From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.4 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED50EC4363D for ; Wed, 7 Oct 2020 22:05:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7389620872 for ; Wed, 7 Oct 2020 22:05:07 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ep50T10d" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728753AbgJGWFH (ORCPT ); Wed, 7 Oct 2020 18:05:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46228 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728674AbgJGWFH (ORCPT ); Wed, 7 Oct 2020 18:05:07 -0400 Received: from mail-pg1-x543.google.com (mail-pg1-x543.google.com [IPv6:2607:f8b0:4864:20::543]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C624C0613D2 for ; Wed, 7 Oct 2020 15:05:05 -0700 (PDT) Received: by mail-pg1-x543.google.com with SMTP id g9so2472933pgh.8 for ; Wed, 07 Oct 2020 15:05:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=+V7sZxEf6mQQioi6/3fm4YR6csX1PamPT+xsX7pNB4w=; b=ep50T10dpOtQ6OLVV05z3OtJ/y5qq6xfZST1mEKfChwtiRhcO3i/N4I2jdp9MNovJk pCKOd/eZwaZnV2KWv1TUqBmy/Gu3YCAdmn2W/P9tqvR4EIUmxSfRR6oCT2+UptOCoxYz osAjjmkEmMm2ID+cJZ0TEfmtLYQNdpmmgQWnYXDtNwOxdB1HwOy81zc8y87p/ql4aEtl rungVNTAaNvn1+j6w2VrV74FMWuiEcg/Ls9u87zllfaWoUrX3uD8c/ssBHk0n6iMSXZf YFqgZdHZe4pPhylbuYcrd9eAzzNaQKbFJKRMvAJcT1fwFcThuz2o76vhh/JvTLhtvJ97 Bt9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=+V7sZxEf6mQQioi6/3fm4YR6csX1PamPT+xsX7pNB4w=; b=o5Tn+J91h4+ZH155TPVWzxGdhyi+dS1FoljXZX1q0Pmn8FmDW4nY/2wtTi8RLYX8kb P5eoWF6KmjgU7VRnS/fy5AHXiyWKcV00n76XZAr1N1rBdDJOKvTZ/Uzcd0aVLlg5lGNI bVWvpLPTyMbVAmzwnQ1Di/T/r0Gavb9S/WH62lzKyZ/QIbRPIKGD+Z+mQpvnNMLGnVMF cVfd4z/W58uA2hm9MNTZRce5qXZM0bLkuHDzCebnSFKlGrNI8YOWilny4U7nTg8P9BTx ROHbvTup0co9TWdePXbIO570OtULvowEzHbWobAPfJxNoX5QBxJP0bvntTwWtE9/2fbZ ZkgA== X-Gm-Message-State: AOAM531S/FR49jvl8W1zodxbgRMSjqXPt9GccR9XQGYozcP5kEyryXoA YAn+VPcmmjfqfxbIRAknyTmeAg== X-Google-Smtp-Source: ABdhPJys6F86XrljUH8qz8gcZargaIbvBEZ19MwlhxtUE/XlZ7tHjdwI5A2a2e1IHecb/WpyiWo9OQ== X-Received: by 2002:a63:4c4e:: with SMTP id m14mr4441454pgl.199.1602108304796; Wed, 07 Oct 2020 15:05:04 -0700 (PDT) Received: from google.com (154.137.233.35.bc.googleusercontent.com. [35.233.137.154]) by smtp.gmail.com with ESMTPSA id n67sm4425110pgn.14.2020.10.07.15.05.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Oct 2020 15:05:03 -0700 (PDT) Date: Wed, 7 Oct 2020 22:05:00 +0000 From: Satya Tangirala To: Eric Biggers Cc: "Theodore Y . Ts'o" , Jaegeuk Kim , Chao Yu , linux-kernel@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net Subject: Re: [PATCH 0/3] add support for metadata encryption to F2FS Message-ID: <20201007220500.GA2544297@google.com> References: <20201005073606.1949772-1-satyat@google.com> <20201007210040.GB1530638@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201007210040.GB1530638@gmail.com> Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org On Wed, Oct 07, 2020 at 02:00:40PM -0700, Eric Biggers wrote: > On Mon, Oct 05, 2020 at 07:36:03AM +0000, Satya Tangirala wrote: > > This patch series adds support for metadata encryption to F2FS using > > blk-crypto. > > This patch series needs more explanation about what "metadata encryption" is, > why people will want to use it (as opposed to either not using it, or using > fscrypt + dm-crypt instead), and why this is the best implementation of it. > Sure, I'll add that in the next version > > Patch 2 introduces some functions to fscrypt that help filesystems perform > > metadata encryption. Any filesystem that wants to use metadata encryption > > can call fscrypt_setup_metadata_encryption() with the super_block of the > > filesystem, the encryption algorithm and the descriptor of the encryption > > key. The descriptor is looked up in the logon keyring of the current > > session with "fscrypt:" as the prefix of the descriptor. > > I notice this is missing the step I suggested to include the metadata encryption > key in the HKDF application-specific info string when deriving subkeys from the > fscrypt master keys. > > The same effect could also be achieved by adding an additional level to the key > hierarchy: each HKDF key would be derived from a fscrypt master key and the > metadata encryption key. > > We need one of those, to guarantee that the file contents encryption is at least > as strong as the "metadata encryption". > Yes - I didn't get around to that in the first version, but I'll add that too in the next version. I was going to go with the first approach before I saw your comment - is there one method you'd recommend going with over the other? > - Eric From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.6 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AA4A1C4363D for ; Wed, 7 Oct 2020 22:12:36 +0000 (UTC) Received: from lists.sourceforge.net (lists.sourceforge.net [216.105.38.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id F18AD2083B for ; Wed, 7 Oct 2020 22:12:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=lists.sourceforge.net header.i=@lists.sourceforge.net header.b="jp0GUFxl"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=sourceforge.net header.i=@sourceforge.net header.b="B+tvBJ21"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=sf.net header.i=@sf.net header.b="dIqXnu3v"; dkim=neutral (0-bit key) header.d=google.com header.i=@google.com header.b="ep50T10d" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org F18AD2083B Authentication-Results: mail.kernel.org; dmarc=pass (p=none dis=none) header.from=lists.sourceforge.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-f2fs-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: Reply-To:From:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Subject:In-Reply-To:MIME-Version:References: Message-ID:To:Date:Sender:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=3TWHOz/rRYfZzSqVvmKmBTKdi+/zOsl3+nSg1bicyz8=; b=jp0GUFxlH/xpjju0oQWzeiNhM 0woi6/4Borf2PVNf56HzZ3FzUPY1NdeTBqMFFhR+pMeU1Dg5198tdeUa3nIw6oCzl9YockRFqx3IA +2+xvyBEpEiIBZ5jmXaNTm15+p4MKxgsA2FBhIk5iaCB2kUS+di9cK+PLZ5Cc5282yAn8=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1kQHfm-0006tQ-N9; Wed, 07 Oct 2020 22:12:34 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kQHfh-0006sn-4p for linux-f2fs-devel@lists.sourceforge.net; Wed, 07 Oct 2020 22:12:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=In-Reply-To:Content-Type:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+V7sZxEf6mQQioi6/3fm4YR6csX1PamPT+xsX7pNB4w=; b=B+tvBJ21ftazSe6FLR9clZL9Gu v5eQ4/H8GPUkjGe3FXjkgFRHatQ6sb5XCwxzuBkVdxHaZn8oDKIe6o60/UAIV4A/eWWTrd4kyvAGf xH6rffoihHkiKjvFIy51P/BVbVQUQwRWbVY62XQMXVfuWw3C0faKMvgInvXok2uSDHH8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To :From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=+V7sZxEf6mQQioi6/3fm4YR6csX1PamPT+xsX7pNB4w=; b=dIqXnu3vIlzdtOolzGn1dWIKuS XSHIwtu5Yo4eqo06CmaKYIfxkyvQBahkaEtaiafIXrVPQfTzLI2OsapwcoVnTOPkbHl3a15ClENaP L6q1vq3lKkWTLxwT7FHoJRiqwjHQ9887WlU7fIHnXMk2UkERnufUU7XTfXMCC8ak4YBw=; Received: from mail-io1-f68.google.com ([209.85.166.68]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.2) id 1kQHfe-002WJ5-C1 for linux-f2fs-devel@lists.sourceforge.net; Wed, 07 Oct 2020 22:12:29 +0000 Received: by mail-io1-f68.google.com with SMTP id l8so4140326ioh.11 for ; Wed, 07 Oct 2020 15:12:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=+V7sZxEf6mQQioi6/3fm4YR6csX1PamPT+xsX7pNB4w=; b=ep50T10dpOtQ6OLVV05z3OtJ/y5qq6xfZST1mEKfChwtiRhcO3i/N4I2jdp9MNovJk