Plans for adding cipher mode to file headers

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Will Morrison <camocrazed@gmail.com>
To: Tyler Hicks <tyhicks@canonical.com>
Cc: ecryptfs@vger.kernel.org
Subject: Plans for adding cipher mode to file headers
Date: Tue, 04 Jun 2013 22:50:28 -0400	[thread overview]
Message-ID: <51AEA774.7010702@gmail.com> (raw)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To make the changes to store the cipher mode in the file header, we
are proposing the following.

1. Change ECRYPTFS_SUPPORTED_FILE_VERSION to 4. This should prevent
old versions of eCryptfs from trying to read new style headers.

2. Add a new cipher mode field in the appropriate packets of version 4
file headers. (I believe these are tag 1 and tag 3, for asymmetric and
symmetric keys). Since there is no equivalent to this field in the
OpenPGP RFCs, we will be creating a new list of constants similar to
the ones in ecryptfs.h for the mode type.

3. When reading a file header and initializing a crypt_stat, if the
version number is 4 or greater, read the mode out of the header,
otherwise, default to CBC.

4. When writing out headers, refer to the file_version field in the
crypt_stat to determine what to write out. If it's 4 or greater,
include the mode field.

This should result in the new version 4 header being written for all
new files. Old files would still be read and written with the version
3 headers and default to using CBC mode. Older versions of eCryptfs
should refuse to open files with version 4 headers.

Does this make sense? If not, what are we missing?

Thanks,
- -Will
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJRrqd0AAoJEH8zVN2+6bAcD3UP/3r/FuHfQv175nccZ+JOemZZ
65hn9zMi5dFVCTcvqBwMFWFymOKyOJLYM5yP2rX093JpIA3MgquN3yNgOiEd+adt
8hLKZ84KPMnA41m220ujOLvKD6UA4GQpSTwkDsbvYxQV9W3EuPsR65WtSt23uECj
VjU9EtKZ4xAQbQeXbRTTL678jIRUf4rffUEsFV/KWosdjeINNxZQPoZJHAwiTMDY
lemxgXnMmgr/fs/NnW6W+D9hBehIXUXrqlZ/f+EkFygXCafHOLS6f7JHuq5MNDeD
O5A53ClD2p6984sh745oUMltt0j0cQdF+gE//1hS1RhqHe2//K5YQe7Xgqab/Ahb
lsOdc2cDa8B+w6jITyPfn31CJdmS3o/o+ltavTmK2hnMJB773ibmoPG8q2EGUOnO
ePs6C9uCaBEV48svjlIrcWHE+NgbqK+cetyF5DP3mo1dPR+GiSPthEKrr0Tp96Ys
ECYHWq+6N+cJnzb1GKM0frRAZPgvSmxtRdNQSiH82Moz5ThUIYaS6buhLApBvBIR
TtDbL+hgZ8E90gcyeaPNTzmAmaVkj79F03HBq1GtkjesF78+AGmxL4xnUyJaV2s2
wc8xKvcwBctcHj+i2NoJq5dRX/8mGclA4sP18LPXqLxhyg3G13P/xZPtmdReRvpH
/pBAmFxFCl3rfQkqsZdp
=fnmV
-----END PGP SIGNATURE-----

next             reply	other threads:[~2013-06-05  2:50 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-06-05  2:50 Will Morrison [this message]
2013-06-11 14:07 ` Plans for adding cipher mode to file headers Tyler Hicks
2013-06-12  4:05   ` Will Morrison

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=51AEA774.7010702@gmail.com \
    --to=camocrazed@gmail.com \
    --cc=ecryptfs@vger.kernel.org \
    --cc=tyhicks@canonical.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.