linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] f2fs crypto: use inode number for xts_tweak
@ 2015-05-12  3:51 Jaegeuk Kim
  2015-05-12 23:35 ` Theodore Ts'o
  0 siblings, 1 reply; 3+ messages in thread
From: Jaegeuk Kim @ 2015-05-12  3:51 UTC (permalink / raw)
  To: linux-kernel, linux-fsdevel, linux-f2fs-devel; +Cc: Jaegeuk Kim

Previoulsy when making xts_tweak, page->index was used.
But, when it supports fcollapse, the block address was moved, so that we can
lose the original page->index, which causes decrytion failure.

In order to avoid that, let's use the inode->i_ino for xfs_tweak hint.

Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
---
 fs/f2fs/crypto.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/fs/f2fs/crypto.c b/fs/f2fs/crypto.c
index 1dd0835..35986a5 100644
--- a/fs/f2fs/crypto.c
+++ b/fs/f2fs/crypto.c
@@ -375,7 +375,6 @@ typedef enum {
 static int f2fs_page_crypto(struct f2fs_crypto_ctx *ctx,
 				struct inode *inode,
 				f2fs_direction_t rw,
-				pgoff_t index,
 				struct page *src_page,
 				struct page *dest_page)
 
@@ -420,10 +419,10 @@ static int f2fs_page_crypto(struct f2fs_crypto_ctx *ctx,
 		req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
 		f2fs_crypt_complete, &ecr);
 
-	BUILD_BUG_ON(F2FS_XTS_TWEAK_SIZE < sizeof(index));
-	memcpy(xts_tweak, &index, sizeof(index));
-	memset(&xts_tweak[sizeof(index)], 0,
-			F2FS_XTS_TWEAK_SIZE - sizeof(index));
+	BUILD_BUG_ON(F2FS_XTS_TWEAK_SIZE < sizeof(inode->i_ino));
+	memcpy(xts_tweak, &inode->i_ino, sizeof(inode->i_ino));
+	memset(&xts_tweak[sizeof(inode->i_ino)], 0,
+			F2FS_XTS_TWEAK_SIZE - sizeof(inode->i_ino));
 
 	sg_init_table(&dst, 1);
 	sg_set_page(&dst, dest_page, PAGE_CACHE_SIZE, 0);
@@ -496,7 +495,7 @@ struct page *f2fs_encrypt(struct inode *inode,
 	}
 	ctx->bounce_page = ciphertext_page;
 	ctx->control_page = plaintext_page;
-	err = f2fs_page_crypto(ctx, inode, F2FS_ENCRYPT, plaintext_page->index,
+	err = f2fs_page_crypto(ctx, inode, F2FS_ENCRYPT,
 					plaintext_page, ciphertext_page);
 	if (err) {
 		f2fs_release_crypto_ctx(ctx);
@@ -524,7 +523,7 @@ int f2fs_decrypt(struct f2fs_crypto_ctx *ctx, struct page *page)
 	BUG_ON(!PageLocked(page));
 
 	return f2fs_page_crypto(ctx, page->mapping->host,
-				F2FS_DECRYPT, page->index, page, page);
+					F2FS_DECRYPT, page, page);
 }
 
 /*
-- 
2.1.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] f2fs crypto: use inode number for xts_tweak
  2015-05-12  3:51 [PATCH] f2fs crypto: use inode number for xts_tweak Jaegeuk Kim
@ 2015-05-12 23:35 ` Theodore Ts'o
  2015-05-13  0:20   ` Jaegeuk Kim
  0 siblings, 1 reply; 3+ messages in thread
From: Theodore Ts'o @ 2015-05-12 23:35 UTC (permalink / raw)
  To: Jaegeuk Kim; +Cc: linux-kernel, linux-fsdevel, linux-f2fs-devel, mhalcrow

On Mon, May 11, 2015 at 08:51:03PM -0700, Jaegeuk Kim wrote:
> Previoulsy when making xts_tweak, page->index was used.
> But, when it supports fcollapse, the block address was moved, so that we can
> lose the original page->index, which causes decrytion failure.
> 
> In order to avoid that, let's use the inode->i_ino for xfs_tweak hint.

