From: Michael Halcrow <mhalcrow@google.com>
To: "Darrick J. Wong" <darrick.wong@oracle.com>
Cc: Theodore Ts'o <tytso@mit.edu>,
Ext4 Developers List <linux-ext4@vger.kernel.org>,
savagaon@google.com, muslukhovi@gmail.com
Subject: Re: [PATCH] ext4: reserve codepoints used by the ext4 encryption feature
Date: Mon, 26 Jan 2015 09:01:18 -0800 [thread overview]
Message-ID: <20150126170118.GA5504@google.com> (raw)
In-Reply-To: <20150123194125.GC9976@birch.djwong.org>
On Fri, Jan 23, 2015 at 11:41:25AM -0800, Darrick J. Wong wrote:
> On Fri, Jan 23, 2015 at 02:36:21PM -0500, Theodore Ts'o wrote:
> > +/* Encryption algorithms */
> > +#define EXT4_ENCRYPTION_MODE_INVALID 0
> > +#define EXT4_ENCRYPTION_MODE_AES_256_XTS 1
> > +#define EXT4_ENCRYPTION_MODE_AES_256_GCM 2
> > +#define EXT4_ENCRYPTION_MODE_AES_256_CBC 3
> > +
> > /*
> > * Structure of the super block
> > */
> > @@ -1156,7 +1163,8 @@ struct ext4_super_block {
> > __le32 s_grp_quota_inum; /* inode for tracking group quota */
> > __le32 s_overhead_clusters; /* overhead blocks/clusters in fs */
> > __le32 s_backup_bgs[2]; /* groups with sparse_super2 SBs */
> > - __le32 s_reserved[106]; /* Padding to the end of the block */
> > + __u8 s_encrypt_algos[4]; /* Encryption algorithms in use */
>
> Does this imply that one can have up to 4 algorithms in use at once?
For now. But that may be more in the future. According to what's
in-plan, the data contents may be protected with XTS or
GCM. Encryption happens on a per-file basis, so several different
files may be encrypted with several different modes in the same
volume. The file names are protected with CBC.
It's possible that we may want to add an integrity-only mode down the
road, such as HMAC-SHA1. Or when the CAESAR competition yields some
promising modes, we may want to use one of them.
next prev parent reply other threads:[~2015-01-26 17:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-23 19:36 [PATCH] ext4: reserve codepoints used by the ext4 encryption feature Theodore Ts'o
2015-01-23 19:41 ` Darrick J. Wong
2015-01-26 15:26 ` Theodore Ts'o
2015-01-26 17:01 ` Michael Halcrow [this message]
2015-01-26 0:03 ` Andreas Dilger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150126170118.GA5504@google.com \
--to=mhalcrow@google.com \
--cc=darrick.wong@oracle.com \
--cc=linux-ext4@vger.kernel.org \
--cc=muslukhovi@gmail.com \
--cc=savagaon@google.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox