* [PATCH v2 0/5] btrfs-progs: support creating authenticated file-systems
@ 2020-05-14 9:34 Johannes Thumshirn
2020-05-14 9:34 ` [PATCH v2 1/5] btrfs-progs: pass in fs_info to btrfs_csum_data Johannes Thumshirn
` (4 more replies)
0 siblings, 5 replies; 7+ messages in thread
From: Johannes Thumshirn @ 2020-05-14 9:34 UTC (permalink / raw)
To: David Sterba; +Cc: linux-btrfs @ vger . kernel . org, Johannes Thumshirn
From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
This series adds support for passing in an authentication key and using
HMAC(SHA256) for mkfs, dump-super and fsck.
Changes since v1:
- re-sync csum type with kernel
Johannes Thumshirn (5):
btrfs-progs: pass in fs_info to btrfs_csum_data
btrfs-progs: add auth_key argument to open_ctree_fs_info
btrfs-progs: Add HMAC(SHA256) support
btrfs-progs: add --auth-key to dump-super
btrfs-progs: add auth key to check
btrfs-find-root.c | 2 +-
btrfs-sb-mod.c | 4 ++--
check/main.c | 15 +++++++++++---
cmds/filesystem.c | 2 +-
cmds/inspect-dump-super.c | 38 +++++++++++++++++++++++++-----------
cmds/inspect-dump-tree.c | 2 +-
cmds/rescue-chunk-recover.c | 4 ++--
cmds/rescue.c | 2 +-
cmds/restore.c | 2 +-
common/utils.c | 3 +++
configure.ac | 1 -
convert/common.c | 2 +-
crypto/hash.c | 30 ++++++++++++++++++++++++++++
crypto/hash.h | 2 ++
ctree.c | 1 +
ctree.h | 3 +++
disk-io.c | 39 +++++++++++++++++++++++--------------
disk-io.h | 8 +++++---
file-item.c | 2 +-
image/main.c | 5 +++--
mkfs/common.c | 10 ++++++++++
mkfs/common.h | 3 +++
mkfs/main.c | 25 ++++++++++++++++++++++--
23 files changed, 157 insertions(+), 48 deletions(-)
--
2.26.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2 1/5] btrfs-progs: pass in fs_info to btrfs_csum_data
2020-05-14 9:34 [PATCH v2 0/5] btrfs-progs: support creating authenticated file-systems Johannes Thumshirn
@ 2020-05-14 9:34 ` Johannes Thumshirn
2020-05-14 9:34 ` [PATCH v2 2/5] btrfs-progs: add auth_key argument to open_ctree_fs_info Johannes Thumshirn
` (3 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Johannes Thumshirn @ 2020-05-14 9:34 UTC (permalink / raw)
To: David Sterba
Cc: linux-btrfs @ vger . kernel . org, Johannes Thumshirn,
Johannes Thumshirn
From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
For passing authentication keys to the checksumming functions we need a
container for the key.
Pass in a btrfs_fs_info to btrfs_csum_data() so we can use the fs_info as
a container for the authentication key.
Note this is not always possible for all callers of btrfs_csum_data() so
we're just passing in NULL if it is not directly possible.
Functions calling btrfs_csum_data() with a NULL fs_info argument are
currently not supported in the context of an authenticated file-system.
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
---
btrfs-sb-mod.c | 4 ++--
check/main.c | 2 +-
cmds/inspect-dump-super.c | 2 +-
cmds/rescue-chunk-recover.c | 2 +-
convert/common.c | 2 +-
disk-io.c | 16 +++++++++-------
disk-io.h | 3 ++-
file-item.c | 2 +-
8 files changed, 18 insertions(+), 15 deletions(-)
diff --git a/btrfs-sb-mod.c b/btrfs-sb-mod.c
index ad143ca0..53700268 100644
--- a/btrfs-sb-mod.c
+++ b/btrfs-sb-mod.c
@@ -36,7 +36,7 @@ static int check_csum_superblock(void *sb)
u8 result[BTRFS_CSUM_SIZE];
u16 csum_type = btrfs_super_csum_type(sb);
- btrfs_csum_data(csum_type, (unsigned char *)sb + BTRFS_CSUM_SIZE,
+ btrfs_csum_data(NULL, csum_type, (unsigned char *)sb + BTRFS_CSUM_SIZE,
result, BTRFS_SUPER_INFO_SIZE - BTRFS_CSUM_SIZE);
return !memcmp(sb, result, csum_size);
@@ -48,7 +48,7 @@ static void update_block_csum(void *block)
struct btrfs_header *hdr;
u16 csum_type = btrfs_super_csum_type(block);
- btrfs_csum_data(csum_type, (unsigned char *)block + BTRFS_CSUM_SIZE,
+ btrfs_csum_data(NULL, csum_type, (unsigned char *)block + BTRFS_CSUM_SIZE,
result, BTRFS_SUPER_INFO_SIZE - BTRFS_CSUM_SIZE);
memset(block, 0, BTRFS_CSUM_SIZE);
diff --git a/check/main.c b/check/main.c
index bb17623f..06f32933 100644
--- a/check/main.c
+++ b/check/main.c
@@ -5741,7 +5741,7 @@ static int check_extent_csums(struct btrfs_root *root, u64 bytenr,
while (data_checked < read_len) {
tmp = offset + data_checked;
- btrfs_csum_data(csum_type, data + tmp,
+ btrfs_csum_data(fs_info, csum_type, data + tmp,
result, fs_info->sectorsize);
csum_offset = leaf_offset +
diff --git a/cmds/inspect-dump-super.c b/cmds/inspect-dump-super.c
index f22633b9..99f35def 100644
--- a/cmds/inspect-dump-super.c
+++ b/cmds/inspect-dump-super.c
@@ -39,7 +39,7 @@ static int check_csum_sblock(void *sb, int csum_size, u16 csum_type)
{
u8 result[BTRFS_CSUM_SIZE];
- btrfs_csum_data(csum_type, (u8 *)sb + BTRFS_CSUM_SIZE,
+ btrfs_csum_data(NULL, csum_type, (u8 *)sb + BTRFS_CSUM_SIZE,
result, BTRFS_SUPER_INFO_SIZE - BTRFS_CSUM_SIZE);
return !memcmp(sb, result, csum_size);
diff --git a/cmds/rescue-chunk-recover.c b/cmds/rescue-chunk-recover.c
