On Sat, Mar 14, 2020 at 01:50:49PM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > Add an ioctl FS_IOC_GET_ENCRYPTION_NONCE which retrieves the nonce from > an encrypted file or directory. The nonce is the 16-byte random value > stored in the inode's encryption xattr. It is normally used together > with the master key to derive the inode's actual encryption key. > > The nonces are needed by automated tests that verify the correctness of > the ciphertext on-disk. Except for the IV_INO_LBLK_64 case, there's no > way to replicate a file's ciphertext without knowing that file's nonce. > > The nonces aren't secret, and the existing ciphertext verification tests > in xfstests retrieve them from disk using debugfs or dump.f2fs. But in > environments that lack these debugging tools, getting the nonces by > manually parsing the filesystem structure would be very hard. > > To make this important type of testing much easier, let's just add an > ioctl that retrieves the nonce. > > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> Reviewed-by: Theodore Ts'o <tytso@xxxxxxx>
