All of lore.kernel.org
 help / color / mirror / Atom feed
From: Eric Biggers <ebiggers@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org, "Theodore Y. Ts'o" <tytso@mit.edu>,
	Jaegeuk Kim <jaegeuk@kernel.org>
Subject: [GIT PULL] fscrypt updates for 5.4
Date: Sun, 15 Sep 2019 21:42:58 -0700	[thread overview]
Message-ID: <20190916044258.GA8269@sol.localdomain> (raw)

The following changes since commit e21a712a9685488f5ce80495b37b9fdbe96c230d:

  Linux 5.3-rc3 (2019-08-04 18:40:12 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git tags/fscrypt-for-linus

for you to fetch changes up to 0642ea2409f3bfa105570e12854b8e2628db6835:

  ext4 crypto: fix to check feature status before get policy (2019-08-31 10:00:29 -0500)

----------------------------------------------------------------

Hi Linus,

This is a large update to fs/crypto/ which includes:

- Add ioctls that add/remove encryption keys to/from a filesystem-level
  keyring.  These fix user-reported issues where e.g. an encrypted home
  directory can break NetworkManager, sshd, Docker, etc. because they
  don't get access to the needed keyring.  These ioctls also provide a
  way to lock encrypted directories that doesn't use the vm.drop_caches
  sysctl, so is faster, more reliable, and doesn't always need root.

- Add a new encryption policy version ("v2") which switches to a more
  standard, secure, and flexible key derivation function, and starts
  verifying that the correct key was supplied before using it.  The key
  derivation improvement is needed for its own sake as well as for
  ongoing feature work for which the current way is too inflexible.

Work is in progress to update both Android and the 'fscrypt' userspace
tool to use both these features.  (Working patches are available and
just need to be reviewed+merged.)  Chrome OS will likely use them too.

This has also been tested on ext4, f2fs, and ubifs with xfstests -- both
the existing encryption tests, and the new tests for this.  This has
also been in linux-next since Aug 16 with no reported issues.  I'm also
using an fscrypt v2-encrypted home directory on my personal desktop.


There will be a trivial merge conflict with the ext4 tree, due to both
branches adding new ioctls.  Please keep the fscrypt ioctls grouped
together in the list (see linux-next).

There's also a conflict with the key ACLs patchset.  If you merge that
patchset again, the resolution is to:

1. Add NULL argument to request_key() in fs/crypto/keysetup_v1.c,
   instead of in the deleted file fs/crypto/keyinfo.c.

2. Translate the key permissions to ACLs in fs/crypto/keyring.c.
   See linux-next for my recommended resolution, which avoids making any
   behavior changes (note that some of the old permissions map to
   multiple new permissions).

----------------------------------------------------------------
Chao Yu (1):
      ext4 crypto: fix to check feature status before get policy

Eric Biggers (26):
      fscrypt: remove loadable module related code
      fscrypt: clean up base64 encoding/decoding
      fscrypt: make fscrypt_msg() take inode instead of super_block
      fscrypt: improve warning messages for unsupported encryption contexts
      fscrypt: improve warnings for missing crypto API support
      fscrypt: use ENOPKG when crypto API support missing
      fs, fscrypt: move uapi definitions to new header <linux/fscrypt.h>
      fscrypt: use FSCRYPT_ prefix for uapi constants
      fscrypt: use FSCRYPT_* definitions, not FS_*
      fscrypt: add ->ci_inode to fscrypt_info
      fscrypt: rename fscrypt_master_key to fscrypt_direct_key
      fscrypt: refactor key setup code in preparation for v2 policies
      fscrypt: move v1 policy key setup to keysetup_v1.c
      fscrypt: rename keyinfo.c to keysetup.c
      fscrypt: add FS_IOC_ADD_ENCRYPTION_KEY ioctl
      fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
      fscrypt: add FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl
      fscrypt: add an HKDF-SHA512 implementation
      fscrypt: v2 encryption policy support
      fscrypt: allow unprivileged users to add/remove keys for v2 policies
      fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl
      fscrypt: require that key be added when setting a v2 encryption policy
      ext4: wire up new fscrypt ioctls
      f2fs: wire up new fscrypt ioctls
      ubifs: wire up new fscrypt ioctls
      fscrypt: document the new ioctls and policy version

 Documentation/filesystems/fscrypt.rst | 758 +++++++++++++++++++++-----
 MAINTAINERS                           |   1 +
 fs/crypto/Kconfig                     |   2 +
 fs/crypto/Makefile                    |  10 +-
 fs/crypto/crypto.c                    |  45 +-
 fs/crypto/fname.c                     |  47 +-
 fs/crypto/fscrypt_private.h           | 399 ++++++++++++--
 fs/crypto/hkdf.c                      | 181 +++++++
 fs/crypto/hooks.c                     |   6 +-
 fs/crypto/keyinfo.c                   | 611 ---------------------
 fs/crypto/keyring.c                   | 984 ++++++++++++++++++++++++++++++++++
 fs/crypto/keysetup.c                  | 591 ++++++++++++++++++++
 fs/crypto/keysetup_v1.c               | 340 ++++++++++++
 fs/crypto/policy.c                    | 434 +++++++++++----
 fs/ext4/ioctl.c                       |  32 ++
 fs/ext4/super.c                       |   3 +
 fs/f2fs/file.c                        |  58 ++
 fs/f2fs/super.c                       |   2 +
 fs/super.c                            |   2 +
 fs/ubifs/ioctl.c                      |  20 +
 fs/ubifs/super.c                      |  11 +
 include/linux/fs.h                    |   1 +
 include/linux/fscrypt.h               |  55 +-
 include/uapi/linux/fs.h               |  54 +-
 include/uapi/linux/fscrypt.h          | 181 +++++++
 25 files changed, 3827 insertions(+), 1001 deletions(-)
 create mode 100644 fs/crypto/hkdf.c
 delete mode 100644 fs/crypto/keyinfo.c
 create mode 100644 fs/crypto/keyring.c
 create mode 100644 fs/crypto/keysetup.c
 create mode 100644 fs/crypto/keysetup_v1.c
 create mode 100644 include/uapi/linux/fscrypt.h

             reply	other threads:[~2019-09-16  4:43 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-16  4:42 Eric Biggers [this message]
2019-09-19  0:20 ` [GIT PULL] fscrypt updates for 5.4 pr-tracker-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190916044258.GA8269@sol.localdomain \
    --to=ebiggers@kernel.org \
    --cc=jaegeuk@kernel.org \
    --cc=linux-fscrypt@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.