index a13acc01..1f26425b 100644
--- a/cmds/rescue-chunk-recover.c
+++ b/cmds/rescue-chunk-recover.c
@@ -1912,7 +1912,7 @@ static int check_one_csum(int fd, u64 start, u32 len, u32 tree_csum,
}
ret = 0;
put_unaligned_le32(tree_csum, expected_csum);
- btrfs_csum_data(csum_type, (u8 *)data, result, len);
+ btrfs_csum_data(NULL, csum_type, (u8 *)data, result, len);
if (memcmp(result, expected_csum, csum_size) != 0)
ret = 1;
out:
diff --git a/convert/common.c b/convert/common.c
index 3cb2d9d4..54ed52b5 100644
--- a/convert/common.c
+++ b/convert/common.c
@@ -66,7 +66,7 @@ static inline int write_temp_super(int fd, struct btrfs_super_block *sb,
u16 csum_type = btrfs_super_csum_type(sb);
int ret;
- btrfs_csum_data(csum_type, (u8 *)sb + BTRFS_CSUM_SIZE,
+ btrfs_csum_data(NULL, csum_type, (u8 *)sb + BTRFS_CSUM_SIZE,
result, BTRFS_SUPER_INFO_SIZE - BTRFS_CSUM_SIZE);
memcpy(&sb->csum[0], result, BTRFS_CSUM_SIZE);
ret = pwrite(fd, sb, BTRFS_SUPER_INFO_SIZE, sb_bytenr);
diff --git a/disk-io.c b/disk-io.c
index 529e8706..5e54a4b3 100644
--- a/disk-io.c
+++ b/disk-io.c
@@ -139,7 +139,8 @@ static void print_tree_block_error(struct btrfs_fs_info *fs_info,
}
}
-int btrfs_csum_data(u16 csum_type, const u8 *data, u8 *out, size_t len)
+int btrfs_csum_data(struct btrfs_fs_info *fs_info, u16 csum_type,
+ const u8 *data, u8 *out, size_t len)
{
memset(out, 0, BTRFS_CSUM_SIZE);
@@ -167,7 +168,8 @@ static int __csum_tree_block_size(struct extent_buffer *buf, u16 csum_size,
u32 len;
len = buf->len - BTRFS_CSUM_SIZE;
- btrfs_csum_data(csum_type, (u8 *)buf->data + BTRFS_CSUM_SIZE,
+ btrfs_csum_data(buf->fs_info, csum_type,
+ (u8 *)buf->data + BTRFS_CSUM_SIZE,
result, len);
if (verify) {
@@ -1411,7 +1413,7 @@ int btrfs_check_super(struct btrfs_super_block *sb, unsigned sbflags)
}
csum_size = btrfs_super_csum_size(sb);
- btrfs_csum_data(csum_type, (u8 *)sb + BTRFS_CSUM_SIZE,
+ btrfs_csum_data(NULL, csum_type, (u8 *)sb + BTRFS_CSUM_SIZE,
result, BTRFS_SUPER_INFO_SIZE - BTRFS_CSUM_SIZE);
if (memcmp(result, sb->csum, csum_size)) {
@@ -1665,8 +1667,8 @@ static int write_dev_supers(struct btrfs_fs_info *fs_info,
}
if (fs_info->super_bytenr != BTRFS_SUPER_INFO_OFFSET) {
btrfs_set_super_bytenr(sb, fs_info->super_bytenr);
- btrfs_csum_data(csum_type, (u8 *)sb + BTRFS_CSUM_SIZE, result,
- BTRFS_SUPER_INFO_SIZE - BTRFS_CSUM_SIZE);
+ btrfs_csum_data(fs_info, csum_type, (u8 *)sb + BTRFS_CSUM_SIZE,
+ result, BTRFS_SUPER_INFO_SIZE - BTRFS_CSUM_SIZE);
memcpy(&sb->csum[0], result, BTRFS_CSUM_SIZE);
/*
@@ -1700,8 +1702,8 @@ static int write_dev_supers(struct btrfs_fs_info *fs_info,
btrfs_set_super_bytenr(sb, bytenr);
- btrfs_csum_data(csum_type, (u8 *)sb + BTRFS_CSUM_SIZE, result,
- BTRFS_SUPER_INFO_SIZE - BTRFS_CSUM_SIZE);
+ btrfs_csum_data(fs_info, csum_type, (u8 *)sb + BTRFS_CSUM_SIZE,
+ result, BTRFS_SUPER_INFO_SIZE - BTRFS_CSUM_SIZE);
memcpy(&sb->csum[0], result, BTRFS_CSUM_SIZE);
/*
diff --git a/disk-io.h b/disk-io.h
index b450149e..630d4754 100644
--- a/disk-io.h
+++ b/disk-io.h
@@ -189,7 +189,8 @@ int btrfs_free_fs_root(struct btrfs_root *root);
void btrfs_mark_buffer_dirty(struct extent_buffer *buf);
int btrfs_buffer_uptodate(struct extent_buffer *buf, u64 parent_transid);
int btrfs_set_buffer_uptodate(struct extent_buffer *buf);
-int btrfs_csum_data(u16 csum_type, const u8 *data, u8 *out, size_t len);
+int btrfs_csum_data(struct btrfs_fs_info *fs_info, u16 csum_type,
+ const u8 *data, u8 *out, size_t len);
int btrfs_open_device(struct btrfs_device *dev);
int csum_tree_block_size(struct extent_buffer *buf, u16 csum_sectorsize,
diff --git a/file-item.c b/file-item.c
index 64af5769..fb84fbd6 100644
--- a/file-item.c
+++ b/file-item.c
@@ -315,7 +315,7 @@ csum:
item = (struct btrfs_csum_item *)((unsigned char *)item +
csum_offset * csum_size);
found:
- btrfs_csum_data(csum_type, (u8 *)data, csum_result, len);
+ btrfs_csum_data(root->fs_info, csum_type, (u8 *)data, csum_result, len);
/* FIXME: does not make sense for non-crc32c */
if (csum_result == 0) {
printk("csum result is 0 for block %llu\n",
--
2.26.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v2 2/5] btrfs-progs: add auth_key argument to open_ctree_fs_info
2020-05-14 9:34 [PATCH v2 0/5] btrfs-progs: support creating authenticated file-systems Johannes Thumshirn
2020-05-14 9:34 ` [PATCH v2 1/5] btrfs-progs: pass in fs_info to btrfs_csum_data Johannes Thumshirn
@ 2020-05-14 9:34 ` Johannes Thumshirn
2020-05-14 9:34 ` [PATCH v2 3/5] btrfs-progs: Add HMAC(SHA256) support Johannes Thumshirn
` (2 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Johannes Thumshirn @ 2020-05-14 9:34 UTC (permalink / raw)
To: David Sterba
Cc: linux-btrfs @ vger . kernel . org, Johannes Thumshirn,
Johannes Thumshirn
From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Add auth_key argument to open_ctree_fs_info() so we have the key once we
create a new fs_info.
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
---
btrfs-find-root.c | 2 +-
check/main.c | 2 +-
cmds/filesystem.c | 2 +-
cmds/inspect-dump-tree.c | 2 +-
cmds/rescue-chunk-recover.c | 2 +-
cmds/rescue.c | 2 +-
cmds/restore.c | 2 +-
disk-io.c | 16 +++++++++-------
disk-io.h | 5 +++--
image/main.c | 5 +++--
mkfs/main.c | 3 ++-
11 files changed, 24 insertions(+), 19 deletions(-)
diff --git a/btrfs-find-root.c b/btrfs-find-root.c
index 741eb9a9..4cde76d8 100644
--- a/btrfs-find-root.c
+++ b/btrfs-find-root.c
@@ -202,7 +202,7 @@ int main(int argc, char **argv)
fs_info = open_ctree_fs_info(argv[optind], 0, 0, 0,
OPEN_CTREE_CHUNK_ROOT_ONLY |
- OPEN_CTREE_IGNORE_CHUNK_TREE_ERROR);
+ OPEN_CTREE_IGNORE_CHUNK_TREE_ERROR, NULL);
if (!fs_info) {
error("open ctree failed");
return 1;
diff --git a/check/main.c b/check/main.c
index 06f32933..21b37e66 100644
--- a/check/main.c
+++ b/check/main.c
@@ -10162,7 +10162,7 @@ static int cmd_check(const struct cmd_struct *cmd, int argc, char **argv)
ctree_flags |= OPEN_CTREE_PARTIAL;
info = open_ctree_fs_info(argv[optind], bytenr, tree_root_bytenr,
- chunk_root_bytenr, ctree_flags);
+ chunk_root_bytenr, ctree_flags, NULL);
if (!info) {
error("cannot open file system");
ret = -EIO;
diff --git a/cmds/filesystem.c b/cmds/filesystem.c
index c4bb13dd..f9a3a456 100644
--- a/cmds/filesystem.c
+++ b/cmds/filesystem.c
@@ -586,7 +586,7 @@ static int map_seed_devices(struct list_head *all_uuids)
* open_ctree_* detects seed/sprout mapping
*/
fs_info = open_ctree_fs_info(device->name, 0, 0, 0,
- OPEN_CTREE_PARTIAL);
+ OPEN_CTREE_PARTIAL, NULL);
if (!fs_info)
continue;
diff --git a/cmds/inspect-dump-tree.c b/cmds/inspect-dump-tree.c
index 1fdbb9a6..662c7a85 100644
--- a/cmds/inspect-dump-tree.c
+++ b/cmds/inspect-dump-tree.c
@@ -459,7 +459,7 @@ static int cmd_inspect_dump_tree(const struct cmd_struct *cmd,
printf("%s\n", PACKAGE_STRING);
- info = open_ctree_fs_info(argv[optind], 0, 0, 0, open_ctree_flags);
+ info = open_ctree_fs_info(argv[optind], 0, 0, 0, open_ctree_flags, NULL);
if (!info) {
error("unable to open %s", argv[optind]);
goto out;
diff --git a/cmds/rescue-chunk-recover.c b/cmds/rescue-chunk-recover.c
index 1f26425b..668f00b6 100644
--- a/cmds/rescue-chunk-recover.c
+++ b/cmds/rescue-chunk-recover.c
@@ -1439,7 +1439,7 @@ open_ctree_with_broken_chunk(struct recover_control *rc)
u64 features;
int ret;
- fs_info = btrfs_new_fs_info(1, BTRFS_SUPER_INFO_OFFSET);
+ fs_info = btrfs_new_fs_info(1, BTRFS_SUPER_INFO_OFFSET, NULL);
if (!fs_info) {
fprintf(stderr, "Failed to allocate memory for fs_info\n");
return ERR_PTR(-ENOMEM);
diff --git a/cmds/rescue.c b/cmds/rescue.c
index 087c33be..1bff279a 100644
--- a/cmds/rescue.c
+++ b/cmds/rescue.c
@@ -242,7 +242,7 @@ static int cmd_rescue_fix_device_size(const struct cmd_struct *cmd,
}
fs_info = open_ctree_fs_info(devname, 0, 0, 0, OPEN_CTREE_WRITES |
- OPEN_CTREE_PARTIAL);
+ OPEN_CTREE_PARTIAL, NULL);
if (!fs_info) {
error("could not open btrfs");
ret = -EIO;
diff --git a/cmds/restore.c b/cmds/restore.c
index 08f5b7e7..5821dc9b 100644
--- a/cmds/restore.c
+++ b/cmds/restore.c
@@ -1280,7 +1280,7 @@ static struct btrfs_root *open_fs(const char *dev, u64 root_location,
*/
fs_info = open_ctree_fs_info(dev, bytenr, root_location, 0,
OPEN_CTREE_PARTIAL |
- OPEN_CTREE_NO_BLOCK_GROUPS);
+ OPEN_CTREE_NO_BLOCK_GROUPS, NULL);
if (fs_info)
break;
fprintf(stderr, "Could not open root, trying backup super\n");
diff --git a/disk-io.c b/disk-io.c
index 5e54a4b3..6221c3ce 100644
--- a/disk-io.c
+++ b/disk-io.c
@@ -789,7 +789,8 @@ void btrfs_free_fs_info(struct btrfs_fs_info *fs_info)
free(fs_info);
}
-struct btrfs_fs_info *btrfs_new_fs_info(int writable, u64 sb_bytenr)
+struct btrfs_fs_info *btrfs_new_fs_info(int writable, u64 sb_bytenr,
+ char *auth_key)
{
struct btrfs_fs_info *fs_info;
@@ -1189,7 +1190,7 @@ static struct btrfs_fs_info *__open_ctree_fd(int fp, const char *path,
u64 sb_bytenr,
u64 root_tree_bytenr,
u64 chunk_root_bytenr,
- unsigned flags)
+ unsigned flags, char *auth_key)
{
struct btrfs_fs_info *fs_info;
struct btrfs_super_block *disk_super;
@@ -1206,7 +1207,8 @@ static struct btrfs_fs_info *__open_ctree_fd(int fp, const char *path,
if (posix_fadvise(fp, 0, 0, POSIX_FADV_DONTNEED))
fprintf(stderr, "Warning, could not drop caches\n");
- fs_info = btrfs_new_fs_info(flags & OPEN_CTREE_WRITES, sb_bytenr);
+ fs_info = btrfs_new_fs_info(flags & OPEN_CTREE_WRITES, sb_bytenr,
+ auth_key);
if (!fs_info) {
fprintf(stderr, "Failed to allocate memory for fs_info\n");
return NULL;
@@ -1317,7 +1319,7 @@ out:
struct btrfs_fs_info *open_ctree_fs_info(const char *filename,
u64 sb_bytenr, u64 root_tree_bytenr,
u64 chunk_root_bytenr,
- unsigned flags)
+ unsigned flags, char *auth_key)
{
int fp;
int ret;
@@ -1344,7 +1346,7 @@ struct btrfs_fs_info *open_ctree_fs_info(const char *filename,
return NULL;
}
info = __open_ctree_fd(fp, filename, sb_bytenr, root_tree_bytenr,
- chunk_root_bytenr, flags);
+ chunk_root_bytenr, flags, auth_key);
close(fp);
return info;
}
@@ -1356,7 +1358,7 @@ struct btrfs_root *open_ctree(const char *filename, u64 sb_bytenr,
/* This flags may not return fs_info with any valid root */
BUG_ON(flags & OPEN_CTREE_IGNORE_CHUNK_TREE_ERROR);
- info = open_ctree_fs_info(filename, sb_bytenr, 0, 0, flags);
+ info = open_ctree_fs_info(filename, sb_bytenr, 0, 0, flags, NULL);
if (!info)
return NULL;
if (flags & __OPEN_CTREE_RETURN_CHUNK_ROOT)
@@ -1375,7 +1377,7 @@ struct btrfs_root *open_ctree_fd(int fp, const char *path, u64 sb_bytenr,
(unsigned long long)flags);
return NULL;
}
- info = __open_ctree_fd(fp, path, sb_bytenr, 0, 0, flags);
+ info = __open_ctree_fd(fp, path, sb_bytenr, 0, 0, flags, NULL);
if (!info)
return NULL;
if (flags & __OPEN_CTREE_RETURN_CHUNK_ROOT)
diff --git a/disk-io.h b/disk-io.h
index 630d4754..79a2cf73 100644
--- a/disk-io.h
+++ b/disk-io.h
@@ -143,7 +143,8 @@ void btrfs_setup_root(struct btrfs_root *root, struct btrfs_fs_info *fs_info,
int clean_tree_block(struct extent_buffer *buf);
void btrfs_free_fs_info(struct btrfs_fs_info *fs_info);
-struct btrfs_fs_info *btrfs_new_fs_info(int writable, u64 sb_bytenr);
+struct btrfs_fs_info *btrfs_new_fs_info(int writable, u64 sb_bytenr,
+ char *auth_key);
int btrfs_check_fs_compatibility(struct btrfs_super_block *sb,
unsigned int flags);
int btrfs_setup_all_roots(struct btrfs_fs_info *fs_info, u64 root_tree_bytenr,
@@ -163,7 +164,7 @@ struct btrfs_root *open_ctree_fd(int fp, const char *path, u64 sb_bytenr,
struct btrfs_fs_info *open_ctree_fs_info(const char *filename,
u64 sb_bytenr, u64 root_tree_bytenr,
u64 chunk_root_bytenr,
- unsigned flags);
+ unsigned flags, char *auth_key);
int close_ctree_fs_info(struct btrfs_fs_info *fs_info);
static inline int close_ctree(struct btrfs_root *root)
{
diff --git a/image/main.c b/image/main.c
index 0d286b8f..39bca429 100644
--- a/image/main.c
+++ b/image/main.c
@@ -2549,7 +2549,8 @@ static int restore_metadump(const char *input, FILE *out, int old_restore,
info = open_ctree_fs_info(target, 0, 0, 0,
OPEN_CTREE_WRITES |
OPEN_CTREE_RESTORE |
- OPEN_CTREE_PARTIAL);
+ OPEN_CTREE_PARTIAL,
+ NULL);
if (!info) {
error("open ctree failed");
ret = -EIO;
@@ -2913,7 +2914,7 @@ int BOX_MAIN(image)(int argc, char *argv[])
info = open_ctree_fs_info(target, 0, 0, 0,
OPEN_CTREE_PARTIAL |
- OPEN_CTREE_RESTORE);
+ OPEN_CTREE_RESTORE, NULL);
if (!info) {
error("open ctree failed at %s", target);
return 1;
diff --git a/mkfs/main.c b/mkfs/main.c
index 316ea82e..e830de4e 100644
--- a/mkfs/main.c
+++ b/mkfs/main.c
@@ -1206,7 +1206,8 @@ int BOX_MAIN(mkfs)(int argc, char **argv)
}
fs_info = open_ctree_fs_info(file, 0, 0, 0,
- OPEN_CTREE_WRITES | OPEN_CTREE_TEMPORARY_SUPER);
+ OPEN_CTREE_WRITES | OPEN_CTREE_TEMPORARY_SUPER,
+ auth_key);
if (!fs_info) {
error("open ctree failed");
goto error;
--
2.26.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v2 3/5] btrfs-progs: Add HMAC(SHA256) support
2020-05-14 9:34 [PATCH v2 0/5] btrfs-progs: support creating authenticated file-systems Johannes Thumshirn
2020-05-14 9:34 ` [PATCH v2 1/5] btrfs-progs: pass in fs_info to btrfs_csum_data Johannes Thumshirn
2020-05-14 9:34 ` [PATCH v2 2/5] btrfs-progs: add auth_key argument to open_ctree_fs_info Johannes Thumshirn
@ 2020-05-14 9:34 ` Johannes Thumshirn
2020-06-05 8:10 ` Anand Jain
2020-05-14 9:34 ` [PATCH v2 4/5] btrfs-progs: add --auth-key to dump-super Johannes Thumshirn
2020-05-14 9:34 ` [PATCH v2 5/5] btrfs-progs: add auth key to check Johannes Thumshirn
4 siblings, 1 reply; 7+ messages in thread
From: Johannes Thumshirn @ 2020-05-14 9:34 UTC (permalink / raw)
To: David Sterba; +Cc: linux-btrfs @ vger . kernel . org, Johannes Thumshirn
From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Add support for authenticated file systems using HMAC(SHA256) as
checksumming algorithm.
Example:
mkfs.btrfs --csum hmac-sha256 --auth-key 0123456789 -f test.img
Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
---
cmds/inspect-dump-super.c | 5 ++++-
common/utils.c | 3 +++
configure.ac | 1 -
crypto/hash.c | 30 ++++++++++++++++++++++++++++++
crypto/hash.h | 2 ++
ctree.c | 1 +
ctree.h | 3 +++
disk-io.c | 7 ++++++-
mkfs/common.c | 10 ++++++++++
mkfs/common.h | 3 +++
mkfs/main.c | 22 +++++++++++++++++++++-
11 files changed, 83 insertions(+), 4 deletions(-)
diff --git a/cmds/inspect-dump-super.c b/cmds/inspect-dump-super.c
index 99f35def..dd42d180 100644
--- a/cmds/inspect-dump-super.c
+++ b/cmds/inspect-dump-super.c
@@ -319,6 +319,7 @@ static bool is_valid_csum_type(u16 csum_type)
case BTRFS_CSUM_TYPE_XXHASH:
case BTRFS_CSUM_TYPE_SHA256:
case BTRFS_CSUM_TYPE_BLAKE2:
+ case BTRFS_CSUM_TYPE_HMAC_SHA256:
return true;
default:
return false;
@@ -352,7 +353,9 @@ static void dump_superblock(struct btrfs_super_block *sb, int full)
printf("csum\t\t\t0x");
for (i = 0, p = sb->csum; i < csum_size; i++)
printf("%02x", p[i]);
- if (!is_valid_csum_type(csum_type))
+ if (csum_type == BTRFS_CSUM_TYPE_HMAC_SHA256)
+ printf(" [NO KEY FOR HMAC]");
+ else if (!is_valid_csum_type(csum_type))
printf(" [UNKNOWN CSUM TYPE OR SIZE]");
else if (check_csum_sblock(sb, csum_size, csum_type))
printf(" [match]");
diff --git a/common/utils.c b/common/utils.c
index 2517bb34..9c1d9a1b 100644
--- a/common/utils.c
+++ b/common/utils.c
@@ -774,6 +774,9 @@ enum btrfs_csum_type parse_csum_type(const char *s)
} else if (strcasecmp(s, "blake2b") == 0 ||
strcasecmp(s, "blake2") == 0) {
return BTRFS_CSUM_TYPE_BLAKE2;
+ } else if (strcasecmp(s, "hmac-sha256") == 0 ||
+ strcasecmp(s, "hmac(sha256)") == 0) {
+ return BTRFS_CSUM_TYPE_HMAC_SHA256;
} else {
error("unknown csum type %s", s);
exit(1);
diff --git a/configure.ac b/configure.ac
index 24b1641f..c842570c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -295,7 +295,6 @@ AC_SUBST([LZO2_LIBS])
AC_SUBST([LZO2_LIBS_STATIC])
AC_SUBST([LZO2_CFLAGS])
-
dnl library stuff
AC_SUBST([LIBBTRFS_MAJOR])
AC_SUBST([LIBBTRFS_MINOR])
diff --git a/crypto/hash.c b/crypto/hash.c
index fc658475..b1cdfe67 100644
--- a/crypto/hash.c
+++ b/crypto/hash.c
@@ -1,3 +1,7 @@
+#include <gcrypt.h>
+
+#include "ctree.h"
+
#include "crypto/hash.h"
#include "crypto/crc32c.h"
#include "crypto/xxhash.h"
@@ -72,12 +76,25 @@ int hash_blake2b(const u8 *buf, size_t len, u8 *out)
return 0;
}
+int hash_hmac_sha256(struct btrfs_fs_info *fs_info, const u8 *buf,
+ size_t length, u8 *out)
+{
+ gcry_mac_hd_t mac;
+ gcry_mac_open(&mac, GCRY_MAC_HMAC_SHA256, 0, NULL);
+ gcry_mac_setkey(mac, fs_info->auth_key, strlen(fs_info->auth_key));
+ gcry_mac_write(mac, buf, length);
+ gcry_mac_read(mac, out, &length);
+
+ return 0;
+}
+
#endif
#if CRYPTOPROVIDER_LIBSODIUM == 1
#include <sodium/crypto_hash_sha256.h>
#include <sodium/crypto_generichash_blake2b.h>
+#include <sodium/crypto_auth_hmacsha256.h>
int hash_sha256(const u8 *buf, size_t len, u8 *out)
{
@@ -90,4 +107,17 @@ int hash_blake2b(const u8 *buf, size_t len, u8 *out)
NULL, 0);
}
+int hash_hmac_sha256(struct btrfs_fs_info *fs_info, const u8 *buf,
+ size_t length, u8 *out)
+{
+ crypto_auth_hmacsha256_state state;
+
+ crypto_auth_hmacsha256_init(&state, (unsigned char *)fs_info->auth_key,
+ strlen(fs_info->auth_key));
+ crypto_auth_hmacsha256_update(&state, buf, length);
+ crypto_auth_hmacsha256_final(&state, out);
+
+ return 0;
+}
+
#endif
diff --git a/crypto/hash.h b/crypto/hash.h
index fefccbd5..252ce9f9 100644
--- a/crypto/hash.h
+++ b/crypto/hash.h
@@ -9,5 +9,7 @@ int hash_crc32c(const u8 *buf, size_t length, u8 *out);
int hash_xxhash(const u8 *buf, size_t length, u8 *out);
int hash_sha256(const u8 *buf, size_t length, u8 *out);
int hash_blake2b(const u8 *buf, size_t length, u8 *out);
+int hash_hmac_sha256(struct btrfs_fs_info *fs_info, const u8 *buf,
+ size_t length, u8 *out);
#endif
diff --git a/ctree.c b/ctree.c
index 3559680f..25a1e865 100644
--- a/ctree.c
+++ b/ctree.c
@@ -46,6 +46,7 @@ static const struct btrfs_csum {
[BTRFS_CSUM_TYPE_XXHASH] = { 8, "xxhash64" },
[BTRFS_CSUM_TYPE_SHA256] = { 32, "sha256" },
[BTRFS_CSUM_TYPE_BLAKE2] = { 32, "blake2" },
+ [BTRFS_CSUM_TYPE_HMAC_SHA256] = { 32, "hmac-sha256" },
};
u16 btrfs_super_csum_size(const struct btrfs_super_block *sb)
diff --git a/ctree.h b/ctree.h
index 2a871187..c8482596 100644
--- a/ctree.h
+++ b/ctree.h
@@ -172,6 +172,7 @@ enum btrfs_csum_type {
BTRFS_CSUM_TYPE_XXHASH = 1,
BTRFS_CSUM_TYPE_SHA256 = 2,
BTRFS_CSUM_TYPE_BLAKE2 = 3,
+ BTRFS_CSUM_TYPE_HMAC_SHA256 = 4,
};
#define BTRFS_EMPTY_DIR_SIZE 0
@@ -1212,6 +1213,8 @@ struct btrfs_fs_info {
u32 nodesize;
u32 sectorsize;
u32 stripesize;
+
+ char *auth_key;
};
/*
diff --git a/disk-io.c b/disk-io.c
index 6221c3ce..5fa1f0c3 100644
--- a/disk-io.c
+++ b/disk-io.c
@@ -153,6 +153,10 @@ int btrfs_csum_data(struct btrfs_fs_info *fs_info, u16 csum_type,
return hash_sha256(data, len, out);
case BTRFS_CSUM_TYPE_BLAKE2:
return hash_blake2b(data, len, out);
+ case BTRFS_CSUM_TYPE_HMAC_SHA256:
+ if (!fs_info || !fs_info->auth_key)
+ return 0;
+ return hash_hmac_sha256(fs_info, data, len, out);
default:
