Re: [PATCH 2/4] fscrypt: add fscrypt_add_test_dummy_key()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Eric Biggers <ebiggers@kernel.org>
Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org,
	linux-f2fs-devel@lists.sourceforge.net,
	Jaegeuk Kim <jaegeuk@kernel.org>,
	Daniel Rosenberg <drosen@google.com>
Subject: Re: [PATCH 2/4] fscrypt: add fscrypt_add_test_dummy_key()
Date: Tue, 12 May 2020 20:55:38 -0400	[thread overview]
Message-ID: <20200513005538.GF1596452@mit.edu> (raw)
In-Reply-To: <20200512233251.118314-3-ebiggers@kernel.org>

On Tue, May 12, 2020 at 04:32:49PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> Currently, the test_dummy_encryption mount option (which is used for
> encryption I/O testing with xfstests) uses v1 encryption policies, and
> it relies on userspace inserting a test key into the session keyring.
> 
> We need test_dummy_encryption to support v2 encryption policies too.
> Requiring userspace to add the test key doesn't work well with v2
> policies, since v2 policies only support the filesystem keyring (not the
> session keyring), and keys in the filesystem keyring are lost when the
> filesystem is unmounted.  Hooking all test code that unmounts and
> re-mounts the filesystem would be difficult.
> 
> Instead, let's make the filesystem automatically add the test key to its
> keyring when test_dummy_encryption is enabled.
> 
> That puts the responsibility for choosing the test key on the kernel.
> We could just hard-code a key.  But out of paranoia, let's first try
> using a per-boot random key, to prevent this code from being misused.
> A per-boot key will work as long as no one expects dummy-encrypted files
> to remain accessible after a reboot.  (gce-xfstests doesn't.)
> 
> Therefore, this patch adds a function fscrypt_add_test_dummy_key() which
> implements the above.  The next patch will use it.
> 
> Signed-off-by: Eric Biggers <ebiggers@google.com>

Reviewed-by: Theodore Ts'o <tytso@mit.edu>

WARNING: multiple messages have this Message-ID (diff)

From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Jaegeuk Kim <jaegeuk@kernel.org>,
	linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org,
	Daniel Rosenberg <drosen@google.com>,
	linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [f2fs-dev] [PATCH 2/4] fscrypt: add fscrypt_add_test_dummy_key()
Date: Tue, 12 May 2020 20:55:38 -0400	[thread overview]
Message-ID: <20200513005538.GF1596452@mit.edu> (raw)
In-Reply-To: <20200512233251.118314-3-ebiggers@kernel.org>

On Tue, May 12, 2020 at 04:32:49PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> Currently, the test_dummy_encryption mount option (which is used for
> encryption I/O testing with xfstests) uses v1 encryption policies, and
> it relies on userspace inserting a test key into the session keyring.
> 
> We need test_dummy_encryption to support v2 encryption policies too.
> Requiring userspace to add the test key doesn't work well with v2
> policies, since v2 policies only support the filesystem keyring (not the
> session keyring), and keys in the filesystem keyring are lost when the
> filesystem is unmounted.  Hooking all test code that unmounts and
> re-mounts the filesystem would be difficult.
> 
> Instead, let's make the filesystem automatically add the test key to its
> keyring when test_dummy_encryption is enabled.
> 
> That puts the responsibility for choosing the test key on the kernel.
> We could just hard-code a key.  But out of paranoia, let's first try
> using a per-boot random key, to prevent this code from being misused.
> A per-boot key will work as long as no one expects dummy-encrypted files
> to remain accessible after a reboot.  (gce-xfstests doesn't.)
> 
> Therefore, this patch adds a function fscrypt_add_test_dummy_key() which
> implements the above.  The next patch will use it.
> 
> Signed-off-by: Eric Biggers <ebiggers@google.com>

Reviewed-by: Theodore Ts'o <tytso@mit.edu>



_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

next prev parent reply	other threads:[~2020-05-13  0:56 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-12 23:32 [PATCH 0/4] fscrypt: make '-o test_dummy_encryption' support v2 policies Eric Biggers
2020-05-12 23:32 ` [f2fs-dev] " Eric Biggers
2020-05-12 23:32 ` [PATCH 1/4] linux/parser.h: add include guards Eric Biggers
2020-05-12 23:32   ` [f2fs-dev] " Eric Biggers
2020-05-13  0:53   ` Theodore Y. Ts'o
2020-05-13  0:53     ` [f2fs-dev] " Theodore Y. Ts'o
2020-05-13  3:06     ` Jaegeuk Kim
2020-05-13  3:06       ` [f2fs-dev] " Jaegeuk Kim
2020-05-12 23:32 ` [PATCH 2/4] fscrypt: add fscrypt_add_test_dummy_key() Eric Biggers
2020-05-12 23:32   ` [f2fs-dev] " Eric Biggers
2020-05-13  0:55   ` Theodore Y. Ts'o [this message]
2020-05-13  0:55     ` Theodore Y. Ts'o
2020-05-13  3:07     ` Jaegeuk Kim
2020-05-13  3:07       ` [f2fs-dev] " Jaegeuk Kim
2020-05-12 23:32 ` [PATCH 3/4] fscrypt: support test_dummy_encryption=v2 Eric Biggers
2020-05-12 23:32   ` [f2fs-dev] " Eric Biggers
2020-05-13  3:11   ` Jaegeuk Kim
2020-05-13  3:11     ` [f2fs-dev] " Jaegeuk Kim
2020-05-19  2:53   ` Theodore Y. Ts'o
2020-05-19  2:53     ` [f2fs-dev] " Theodore Y. Ts'o
2020-05-19  3:02     ` Eric Biggers
2020-05-19  3:02       ` [f2fs-dev] " Eric Biggers
2020-05-19  3:11       ` Eric Biggers
2020-05-19  3:11         ` [f2fs-dev] " Eric Biggers
2020-05-19  3:19         ` Jaegeuk Kim
2020-05-19  3:19           ` [f2fs-dev] " Jaegeuk Kim
2020-05-19 14:02       ` Theodore Y. Ts'o
2020-05-19 14:02         ` [f2fs-dev] " Theodore Y. Ts'o
2020-05-12 23:32 ` [PATCH 4/4] fscrypt: make test_dummy_encryption use v2 by default Eric Biggers
2020-05-12 23:32   ` [f2fs-dev] " Eric Biggers
2020-05-13  3:12   ` Jaegeuk Kim
2020-05-13  3:12     ` [f2fs-dev] " Jaegeuk Kim
2020-05-19  2:55   ` Theodore Y. Ts'o
2020-05-19  2:55     ` [f2fs-dev] " Theodore Y. Ts'o
2020-05-20 22:55 ` [PATCH 0/4] fscrypt: make '-o test_dummy_encryption' support v2 policies Eric Biggers
2020-05-20 22:55   ` [f2fs-dev] " Eric Biggers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200513005538.GF1596452@mit.edu \
    --to=tytso@mit.edu \
    --cc=drosen@google.com \
    --cc=ebiggers@kernel.org \
    --cc=jaegeuk@kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-f2fs-devel@lists.sourceforge.net \
    --cc=linux-fscrypt@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.