All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jeff Layton <jlayton@kernel.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org,
	linux-f2fs-devel@lists.sourceforge.net,
	linux-mtd@lists.infradead.org, ceph-devel@vger.kernel.org
Subject: Re: [RFC PATCH 1/8] fscrypt: add fscrypt_prepare_new_inode() and fscrypt_set_context()
Date: Mon, 24 Aug 2020 14:47:07 -0400	[thread overview]
Message-ID: <06a7d9562b84354eb72bd67c9d4b7262dac53457.camel@kernel.org> (raw)
In-Reply-To: <20200824182114.GB1650861@gmail.com>

On Mon, 2020-08-24 at 11:21 -0700, Eric Biggers wrote:
> On Mon, Aug 24, 2020 at 12:48:48PM -0400, Jeff Layton wrote:
> > > +void fscrypt_hash_inode_number(struct fscrypt_info *ci,
> > > +			       const struct fscrypt_master_key *mk)
> > > +{
> > > +	WARN_ON(ci->ci_inode->i_ino == 0);
> > > +	WARN_ON(!mk->mk_ino_hash_key_initialized);
> > > +
> > > +	ci->ci_hashed_ino = (u32)siphash_1u64(ci->ci_inode->i_ino,
> > > +					      &mk->mk_ino_hash_key);
> > 
> > i_ino is an unsigned long. Will this produce a consistent results on
> > arches with 32 and 64 bit long values? I think it'd be nice to ensure
> > that we can access an encrypted directory created on a 32-bit host from
> > (e.g.) a 64-bit host.
> 
> The result is the same regardless of word size and endianness.
> siphash_1u64(v, k) is equivalent to:
> 
> 	__le64 x = cpu_to_le64(v);
> 	siphash(&x, 8, k);
> 

In the case where you have an (on-storage) inode number that is larger
than 2^32, x will almost certainly be different on a 32 vs. 64-bit
wordsize.

On the box with the 32-bit wordsize, you'll end up promoting i_ino to a
64-bit word and the upper 32 bits will be zeroed out. So it seems like
this means that if you're using inline hardware you're going to end up
with a result that won't work correctly across different wordsizes.

Maybe that's ok, but it seems like something that could be handled by
hashing a different value.

> > It may be better to base this on something besides i_ino
> 
> This code that hashes the inode number is only used when userspace used
> FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 for the directory.  IV_INO_LBLK_32 modifies
> the encryption to be optimized for eMMC inline encryption hardware.  For more
> details, see commit e3b1078bedd3 which added this feature.
> 
> We actually could have hashed the file nonce instead of the inode number.  But I
> wanted to make the eMMC-optimized format similar to IV_INO_LBLK_64, which is the
> format optimized for UFS inline encryption hardware.
> 
> Both of these flags have very specific use cases; they make it feasible to use
> inline encryption hardware
> (https://www.kernel.org/doc/html/latest/block/inline-encryption.html)
> that only supports a small number of keyslots and that limits the IV length.
> 
> You don't need to worry about these flags at all for ceph, since there won't be
> any use case to use them on ceph, and ceph won't be declaring support for them.

Ahh, good to know. Thanks!
-- 
Jeff Layton <jlayton@kernel.org>


WARNING: multiple messages have this Message-ID
From: Jeff Layton <jlayton@kernel.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org,
	linux-mtd@lists.infradead.org, ceph-devel@vger.kernel.org,
	linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [f2fs-dev] [RFC PATCH 1/8] fscrypt: add fscrypt_prepare_new_inode() and fscrypt_set_context()
Date: Mon, 24 Aug 2020 14:47:07 -0400	[thread overview]
Message-ID: <06a7d9562b84354eb72bd67c9d4b7262dac53457.camel@kernel.org> (raw)
In-Reply-To: <20200824182114.GB1650861@gmail.com>

On Mon, 2020-08-24 at 11:21 -0700, Eric Biggers wrote:
> On Mon, Aug 24, 2020 at 12:48:48PM -0400, Jeff Layton wrote:
> > > +void fscrypt_hash_inode_number(struct fscrypt_info *ci,
> > > +			       const struct fscrypt_master_key *mk)
> > > +{
> > > +	WARN_ON(ci->ci_inode->i_ino == 0);
> > > +	WARN_ON(!mk->mk_ino_hash_key_initialized);
> > > +
> > > +	ci->ci_hashed_ino = (u32)siphash_1u64(ci->ci_inode->i_ino,
> > > +					      &mk->mk_ino_hash_key);
> > 
> > i_ino is an unsigned long. Will this produce a consistent results on
> > arches with 32 and 64 bit long values? I think it'd be nice to ensure
> > that we can access an encrypted directory created on a 32-bit host from
> > (e.g.) a 64-bit host.
> 
> The result is the same regardless of word size and endianness.
> siphash_1u64(v, k) is equivalent to:
> 
> 	__le64 x = cpu_to_le64(v);
> 	siphash(&x, 8, k);
> 

In the case where you have an (on-storage) inode number that is larger
than 2^32, x will almost certainly be different on a 32 vs. 64-bit
wordsize.