fprintf(stderr, "ERROR: unknown csum type: %d\n", csum_type);
ASSERT(0);
@@ -837,6 +841,7 @@ struct btrfs_fs_info *btrfs_new_fs_info(int writable, u64 sb_bytenr,
fs_info->data_alloc_profile = (u64)-1;
fs_info->metadata_alloc_profile = (u64)-1;
fs_info->system_alloc_profile = fs_info->metadata_alloc_profile;
+ fs_info->auth_key = auth_key;
return fs_info;
free_all:
btrfs_free_fs_info(fs_info);
@@ -1418,7 +1423,7 @@ int btrfs_check_super(struct btrfs_super_block *sb, unsigned sbflags)
btrfs_csum_data(NULL, csum_type, (u8 *)sb + BTRFS_CSUM_SIZE,
result, BTRFS_SUPER_INFO_SIZE - BTRFS_CSUM_SIZE);
- if (memcmp(result, sb->csum, csum_size)) {
+ if (memcmp(result, sb->csum, csum_size) && csum_type != BTRFS_CSUM_TYPE_HMAC_SHA256) {
error("superblock checksum mismatch");
return -EIO;
}
diff --git a/mkfs/common.c b/mkfs/common.c
index 469b88d6..81d0b5c1 100644
--- a/mkfs/common.c
+++ b/mkfs/common.c
@@ -160,6 +160,13 @@ int make_btrfs(int fd, struct btrfs_mkfs_config *cfg)
if (!buf)
return -ENOMEM;
+ buf->fs_info = calloc(1, sizeof(struct btrfs_fs_info));
+ if (!buf->fs_info) {
+ free(buf);
+ return -ENOMEM;
+ }
+
+
first_free = BTRFS_SUPER_INFO_OFFSET + cfg->sectorsize * 2 - 1;
first_free &= ~((u64)cfg->sectorsize - 1);
@@ -224,6 +231,8 @@ int make_btrfs(int fd, struct btrfs_mkfs_config *cfg)
btrfs_header_chunk_tree_uuid(buf),
BTRFS_UUID_SIZE);
+ buf->fs_info->auth_key = cfg->auth_key;
+
ret = btrfs_create_tree_root(fd, cfg, buf);
if (ret < 0)
goto out;
@@ -474,6 +483,7 @@ int make_btrfs(int fd, struct btrfs_mkfs_config *cfg)
ret = 0;
out:
+ free(buf->fs_info);
free(buf);
return ret;
}
diff --git a/mkfs/common.h b/mkfs/common.h
index 426852be..7aea13cd 100644
--- a/mkfs/common.h
+++ b/mkfs/common.h
@@ -65,6 +65,9 @@ struct btrfs_mkfs_config {
/* Superblock offset after make_btrfs */
u64 super_bytenr;
+
+ /* authentication key */
+ char *auth_key;
};
int make_btrfs(int fd, struct btrfs_mkfs_config *cfg);
diff --git a/mkfs/main.c b/mkfs/main.c
index e830de4e..9f783cc1 100644
--- a/mkfs/main.c
+++ b/mkfs/main.c
@@ -343,6 +343,7 @@ static void print_usage(int ret)
printf(" features:\n");
printf("\t--csum TYPE\n");
printf("\t--checksum TYPE checksum algorithm to use (default: crc32c)\n");
+ printf("\t--auth-key KEY authentication key to use for authenticated file-systems\n");
printf("\t-n|--nodesize SIZE size of btree nodes\n");
printf("\t-s|--sectorsize SIZE data block size (may not be mountable by current kernel)\n");
printf("\t-O|--features LIST comma separated list of filesystem features (use '-O list-all' to list features)\n");
@@ -839,14 +840,21 @@ int BOX_MAIN(mkfs)(int argc, char **argv)
struct mkfs_allocation allocation = { 0 };
struct btrfs_mkfs_config mkfs_cfg;
enum btrfs_csum_type csum_type = BTRFS_CSUM_TYPE_CRC32;
+ char *auth_key = NULL;
crc32c_optimization_init();
while(1) {
int c;
- enum { GETOPT_VAL_SHRINK = 257, GETOPT_VAL_CHECKSUM };
+ enum {
+ GETOPT_VAL_SHRINK = 257,
+ GETOPT_VAL_CHECKSUM,
+ GETOPT_VAL_AUTHKEY,
+ };
static const struct option long_options[] = {
{ "alloc-start", required_argument, NULL, 'A'},
+ { "auth-key", required_argument, NULL,
+ GETOPT_VAL_AUTHKEY },
{ "byte-count", required_argument, NULL, 'b' },
{ "csum", required_argument, NULL,
GETOPT_VAL_CHECKSUM },
@@ -952,6 +960,9 @@ int BOX_MAIN(mkfs)(int argc, char **argv)
case GETOPT_VAL_CHECKSUM:
csum_type = parse_csum_type(optarg);
break;
+ case GETOPT_VAL_AUTHKEY:
+ auth_key = strdup(optarg);
+ break;
case GETOPT_VAL_HELP:
default:
print_usage(c != GETOPT_VAL_HELP);
@@ -979,6 +990,12 @@ int BOX_MAIN(mkfs)(int argc, char **argv)
goto error;
}
+ if ((auth_key && csum_type != BTRFS_CSUM_TYPE_HMAC_SHA256) ||
+ (csum_type == BTRFS_CSUM_TYPE_HMAC_SHA256 && !auth_key)) {
+ error("the option --auth-key must be used with --csum hmac(sha256)");
+ goto error;
+ }
+
if (*fs_uuid) {
uuid_t dummy_uuid;
@@ -1197,6 +1214,7 @@ int BOX_MAIN(mkfs)(int argc, char **argv)
mkfs_cfg.stripesize = stripesize;
mkfs_cfg.features = features;
mkfs_cfg.csum_type = csum_type;
+ mkfs_cfg.auth_key = auth_key;
ret = make_btrfs(fd, &mkfs_cfg);
if (ret) {
@@ -1413,6 +1431,7 @@ out:
btrfs_close_all_devices();
free(label);
+ free(auth_key);
return !!ret;
error:
@@ -1420,6 +1439,7 @@ error:
close(fd);
free(label);
+ free(auth_key);
exit(1);
success:
exit(0);
--
2.26.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v2 4/5] btrfs-progs: add --auth-key to dump-super
2020-05-14 9:34 [PATCH v2 0/5] btrfs-progs: support creating authenticated file-systems Johannes Thumshirn
` (2 preceding siblings ...)
2020-05-14 9:34 ` [PATCH v2 3/5] btrfs-progs: Add HMAC(SHA256) support Johannes Thumshirn
@ 2020-05-14 9:34 ` Johannes Thumshirn
2020-05-14 9:34 ` [PATCH v2 5/5] btrfs-progs: add auth key to check Johannes Thumshirn
4 siblings, 0 replies; 7+ messages in thread
From: Johannes Thumshirn @ 2020-05-14 9:34 UTC (permalink / raw)
To: David Sterba
Cc: linux-btrfs @ vger . kernel . org, Johannes Thumshirn,
Johannes Thumshirn
From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Add auth-key option for btrfs inspect-internal dump-super so we can dump an
authenticated super-block and check for it's integrity.
