* [f2fs-dev] [PATCH] f2fscrypt: show more information of policy
@ 2020-03-30 19:25 Jaegeuk Kim
2020-03-30 19:51 ` Eric Biggers
0 siblings, 1 reply; 5+ messages in thread
From: Jaegeuk Kim @ 2020-03-30 19:25 UTC (permalink / raw)
To: linux-f2fs-devel; +Cc: Jaegeuk Kim
From: Jaegeuk Kim <jaegeuk@google.com>
This patch gives more information of encryption policy.
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I04a6826aa4497554ce79d884d495b3dda1b64fac
---
tools/f2fscrypt.c | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/tools/f2fscrypt.c b/tools/f2fscrypt.c
index fe3e0ff..bb3e70f 100644
--- a/tools/f2fscrypt.c
+++ b/tools/f2fscrypt.c
@@ -63,6 +63,8 @@
#define F2FS_ENCRYPTION_MODE_AES_256_GCM 2
#define F2FS_ENCRYPTION_MODE_AES_256_CBC 3
#define F2FS_ENCRYPTION_MODE_AES_256_CTS 4
+#define F2FS_ENCRYPTION_MODE_ADIANTUM 9
+#define F2FS_ENCRYPTION_MODE_PRIVATE 127
#define F2FS_AES_256_XTS_KEY_SIZE 64
#define F2FS_AES_256_GCM_KEY_SIZE 32
@@ -531,6 +533,33 @@ static void get_passphrase(char *passphrase, int len)
*p = '\0';
}
+struct enc_mode_map {
+ int mode;
+ char name[255];
+};
+
+static const struct enc_mode_map enc_mode_str[] = {
+ {F2FS_ENCRYPTION_MODE_INVALID, "invalid"},
+ {F2FS_ENCRYPTION_MODE_AES_256_XTS, "aes_256_xts"},
+ {F2FS_ENCRYPTION_MODE_AES_256_GCM, "aes_256_gcm"},
+ {F2FS_ENCRYPTION_MODE_AES_256_CBC, "aes_256_cbc"},
+ {F2FS_ENCRYPTION_MODE_AES_256_CTS, "aes_256_cts"},
+ {F2FS_ENCRYPTION_MODE_ADIANTUM, "adiantum"},
+ {F2FS_ENCRYPTION_MODE_PRIVATE, "ice"},
+};
+
+static const char *get_crypt_mode(int mode)
+{
+ int i;
+
+ for (i = 0; i < (sizeof(enc_mode_str) / sizeof(enc_mode_str[0])); ++i) {
+ if (mode == enc_mode_str[i].mode) {
+ return enc_mode_str[i].name;
+ }
+ }
+ return "N/A";
+}
+
struct keyring_map {
char name[4];
size_t name_len;
@@ -827,6 +856,11 @@ static void do_get_policy(int argc, char **argv, const struct cmd_desc *cmd)
for (j = 0; j < F2FS_KEY_DESCRIPTOR_SIZE; j++) {
printf("%02x", (unsigned char) policy.master_key_descriptor[j]);
}
+ printf("\tversion: %u\n", policy.version);
+ printf("\tcontents_encryption_mode : %s\n",
+ get_crypt_mode(policy.contents_encryption_mode));
+ printf("\tfilenames_encryption_mode: %s\n",
+ get_crypt_mode(policy.filenames_encryption_mode));
fputc('\n', stdout);
}
exit(0);
--
2.26.0.rc2.310.g2932bb562d-goog
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [f2fs-dev] [PATCH] f2fscrypt: show more information of policy
2020-03-30 19:25 [f2fs-dev] [PATCH] f2fscrypt: show more information of policy Jaegeuk Kim
@ 2020-03-30 19:51 ` Eric Biggers
2020-03-30 20:18 ` Jaegeuk Kim
0 siblings, 1 reply; 5+ messages in thread
From: Eric Biggers @ 2020-03-30 19:51 UTC (permalink / raw)
To: Jaegeuk Kim; +Cc: Jaegeuk Kim, linux-f2fs-devel
On Mon, Mar 30, 2020 at 12:25:24PM -0700, Jaegeuk Kim wrote:
> From: Jaegeuk Kim <jaegeuk@google.com>
>
> This patch gives more information of encryption policy.
>
> Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
> Change-Id: I04a6826aa4497554ce79d884d495b3dda1b64fac
> ---
> tools/f2fscrypt.c | 34 ++++++++++++++++++++++++++++++++++
> 1 file changed, 34 insertions(+)
>
> diff --git a/tools/f2fscrypt.c b/tools/f2fscrypt.c
> index fe3e0ff..bb3e70f 100644
> --- a/tools/f2fscrypt.c
> +++ b/tools/f2fscrypt.c
I'm a little confused why the f2fscrypt tool even exists? Who is using it? It
looks like this code was all copied from e4crypt, which is no longer being
maintained either as there are now better filesystem-independent tools:
- https://github.com/google/fscrypt
- https://github.com/google/fscryptctl
- https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/io/encrypt.c
Would one of those work for you instead?
> @@ -63,6 +63,8 @@
> #define F2FS_ENCRYPTION_MODE_AES_256_GCM 2
> #define F2FS_ENCRYPTION_MODE_AES_256_CBC 3
> #define F2FS_ENCRYPTION_MODE_AES_256_CTS 4
> +#define F2FS_ENCRYPTION_MODE_ADIANTUM 9
> +#define F2FS_ENCRYPTION_MODE_PRIVATE 127
This doesn't match the list of encryption modes from the UAPI header.
> +static const char *get_crypt_mode(int mode)
> +{
> + int i;
> +
> + for (i = 0; i < (sizeof(enc_mode_str) / sizeof(enc_mode_str[0])); ++i) {
> + if (mode == enc_mode_str[i].mode) {
> + return enc_mode_str[i].name;
> + }
> + }
> + return "N/A";
> +}
If the mode number is unrecognized, it should show the number.
- Eric
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [f2fs-dev] [PATCH] f2fscrypt: show more information of policy
2020-03-30 19:51 ` Eric Biggers
@ 2020-03-30 20:18 ` Jaegeuk Kim
2020-03-30 20:37 ` Eric Biggers
0 siblings, 1 reply; 5+ messages in thread
From: Jaegeuk Kim @ 2020-03-30 20:18 UTC (permalink / raw)
To: Eric Biggers; +Cc: linux-f2fs-devel
On 03/30, Eric Biggers wrote:
> On Mon, Mar 30, 2020 at 12:25:24PM -0700, Jaegeuk Kim wrote:
> > From: Jaegeuk Kim <jaegeuk@google.com>
> >
> > This patch gives more information of encryption policy.
> >
> > Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
> > Change-Id: I04a6826aa4497554ce79d884d495b3dda1b64fac
> > ---
> > tools/f2fscrypt.c | 34 ++++++++++++++++++++++++++++++++++
> > 1 file changed, 34 insertions(+)
> >
> > diff --git a/tools/f2fscrypt.c b/tools/f2fscrypt.c
> > index fe3e0ff..bb3e70f 100644
> > --- a/tools/f2fscrypt.c
> > +++ b/tools/f2fscrypt.c
>
> I'm a little confused why the f2fscrypt tool even exists? Who is using it? It
> looks like this code was all copied from e4crypt, which is no longer being
> maintained either as there are now better filesystem-independent tools:
>
> - https://github.com/google/fscrypt
> - https://github.com/google/fscryptctl
> - https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/io/encrypt.c
>
> Would one of those work for you instead?
I'm using it occasionally in Android. I think it'd be great to add it in f2fs_io
likewise xfs_io tho, it'd be also okay to add one of projects in AOSP, if you
have some bandwidth. If you have any plan, I'd okay to remove f2fscrypt in
f2fs-tools.
>
> > @@ -63,6 +63,8 @@
> > #define F2FS_ENCRYPTION_MODE_AES_256_GCM 2
> > #define F2FS_ENCRYPTION_MODE_AES_256_CBC 3
> > #define F2FS_ENCRYPTION_MODE_AES_256_CTS 4
> > +#define F2FS_ENCRYPTION_MODE_ADIANTUM 9
> > +#define F2FS_ENCRYPTION_MODE_PRIVATE 127
>
> This doesn't match the list of encryption modes from the UAPI header.
Will fix.
>
> > +static const char *get_crypt_mode(int mode)
> > +{
> > + int i;
> > +
> > + for (i = 0; i < (sizeof(enc_mode_str) / sizeof(enc_mode_str[0])); ++i) {
> > + if (mode == enc_mode_str[i].mode) {
> > + return enc_mode_str[i].name;
> > + }
> > + }
> > + return "N/A";
> > +}
>
> If the mode number is unrecognized, it should show the number.
Will fix.
Thanks,
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [f2fs-dev] [PATCH] f2fscrypt: show more information of policy
2020-03-30 20:18 ` Jaegeuk Kim
@ 2020-03-30 20:37 ` Eric Biggers
2020-03-31 4:03 ` Jaegeuk Kim
0 siblings, 1 reply; 5+ messages in thread
From: Eric Biggers @ 2020-03-30 20:37 UTC (permalink / raw)
To: Jaegeuk Kim; +Cc: linux-f2fs-devel
On Mon, Mar 30, 2020 at 01:18:46PM -0700, Jaegeuk Kim wrote:
> On 03/30, Eric Biggers wrote:
> > On Mon, Mar 30, 2020 at 12:25:24PM -0700, Jaegeuk Kim wrote:
> > > From: Jaegeuk Kim <jaegeuk@google.com>
> > >
> > > This patch gives more information of encryption policy.
> > >
> > > Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
> > > Change-Id: I04a6826aa4497554ce79d884d495b3dda1b64fac
> > > ---
> > > tools/f2fscrypt.c | 34 ++++++++++++++++++++++++++++++++++
> > > 1 file changed, 34 insertions(+)
> > >
> > > diff --git a/tools/f2fscrypt.c b/tools/f2fscrypt.c
> > > index fe3e0ff..bb3e70f 100644
> > > --- a/tools/f2fscrypt.c
> > > +++ b/tools/f2fscrypt.c
> >
> > I'm a little confused why the f2fscrypt tool even exists? Who is using it? It
> > looks like this code was all copied from e4crypt, which is no longer being
> > maintained either as there are now better filesystem-independent tools:
> >
> > - https://github.com/google/fscrypt
> > - https://github.com/google/fscryptctl
> > - https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/io/encrypt.c
> >
> > Would one of those work for you instead?
>
> I'm using it occasionally in Android. I think it'd be great to add it in f2fs_io
> likewise xfs_io tho, it'd be also okay to add one of projects in AOSP, if you
> have some bandwidth. If you have any plan, I'd okay to remove f2fscrypt in
> f2fs-tools.
>
Does it actually need to be part of the Android source tree, or would it suffice
to build it locally?
Either way, building xfs_io for Android might be difficult, so fscryptctl might
be the best option.
Note that fscryptctl doesn't yet support v2 encryption policies, but I'll
probably add it eventually. I don't have any plans to update e4crypt and
f2fscrypt too.
- Eric
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [f2fs-dev] [PATCH] f2fscrypt: show more information of policy
2020-03-30 20:37 ` Eric Biggers
@ 2020-03-31 4:03 ` Jaegeuk Kim
0 siblings, 0 replies; 5+ messages in thread
From: Jaegeuk Kim @ 2020-03-31 4:03 UTC (permalink / raw)
To: Eric Biggers; +Cc: linux-f2fs-devel
On 03/30, Eric Biggers wrote:
> On Mon, Mar 30, 2020 at 01:18:46PM -0700, Jaegeuk Kim wrote:
> > On 03/30, Eric Biggers wrote:
> > > On Mon, Mar 30, 2020 at 12:25:24PM -0700, Jaegeuk Kim wrote:
> > > > From: Jaegeuk Kim <jaegeuk@google.com>
> > > >
> > > > This patch gives more information of encryption policy.
> > > >
> > > > Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
> > > > Change-Id: I04a6826aa4497554ce79d884d495b3dda1b64fac
> > > > ---
> > > > tools/f2fscrypt.c | 34 ++++++++++++++++++++++++++++++++++
> > > > 1 file changed, 34 insertions(+)
> > > >
> > > > diff --git a/tools/f2fscrypt.c b/tools/f2fscrypt.c
> > > > index fe3e0ff..bb3e70f 100644
> > > > --- a/tools/f2fscrypt.c
> > > > +++ b/tools/f2fscrypt.c
> > >
> > > I'm a little confused why the f2fscrypt tool even exists? Who is using it? It
> > > looks like this code was all copied from e4crypt, which is no longer being
> > > maintained either as there are now better filesystem-independent tools:
> > >
> > > - https://github.com/google/fscrypt
> > > - https://github.com/google/fscryptctl
> > > - https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/io/encrypt.c
> > >
> > > Would one of those work for you instead?
> >
> > I'm using it occasionally in Android. I think it'd be great to add it in f2fs_io
> > likewise xfs_io tho, it'd be also okay to add one of projects in AOSP, if you
> > have some bandwidth. If you have any plan, I'd okay to remove f2fscrypt in
> > f2fs-tools.
> >
>
> Does it actually need to be part of the Android source tree, or would it suffice
> to build it locally?
Well, it's upto you. I just prefer to get the binary from AOSP build simply.
>
> Either way, building xfs_io for Android might be difficult, so fscryptctl might
> be the best option.
>
> Note that fscryptctl doesn't yet support v2 encryption policies, but I'll
> probably add it eventually. I don't have any plans to update e4crypt and
> f2fscrypt too.
Okay.
>
> - Eric
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-03-31 4:04 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-30 19:25 [f2fs-dev] [PATCH] f2fscrypt: show more information of policy Jaegeuk Kim
2020-03-30 19:51 ` Eric Biggers
2020-03-30 20:18 ` Jaegeuk Kim
2020-03-30 20:37 ` Eric Biggers
2020-03-31 4:03 ` Jaegeuk Kim
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).