On Mon, Feb 11, 2019 at 03:31:29PM -0800, Eric Biggers wrote:
> Hi Dave,
>
> On Tue, Feb 12, 2019 at 09:12:49AM +1100, Dave Chinner wrote:
> > On Mon, Feb 11, 2019 at 09:27:29AM -0800, Eric Biggers wrote:
> >
> > Indeed, this is exactly what ->drop_inode() is for.
> >
> > Take this function:
> >
Hi Dave,
On Tue, Feb 12, 2019 at 09:12:49AM +1100, Dave Chinner wrote:
> On Mon, Feb 11, 2019 at 09:27:29AM -0800, Eric Biggers wrote:
> > From: Eric Biggers
> >
> > Add a new fscrypt ioctl, FS_IOC_REMOVE_ENCRYPTION_KEY. This ioctl
> > removes an encryption key that was added by FS_IOC_ADD_ENCR
On Mon, Feb 11, 2019 at 09:27:29AM -0800, Eric Biggers wrote:
> From: Eric Biggers
>
> Add a new fscrypt ioctl, FS_IOC_REMOVE_ENCRYPTION_KEY. This ioctl
> removes an encryption key that was added by FS_IOC_ADD_ENCRYPTION_KEY.
> It wipes the secret key itself, then "locks" the encrypted files and
On Mon, Feb 11, 2019 at 12:02:51PM +0100, Sebastian Andrzej Siewior wrote:
> crypto_cfg_mutex was never used since it got introduced in commit
>
> cac5818c25d04 ("crypto: user - Implement a generic crypto statistics")
>
> Cc: Corentin Labbe
> Signed-off-by: Sebastian Andrzej Siewior
> ---
>
Add missing break statement in order to prevent the code from falling
through to case S_DIN_to_DES.
This bug was found thanks to the ongoing efforts to enable
-Wimplicit-fallthrough.
Fixes: 63ee04c8b491 ("crypto: ccree - add skcipher support")
Cc: sta...@vger.kernel.org
Signed-off-by: Gustavo A.
From: Eric Biggers
By looking up the master keys in a filesystem-level keyring rather than
in the calling processes' key hierarchy, it becomes possible for a user
to set an encryption policy which refers to some key they don't actually
know, then encrypt their files using that key. Cryptographic
From: Eric Biggers
When a filesystem encryption key is removed, we need all files which had
been "unlocked" (had ->i_crypt_info set up) with it to appear "locked"
again. This is most easily done by evicting the inodes. This can
currently be done using 'echo 2 > /proc/sys/vm/drop_caches'; howeve
From: Eric Biggers
Add an inode back-pointer to 'struct fscrypt_info', such that
inode->i_crypt_info->ci_inode == inode.
This will be useful for:
1. Evicting the inodes when a fscrypt key is removed, since we'll track
the inodes using a given key by linking their fscrypt_infos together,
r
From: Eric Biggers
Allow the FS_IOC_ADD_ENCRYPTION_KEY and FS_IOC_REMOVE_ENCRYPTION_KEY
ioctls to be used by non-root users to add and remove encryption keys
from the filesystem-level crypto keyrings, subject to limitations.
Motivation: while privileged fscrypt key management is sufficient for
s
From: Eric Biggers
In preparation for introducing v2 encryption policies which will find
and derive encryption keys differently from the current v1 encryption
policies, refactor the v1 policy-specific key setup code from keyinfo.c
into keysetup_legacy.c. Then rename keyinfo.c to keysetup.c.
Not
From: Eric Biggers
Wire up the new ioctls for adding and removing fscrypt keys to/from the
filesystem, and the new ioctl for retrieving v2 encryption policies.
For more details see Documentation/filesystems/fscrypt.rst, as well as
the fscrypt patches that added the implementation of these ioctls
From: Eric Biggers
Wire up the new ioctls for adding and removing fscrypt keys to/from the
filesystem, and the new ioctl for retrieving v2 encryption policies.
For more details see Documentation/filesystems/fscrypt.rst, as well as
the fscrypt patches that added the implementation of these ioctls
From: Eric Biggers
Add a new fscrypt ioctl, FS_IOC_ADD_ENCRYPTION_KEY. This ioctl adds an
encryption key to the filesystem's fscrypt keyring ->s_master_keys,
making any files encrypted with that key appear "unlocked".
Why we need this
The main problem is that the "locked/unloc
From: Eric Biggers
Add a new fscrypt policy version, "v2". It has the following changes
from the original policy version, which we call "v1" (*):
- The encryption key is identified by a 16-byte master_key_identifier,
which is derived from the key itself using HKDF-SHA512. This prevents
use
From: Eric Biggers
Add an implementation of HKDF (RFC 5869) to fscrypt, for the purpose of
deriving additional key material from the fscrypt master keys for v2
encryption policies. HKDF is a key derivation function built on top of
HMAC. We choose SHA-512 for the underlying unkeyed hash, and use
From: Eric Biggers
When a filesystem encryption key is removed, we need all files which had
been "unlocked" (had ->i_crypt_info set up) with it to appear "locked"
again. This is most easily done by evicting the inodes. This can
currently be done using 'echo 2 > /proc/sys/vm/drop_caches'; howeve
From: Eric Biggers
Wire up the new ioctls for adding and removing fscrypt keys to/from the
filesystem, and the new ioctl for retrieving v2 encryption policies.