On the box with the 32-bit wordsize, you'll end up promoting i_ino to a
64-bit word and the upper 32 bits will be zeroed out. So it seems like
this means that if you're using inline hardware you're going to end up
with a result that won't work correctly across different wordsizes.

Maybe that's ok, but it seems like something that could be handled by
hashing a different value.

> > It may be better to base this on something besides i_ino
> 
> This code that hashes the inode number is only used when userspace used
> FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 for the directory.  IV_INO_LBLK_32 modifies
> the encryption to be optimized for eMMC inline encryption hardware.  For more
> details, see commit e3b1078bedd3 which added this feature.
> 
> We actually could have hashed the file nonce instead of the inode number.  But I
> wanted to make the eMMC-optimized format similar to IV_INO_LBLK_64, which is the
> format optimized for UFS inline encryption hardware.
> 
> Both of these flags have very specific use cases; they make it feasible to use
> inline encryption hardware
> (https://www.kernel.org/doc/html/latest/block/inline-encryption.html)
> that only supports a small number of keyslots and that limits the IV length.
> 
> You don't need to worry about these flags at all for ceph, since there won't be
> any use case to use them on ceph, and ceph won't be declaring support for them.

Ahh, good to know. Thanks!
-- 
Jeff Layton <jlayton@kernel.org>



_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

WARNING: multiple messages have this Message-ID
From: Jeff Layton <jlayton@kernel.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org,
	linux-mtd@lists.infradead.org, ceph-devel@vger.kernel.org,
	linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [RFC PATCH 1/8] fscrypt: add fscrypt_prepare_new_inode() and fscrypt_set_context()
Date: Mon, 24 Aug 2020 14:47:07 -0400	[thread overview]
Message-ID: <06a7d9562b84354eb72bd67c9d4b7262dac53457.camel@kernel.org> (raw)
In-Reply-To: <20200824182114.GB1650861@gmail.com>

On Mon, 2020-08-24 at 11:21 -0700, Eric Biggers wrote:
> On Mon, Aug 24, 2020 at 12:48:48PM -0400, Jeff Layton wrote:
> > > +void fscrypt_hash_inode_number(struct fscrypt_info *ci,
> > > +			       const struct fscrypt_master_key *mk)
> > > +{
> > > +	WARN_ON(ci->ci_inode->i_ino == 0);
> > > +	WARN_ON(!mk->mk_ino_hash_key_initialized);
> > > +
> > > +	ci->ci_hashed_ino = (u32)siphash_1u64(ci->ci_inode->i_ino,
> > > +					      &mk->mk_ino_hash_key);
> > 
> > i_ino is an unsigned long. Will this produce a consistent results on
> > arches with 32 and 64 bit long values? I think it'd be nice to ensure
> > that we can access an encrypted directory created on a 32-bit host from
> > (e.g.) a 64-bit host.
> 
> The result is the same regardless of word size and endianness.
> siphash_1u64(v, k) is equivalent to:
> 
> 	__le64 x = cpu_to_le64(v);
> 	siphash(&x, 8, k);
> 

In the case where you have an (on-storage) inode number that is larger
than 2^32, x will almost certainly be different on a 32 vs. 64-bit
wordsize.

On the box with the 32-bit wordsize, you'll end up promoting i_ino to a
64-bit word and the upper 32 bits will be zeroed out. So it seems like
this means that if you're using inline hardware you're going to end up
with a result that won't work correctly across different wordsizes.

Maybe that's ok, but it seems like something that could be handled by
hashing a different value.

> > It may be better to base this on something besides i_ino
> 
> This code that hashes the inode number is only used when userspace used
> FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 for the directory.  IV_INO_LBLK_32 modifies
> the encryption to be optimized for eMMC inline encryption hardware.  For more
> details, see commit e3b1078bedd3 which added this feature.
> 
> We actually could have hashed the file nonce instead of the inode number.  But I
> wanted to make the eMMC-optimized format similar to IV_INO_LBLK_64, which is the
> format optimized for UFS inline encryption hardware.
> 
> Both of these flags have very specific use cases; they make it feasible to use
> inline encryption hardware
> (https://www.kernel.org/doc/html/latest/block/inline-encryption.html)
> that only supports a small number of keyslots and that limits the IV length.
> 
> You don't need to worry about these flags at all for ceph, since there won't be
> any use case to use them on ceph, and ceph won't be declaring support for them.

