From: Eric Biggers <ebiggers@google.com>
To: David Gstir <david@sigma-star.at>
Cc: "Theodore Ts'o" <tytso@mit.edu>,
Richard Weinberger <richard@nod.at>,
linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
dedekind1@gmail.com, adrian.hunter@intel.com, jaegeuk@kernel.org,
wd@denx.de, sbabic@denx.de, dengler@linutronix.de,
mhalcrow@google.com, hch@infradead.org
Subject: Re: [PATCH 05/29] fscrypt: Let fs select encryption index/tweak
Date: Sat, 26 Nov 2016 23:00:01 -0800 [thread overview]
Message-ID: <20161127070001.GD34163@google.com> (raw)
In-Reply-To: <98AAB80A-A0BE-4408-A514-DC3B8D19C5F7@sigma-star.at>
On Thu, Nov 24, 2016 at 04:57:51PM +0100, David Gstir wrote:
>
> > Also, if the intent is just that the 'index' represent the data's offset in
> > filesystem blocks rather than in pages, then perhaps it should be documented as
> > such. (This would be correct for ext4 and f2fs; they just happen to only
> > support encryption with block_size = PAGE_SIZE currently.)
>
> Yes, in case of UBIFS it is exactly that.
>
> However, I'm actually not really happy with the name 'index'. I'd rather call it 'iv' (or 'tweak') directly. In the context of encryption its purpose will be more obvious, especially in regard to the "IV _must_ not be reused" constraint you mentioned above.
>
Well, the way I'd prefer to think about it is that the filesystem does not
provide an IV directly (it doesn't anyway, since the actual IV is a u8[16]), but
rather the number of the logical block of the file, like 'u64 lblk_num'. And
that is sufficient to avoid IV reuse.
Eric
next prev parent reply other threads:[~2016-11-27 7:00 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-13 21:20 [PATCH 00/29] UBIFS File Encryption v1 Richard Weinberger
2016-11-13 21:20 ` [PATCH 01/29] fscrypt: Add in-place encryption mode Richard Weinberger
2016-11-15 18:14 ` Eric Biggers
2016-11-25 12:09 ` David Gstir
2016-11-27 6:49 ` Eric Biggers
2016-11-13 21:20 ` [PATCH 02/29] fscrypt: Allow fscrypt_decrypt_page() to function with non-writeback pages Richard Weinberger
2016-11-15 18:19 ` Eric Biggers
2016-11-24 17:43 ` David Gstir
2016-11-13 21:20 ` [PATCH 03/29] fscrypt: Enable partial page encryption Richard Weinberger
2016-11-15 18:31 ` Eric Biggers
2016-11-13 21:20 ` [PATCH 04/29] fscrypt: Constify struct inode pointer Richard Weinberger
2016-11-13 21:20 ` [PATCH 05/29] fscrypt: Let fs select encryption index/tweak Richard Weinberger
2016-11-15 18:43 ` Eric Biggers
[not found] ` <98AAB80A-A0BE-4408-A514-DC3B8D19C5F7@sigma-star.at>
2016-11-27 7:00 ` Eric Biggers [this message]
2016-11-13 21:20 ` [PATCH 06/29] ubifs: Export ubifs_check_dir_empty() Richard Weinberger
2016-11-13 21:20 ` [PATCH 07/29] ubifs: Export xattr get and set functions Richard Weinberger
2016-11-13 21:20 ` [PATCH 08/29] ubifs: Define UBIFS crypto context xattr Richard Weinberger
2016-11-13 21:20 ` [PATCH 09/29] ubifs: Add skeleton for fscrypto Richard Weinberger
2016-11-13 21:20 ` [PATCH 10/29] ubifs: Massage ubifs_listxattr() for encryption context Richard Weinberger
2016-11-13 21:20 ` [PATCH 11/29] ubifs: Implement directory open operation Richard Weinberger
2016-11-13 21:20 ` [PATCH 12/29] ubifs: Implement file " Richard Weinberger
2016-11-13 21:20 ` [PATCH 13/29] ubifs: Enforce crypto policy in ->link and ->rename Richard Weinberger
2016-11-13 21:20 ` [PATCH 14/29] ubifs: Preload crypto context in ->lookup() Richard Weinberger
2016-11-13 21:20 ` [PATCH 15/29] ubifs: Massage assert in ubifs_xattr_set() wrt. fscrypto Richard Weinberger
2016-11-13 21:20 ` [PATCH 16/29] ubifs: Enforce crypto policy in mmap Richard Weinberger
2016-11-13 21:21 ` [PATCH 17/29] ubifs: Introduce new data node field, compr_size Richard Weinberger
2016-11-13 21:21 ` [PATCH 18/29] ubifs: Constify struct inode pointer in ubifs_crypt_is_encrypted() Richard Weinberger
2016-11-13 21:21 ` [PATCH 19/29] ubifs: Implement encrypt/decrypt for all IO Richard Weinberger
2016-11-13 23:03 ` kbuild test robot
2016-11-13 21:21 ` [PATCH 20/29] ubifs: Relax checks in ubifs_validate_entry() Richard Weinberger
2016-11-13 21:21 ` [PATCH 21/29] ubifs: Make r5 hash binary string aware Richard Weinberger
2016-11-13 21:21 ` [PATCH 22/29] ubifs: Implement encrypted filenames Richard Weinberger
2016-11-13 21:21 ` [PATCH 23/29] ubifs: Add support for encrypted symlinks Richard Weinberger
2016-11-13 21:21 ` [PATCH 24/29] ubifs: Rename tnc_read_node_nm Richard Weinberger
2016-11-13 21:21 ` [PATCH 25/29] ubifs: Add full hash lookup support Richard Weinberger
2016-11-13 21:21 ` [PATCH 26/29] ubifs: Use a random number for cookies Richard Weinberger
2016-11-13 21:21 ` [PATCH 27/29] ubifs: Implement UBIFS_FLG_DOUBLE_HASH Richard Weinberger
2016-11-13 21:21 ` [PATCH 28/29] ubifs: Implement UBIFS_FLG_ENCRYPTION Richard Weinberger
2016-11-13 21:21 ` [PATCH 29/29] ubifs: Raise write version to 5 Richard Weinberger
2016-11-14 3:05 ` [PATCH 00/29] UBIFS File Encryption v1 Theodore Ts'o
2016-11-14 12:01 ` Richard Weinberger
2016-11-25 8:18 ` Richard Weinberger
2016-11-27 17:52 ` Theodore Ts'o
2016-11-27 22:21 ` Richard Weinberger
2016-11-28 0:43 ` Theodore Ts'o
2016-11-28 1:27 ` Eric Biggers
2016-11-29 2:27 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161127070001.GD34163@google.com \
--to=ebiggers@google.com \
--cc=adrian.hunter@intel.com \
--cc=david@sigma-star.at \
--cc=dedekind1@gmail.com \
--cc=dengler@linutronix.de \
--cc=hch@infradead.org \
--cc=jaegeuk@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=mhalcrow@google.com \
--cc=richard@nod.at \
--cc=sbabic@denx.de \
--cc=tytso@mit.edu \
--cc=wd@denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).