From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
To: "Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
Eric Biggers <ebiggers@kernel.org>, Chris Mason <clm@fb.com>,
Josef Bacik <josef@toxicpanda.com>,
David Sterba <dsterba@suse.com>,
linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org,
kernel-team@meta.com
Cc: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: [PATCH v5 4/8] fscrypt: move dirhash key setup away from IO key setup
Date: Sun, 9 Jul 2023 14:53:04 -0400 [thread overview]
Message-ID: <e94eb8444adb5c0ae22e1feceadb7dd244112eef.1688927423.git.sweettea-kernel@dorminy.me> (raw)
In-Reply-To: <cover.1688927423.git.sweettea-kernel@dorminy.me>
The function named fscrypt_setup_v2_file_key() has as its main focus the
setting up of the fscrypt_info's ci_enc_key member, the prepared key
with which filenames or file contents are encrypted or decrypted.
However, it currently also sets up the dirhash key, used by some
directories, based on a parameter. There are no dependencies on
setting up the dirhash key beyond having the master key locked, and it's
clearer having fscrypt_setup_file_key() be only about setting up the
prepared key for IO.
Thus, move dirhash key setup to fscrypt_setup_encryption_info(), which
calls out to each function setting up parts of the fscrypt_info, and
stop passing the need_dirhash_key parameter around.
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
---
fs/crypto/keysetup.c | 37 +++++++++++++++++++++----------------
1 file changed, 21 insertions(+), 16 deletions(-)
diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c
index 06deac6f4487..430e2455ea2d 100644
--- a/fs/crypto/keysetup.c
+++ b/fs/crypto/keysetup.c
@@ -343,8 +343,7 @@ static int fscrypt_setup_iv_ino_lblk_32_key(struct fscrypt_info *ci,
}
static int fscrypt_setup_v2_file_key(struct fscrypt_info *ci,
- struct fscrypt_master_key *mk,
- bool need_dirhash_key)
+ struct fscrypt_master_key *mk)
{
int err;
@@ -386,25 +385,15 @@ static int fscrypt_setup_v2_file_key(struct fscrypt_info *ci,
err = fscrypt_set_per_file_enc_key(ci, derived_key);
memzero_explicit(derived_key, ci->ci_mode->keysize);
}
- if (err)
- return err;
- /* Derive a secret dirhash key for directories that need it. */
- if (need_dirhash_key) {
- err = fscrypt_derive_dirhash_key(ci, mk);
- if (err)
- return err;
- }
-
- return 0;
+ return err;
}
/*
* Find or create the appropriate prepared key for an info.
*/
static int fscrypt_setup_file_key(struct fscrypt_info *ci,
- struct fscrypt_master_key *mk,
- bool need_dirhash_key)
+ struct fscrypt_master_key *mk)
{
int err;
@@ -426,7 +415,7 @@ static int fscrypt_setup_file_key(struct fscrypt_info *ci,
err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);
break;
case FSCRYPT_POLICY_V2:
- err = fscrypt_setup_v2_file_key(ci, mk, need_dirhash_key);
+ err = fscrypt_setup_v2_file_key(ci, mk);
break;
default:
WARN_ON_ONCE(1);
@@ -620,10 +609,26 @@ fscrypt_setup_encryption_info(struct inode *inode,
if (res)
goto out;
- res = fscrypt_setup_file_key(crypt_info, mk, need_dirhash_key);
+ res = fscrypt_setup_file_key(crypt_info, mk);
if (res)
goto out;
+ /*
+ * Derive a secret dirhash key for directories that need it. It
+ * should be impossible to set flags such that a v1 policy sets
+ * need_dirhash_key, but check it anyway.
+ */
+ if (need_dirhash_key) {
+ if (WARN_ON_ONCE(policy->version == FSCRYPT_POLICY_V1)) {
+ res = -EINVAL;
+ goto out;
+ }
+
+ res = fscrypt_derive_dirhash_key(crypt_info, mk);
+ if (res)
+ goto out;
+ }
+
/*
* For existing inodes, multiple tasks may race to set ->i_crypt_info.
* So use cmpxchg_release(). This pairs with the smp_load_acquire() in
--
2.40.1
next prev parent reply other threads:[~2023-07-09 18:53 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-09 18:53 [PATCH v5 0/8] fscrypt: some rearrangements of key setup Sweet Tea Dorminy
2023-07-09 18:53 ` [PATCH v5 1/8] fscrypt: move inline crypt decision to info setup Sweet Tea Dorminy
2023-07-09 18:53 ` [PATCH v5 2/8] fscrypt: split and rename setup_file_encryption_key() Sweet Tea Dorminy
2023-07-09 18:53 ` [PATCH v5 3/8] fscrypt: split setup_per_mode_enc_key() Sweet Tea Dorminy
2023-07-09 18:53 ` Sweet Tea Dorminy [this message]
2023-07-09 18:53 ` [PATCH v5 5/8] fscrypt: reduce special-casing of IV_INO_LBLK_32 Sweet Tea Dorminy
2023-07-09 18:53 ` [PATCH v5 6/8] fscrypt: move all the shared mode key setup deeper Sweet Tea Dorminy
2023-07-09 18:53 ` [PATCH v5 7/8] fscrypt: make infos have a pointer to prepared keys Sweet Tea Dorminy
2023-07-09 18:53 ` [PATCH v5 8/8] fscrypt: make prepared keys record their type Sweet Tea Dorminy
2023-07-24 15:31 ` Luís Henriques
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e94eb8444adb5c0ae22e1feceadb7dd244112eef.1688927423.git.sweettea-kernel@dorminy.me \
--to=sweettea-kernel@dorminy.me \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kernel-team@meta.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).