I'm afraid that's a really bad idea.  We need to have a different xts
tweak for each block, and if we use the inode number, then every
single block will have the same XTS tweak, which is a cryptographic
disaster.

Basically, we currently can't support either collapse range or insert
range for encrypted files.  In ext4 we explicitly return EOPNOTSUPP if
there is an attempt to call collapse range on an encrypted file.
Personally, I don't think this is a major restriction, so I haven't
lost any sleep over this.

Eventually, Michael and I hope to add support for Galois Counter Mode,
but that requires the file system to be able to store per-block
cryptrographic information, which can be used for the GCM
authentication tag as well as a per-block IV.  The per-block IV being
stored in a separate data structure would also allow insert
range/collapse range to work, at the cost of needing to do a lookup to
fetch the per-block cryptographic information.  (And to set the
per-block cryptographic information when writing the information, in a
way where we can atomically write the data block as well as the
per-block authenticaiton tag, which gets a bit tricky....)

In any case, I believe support for data integrity is a far more
compelling reason for adding pre-block crypto information, and
supporting collapse/insert range is at best a fortunate side effect.

Cheers,

						- Ted

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] f2fs crypto: use inode number for xts_tweak
  2015-05-12 23:35 ` Theodore Ts'o
@ 2015-05-13  0:20   ` Jaegeuk Kim
  0 siblings, 0 replies; 3+ messages in thread
From: Jaegeuk Kim @ 2015-05-13  0:20 UTC (permalink / raw)
  To: Theodore Ts'o, linux-kernel, linux-fsdevel, linux-f2fs-devel,
	mhalcrow

On Tue, May 12, 2015 at 07:35:57PM -0400, Theodore Ts'o wrote:
> On Mon, May 11, 2015 at 08:51:03PM -0700, Jaegeuk Kim wrote:
> > Previoulsy when making xts_tweak, page->index was used.
> > But, when it supports fcollapse, the block address was moved, so that we can
> > lose the original page->index, which causes decrytion failure.
> > 
> > In order to avoid that, let's use the inode->i_ino for xfs_tweak hint.
> 
> I'm afraid that's a really bad idea.  We need to have a different xts
> tweak for each block, and if we use the inode number, then every
> single block will have the same XTS tweak, which is a cryptographic
> disaster.

Thank you for the kind explanation.

I just thought that inode number was enough for encryption, since user
can easily retrieve any inode number and its block offsets/addresses as well.

> 
> Basically, we currently can't support either collapse range or insert
> range for encrypted files.  In ext4 we explicitly return EOPNOTSUPP if
> there is an attempt to call collapse range on an encrypted file.
> Personally, I don't think this is a major restriction, so I haven't
> lost any sleep over this.

Ok, I see. It should not be a major concern.
I'll deactivate collapse/insert in f2fs instead.

> 
> Eventually, Michael and I hope to add support for Galois Counter Mode,
> but that requires the file system to be able to store per-block
> cryptrographic information, which can be used for the GCM
> authentication tag as well as a per-block IV.  The per-block IV being
> stored in a separate data structure would also allow insert
> range/collapse range to work, at the cost of needing to do a lookup to
> fetch the per-block cryptographic information.  (And to set the
> per-block cryptographic information when writing the information, in a
> way where we can atomically write the data block as well as the
> per-block authenticaiton tag, which gets a bit tricky....)
> 
> In any case, I believe support for data integrity is a far more
> compelling reason for adding pre-block crypto information, and
> supporting collapse/insert range is at best a fortunate side effect.

Got it, thanks, :)

> 
> Cheers,
> 
> 						- Ted

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-05-13  0:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-05-12  3:51 [PATCH] f2fs crypto: use inode number for xts_tweak Jaegeuk Kim
2015-05-12 23:35 ` Theodore Ts'o
2015-05-13  0:20   ` Jaegeuk Kim

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).