From: <Michal.Plsek@seznam.cz>
To: ceph-devel@vger.kernel.org, Ilya Dryomov <idryomov@gmail.com>
Subject: Re: ceph kernel client orientation
Date: Thu, 21 May 2020 18:37:22 +0200 (CEST) [thread overview]
Message-ID: <23N.cjNb.4NGwgCQo9SQ.1Ungv2@seznam.cz> (raw)
In-Reply-To: da.cjLX.3v4GDfOKIZE.1UnDtd@seznam.cz
My mistake, I meant image id. Yesterday I decided to put en/decryption into rbd_queue_rq() and process data while traversing buffer_head structures. Do not worry, I am very much aware of Never Roll Out Your Own Crypto :), this is not my idea though. I am just working on someone else's idea.
Thanks for your help.
>
> Thanks for swift answer.
>
> (This is my usage in librbd.cc)
>
> Basically there is a folder with symmetric keys used for block encryption, one key for one disk in some pool. For identification of key I need (pool_id, disk_id) of block. I am temporarily saving key to librbd::ImageCtx structure, so I don't have to get it from file every time. I use this key to encrypt/decrypt block data. Encrypt/decrypt is primitive, I'm not gonna mention it here, but it is done over the data provided by functions rbd_read() and rbd_write().
>
> If you could point how to edit rbd.c content to achieve similar behaviour, I would be much obliged.
I'm not sure what exactly you mean by disk id, but I assume image
id (displayed by "rbd info" in block_name_prefix field) is probably
part of that. It is looked up in rbd_dev_image_id(), called from
rbd_dev_image_probe(). More generally, do_rbd_add() is roughly
equivalent to rbd_open() in librbd. Everything related to "opening"
the image is done in or under do_rbd_add().
struct rbd_device is passed pretty much everywhere, so if you are
storing a key in librbd::ImageCtx, struct rbd_device is probably
the place to put it.
As for encryption, the easiest would probably be to stick it into
__rbd_img_fill_request(). But I want to stress that bolting on
your own crypto is very error-prone and highly unlikely to produce
anything remotely secure. Unless you are doing it to get familiar
with the codebase or just for fun, I would advise against it.
Thanks,
Ilya
prev parent reply other threads:[~2020-05-21 16:37 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-19 13:43 ceph kernel client orientation Michal.Plsek
2020-05-19 14:36 ` Ilya Dryomov
2020-05-20 7:36 ` Michal.Plsek
2020-05-21 13:15 ` Ilya Dryomov
2020-05-21 16:37 ` Michal.Plsek [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=23N.cjNb.4NGwgCQo9SQ.1Ungv2@seznam.cz \
--to=michal.plsek@seznam.cz \
--cc=ceph-devel@vger.kernel.org \
--cc=idryomov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.