For more details see Documentation/filesystems/fscrypt.rst, as well as
the fscrypt patches that added the implementation of these ioctls
From: Eric Biggers
When a filesystem encryption key is removed, we need all files which had
been "unlocked" (had ->i_crypt_info set up) with it to appear "locked"
again. This is most easily done by evicting the inodes. This can
currently be done using 'echo 2 > /proc/sys/vm/drop_caches'; howeve
From: Eric Biggers
Add a new fscrypt ioctl, FS_IOC_GET_ENCRYPTION_KEY_STATUS. Given a key
specified by 'struct fscrypt_key_specifier' (the same way a key is
specified for the other fscrypt key management ioctls), it returns
status information in a 'struct fscrypt_get_key_status_arg'.
The main m
From: Eric Biggers
Add a new fscrypt ioctl, FS_IOC_REMOVE_ENCRYPTION_KEY. This ioctl
removes an encryption key that was added by FS_IOC_ADD_ENCRYPTION_KEY.
It wipes the secret key itself, then "locks" the encrypted files and
directories that had been unlocked using that key -- implemented by
evi
From: Eric Biggers
Add an ->s_master_keys keyring to 'struct super_block'. New fscrypt
ioctls will allow adding and removing encryption keys from this keyring.
This will enable solving multiple interrelated problems with how fscrypt
keys are provided and managed currently, including:
- Making t
From: Eric Biggers
Update the fscrypt documentation file to catch up to all the latest
changes, including the new ioctls to manage master encryption keys in
the filesystem-level keyring and the support for v2 encryption policies.
Signed-off-by: Eric Biggers
---
Documentation/filesystems/fscryp
From: Eric Biggers
Update fs/crypto/ to use the new names for the UAPI constants rather
than the old names, then make the old definitions conditional on
!__KERNEL__.
Signed-off-by: Eric Biggers
---
fs/crypto/crypto.c | 2 +-
fs/crypto/fname.c| 2 +-
fs/crypto/fscrypt_pr
From: Eric Biggers
More fscrypt definitions are being added, and we shouldn't use a
disproportionate amount of space in for fscrypt stuff.
So move the fscrypt definitions to a new header .
For source compatibility with existing userspace programs,
still includes the new header.
Signed-off-by:
Hello,
This patchset makes major improvements to how keys are added, removed,
and derived in fscrypt, aka ext4/f2fs/ubifs encryption. It does this by
adding new ioctls that add and remove encryption keys directly to/from
the filesystem, and by adding a new encryption policy version ("v2")
where t
From: Eric Biggers
Prefix all filesystem encryption UAPI constants except the ioctl numbers
with "FSCRYPT_" rather than with "FS_". This namespaces the constants
more appropriately and makes it clear that they are related specifically
to the filesystem encryption feature, and to the 'fscrypt_*'
On Mon, 11 Feb 2019 at 16:13, Horia Geanta wrote:
>
> On 2/8/2019 1:45 PM, Herbert Xu wrote:
> > On Fri, Feb 08, 2019 at 08:41:37AM +, Horia Geanta wrote:
> >>
> >> So if there is a real intention to support offloading skcipher, as this old
> >> commit suggests:
> >>
> >> 84c911523020 ("[CRYPT
Commit 1358c13a48c4 ("crypto: ccree - fix resume race condition on init")
was missing a "inline" qualifier for stub function used when CONFIG_PM
is not set causing a build warning.
Fixes: 1358c13a48c4 ("crypto: ccree - fix resume race condition on init")
Cc: sta...@kernel.org # v4.20
Signed-off-by
On 2/8/2019 1:45 PM, Herbert Xu wrote:
> On Fri, Feb 08, 2019 at 08:41:37AM +, Horia Geanta wrote:
>>
>> So if there is a real intention to support offloading skcipher, as this old
>> commit suggests:
>>
>> 84c911523020 ("[CRYPTO] gcm: Add support for async ciphers")
>> This patch adds the
On 2/11/2019 2:31 PM, Wen Yang wrote:
> The of_find_device_by_node() takes a reference to the underlying device
> structure, we should release that reference.
>
> Fixes: 35af64038623 ("crypto: caam - Check for CAAM block presence before
> registering with crypto layer")
Fixes: b189817cf789 ("cryp
Driver was relying on an older DPIO API, which provided a CPU-affine DPIO
in case it was called with preemption disabled.
Since this is no longer the case, save the CPU-affine DPIO in per-cpu
private structure during setup and further use it on the hot path.
Note that preemption is no longer disa
Add cpu_relax() in the loop that tries to enqueue the FDs.
Signed-off-by: Horia Geantă
---
drivers/crypto/caam/caamalg_qi2.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/crypto/caam/caamalg_qi2.c
b/drivers/crypto/caam/caamalg_qi2.c
index 6a6a508f5fd2..c2c1abc68f81 100644
--- a/
Avoid console being flooded with prints in case HW is too busy to accept
new enqueue requests.
Signed-off-by: Horia Geantă
---
drivers/crypto/caam/caamalg_qi2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/caam/caamalg_qi2.c
b/drivers/crypto/caam/caamalg_qi
The main update in this patch set is taking advantage of current DPIO
(SW portal) implementation, making sure a CPU-affine portal is used.
There is a dependency on Freescale SoC drivers tree:
https://git.kernel.org/pub/scm/linux/kernel/git/leo/linux.git/log/?h=next
Patches that need to be integra
Last user of cdev_list_lock was removed in commit
6422ccc5fbefb ("crypto/chelsio/chtls: listen fails with multiadapt")
Cc: Atul Gupta
Cc: Harsh Jain
Signed-off-by: Sebastian Andrzej Siewior
---
drivers/crypto/chelsio/chtls/chtls_main.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/driv
crypto_cfg_mutex was never used since it got introduced in commit
cac5818c25d04 ("crypto: user - Implement a generic crypto statistics")
Cc: Corentin Labbe
Signed-off-by: Sebastian Andrzej Siewior
---
crypto/crypto_user_stat.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/crypto/crypt
36 matches
Mail list logo