pCKOd/eZwaZnV2KWv1TUqBmy/Gu3YCAdmn2W/P9tqvR4EIUmxSfRR6oCT2+UptOCoxYz osAjjmkEmMm2ID+cJZ0TEfmtLYQNdpmmgQWnYXDtNwOxdB1HwOy81zc8y87p/ql4aEtl rungVNTAaNvn1+j6w2VrV74FMWuiEcg/Ls9u87zllfaWoUrX3uD8c/ssBHk0n6iMSXZf YFqgZdHZe4pPhylbuYcrd9eAzzNaQKbFJKRMvAJcT1fwFcThuz2o76vhh/JvTLhtvJ97 Bt9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=+V7sZxEf6mQQioi6/3fm4YR6csX1PamPT+xsX7pNB4w=; b=qul67QaHDWJKJ0YZup15tFlvRl/LeUGpwUDltPx+u6pfShyhgy7Cjjkg65PzavpirM LsWJl5N2W2r4a2CFJ1YNJK/6n6sHQwQM+1rxMQKcaKW2ZeJ4GNXWrToGwXoZ8ZnQonLn Nfk/57obtZuyg83UXTKlu6KVOeLx3sEVKUSCH4rT2hmtaVT1DO79XwXW3uYZmK2Q+hSG iWMrHRu4iyLxkB2FaTiKOMBXcOO3ICcMPTf5tWt4HbuIs/38TibkSRm1K23SMdzfl6ZD gLzGNHOmkOHW5rRHokyFcAZjEk6zJh/4dbdTttSR4YB0fvMh5wKfCu0+YtfZhnDRuyjs 7sBg== X-Gm-Message-State: AOAM531vF3j8SvVpENoKFk3lB1+x/eE1x+BMxI0oc20aC0bx0mZzSjnn vO/VEMNwjIJXQ9zhQcTXpxWGIiX4ZgazZw== X-Google-Smtp-Source: ABdhPJys6F86XrljUH8qz8gcZargaIbvBEZ19MwlhxtUE/XlZ7tHjdwI5A2a2e1IHecb/WpyiWo9OQ== X-Received: by 2002:a63:4c4e:: with SMTP id m14mr4441454pgl.199.1602108304796; Wed, 07 Oct 2020 15:05:04 -0700 (PDT) Received: from google.com (154.137.233.35.bc.googleusercontent.com. [35.233.137.154]) by smtp.gmail.com with ESMTPSA id n67sm4425110pgn.14.2020.10.07.15.05.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Oct 2020 15:05:03 -0700 (PDT) Date: Wed, 7 Oct 2020 22:05:00 +0000 To: Eric Biggers Message-ID: <20201007220500.GA2544297@google.com> References: <20201005073606.1949772-1-satyat@google.com> <20201007210040.GB1530638@gmail.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20201007210040.GB1530638@gmail.com> X-Headers-End: 1kQHfe-002WJ5-C1 Subject: Re: [f2fs-dev] [PATCH 0/3] add support for metadata encryption to F2FS X-BeenThere: linux-f2fs-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Satya Tangirala via Linux-f2fs-devel Reply-To: Satya Tangirala Cc: "Theodore Y . Ts'o" , linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-fscrypt@vger.kernel.org, Jaegeuk Kim Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net On Wed, Oct 07, 2020 at 02:00:40PM -0700, Eric Biggers wrote: > On Mon, Oct 05, 2020 at 07:36:03AM +0000, Satya Tangirala wrote: > > This patch series adds support for metadata encryption to F2FS using > > blk-crypto. > > This patch series needs more explanation about what "metadata encryption" is, > why people will want to use it (as opposed to either not using it, or using > fscrypt + dm-crypt instead), and why this is the best implementation of it. > Sure, I'll add that in the next version > > Patch 2 introduces some functions to fscrypt that help filesystems perform > > metadata encryption. Any filesystem that wants to use metadata encryption > > can call fscrypt_setup_metadata_encryption() with the super_block of the > > filesystem, the encryption algorithm and the descriptor of the encryption > > key. The descriptor is looked up in the logon keyring of the current > > session with "fscrypt:" as the prefix of the descriptor. > > I notice this is missing the step I suggested to include the metadata encryption > key in the HKDF application-specific info string when deriving subkeys from the > fscrypt master keys. > > The same effect could also be achieved by adding an additional level to the key > hierarchy: each HKDF key would be derived from a fscrypt master key and the > metadata encryption key. > > We need one of those, to guarantee that the file contents encryption is at least > as strong as the "metadata encryption". > Yes - I didn't get around to that in the first version, but I'll add that too in the next version. I was going to go with the first approach before I saw your comment - is there one method you'd recommend going with over the other? > - Eric _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel