Re: [RFC PATCH v3 00/18] fscrypt: key management improvements

On Tue, Feb 19, 2019 at 11:18:21PM -0800, Andreas Dilger wrote: > On Feb 19, 2019, at 10:52 PM, Eric Biggers wrote: > > > > Hello, > > > > This patchset makes major improvements to how keys are added, removed, > > and derived in fscrypt, aka ext4/f2fs/ubifs encryption. It does this by > > addin

Re: [RFC PATCH v3 00/18] fscrypt: key management improvements

On Feb 19, 2019, at 10:52 PM, Eric Biggers wrote: > > Hello, > > This patchset makes major improvements to how keys are added, removed, > and derived in fscrypt, aka ext4/f2fs/ubifs encryption. It does this by > adding new ioctls that add and remove encryption keys directly to/from > the filesy

[RFC PATCH v3 06/18] fscrypt: refactor v1 policy key setup into keysetup_legacy.c

From: Eric Biggers In preparation for introducing v2 encryption policies which will find and derive encryption keys differently from the current v1 encryption policies, refactor the v1 policy-specific key setup code from keyinfo.c into keysetup_legacy.c. Then rename keyinfo.c to keysetup.c. Not

[RFC PATCH v3 04/18] fs: add ->s_master_keys to struct super_block

From: Eric Biggers Add an ->s_master_keys keyring to 'struct super_block'. New fscrypt ioctls will allow adding and removing encryption keys from this keyring. This will enable solving multiple interrelated problems with how fscrypt keys are provided and managed currently, including: - Making t

[RFC PATCH v3 07/18] fscrypt: add FS_IOC_ADD_ENCRYPTION_KEY ioctl

From: Eric Biggers Add a new fscrypt ioctl, FS_IOC_ADD_ENCRYPTION_KEY. This ioctl adds an encryption key to the filesystem's fscrypt keyring ->s_master_keys, making any files encrypted with that key appear "unlocked". Why we need this The main problem is that the "locked/unloc

[RFC PATCH v3 02/18] fscrypt: use FSCRYPT_ prefix for uapi constants

From: Eric Biggers Prefix all filesystem encryption UAPI constants except the ioctl numbers with "FSCRYPT_" rather than with "FS_". This namespaces the constants more appropriately and makes it clear that they are related specifically to the filesystem encryption feature, and to the 'fscrypt_*'

[RFC PATCH v3 08/18] fs/dcache.c: add shrink_dcache_inode()

From: Eric Biggers When a filesystem encryption key is removed, we need all files which had been "unlocked" (had ->i_crypt_info set up) with it to appear "locked" again. This is most easily done by evicting the inodes. This can currently be done using 'echo 2 > /proc/sys/vm/drop_caches'; howeve

[RFC PATCH v3 14/18] fscrypt: require that key be added when setting a v2 encryption policy

From: Eric Biggers By looking up the master keys in a filesystem-level keyring rather than in the calling processes' key hierarchy, it becomes possible for a user to set an encryption policy which refers to some key they don't actually know, then encrypt their files using that key. Cryptographic

[RFC PATCH v3 05/18] fscrypt: add ->ci_inode to fscrypt_info

From: Eric Biggers Add an inode back-pointer to 'struct fscrypt_info', such that inode->i_crypt_info->ci_inode == inode. This will be useful for: 1. Evicting the inodes when a fscrypt key is removed, since we'll track the inodes using a given key by linking their fscrypt_infos together, r

[RFC PATCH v3 11/18] fscrypt: add an HKDF-SHA512 implementation

From: Eric Biggers Add an implementation of HKDF (RFC 5869) to fscrypt, for the purpose of deriving additional key material from the fscrypt master keys for v2 encryption policies. HKDF is a key derivation function built on top of HMAC. We choose SHA-512 for the underlying unkeyed hash, and use

[RFC PATCH v3 13/18] fscrypt: allow unprivileged users to add/remove keys for v2 policies

From: Eric Biggers Allow the FS_IOC_ADD_ENCRYPTION_KEY and FS_IOC_REMOVE_ENCRYPTION_KEY ioctls to be used by non-root users to add and remove encryption keys from the filesystem-level crypto keyrings, subject to limitations. Motivation: while privileged fscrypt key management is sufficient for s

[RFC PATCH v3 18/18] fscrypt: document the new ioctls and policy version

From: Eric Biggers Update the fscrypt documentation file to catch up to all the latest changes, including the new ioctls to manage master encryption keys in the filesystem-level keyring and the support for v2 encryption policies. Signed-off-by: Eric Biggers --- Documentation/filesystems/fscryp

[RFC PATCH v3 12/18] fscrypt: v2 encryption policy support

From: Eric Biggers Add a new fscrypt policy version, "v2". It has the following changes from the original policy version, which we call "v1" (*): - The encryption key is identified by a 16-byte master_key_identifier, which is derived from the key itself using HKDF-SHA512. This prevents use

[RFC PATCH v3 15/18] ext4: wire up new fscrypt ioctls

From: Eric Biggers Wire up the new ioctls for adding and removing fscrypt keys to/from the filesystem, and the new ioctl for retrieving v2 encryption policies. FS_IOC_REMOVE_ENCRYPTION_KEY also required making ext4_drop_inode() call fscrypt_drop_inode(). For more details see Documentation/files

[RFC PATCH v3 09/18] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl

From: Eric Biggers Add a new fscrypt ioctl, FS_IOC_REMOVE_ENCRYPTION_KEY. This ioctl removes an encryption key that was added by FS_IOC_ADD_ENCRYPTION_KEY. It wipes the secret key itself, then "locks" the encrypted files and directories that had been unlocked using that key -- implemented by evi

[RFC PATCH v3 17/18] ubifs: wire up new fscrypt ioctls

From: Eric Biggers Wire up the new ioctls for adding and removing fscrypt keys to/from the filesystem, and the new ioctl for retrieving v2 encryption policies. FS_IOC_REMOVE_ENCRYPTION_KEY also required making UBIFS use fscrypt_drop_inode(). For more details see Documentation/filesystems/fscryp

[RFC PATCH v3 16/18] f2fs: wire up new fscrypt ioctls

From: Eric Biggers Wire up the new ioctls for adding and removing fscrypt keys to/from the filesystem, and the new ioctl for retrieving v2 encryption policies. FS_IOC_REMOVE_ENCRYPTION_KEY also required making f2fs_drop_inode() call fscrypt_drop_inode(). For more details see Documentation/files

[RFC PATCH v3 10/18] fscrypt: add FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl

From: Eric Biggers Add a new fscrypt ioctl, FS_IOC_GET_ENCRYPTION_KEY_STATUS. Given a key specified by 'struct fscrypt_key_specifier' (the same way a key is specified for the other fscrypt key management ioctls), it returns status information in a 'struct fscrypt_get_key_status_arg'. The main m

[RFC PATCH v3 03/18] fscrypt: use FSCRYPT_* definitions, not FS_*

From: Eric Biggers Update fs/crypto/ to use the new names for the UAPI constants rather than the old names, then make the old definitions conditional on !__KERNEL__. Signed-off-by: Eric Biggers --- fs/crypto/crypto.c | 2 +- fs/crypto/fname.c| 2 +- fs/crypto/fscrypt_pr

[RFC PATCH v3 01/18] fs, fscrypt: move uapi definitions to new header

From: Eric Biggers More fscrypt definitions are being added, and we shouldn't use a disproportionate amount of space in for fscrypt stuff. So move the fscrypt definitions to a new header . For source compatibility with existing userspace programs, still includes the new header. Signed-off-by:

[RFC PATCH v3 00/18] fscrypt: key management improvements

Hello, This patchset makes major improvements to how keys are added, removed, and derived in fscrypt, aka ext4/f2fs/ubifs encryption. It does this by adding new ioctls that add and remove encryption keys directly to/from the filesystem, and by adding a new encryption policy version ("v2") where t

Re: [PATCH v2 2/4] crypto: hisilicon: Add queue management driver for HiSilicon QM module

On 2019/2/20 12:10, Herbert Xu wrote: > On Sat, Feb 02, 2019 at 10:25:43AM +0800, Zhou Wang wrote: >> >> In fact, I planned to register to acomp later. >> >> It also makes sense to use scomp if hardware engine is faster than CPU. >> So how about registering to scomp firstly, then we register this e

Re: [PATCH v2 2/4] crypto: hisilicon: Add queue management driver for HiSilicon QM module

On Sat, Feb 02, 2019 at 10:25:43AM +0800, Zhou Wang wrote: > > In fact, I planned to register to acomp later. > > It also makes sense to use scomp if hardware engine is faster than CPU. > So how about registering to scomp firstly, then we register this engine to > acomp later? Sorry, but the fact

Re: [RFC PATCH] crypto: pcrypt - forbid recursive instantiation

On Wed, Apr 18, 2018 at 07:35:33AM +0200, Steffen Klassert wrote: > > Yes sure, I just wanted to know if it is worth to think about > preventing template recursions. If there is a valid usecase, > then we don't even need to think in this direction. > > While I think each pcrypt instance should ha

Re: [PATCH] hwrng: bcm2835 - fix probe as platform device

On 2/19/19 4:16 AM, Jonas Gorski wrote: > BCM63XX (MIPS) does not use device tree, so there cannot be any > of_device_id, causing the driver to fail on probe: > > [0.904564] bcm2835-rng: probe of bcm63xx-rng failed with error -22 > > Fix this by checking for match data only if we are probing

Re: [PATCH v2] crypto: s5p: update iv after AES-CBC op end

On Tue, 19 Feb 2019 at 17:02, Kamil Konieczny wrote: > > Fix bug "s5p-sss crypto driver doesn't set next AES-CBC IV". While at this, > fix also AES-CTR mode. Tested on Odroid U3 with Eric Biggers branch > "iv-out-testing". > > Signed-off-by: Kamil Konieczny > Reported-by: Eric Biggers > --- > Ch

[PATCH v2] crypto: s5p: update iv after AES-CBC op end

Fix bug "s5p-sss crypto driver doesn't set next AES-CBC IV". While at this, fix also AES-CTR mode. Tested on Odroid U3 with Eric Biggers branch "iv-out-testing". Signed-off-by: Kamil Konieczny Reported-by: Eric Biggers --- Changes since v1: - reworded Subject and commit message - changed code

[PATCH] crypto: x86/poly1305 - Clear key material from stack in SSE2 variant

1-block SSE2 variant of poly1305 stores variables s1..s4 containing key material on the stack. This commit adds missing zeroing of the stack memory. Benchmarks show negligible performance hit (tested on i7-3770). Signed-off-by: Tommi Hirvola --- Similarly, poly1305_blocks() in crypto/poly1305_gen

[PATCH 0/3] crypto: caam/jr - DMA API fixes

This patch set fixes issues uncovered when testing the Job Ring interface with CONFIG_DMA_API_DEBUG=y. First patch ("crypto: caam - fix hash context DMA unmap size") has to be sent to -stable, according to "Fixes" tag. Franck LENORMAND (1): crypto: caam - fix hash context DMA unmap size Horia

[PATCH 1/3] crypto: caam - fix hash context DMA unmap size

From: Franck LENORMAND When driver started using state->caam_ctxt for storing both running hash and final hash, it was not updated to handle different DMA unmap lengths. Cc: # v4.19+ Fixes: c19650d6ea99 ("crypto: caam - fix DMA mapping of stack memory") Signed-off-by: Franck LENORMAND Signed-o

[PATCH 2/3] crypto: caam - fix DMA mapping xcbc key twice

Fix a side effect of adding xcbc support, which leads to DMA mapping the key twice. Fixes: 12b8567f6fa4 ("crypto: caam - add support for xcbc(aes)") Signed-off-by: Horia Geantă --- drivers/crypto/caam/caamhash.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/crypto

[PATCH 3/3] crypto: caam - generate hash keys in-place

When generating a split key or hashing the key, DMA mapping the key buffers coming directly from user is incorrect, since they are not guaranteed to be DMAable. Update driver to first copy user-provided key in the output buffer ("key_out") and then use this buffer for in-place computation (split k

[PATCH] hwrng: bcm2835 - fix probe as platform device

BCM63XX (MIPS) does not use device tree, so there cannot be any of_device_id, causing the driver to fail on probe: [0.904564] bcm2835-rng: probe of bcm63xx-rng failed with error -22 Fix this by checking for match data only if we are probing from device tree. Fixes: 8705f24f7b57 ("hwrng: bcm2

Re: [PATCH] crypto: s5p: update iv after AES op end

On Mon, 18 Feb 2019 at 17:01, Kamil Konieczny wrote: > > Fix bug "s5p-sss crypto driver doesn't set next AES-CBC IV". This should > also fix AES-CTR mode. Tested on Odroid U3 with Eric Biggers branch > "iv-out-testing". > > Signed-off-by: Kamil Konieczny > --- > drivers/crypto/s5p-sss.c | 8

[PATCH] crypto: s5p-sss - Use AES_BLOCK_SIZE define instead of number

Replace hard coded AES block size with define. Signed-off-by: Krzysztof Kozlowski --- drivers/crypto/s5p-sss.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c index 0064be0e3941..39fc6942364b 100644 --- a/drivers/crypt

Re: [Bug] s5p-sss crypto driver doesn't set next AES-CBC IV

On Tue, 19 Feb 2019 at 10:58, Kamil Konieczny wrote: > > Hi, > > On 15.02.2019 19:51, Eric Biggers wrote: > > Hello, > > > > The AES-CBC implementation in the s5p-sss crypto driver is failing the > > improved > > crypto self-tests I currently have out for review. The improved tests check > > tha

Re: [Bug] s5p-sss crypto driver doesn't set next AES-CBC IV

Hi, On 15.02.2019 19:51, Eric Biggers wrote: > Hello, > > The AES-CBC implementation in the s5p-sss crypto driver is failing the > improved > crypto self-tests I currently have out for review. The improved tests check > that all CBC implementations update the IV buffer to be the last ciphertext