From: Eric Biggers <ebiggers@kernel.org>
To: Josef Bacik <josef@toxicpanda.com>
Cc: fstests@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-btrfs@vger.kernel.org,
Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: Re: [PATCH 01/12] common/encrypt: separate data and inode nonces
Date: Mon, 16 Oct 2023 22:20:33 -0700 [thread overview]
Message-ID: <20231017052033.GE1907@sol.localdomain> (raw)
In-Reply-To: <d5a7bbf5027095a1177c0da42c26aa72aba84064.1696969376.git.josef@toxicpanda.com>
On Tue, Oct 10, 2023 at 04:25:54PM -0400, Josef Bacik wrote:
> From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
>
> btrfs will have different inode and data nonces, so we need to be
> specific about which nonce each use needs. For now, there is no
> difference in the two functions.
>
> Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
> ---
> common/encrypt | 33 ++++++++++++++++++++++++++-------
> tests/f2fs/002 | 2 +-
> tests/generic/613 | 4 ++--
> 3 files changed, 29 insertions(+), 10 deletions(-)
>
> diff --git a/common/encrypt b/common/encrypt
> index 1a77e23b..04b6e5ac 100644
> --- a/common/encrypt
> +++ b/common/encrypt
> @@ -488,7 +488,7 @@ _add_fscrypt_provisioning_key()
> # Retrieve the encryption nonce of the given inode as a hex string. The nonce
> # was randomly generated by the filesystem and isn't exposed directly to
> # userspace. But it can be read using the filesystem's debugging tools.
> -_get_encryption_nonce()
> +_get_encryption_file_nonce()
> {
> local device=$1
> local inode=$2
> @@ -532,15 +532,34 @@ _get_encryption_nonce()
> }'
> ;;
> *)
> - _fail "_get_encryption_nonce() isn't implemented on $FSTYP"
> + _fail "_get_encryption_file_nonce() isn't implemented on $FSTYP"
> ;;
> esac
> }
>
> -# Require support for _get_encryption_nonce()
> +# Retrieve the encryption nonce used to encrypt the data of the given inode as
> +# a hex string. The nonce was randomly generated by the filesystem and isn't
> +# exposed directly to userspace. But it can be read using the filesystem's
> +# debugging tools.
> +_get_encryption_data_nonce()
> +{
> + local device=$1
> + local inode=$2
> +
> + case $FSTYP in
> + ext4|f2fs)
> + _get_encryption_file_nonce $device $inode
> + ;;
> + *)
> + _fail "_get_encryption_data_nonce() isn't implemented on $FSTYP"
> + ;;
> + esac
> +}
Shouldn't this be _get_encryption_extent_nonce(), taking the offset of the
extent as a parameter?
Also I think it would sound better as _get_extent_encryption_nonce(), and
likewise _get_file_encryption_nonce().
- Eric
next prev parent reply other threads:[~2023-10-17 5:20 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-10 20:25 [PATCH 00/12] fstests: fscrypt test updates Josef Bacik
2023-10-10 20:25 ` [PATCH 01/12] common/encrypt: separate data and inode nonces Josef Bacik
2023-10-17 5:20 ` Eric Biggers [this message]
2023-10-31 14:13 ` Anand Jain
2023-10-10 20:25 ` [PATCH 02/12] common/encrypt: add btrfs to get_encryption_*nonce Josef Bacik
2023-10-31 14:15 ` Anand Jain
2023-10-10 20:25 ` [PATCH 03/12] common/encrypt: add btrfs to get_ciphertext_filename Josef Bacik
2023-10-31 14:16 ` Anand Jain
2023-10-10 20:25 ` [PATCH 04/12] common/encrypt: enable making a encrypted btrfs filesystem Josef Bacik
2023-10-31 14:17 ` Anand Jain
2023-10-10 20:25 ` [PATCH 05/12] common/verity: explicitly don't allow btrfs encryption Josef Bacik
2023-10-31 14:18 ` Anand Jain
2023-10-10 20:25 ` [PATCH 06/12] btrfs: add simple test of reflink of encrypted data Josef Bacik
2023-10-31 14:04 ` Anand Jain
2023-10-10 20:26 ` [PATCH 07/12] btrfs: test snapshotting encrypted subvol Josef Bacik
2023-10-31 14:40 ` Anand Jain
2023-10-31 15:39 ` Filipe Manana
2023-11-27 14:16 ` Anand Jain
2023-11-27 15:03 ` Josef Bacik
2023-10-10 20:26 ` [PATCH 08/12] fstests: properly test for v1 encryption policies in encrypt tests Josef Bacik
2023-10-17 5:37 ` Eric Biggers
2023-11-01 11:33 ` Anand Jain
2023-10-10 20:26 ` [PATCH 09/12] fstests: split generic/580 into two tests Josef Bacik
2023-11-02 11:42 ` Anand Jain
2023-11-08 20:25 ` Josef Bacik
2023-11-22 15:41 ` Anand Jain
2023-10-10 20:26 ` [PATCH 10/12] fstests: split generic/581 " Josef Bacik
2023-10-10 20:26 ` [PATCH 11/12] fstests: split generic/613 " Josef Bacik
2023-10-10 20:26 ` [PATCH 12/12] fstest: add a fsstress+fscrypt test Josef Bacik
2023-10-17 5:23 ` Eric Biggers
2023-11-07 10:12 ` Anand Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231017052033.GE1907@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=fstests@vger.kernel.org \
--cc=josef@toxicpanda.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=sweettea-kernel@dorminy.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox