From: Eric Biggers <ebiggers@kernel.org>
To: Satya Tangirala <satyat@google.com>
Cc: Jaegeuk Kim <jaegeuk@kernel.org>,
linux-f2fs-devel@lists.sourceforge.net,
linux-fscrypt@vger.kernel.org
Subject: Re: [PATCH 1/1] f2fs-tools: Introduce metadata encryption support
Date: Wed, 7 Oct 2020 14:52:22 -0700 [thread overview]
Message-ID: <20201007215222.GF1530638@gmail.com> (raw)
In-Reply-To: <20201005074133.1958633-2-satyat@google.com>
On Mon, Oct 05, 2020 at 07:41:33AM +0000, Satya Tangirala wrote:
> diff --git a/lib/Makefile.am b/lib/Makefile.am
> index 871d773..a82d753 100644
> --- a/lib/Makefile.am
> +++ b/lib/Makefile.am
> @@ -2,10 +2,10 @@
>
> lib_LTLIBRARIES = libf2fs.la
>
> -libf2fs_la_SOURCES = libf2fs.c libf2fs_io.c libf2fs_zoned.c nls_utf8.c
> +libf2fs_la_SOURCES = libf2fs.c libf2fs_io.c libf2fs_zoned.c nls_utf8.c f2fs_metadata_crypt.c
> libf2fs_la_CFLAGS = -Wall
> libf2fs_la_CPPFLAGS = -I$(top_srcdir)/include
> -libf2fs_la_LDFLAGS = -version-info $(LIBF2FS_CURRENT):$(LIBF2FS_REVISION):$(LIBF2FS_AGE)
> +libf2fs_la_LDFLAGS = -lkeyutils -version-info $(LIBF2FS_CURRENT):$(LIBF2FS_REVISION):$(LIBF2FS_AGE)
This introduces a dependency on libkeyutils. Doesn't that need to be checked in
configure.ac?
> diff --git a/lib/f2fs_metadata_crypt.c b/lib/f2fs_metadata_crypt.c
> new file mode 100644
> index 0000000..faf399a
> --- /dev/null
> +++ b/lib/f2fs_metadata_crypt.c
> @@ -0,0 +1,226 @@
> +/**
> + * f2fs_metadata_crypt.c
> + *
> + * Copyright (c) 2020 Google LLC
> + *
> + * Dual licensed under the GPL or LGPL version 2 licenses.
> + */
> +#include <string.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <unistd.h>
> +#include <sys/socket.h>
> +#include <linux/if_alg.h>
> +#include <linux/socket.h>
> +#include <assert.h>
> +#include <errno.h>
> +#include <keyutils.h>
> +
> +#include "f2fs_fs.h"
> +#include "f2fs_metadata_crypt.h"
> +
> +extern struct f2fs_configuration c;
> +struct f2fs_crypt_mode {
> + const char *friendly_name;
> + const char *cipher_str;
> + unsigned int keysize;
> + unsigned int ivlen;
> +} f2fs_crypt_modes[] = {
Use 'const' for static or global data that isn't modified.
> +void f2fs_print_crypt_algs(void)
> +{
> + int i;
> +
> + for (i = 1; i <= __FSCRYPT_MODE_MAX; i++) {
> + if (!f2fs_crypt_modes[i].friendly_name)
> + continue;
> + MSG(0, "\t%s\n", f2fs_crypt_modes[i].friendly_name);
> + }
> +}
> +
> +int f2fs_get_crypt_alg(const char *optarg)
> +{
> + int i;
> +
> + for (i = 1; i <= __FSCRYPT_MODE_MAX; i++) {
> + if (f2fs_crypt_modes[i].friendly_name &&
> + !strcmp(f2fs_crypt_modes[i].friendly_name, optarg)) {
> + return i;
> + }
> + }
> +
> + return 0;
> +}
Although __FSCRYPT_MODE_MAX is defined in <linux/fscrypt.h>, it isn't intended
to be used in userspace programs, as its value will change depending on the
version of the kernel headers. Just use ARRAY_SIZE(f2fs_crypt_modes) instead.
> +int f2fs_metadata_crypt_block(void *buf, size_t len, __u64 blk_addr,
> + bool encrypt)
> +{
> + struct f2fs_crypt_mode *crypt_mode;
> + int sockfd, fd;
> + struct sockaddr_alg sa = {
> + .salg_family = AF_ALG,
> + .salg_type = "skcipher",
> + };
> + struct msghdr msg = {};
> + struct cmsghdr *cmsg;
> + char cbuf[CMSG_SPACE(4) + CMSG_SPACE(4 + MAX_IV_LEN)] = {0};
> + int blk_offset;
> + struct af_alg_iv *iv;
> + struct iovec iov;
> + int err;
> +
> + crypt_mode = &f2fs_crypt_modes[c.metadata_crypt_alg];
> + memcpy(sa.salg_name, crypt_mode->cipher_str,
> + strlen(crypt_mode->cipher_str));
> +
> + sockfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
> + if (sockfd < 0)
> + return errno;
This will fail if AF_ALG isn't enabled in the kernel config, or if the process
isn't allowed to use AF_ALG by SELinux policy. Can you show a proper error
message?
> + err = bind(sockfd, (struct sockaddr *)&sa, sizeof(sa));
> + if (err) {
> + MSG(0, "\tCouldn't bind crypto socket. Maybe support for the crypto algorithm isn't enabled?\n");
> + close(sockfd);
> + return errno;
> + }
This will fail if either CRYPTO_USER_API_SKCIPHER isn't enabled in the kernel
config, or if the required crypto algorithm isn't enabled in the kernel config.
Can you show a better error message?
Also, these new kernel config option dependencies should be documented in the
documentation for f2fs-tools.
> + err = setsockopt(sockfd, SOL_ALG, ALG_SET_KEY, c.metadata_crypt_key,
> + crypt_mode->keysize);
> + if (err) {
> + MSG(0, "\tCouldn't set crypto socket options.\n");
> + close(sockfd);
> + return errno;
> + }
> + fd = accept(sockfd, NULL, 0);
> + if (fd < 0)
> + goto err_out;
It's a lot of work to allocate an AF_ALG algorithm socket, set the key, and
allocate a request socket for every block. Can any of this be cached? For
single threaded use, it seems the request socket can be cached; otherwise the
algorithm socket with a key set can be cached.
- Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Satya Tangirala <satyat@google.com>
Cc: Jaegeuk Kim <jaegeuk@kernel.org>,
linux-fscrypt@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [f2fs-dev] [PATCH 1/1] f2fs-tools: Introduce metadata encryption support
Date: Wed, 7 Oct 2020 14:52:22 -0700 [thread overview]
Message-ID: <20201007215222.GF1530638@gmail.com> (raw)
In-Reply-To: <20201005074133.1958633-2-satyat@google.com>
On Mon, Oct 05, 2020 at 07:41:33AM +0000, Satya Tangirala wrote:
> diff --git a/lib/Makefile.am b/lib/Makefile.am
> index 871d773..a82d753 100644
> --- a/lib/Makefile.am
> +++ b/lib/Makefile.am
> @@ -2,10 +2,10 @@
>
> lib_LTLIBRARIES = libf2fs.la
>
> -libf2fs_la_SOURCES = libf2fs.c libf2fs_io.c libf2fs_zoned.c nls_utf8.c
> +libf2fs_la_SOURCES = libf2fs.c libf2fs_io.c libf2fs_zoned.c nls_utf8.c f2fs_metadata_crypt.c
> libf2fs_la_CFLAGS = -Wall
> libf2fs_la_CPPFLAGS = -I$(top_srcdir)/include
> -libf2fs_la_LDFLAGS = -version-info $(LIBF2FS_CURRENT):$(LIBF2FS_REVISION):$(LIBF2FS_AGE)
> +libf2fs_la_LDFLAGS = -lkeyutils -version-info $(LIBF2FS_CURRENT):$(LIBF2FS_REVISION):$(LIBF2FS_AGE)
This introduces a dependency on libkeyutils. Doesn't that need to be checked in
configure.ac?
> diff --git a/lib/f2fs_metadata_crypt.c b/lib/f2fs_metadata_crypt.c
> new file mode 100644
> index 0000000..faf399a
> --- /dev/null
> +++ b/lib/f2fs_metadata_crypt.c
> @@ -0,0 +1,226 @@
> +/**
> + * f2fs_metadata_crypt.c
> + *
> + * Copyright (c) 2020 Google LLC
> + *
> + * Dual licensed under the GPL or LGPL version 2 licenses.
> + */
> +#include <string.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <unistd.h>
> +#include <sys/socket.h>
> +#include <linux/if_alg.h>
> +#include <linux/socket.h>
> +#include <assert.h>
> +#include <errno.h>
> +#include <keyutils.h>
> +
> +#include "f2fs_fs.h"
> +#include "f2fs_metadata_crypt.h"
> +
> +extern struct f2fs_configuration c;
> +struct f2fs_crypt_mode {
> + const char *friendly_name;
> + const char *cipher_str;
> + unsigned int keysize;
> + unsigned int ivlen;
> +} f2fs_crypt_modes[] = {
Use 'const' for static or global data that isn't modified.
> +void f2fs_print_crypt_algs(void)
> +{
> + int i;
> +
> + for (i = 1; i <= __FSCRYPT_MODE_MAX; i++) {
> + if (!f2fs_crypt_modes[i].friendly_name)
> + continue;
> + MSG(0, "\t%s\n", f2fs_crypt_modes[i].friendly_name);
> + }
> +}
> +
> +int f2fs_get_crypt_alg(const char *optarg)
> +{
> + int i;
> +
> + for (i = 1; i <= __FSCRYPT_MODE_MAX; i++) {
> + if (f2fs_crypt_modes[i].friendly_name &&
> + !strcmp(f2fs_crypt_modes[i].friendly_name, optarg)) {
> + return i;
> + }
> + }
> +
> + return 0;
> +}
Although __FSCRYPT_MODE_MAX is defined in <linux/fscrypt.h>, it isn't intended
to be used in userspace programs, as its value will change depending on the
version of the kernel headers. Just use ARRAY_SIZE(f2fs_crypt_modes) instead.
> +int f2fs_metadata_crypt_block(void *buf, size_t len, __u64 blk_addr,
> + bool encrypt)
> +{
> + struct f2fs_crypt_mode *crypt_mode;
> + int sockfd, fd;
> + struct sockaddr_alg sa = {
> + .salg_family = AF_ALG,
> + .salg_type = "skcipher",
> + };
> + struct msghdr msg = {};
> + struct cmsghdr *cmsg;
> + char cbuf[CMSG_SPACE(4) + CMSG_SPACE(4 + MAX_IV_LEN)] = {0};
> + int blk_offset;
> + struct af_alg_iv *iv;
> + struct iovec iov;
> + int err;
> +
> + crypt_mode = &f2fs_crypt_modes[c.metadata_crypt_alg];
> + memcpy(sa.salg_name, crypt_mode->cipher_str,
> + strlen(crypt_mode->cipher_str));
> +
> + sockfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
> + if (sockfd < 0)
> + return errno;
This will fail if AF_ALG isn't enabled in the kernel config, or if the process
isn't allowed to use AF_ALG by SELinux policy. Can you show a proper error
message?
> + err = bind(sockfd, (struct sockaddr *)&sa, sizeof(sa));
> + if (err) {
> + MSG(0, "\tCouldn't bind crypto socket. Maybe support for the crypto algorithm isn't enabled?\n");
> + close(sockfd);
> + return errno;
> + }
This will fail if either CRYPTO_USER_API_SKCIPHER isn't enabled in the kernel
config, or if the required crypto algorithm isn't enabled in the kernel config.
Can you show a better error message?
Also, these new kernel config option dependencies should be documented in the
documentation for f2fs-tools.
> + err = setsockopt(sockfd, SOL_ALG, ALG_SET_KEY, c.metadata_crypt_key,
> + crypt_mode->keysize);
> + if (err) {
> + MSG(0, "\tCouldn't set crypto socket options.\n");
> + close(sockfd);
> + return errno;
> + }
> + fd = accept(sockfd, NULL, 0);
> + if (fd < 0)
> + goto err_out;
It's a lot of work to allocate an AF_ALG algorithm socket, set the key, and
allocate a request socket for every block. Can any of this be cached? For
single threaded use, it seems the request socket can be cached; otherwise the
algorithm socket with a key set can be cached.
- Eric
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2020-10-07 21:52 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-05 7:41 [PATCH 0/1] userspace support for F2FS metadata encryption Satya Tangirala
2020-10-05 7:41 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-10-05 7:41 ` [PATCH 1/1] f2fs-tools: Introduce metadata encryption support Satya Tangirala
2020-10-05 7:41 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-10-07 19:42 ` jaegeuk
2020-10-07 19:42 ` [f2fs-dev] " jaegeuk
2020-12-17 16:04 ` Satya Tangirala
2020-12-17 16:04 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-10-07 21:52 ` Eric Biggers [this message]
2020-10-07 21:52 ` Eric Biggers
2020-10-07 21:39 ` [PATCH 0/1] userspace support for F2FS metadata encryption Eric Biggers
2020-10-07 21:39 ` [f2fs-dev] " Eric Biggers
2020-12-17 16:23 ` Jaegeuk Kim
2020-12-17 16:23 ` [f2fs-dev] " Jaegeuk Kim
2020-12-18 6:41 ` Satya Tangirala
2020-12-18 6:41 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-12-18 16:19 ` Jaegeuk Kim
2020-12-18 16:19 ` [f2fs-dev] " Jaegeuk Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201007215222.GF1530638@gmail.com \
--to=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=satyat@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.