From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
To: linux-btrfs@vger.kernel.org, fstests@vger.kernel.org,
kernel-team@meta.com, ebiggers@google.com, anand.jain@oracle.com,
fdmanana@suse.com, linux-fscrypt@vger.kernel.org,
fsverity@lists.linux.dev, zlang@kernel.org
Cc: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: [RFC PATCH v3 2/9] common/encrypt: add btrfs to get_encryption_*nonce
Date: Tue, 8 Aug 2023 13:21:21 -0400 [thread overview]
Message-ID: <dd7c1bbeb443fbb6d0836fe2b5be394c991dc4d0.1691530000.git.sweettea-kernel@dorminy.me> (raw)
In-Reply-To: <cover.1691530000.git.sweettea-kernel@dorminy.me>
Add the modes of getting the encryption nonces, either inode or extent,
to the various get_encryption_nonce functions. For now, no encrypt test
makes a file with more than one extent, so we can just grab the first
extent's nonce for the data nonce; when we write a bigger file test,
we'll need to change that.
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
---
common/encrypt | 31 +++++++++++++++++++++++++++++++
tests/generic/613 | 4 ++++
2 files changed, 35 insertions(+)
diff --git a/common/encrypt b/common/encrypt
index 04b6e5ac..fc1c8cc7 100644
--- a/common/encrypt
+++ b/common/encrypt
@@ -531,6 +531,17 @@ _get_encryption_file_nonce()
found = 0;
}'
;;
+ btrfs)
+ # Retrieve the fscrypt context for an inode as a hex string.
+ # btrfs prints these like:
+ # item 14 key ($inode FSCRYPT_CTXT_ITEM 0) itemoff 15491 itemsize 40
+ # value: 02010400000000008fabf3dd745d41856e812458cd765bf0140f41d62853f4c0351837daff4dcc8f
+
+ $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \
+ grep -A 1 "key ($inode FSCRYPT_CTXT_ITEM 0)" | \
+ grep --only-matching 'value: [[:xdigit:]]\+' | \
+ tr -d ' \n' | tail -c 32
+ ;;
*)
_fail "_get_encryption_file_nonce() isn't implemented on $FSTYP"
;;
@@ -550,6 +561,23 @@ _get_encryption_data_nonce()
ext4|f2fs)
_get_encryption_file_nonce $device $inode
;;
+ btrfs)
+ # Retrieve the encryption IV of the first file extent in an inode as a hex
+ # string. btrfs prints the file extents (for simple unshared
+ # inodes) like:
+ # item 21 key ($inode EXTENT_DATA 0) itemoff 2534 itemsize 69
+ # generation 7 type 1 (regular)
+ # extent data disk byte 5304320 nr 1048576
+ # extent data offset 0 nr 1048576 ram 1048576
+ # extent compression 0 (none)
+ # extent encryption 161 ((1, 40: context 0201040200000000116a77667261d7422a4b1ed8c427e685edb7a0d370d0c9d40030333033333330))
+
+
+ $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \
+ grep -A 5 "key ($inode EXTENT_DATA 0)" | \
+ grep --only-matching 'context [[:xdigit:]]\+' | \
+ tr -d ' \n' | tail -c 32
+ ;;
*)
_fail "_get_encryption_data_nonce() isn't implemented on $FSTYP"
;;
@@ -572,6 +600,9 @@ _require_get_encryption_nonce_support()
# Otherwise the xattr is incorrectly parsed as v1. But just let
# the test fail in that case, as it was an f2fs-tools bug...
;;
+ btrfs)
+ _require_command "$BTRFS_UTIL_PROG" btrfs
+ ;;
*)
_notrun "_get_encryption_*nonce() isn't implemented on $FSTYP"
;;
diff --git a/tests/generic/613 b/tests/generic/613
index 47c60e9c..279b1bfb 100755
--- a/tests/generic/613
+++ b/tests/generic/613
@@ -69,6 +69,10 @@ echo -n > $tmp.nonces_hex
echo -n > $tmp.nonces_bin
for inode in "${inodes[@]}"; do
nonce=$(_get_encryption_data_nonce $SCRATCH_DEV $inode)
+ if [ "$FSTYP" == "btrfs" ] && [ "$nonce" == "" ]
+ then
+ nonce=$(_get_encryption_file_nonce $SCRATCH_DEV $inode)
+ fi
if (( ${#nonce} != 32 )) || [ -n "$(echo "$nonce" | tr -d 0-9a-fA-F)" ]
then
_fail "Expected nonce for inode $inode to be 16 bytes (32 hex characters), but got \"$nonce\""
--
2.41.0
next prev parent reply other threads:[~2023-08-08 18:16 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-08 17:21 [RFC PATCH v3 0/9] fstests: add btrfs encryption testing Sweet Tea Dorminy
2023-08-08 17:21 ` [RFC PATCH v3 1/9] common/encrypt: separate data and inode nonces Sweet Tea Dorminy
2023-08-08 17:21 ` Sweet Tea Dorminy [this message]
2023-10-02 11:22 ` [RFC PATCH v3 2/9] common/encrypt: add btrfs to get_encryption_*nonce Anand Jain
2023-08-08 17:21 ` [RFC PATCH v3 3/9] common/encrypt: add btrfs to get_ciphertext_filename Sweet Tea Dorminy
2023-08-08 17:21 ` [RFC PATCH v3 4/9] common/encrypt: enable making a encrypted btrfs filesystem Sweet Tea Dorminy
2023-08-08 17:21 ` [RFC PATCH v3 5/9] generic/613: write some actual data for btrfs Sweet Tea Dorminy
2023-08-08 17:21 ` [RFC PATCH v3 6/9] tests: adjust generic/429 for extent encryption Sweet Tea Dorminy
2023-10-02 11:20 ` Anand Jain
2023-08-08 17:21 ` [RFC PATCH v3 7/9] common/verity: explicitly don't allow btrfs encryption Sweet Tea Dorminy
2023-08-08 17:21 ` [RFC PATCH v3 8/9] btrfs: add simple test of reflink of encrypted data Sweet Tea Dorminy
2023-08-08 17:21 ` [RFC PATCH v3 9/9] btrfs: test snapshotting encrypted subvol Sweet Tea Dorminy
2023-08-08 18:46 ` Sweet Tea Dorminy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dd7c1bbeb443fbb6d0836fe2b5be394c991dc4d0.1691530000.git.sweettea-kernel@dorminy.me \
--to=sweettea-kernel@dorminy.me \
--cc=anand.jain@oracle.com \
--cc=ebiggers@google.com \
--cc=fdmanana@suse.com \
--cc=fstests@vger.kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=kernel-team@meta.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=zlang@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).