[f2fs-dev] [PATCH] f2fscrypt: show more information of policy

[f2fs-dev] [PATCH] f2fscrypt: show more information of policy

[Jaegeuk Kim]

From: Jaegeuk Kim <jaegeuk@google.com>

This patch gives more information of encryption policy.

Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I04a6826aa4497554ce79d884d495b3dda1b64fac
---
 tools/f2fscrypt.c | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/tools/f2fscrypt.c b/tools/f2fscrypt.c
index fe3e0ff..bb3e70f 100644
--- a/tools/f2fscrypt.c
+++ b/tools/f2fscrypt.c
@@ -63,6 +63,8 @@
 #define F2FS_ENCRYPTION_MODE_AES_256_GCM	2
 #define F2FS_ENCRYPTION_MODE_AES_256_CBC	3
 #define F2FS_ENCRYPTION_MODE_AES_256_CTS	4
+#define F2FS_ENCRYPTION_MODE_ADIANTUM		9
+#define F2FS_ENCRYPTION_MODE_PRIVATE		127
 
 #define F2FS_AES_256_XTS_KEY_SIZE		64
 #define F2FS_AES_256_GCM_KEY_SIZE		32
@@ -531,6 +533,33 @@ static void get_passphrase(char *passphrase, int len)
 	*p = '\0';
 }
 
+struct enc_mode_map {
+	int mode;
+	char name[255];
+};
+
+static const struct enc_mode_map enc_mode_str[] = {
+	{F2FS_ENCRYPTION_MODE_INVALID, "invalid"},
+	{F2FS_ENCRYPTION_MODE_AES_256_XTS, "aes_256_xts"},
+	{F2FS_ENCRYPTION_MODE_AES_256_GCM, "aes_256_gcm"},
+	{F2FS_ENCRYPTION_MODE_AES_256_CBC, "aes_256_cbc"},
+	{F2FS_ENCRYPTION_MODE_AES_256_CTS, "aes_256_cts"},
+	{F2FS_ENCRYPTION_MODE_ADIANTUM, "adiantum"},
+	{F2FS_ENCRYPTION_MODE_PRIVATE, "ice"},
+};
+
+static const char *get_crypt_mode(int mode)
+{
+	int i;
+
+	for (i = 0; i < (sizeof(enc_mode_str) / sizeof(enc_mode_str[0])); ++i) {
+		if (mode == enc_mode_str[i].mode) {
+			return enc_mode_str[i].name;
+		}
+	}
+	return "N/A";
+}
+
 struct keyring_map {
 	char name[4];
 	size_t name_len;
@@ -827,6 +856,11 @@ static void do_get_policy(int argc, char **argv, const struct cmd_desc *cmd)
 		for (j = 0; j < F2FS_KEY_DESCRIPTOR_SIZE; j++) {
 			printf("%02x", (unsigned char) policy.master_key_descriptor[j]);
 		}
+		printf("\tversion: %u\n", policy.version);
+		printf("\tcontents_encryption_mode : %s\n",
+			get_crypt_mode(policy.contents_encryption_mode));
+		printf("\tfilenames_encryption_mode: %s\n",
+			get_crypt_mode(policy.filenames_encryption_mode));
 		fputc('\n', stdout);
 	}
 	exit(0);
-- 
2.26.0.rc2.310.g2932bb562d-goog



_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH] f2fscrypt: show more information of policy

[Eric Biggers]

On Mon, Mar 30, 2020 at 12:25:24PM -0700, Jaegeuk Kim wrote:
> From: Jaegeuk Kim <jaegeuk@google.com>
> 
> This patch gives more information of encryption policy.
> 
> Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
> Change-Id: I04a6826aa4497554ce79d884d495b3dda1b64fac
> ---
>  tools/f2fscrypt.c | 34 ++++++++++++++++++++++++++++++++++
>  1 file changed, 34 insertions(+)
> 
> diff --git a/tools/f2fscrypt.c b/tools/f2fscrypt.c
> index fe3e0ff..bb3e70f 100644
> --- a/tools/f2fscrypt.c
> +++ b/tools/f2fscrypt.c

I'm a little confused why the f2fscrypt tool even exists?  Who is using it?  It
looks like this code was all copied from e4crypt, which is no longer being
maintained either as there are now better filesystem-independent tools:

- https://github.com/google/fscrypt
- https://github.com/google/fscryptctl
- https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/io/encrypt.c

Would one of those work for you instead?

> @@ -63,6 +63,8 @@
>  #define F2FS_ENCRYPTION_MODE_AES_256_GCM	2
>  #define F2FS_ENCRYPTION_MODE_AES_256_CBC	3
>  #define F2FS_ENCRYPTION_MODE_AES_256_CTS	4
> +#define F2FS_ENCRYPTION_MODE_ADIANTUM		9
> +#define F2FS_ENCRYPTION_MODE_PRIVATE		127

This doesn't match the list of encryption modes from the UAPI header.

> +static const char *get_crypt_mode(int mode)
> +{
> +	int i;
> +
> +	for (i = 0; i < (sizeof(enc_mode_str) / sizeof(enc_mode_str[0])); ++i) {
> +		if (mode == enc_mode_str[i].mode) {
> +			return enc_mode_str[i].name;
> +		}
> +	}
> +	return "N/A";
> +}

If the mode number is unrecognized, it should show the number.

- Eric


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH] f2fscrypt: show more information of policy

[Jaegeuk Kim]

On 03/30, Eric Biggers wrote:
> On Mon, Mar 30, 2020 at 12:25:24PM -0700, Jaegeuk Kim wrote:
> > From: Jaegeuk Kim <jaegeuk@google.com>
> > 
> > This patch gives more information of encryption policy.
> > 
> > Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
> > Change-Id: I04a6826aa4497554ce79d884d495b3dda1b64fac
> > ---
> >  tools/f2fscrypt.c | 34 ++++++++++++++++++++++++++++++++++
> >  1 file changed, 34 insertions(+)
> > 
> > diff --git a/tools/f2fscrypt.c b/tools/f2fscrypt.c
> > index fe3e0ff..bb3e70f 100644
> > --- a/tools/f2fscrypt.c
> > +++ b/tools/f2fscrypt.c
> 
> I'm a little confused why the f2fscrypt tool even exists?  Who is using it?  It
> looks like this code was all copied from e4crypt, which is no longer being
> maintained either as there are now better filesystem-independent tools:
> 
> - https://github.com/google/fscrypt
> - https://github.com/google/fscryptctl
> - https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/io/encrypt.c
> 
> Would one of those work for you instead?

I'm using it occasionally in Android. I think it'd be great to add it in f2fs_io
likewise xfs_io tho, it'd be also okay to add one of projects in AOSP, if you
have some bandwidth. If you have any plan, I'd okay to remove f2fscrypt in
f2fs-tools.

> 
> > @@ -63,6 +63,8 @@
> >  #define F2FS_ENCRYPTION_MODE_AES_256_GCM	2
> >  #define F2FS_ENCRYPTION_MODE_AES_256_CBC	3
> >  #define F2FS_ENCRYPTION_MODE_AES_256_CTS	4
> > +#define F2FS_ENCRYPTION_MODE_ADIANTUM		9
> > +#define F2FS_ENCRYPTION_MODE_PRIVATE		127
> 
> This doesn't match the list of encryption modes from the UAPI header.

Will fix.

> 
> > +static const char *get_crypt_mode(int mode)
> > +{
> > +	int i;
> > +
> > +	for (i = 0; i < (sizeof(enc_mode_str) / sizeof(enc_mode_str[0])); ++i) {
> > +		if (mode == enc_mode_str[i].mode) {
> > +			return enc_mode_str[i].name;
> > +		}
> > +	}
> > +	return "N/A";
> > +}
> 
> If the mode number is unrecognized, it should show the number.

Will fix.