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
---
cmds/inspect-dump-super.c | 35 ++++++++++++++++++++++++-----------
1 file changed, 24 insertions(+), 11 deletions(-)
diff --git a/cmds/inspect-dump-super.c b/cmds/inspect-dump-super.c
index dd42d180..1bc806e9 100644
--- a/cmds/inspect-dump-super.c
+++ b/cmds/inspect-dump-super.c
@@ -35,11 +35,13 @@
#include "crypto/crc32c.h"
#include "common/help.h"
-static int check_csum_sblock(void *sb, int csum_size, u16 csum_type)
+static int check_csum_sblock(void *sb, int csum_size, u16 csum_type,
+ char *auth_key)
{
+ struct btrfs_fs_info dummy_fs_info = { .auth_key = auth_key };
u8 result[BTRFS_CSUM_SIZE];
- btrfs_csum_data(NULL, csum_type, (u8 *)sb + BTRFS_CSUM_SIZE,
+ btrfs_csum_data(&dummy_fs_info, csum_type, (u8 *)sb + BTRFS_CSUM_SIZE,
result, BTRFS_SUPER_INFO_SIZE - BTRFS_CSUM_SIZE);
return !memcmp(sb, result, csum_size);
@@ -326,7 +328,8 @@ static bool is_valid_csum_type(u16 csum_type)
}
}
-static void dump_superblock(struct btrfs_super_block *sb, int full)
+static void dump_superblock(struct btrfs_super_block *sb, int full,
+ char *auth_key)
{
int i;
char *s, buf[BTRFS_UUID_UNPARSED_SIZE];
@@ -353,11 +356,11 @@ static void dump_superblock(struct btrfs_super_block *sb, int full)
printf("csum\t\t\t0x");
for (i = 0, p = sb->csum; i < csum_size; i++)
printf("%02x", p[i]);
- if (csum_type == BTRFS_CSUM_TYPE_HMAC_SHA256)
+ if (csum_type == BTRFS_CSUM_TYPE_HMAC_SHA256 && !auth_key)
printf(" [NO KEY FOR HMAC]");
else if (!is_valid_csum_type(csum_type))
printf(" [UNKNOWN CSUM TYPE OR SIZE]");
- else if (check_csum_sblock(sb, csum_size, csum_type))
+ else if (check_csum_sblock(sb, csum_size, csum_type, auth_key))
printf(" [match]");
else
printf(" [DON'T MATCH]");
@@ -485,7 +488,7 @@ static void dump_superblock(struct btrfs_super_block *sb, int full)
}
static int load_and_dump_sb(char *filename, int fd, u64 sb_bytenr, int full,
- int force)
+ int force, char *auth_key)
{
u8 super_block_data[BTRFS_SUPER_INFO_SIZE];
struct btrfs_super_block *sb;
@@ -510,7 +513,7 @@ static int load_and_dump_sb(char *filename, int fd, u64 sb_bytenr, int full,
error("bad magic on superblock on %s at %llu",
filename, (unsigned long long)sb_bytenr);
} else {
- dump_superblock(sb, full);
+ dump_superblock(sb, full, auth_key);
}
return 0;
}
@@ -524,6 +527,7 @@ static const char * const cmd_inspect_dump_super_usage[] = {
"-s|--super <super> specify which copy to print out (values: 0, 1, 2)",
"-F|--force attempt to dump superblocks with bad magic",
"--bytenr <offset> specify alternate superblock offset",
+ "--auth-key <key> specify authentication key for authenticated file-system",
"",
"Deprecated syntax:",
"-s <bytenr> specify alternate superblock offset, values other than 0, 1, 2",
@@ -546,16 +550,19 @@ static int cmd_inspect_dump_super(const struct cmd_struct *cmd,
int ret = 0;
u64 arg;
u64 sb_bytenr = btrfs_sb_offset(0);
+ char *auth_key = NULL;
while (1) {
int c;
- enum { GETOPT_VAL_BYTENR = 257 };
+ enum { GETOPT_VAL_BYTENR = 257, GETOPT_VAL_AUTHKEY, };
static const struct option long_options[] = {
{"all", no_argument, NULL, 'a'},
{"bytenr", required_argument, NULL, GETOPT_VAL_BYTENR },
{"full", no_argument, NULL, 'f'},
{"force", no_argument, NULL, 'F'},
{"super", required_argument, NULL, 's' },
+ {"auth-key", required_argument, NULL,
+ GETOPT_VAL_AUTHKEY },
{NULL, 0, NULL, 0}
};
@@ -602,13 +609,16 @@ static int cmd_inspect_dump_super(const struct cmd_struct *cmd,
sb_bytenr = arg;
all = 0;
break;
+ case GETOPT_VAL_AUTHKEY:
+ auth_key = strdup(optarg);
+ break;
default:
usage_unknown_option(cmd, argv);
}
}
if (check_argc_min(argc - optind, 1))
- return 1;
+ goto out;
for (i = optind; i < argc; i++) {
filename = argv[i];
@@ -625,7 +635,8 @@ static int cmd_inspect_dump_super(const struct cmd_struct *cmd,
for (idx = 0; idx < BTRFS_SUPER_MIRROR_MAX; idx++) {
sb_bytenr = btrfs_sb_offset(idx);
if (load_and_dump_sb(filename, fd,
- sb_bytenr, full, force)) {
+ sb_bytenr, full, force,
+ auth_key)) {
close(fd);
ret = 1;
goto out;
@@ -634,13 +645,15 @@ static int cmd_inspect_dump_super(const struct cmd_struct *cmd,
putchar('\n');
}
} else {
- load_and_dump_sb(filename, fd, sb_bytenr, full, force);
+ load_and_dump_sb(filename, fd, sb_bytenr, full, force,
+ auth_key);
putchar('\n');
}
close(fd);
}
out:
+ free(auth_key);
return ret;
}
DEFINE_SIMPLE_COMMAND(inspect_dump_super, "dump-super");
--
2.26.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v2 5/5] btrfs-progs: add auth key to check
2020-05-14 9:34 [PATCH v2 0/5] btrfs-progs: support creating authenticated file-systems Johannes Thumshirn
` (3 preceding siblings ...)
2020-05-14 9:34 ` [PATCH v2 4/5] btrfs-progs: add --auth-key to dump-super Johannes Thumshirn
@ 2020-05-14 9:34 ` Johannes Thumshirn
4 siblings, 0 replies; 7+ messages in thread
From: Johannes Thumshirn @ 2020-05-14 9:34 UTC (permalink / raw)
To: David Sterba; +Cc: linux-btrfs @ vger . kernel . org, Johannes Thumshirn
From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Add auth-key option for btrfs check so we can check an authenticated
file-system.
Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
---
check/main.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/check/main.c b/check/main.c
index 21b37e66..bb848edb 100644
--- a/check/main.c
+++ b/check/main.c
@@ -9937,6 +9937,7 @@ static const char * const cmd_check_usage[] = {
" --clear-space-cache v1|v2 clear space cache for v1 or v2",
" check and reporting options:",
" --check-data-csum verify checksums of data blocks",
+ " --auth-key key for authenticated file-system",
" -Q|--qgroup-report print a report on qgroup consistency",
" -E|--subvol-extents <subvolid>",
" print subvolume extents and sharing state",
@@ -9965,6 +9966,7 @@ static int cmd_check(const struct cmd_struct *cmd, int argc, char **argv)
int qgroup_report_ret;
unsigned ctree_flags = OPEN_CTREE_EXCLUSIVE;
int force = 0;
+ char *auth_key = NULL;
while(1) {
int c;
@@ -9972,7 +9974,7 @@ static int cmd_check(const struct cmd_struct *cmd, int argc, char **argv)
GETOPT_VAL_INIT_EXTENT, GETOPT_VAL_CHECK_CSUM,
GETOPT_VAL_READONLY, GETOPT_VAL_CHUNK_TREE,
GETOPT_VAL_MODE, GETOPT_VAL_CLEAR_SPACE_CACHE,
- GETOPT_VAL_FORCE };
+ GETOPT_VAL_FORCE, GETOPT_VAL_AUTH_KEY };
static const struct option long_options[] = {
{ "super", required_argument, NULL, 's' },
{ "repair", no_argument, NULL, GETOPT_VAL_REPAIR },
@@ -9995,6 +9997,8 @@ static int cmd_check(const struct cmd_struct *cmd, int argc, char **argv)
{ "clear-space-cache", required_argument, NULL,
GETOPT_VAL_CLEAR_SPACE_CACHE},
{ "force", no_argument, NULL, GETOPT_VAL_FORCE },
+ { "auth-key", required_argument, NULL,
+ GETOPT_VAL_AUTH_KEY },
{ NULL, 0, NULL, 0}
};
@@ -10082,6 +10086,9 @@ static int cmd_check(const struct cmd_struct *cmd, int argc, char **argv)
case GETOPT_VAL_FORCE:
force = 1;
break;
+ case GETOPT_VAL_AUTH_KEY:
+ auth_key = strdup(optarg);
+ break;
}
}
@@ -10162,7 +10169,7 @@ static int cmd_check(const struct cmd_struct *cmd, int argc, char **argv)
ctree_flags |= OPEN_CTREE_PARTIAL;
info = open_ctree_fs_info(argv[optind], bytenr, tree_root_bytenr,
- chunk_root_bytenr, ctree_flags, NULL);
+ chunk_root_bytenr, ctree_flags, auth_key);
if (!info) {
error("cannot open file system");
ret = -EIO;
@@ -10508,6 +10515,8 @@ err_out:
if (ctx.progress_enabled)
task_deinit(ctx.info);
+ free(auth_key);
+
return err;
}
DEFINE_SIMPLE_COMMAND(check, "check");
--
2.26.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2 3/5] btrfs-progs: Add HMAC(SHA256) support
2020-05-14 9:34 ` [PATCH v2 3/5] btrfs-progs: Add HMAC(SHA256) support Johannes Thumshirn
@ 2020-06-05 8:10 ` Anand Jain
0 siblings, 0 replies; 7+ messages in thread
From: Anand Jain @ 2020-06-05 8:10 UTC (permalink / raw)
To: Johannes Thumshirn, David Sterba
Cc: linux-btrfs @ vger . kernel . org, Johannes Thumshirn
> diff --git a/crypto/hash.c b/crypto/hash.c
> index fc658475..b1cdfe67 100644
> --- a/crypto/hash.c
> +++ b/crypto/hash.c
> @@ -1,3 +1,7 @@
> +#include <gcrypt.h>
We don't need the libgcrypt library when configured with
--with-crypto=builtin
So this should come under the define CRYPTOPROVIDER_LIB...
> diff --git a/crypto/hash.h b/crypto/hash.h
> index fefccbd5..252ce9f9 100644
> --- a/crypto/hash.h
> +++ b/crypto/hash.h
> @@ -9,5 +9,7 @@ int hash_crc32c(const u8 *buf, size_t length, u8 *out);
> int hash_xxhash(const u8 *buf, size_t length, u8 *out);
> int hash_sha256(const u8 *buf, size_t length, u8 *out);
> int hash_blake2b(const u8 *buf, size_t length, u8 *out);
> +int hash_hmac_sha256(struct btrfs_fs_info *fs_info, const u8 *buf,
> + size_t length, u8 *out);
>
> #endif
> diff --git a/disk-io.c b/disk-io.c
> index 6221c3ce..5fa1f0c3 100644
> --- a/disk-io.c
> +++ b/disk-io.c
> @@ -153,6 +153,10 @@ int btrfs_csum_data(struct btrfs_fs_info *fs_info, u16 csum_type,
> return hash_sha256(data, len, out);
> case BTRFS_CSUM_TYPE_BLAKE2:
> return hash_blake2b(data, len, out);
> + case BTRFS_CSUM_TYPE_HMAC_SHA256:
> + if (!fs_info || !fs_info->auth_key)
> + return 0;
> + return hash_hmac_sha256(fs_info, data, len, out);
hash_hmac_sha256() is defined under CRYPTOPROVIDER_LIB...
So with default builtin option.
/Volumes/ws/btrfs-progs/disk-io.c:159: undefined reference to
`hash_hmac_sha256'
Thanks, Anand
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-06-05 8:11 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-14 9:34 [PATCH v2 0/5] btrfs-progs: support creating authenticated file-systems Johannes Thumshirn
2020-05-14 9:34 ` [PATCH v2 1/5] btrfs-progs: pass in fs_info to btrfs_csum_data Johannes Thumshirn
2020-05-14 9:34 ` [PATCH v2 2/5] btrfs-progs: add auth_key argument to open_ctree_fs_info Johannes Thumshirn
2020-05-14 9:34 ` [PATCH v2 3/5] btrfs-progs: Add HMAC(SHA256) support Johannes Thumshirn
2020-06-05 8:10 ` Anand Jain
2020-05-14 9:34 ` [PATCH v2 4/5] btrfs-progs: add --auth-key to dump-super Johannes Thumshirn
2020-05-14 9:34 ` [PATCH v2 5/5] btrfs-progs: add auth key to check Johannes Thumshirn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).