From: Josef Bacik <josef@toxicpanda.com>
To: linux-btrfs@vger.kernel.org, kernel-team@fb.com,
ebiggers@kernel.org, linux-fscrypt@vger.kernel.org,
ngompa13@gmail.com
Subject: [PATCH 06/35] fscrypt: add documentation about extent encryption
Date: Tue, 26 Sep 2023 14:01:32 -0400 [thread overview]
Message-ID: <ef1f0f9bc0040a3cc3216d417365f8636dca25a5.1695750478.git.josef@toxicpanda.com> (raw)
In-Reply-To: <cover.1695750478.git.josef@toxicpanda.com>
Add a couple of sections to the fscrypt documentation about per-extent
encryption.
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
---
Documentation/filesystems/fscrypt.rst | 36 +++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst
index a624e92f2687..9981eaf61f32 100644
--- a/Documentation/filesystems/fscrypt.rst
+++ b/Documentation/filesystems/fscrypt.rst
@@ -256,6 +256,21 @@ alternative master keys or to support rotating master keys. Instead,
the master keys may be wrapped in userspace, e.g. as is done by the
`fscrypt <https://github.com/google/fscrypt>`_ tool.
+Per-extent encryption keys
+--------------------------
+
+For certain file systems, such as btrfs, it's desired to derive a
+per-extent encryption key. This is to enable features such as snapshots
+and reflink, where you could have different inodes pointing at the same
+extent. When a new extent is created fscrypt randomly generates a
+16-byte nonce and the file system stores it along side the extent.
+Then, it uses a KDF (as described in `Key derivation function`_) to
+derive the extent's key from the master key and nonce.
+
+Currently the inode's master key and encryption policy must match the
+extent, so you cannot share extents between inodes that were encrypted
+differently.
+
DIRECT_KEY policies
-------------------
@@ -1339,6 +1354,27 @@ by the kernel and is used as KDF input or as a tweak to cause
different files to be encrypted differently; see `Per-file encryption
keys`_ and `DIRECT_KEY policies`_.
+Extent encryption context
+-------------------------
+
+The extent encryption context mirrors the important parts of the above
+`Encryption context`_, with a few ommisions. The struct is defined as
+follows::
+
+ struct fscrypt_extent_context {
+ u8 version;
+ u8 encryption_mode;
+ u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];
+ u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
+ };
+
+Currently all fields much match the containing inode's encryption
+context, with the exception of the nonce.
+
+Additionally extent encryption is only supported with
+FSCRYPT_EXTENT_CONTEXT_V2 using the standard policy, all other policies
+are disallowed.
+
Data path changes
-----------------
--
2.41.0
next prev parent reply other threads:[~2023-09-26 18:03 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-26 18:01 [PATCH 00/35] btrfs: add fscrypt support Josef Bacik
2023-09-26 18:01 ` [PATCH 01/35] fscrypt: rename fscrypt_info => fscrypt_inode_info Josef Bacik
2023-09-26 18:01 ` [PATCH 02/35] fscrypt: add per-extent encryption support Josef Bacik
2023-09-26 18:01 ` [PATCH 03/35] fscrypt: disable all but standard v2 policies for extent encryption Josef Bacik
2023-09-26 18:01 ` [PATCH 04/35] blk-crypto: add a process bio callback Josef Bacik
2023-09-26 18:01 ` [PATCH 05/35] fscrypt: expose fscrypt_nokey_name Josef Bacik
2023-09-26 18:01 ` Josef Bacik [this message]
2023-09-26 18:01 ` [PATCH 07/35] btrfs: add infrastructure for safe em freeing Josef Bacik
2023-09-26 18:01 ` [PATCH 08/35] btrfs: disable various operations on encrypted inodes Josef Bacik
2023-09-26 18:01 ` [PATCH 09/35] btrfs: disable verity " Josef Bacik
2023-09-26 18:01 ` [PATCH 10/35] btrfs: start using fscrypt hooks Josef Bacik
2023-09-26 18:01 ` [PATCH 11/35] btrfs: add inode encryption contexts Josef Bacik
2023-09-26 18:01 ` [PATCH 12/35] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag Josef Bacik
2023-09-26 18:01 ` [PATCH 13/35] btrfs: adapt readdir for encrypted and nokey names Josef Bacik
2023-10-07 1:15 ` kernel test robot
2023-09-26 18:01 ` [PATCH 14/35] btrfs: handle " Josef Bacik
2023-09-26 18:01 ` [PATCH 15/35] btrfs: implement fscrypt ioctls Josef Bacik
2023-09-26 18:01 ` [PATCH 16/35] btrfs: add encryption to CONFIG_BTRFS_DEBUG Josef Bacik
2023-09-26 18:01 ` [PATCH 17/35] btrfs: add get_devices hook for fscrypt Josef Bacik
2023-09-26 18:01 ` [PATCH 18/35] btrfs: turn on inlinecrypt mount option for encrypt Josef Bacik
2023-09-26 18:01 ` [PATCH 19/35] btrfs: set file extent encryption excplicitly Josef Bacik
2023-09-26 18:01 ` [PATCH 20/35] btrfs: add fscrypt_info and encryption_type to extent_map Josef Bacik
2023-09-26 18:01 ` [PATCH 21/35] btrfs: add fscrypt_info and encryption_type to ordered_extent Josef Bacik
2023-09-26 18:01 ` [PATCH 22/35] btrfs: plumb through setting the fscrypt_info for ordered extents Josef Bacik
2023-09-26 18:01 ` [PATCH 23/35] btrfs: populate the ordered_extent with the fscrypt context Josef Bacik
2023-09-26 18:01 ` [PATCH 24/35] btrfs: keep track of fscrypt info and orig_start for dio reads Josef Bacik
2023-09-26 18:01 ` [PATCH 25/35] btrfs: add an optional encryption context to the end of file extents Josef Bacik
2023-09-26 18:01 ` [PATCH 26/35] btrfs: explicitly track file extent length for replace and drop Josef Bacik
2023-09-26 18:01 ` [PATCH 27/35] btrfs: pass through fscrypt_extent_info to the file extent helpers Josef Bacik
2023-09-26 18:01 ` [PATCH 28/35] btrfs: pass the fscrypt_info through the replace extent infrastructure Josef Bacik
2023-09-26 18:01 ` [PATCH 29/35] btrfs: implement the fscrypt extent encryption hooks Josef Bacik
2023-09-26 18:01 ` [PATCH 30/35] btrfs: setup fscrypt_extent_info for new extents Josef Bacik
2023-09-26 18:01 ` [PATCH 31/35] btrfs: populate ordered_extent with the orig offset Josef Bacik
2023-09-26 18:01 ` [PATCH 32/35] btrfs: set the bio fscrypt context when applicable Josef Bacik
2023-09-26 18:01 ` [PATCH 33/35] btrfs: add a bio argument to btrfs_csum_one_bio Josef Bacik
2023-09-26 18:02 ` [PATCH 34/35] btrfs: add orig_logical to btrfs_bio Josef Bacik
2023-09-26 18:02 ` [PATCH 35/35] btrfs: implement process_bio cb for fscrypt Josef Bacik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ef1f0f9bc0040a3cc3216d417365f8636dca25a5.1695750478.git.josef@toxicpanda.com \
--to=josef@toxicpanda.com \
--cc=ebiggers@kernel.org \
--cc=kernel-team@fb.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=ngompa13@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).