Re: [PATCH 1/4] fscrypt: add FS_IOC_GET_ENCRYPTION_NONCE ioctl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Mar 14, 2020 at 01:50:49PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@xxxxxxxxxx>
> 
> Add an ioctl FS_IOC_GET_ENCRYPTION_NONCE which retrieves the nonce from
> an encrypted file or directory.  The nonce is the 16-byte random value
> stored in the inode's encryption xattr.  It is normally used together
> with the master key to derive the inode's actual encryption key.
> 
> The nonces are needed by automated tests that verify the correctness of
> the ciphertext on-disk.  Except for the IV_INO_LBLK_64 case, there's no
> way to replicate a file's ciphertext without knowing that file's nonce.
> 
> The nonces aren't secret, and the existing ciphertext verification tests
> in xfstests retrieve them from disk using debugfs or dump.f2fs.  But in
> environments that lack these debugging tools, getting the nonces by
> manually parsing the filesystem structure would be very hard.
> 
> To make this important type of testing much easier, let's just add an
> ioctl that retrieves the nonce.
> 
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>

Reviewed-by: Theodore Ts'o <tytso@xxxxxxx>



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux