From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755867AbcEEDU1 (ORCPT <rfc822;w@1wt.eu>);
	Wed, 4 May 2016 23:20:27 -0400
Received: from imap.thunk.org ([74.207.234.97]:48280 "EHLO imap.thunk.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1755160AbcEEDU0 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Wed, 4 May 2016 23:20:26 -0400
Date: Wed, 4 May 2016 23:20:22 -0400
From: "Theodore Ts'o" <tytso@mit.edu>
To: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
        linux-ext4@vger.kernel.org
Subject: Re: [PATCH] ext4 crypto: migrate into vfs's crypto engine
Message-ID: <20160505032022.GC10776@thunk.org>
Mail-Followup-To: Theodore Ts'o <tytso@mit.edu>,
	Jaegeuk Kim <jaegeuk@kernel.org>, linux-kernel@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org
References: <1461629736-16523-1-git-send-email-jaegeuk@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1461629736-16523-1-git-send-email-jaegeuk@kernel.org>
User-Agent: Mutt/1.6.0 (2016-04-01)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Apr 25, 2016 at 05:15:36PM -0700, Jaegeuk Kim wrote:
> This patch removes the most parts of internal crypto codes.
> And then, it modifies and adds some ext4-specific crypt codes to use the generic
> facility.
> 
> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

So I just tried this patch, and one big problem with it is that it
breaks backwards compatibility with existing userspace code, which
assumes that the name of the keys are prefixed with "ext4:".  I see
that in fs/crypto.h you've changed it to be "fscrypto:".  Which is
more general, perhaps, but the problem is that it's not what the
existing shipping code (for example, in the Android N preview release)
and what e2fsprogs's e4crypto is using.

If we want to use fscrypto: as a more general prefix, I could see
doing that, but we need to provide for backwards compatibility ---
which means that at least for ext4, we will need to look for keys
using both the new and old prefix, and we would also want change
e4crypto to set keys with both the "ext4" and the more general
"fscrypto" prefix.

Cheers,

					- Ted