Ahh, good to know. Thanks!
-- 
Jeff Layton <jlayton@kernel.org>


______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/

  reply	other threads:[~2020-08-24 18:47 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-24  6:17 [RFC PATCH 0/8] fscrypt: avoid GFP_NOFS-unsafe key setup during transaction Eric Biggers
2020-08-24  6:17 ` Eric Biggers
2020-08-24  6:17 ` [f2fs-dev] " Eric Biggers
2020-08-24  6:17 ` [RFC PATCH 1/8] fscrypt: add fscrypt_prepare_new_inode() and fscrypt_set_context() Eric Biggers
2020-08-24  6:17   ` Eric Biggers
2020-08-24  6:17   ` [f2fs-dev] " Eric Biggers
2020-08-24 16:48   ` Jeff Layton
2020-08-24 16:48     ` Jeff Layton
2020-08-24 16:48     ` [f2fs-dev] " Jeff Layton
2020-08-24 18:21     ` Eric Biggers
2020-08-24 18:21       ` Eric Biggers
2020-08-24 18:21       ` [f2fs-dev] " Eric Biggers
2020-08-24 18:47       ` Jeff Layton [this message]
2020-08-24 18:47         ` Jeff Layton
2020-08-24 18:47         ` [f2fs-dev] " Jeff Layton
2020-08-24 19:02         ` Eric Biggers
2020-08-24 19:02           ` Eric Biggers
2020-08-24 19:02           ` [f2fs-dev] " Eric Biggers
2020-08-24 19:42           ` Jeff Layton
2020-08-24 19:42             ` Jeff Layton
2020-08-24 19:42             ` [f2fs-dev] " Jeff Layton
2020-08-24 20:49             ` Eric Biggers
2020-08-24 20:49               ` Eric Biggers
2020-08-24 20:49               ` [f2fs-dev] " Eric Biggers
2020-08-24  6:17 ` [RFC PATCH 2/8] ext4: factor out ext4_xattr_credits_for_new_inode() Eric Biggers
2020-08-24  6:17   ` Eric Biggers
2020-08-24  6:17   ` [f2fs-dev] " Eric Biggers
2020-08-24  6:17 ` [RFC PATCH 3/8] ext4: remove some #ifdefs in ext4_xattr_credits_for_new_inode() Eric Biggers
2020-08-24  6:17   ` Eric Biggers
2020-08-24  6:17   ` [f2fs-dev] " Eric Biggers
2020-08-24  6:17 ` [RFC PATCH 4/8] ext4: use fscrypt_prepare_new_inode() and fscrypt_set_context() Eric Biggers
2020-08-24  6:17   ` Eric Biggers
2020-08-24  6:17   ` [f2fs-dev] " Eric Biggers
2020-08-24  6:17 ` [RFC PATCH 5/8] f2fs: " Eric Biggers
2020-08-24  6:17   ` Eric Biggers
2020-08-24  6:17   ` [f2fs-dev] " Eric Biggers
2020-08-24  6:17 ` [RFC PATCH 6/8] ubifs: " Eric Biggers
2020-08-24  6:17   ` Eric Biggers
2020-08-24  6:17   ` [f2fs-dev] " Eric Biggers
2020-08-24  6:17 ` [RFC PATCH 7/8] fscrypt: remove fscrypt_inherit_context() Eric Biggers
2020-08-24  6:17   ` Eric Biggers
2020-08-24  6:17   ` [f2fs-dev] " Eric Biggers
2020-08-24  6:17 ` [RFC PATCH 8/8] fscrypt: stop pretending that key setup is nofs-safe Eric Biggers
2020-08-24  6:17   ` Eric Biggers
2020-08-24  6:17   ` [f2fs-dev] " Eric Biggers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=06a7d9562b84354eb72bd67c9d4b7262dac53457.camel@kernel.org \
    --to=jlayton@kernel.org \
    --cc=ceph-devel@vger.kernel.org \
    --cc=ebiggers@kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-f2fs-devel@lists.sourceforge.net \
    --cc=linux-fscrypt@vger.kernel.org \
    --cc=linux-mtd@lists.infradead.org \
    --subject='Re: [RFC PATCH 1/8] fscrypt: add fscrypt_prepare_new_inode() and fscrypt_set_context()' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.