor a fscrypt_name matching method
  btrfs: disable various operations on encrypted inodes
  btrfs: add fscrypt operation table to superblock
  btrfs: start using fscrypt hooks.
  btrfs: add a subvolume flag for whole-volume encryption
  btrfs: translate btrfs encryption flags and encrypted inode flag.
  btrfs: store an IV per encrypted normal file extent
  btrfs: Add new FEATURE_INCOMPAT_FSCRYPT feature flag.
  btrfs: reuse encrypted filename hash when possible.
  btrfs: adapt directory read and lookup to potentially encrypted
    filenames
  btrfs: encrypt normal file extent data if appropriate
  btrfs: implement fscrypt ioctls

Sweet Tea Dorminy (3):
  btrfs: use fscrypt_name's instead of name/len everywhere.
  btrfs: setup fscrypt_names from dentrys using helper
  btrfs: add iv generation function for fscrypt

 fs/btrfs/Makefile               |   1 +
 fs/btrfs/btrfs_inode.h          |   3 +
 fs/btrfs/ctree.h                | 113 +++++--
 fs/btrfs/delayed-inode.c        |  48 ++-
 fs/btrfs/delayed-inode.h        |   9 +-
 fs/btrfs/dir-item.c             | 120 ++++---
 fs/btrfs/extent_io.c            |  93 +++++-
 fs/btrfs/extent_io.h            |   2 +
 fs/btrfs/extent_map.h           |   8 +
 fs/btrfs/file-item.c            |  20 +-
 fs/btrfs/file.c                 |  11 +-
 fs/btrfs/fscrypt.c              | 224 +++++++++++++
 fs/btrfs/fscrypt.h              |  49 +++
 fs/btrfs/inode-item.c           |  84 ++---
 fs/btrfs/inode-item.h           |  14 +-
 fs/btrfs/inode.c                | 547 ++++++++++++++++++++++++--------
 fs/btrfs/ioctl.c                |  80 ++++-
 fs/btrfs/ordered-data.c         |  12 +-
 fs/btrfs/ordered-data.h         |   3 +-
 fs/btrfs/print-tree.c           |   4 +-
 fs/btrfs/props.c                |  11 +-
 fs/btrfs/reflink.c              |   8 +
 fs/btrfs/root-tree.c            |  20 +-
 fs/btrfs/send.c                 | 141 ++++----
 fs/btrfs/super.c                |   8 +-
 fs/btrfs/transaction.c          |  43 ++-
 fs/btrfs/tree-checker.c         |  56 +++-
 fs/btrfs/tree-log.c             | 261 ++++++++-------
 fs/btrfs/tree-log.h             |   4 +-
 fs/btrfs/xattr.c                |  21 +-
 include/uapi/linux/btrfs.h      |   1 +
 include/uapi/linux/btrfs_tree.h |  26 ++
 32 files changed, 1525 insertions(+), 520 deletions(-)
 create mode 100644 fs/btrfs/fscrypt.c
 create mode 100644 fs/btrfs/fscrypt.h

-- 
2.35.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