Thanks,


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH] f2fscrypt: show more information of policy

[Eric Biggers]

On Mon, Mar 30, 2020 at 01:18:46PM -0700, Jaegeuk Kim wrote:
> On 03/30, Eric Biggers wrote:
> > On Mon, Mar 30, 2020 at 12:25:24PM -0700, Jaegeuk Kim wrote:
> > > From: Jaegeuk Kim <jaegeuk@google.com>
> > > 
> > > This patch gives more information of encryption policy.
> > > 
> > > Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
> > > Change-Id: I04a6826aa4497554ce79d884d495b3dda1b64fac
> > > ---
> > >  tools/f2fscrypt.c | 34 ++++++++++++++++++++++++++++++++++
> > >  1 file changed, 34 insertions(+)
> > > 
> > > diff --git a/tools/f2fscrypt.c b/tools/f2fscrypt.c
> > > index fe3e0ff..bb3e70f 100644
> > > --- a/tools/f2fscrypt.c
> > > +++ b/tools/f2fscrypt.c
> > 
> > I'm a little confused why the f2fscrypt tool even exists?  Who is using it?  It
> > looks like this code was all copied from e4crypt, which is no longer being
> > maintained either as there are now better filesystem-independent tools:
> > 
> > - https://github.com/google/fscrypt
> > - https://github.com/google/fscryptctl
> > - https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/io/encrypt.c
> > 
> > Would one of those work for you instead?
> 
> I'm using it occasionally in Android. I think it'd be great to add it in f2fs_io
> likewise xfs_io tho, it'd be also okay to add one of projects in AOSP, if you
> have some bandwidth. If you have any plan, I'd okay to remove f2fscrypt in
> f2fs-tools.
> 

Does it actually need to be part of the Android source tree, or would it suffice
to build it locally?

Either way, building xfs_io for Android might be difficult, so fscryptctl might
be the best option.

Note that fscryptctl doesn't yet support v2 encryption policies, but I'll
probably add it eventually.  I don't have any plans to update e4crypt and
f2fscrypt too.

- Eric


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH] f2fscrypt: show more information of policy

[Jaegeuk Kim]

On 03/30, Eric Biggers wrote:
> On Mon, Mar 30, 2020 at 01:18:46PM -0700, Jaegeuk Kim wrote:
> > On 03/30, Eric Biggers wrote:
> > > On Mon, Mar 30, 2020 at 12:25:24PM -0700, Jaegeuk Kim wrote:
> > > > From: Jaegeuk Kim <jaegeuk@google.com>
> > > > 
> > > > This patch gives more information of encryption policy.
> > > > 
> > > > Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
> > > > Change-Id: I04a6826aa4497554ce79d884d495b3dda1b64fac
> > > > ---
> > > >  tools/f2fscrypt.c | 34 ++++++++++++++++++++++++++++++++++
> > > >  1 file changed, 34 insertions(+)
> > > > 
> > > > diff --git a/tools/f2fscrypt.c b/tools/f2fscrypt.c
> > > > index fe3e0ff..bb3e70f 100644
> > > > --- a/tools/f2fscrypt.c
> > > > +++ b/tools/f2fscrypt.c
> > > 
> > > I'm a little confused why the f2fscrypt tool even exists?  Who is using it?  It
> > > looks like this code was all copied from e4crypt, which is no longer being
> > > maintained either as there are now better filesystem-independent tools:
> > > 
> > > - https://github.com/google/fscrypt
> > > - https://github.com/google/fscryptctl
> > > - https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/io/encrypt.c
> > > 
> > > Would one of those work for you instead?
> > 
> > I'm using it occasionally in Android. I think it'd be great to add it in f2fs_io
> > likewise xfs_io tho, it'd be also okay to add one of projects in AOSP, if you
> > have some bandwidth. If you have any plan, I'd okay to remove f2fscrypt in
> > f2fs-tools.
> > 
> 
> Does it actually need to be part of the Android source tree, or would it suffice
> to build it locally?

Well, it's upto you. I just prefer to get the binary from AOSP build simply.

> 
> Either way, building xfs_io for Android might be difficult, so fscryptctl might
> be the best option.
> 
> Note that fscryptctl doesn't yet support v2 encryption policies, but I'll
> probably add it eventually.  I don't have any plans to update e4crypt and
> f2fscrypt too.

Okay.

> 
> - Eric


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel