Re: [PATCH v1 0/7] fscrypt: add pooled prepared keys facility

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



To clarify my suggestion, blk-crypto could be used for file contents
en/decryption at the same time that filesystem-layer crypto is used for verity
metadata en/decryption.  blk-crypto and filesystem-layer crypto don't need to be
mutually exclusive, even on the same file.
That's a great point. I'm dropping these two patchsets and updating the original one at the start of the year to use blk-crypto, as per our discussions both here and at LSF. 



Also, I'm glad that you're interested in xattr encryption, but unfortunately
it's a tough problem, and all the other filesystems that implement fscrypt have
left it out.  You have enough other things to worry about, so I think leaving
xattr encryption out for now is the right call.  Similarly, the other
filesystems that implement fscrypt have left out encryption of inline data,
instead opting to disable inline data on encrypted files.
A good point. I'll defer xattrs and inline data (and verity) for the first round, and add in doing those with inode infos after getting extent infos working well. 



Anyway, the main reason I'm sending this email is actually that I wanted to
mention another possible solution to the per-extent key problem that I just
became aware of.  In v6.4-rc1, the crypto API added a new function
crypto_clone_tfm() which allocates a new tfm object, given an existing one.
Unlike crypto_alloc_tfm(), crypto_clone_tfm() doesn't take any locks.  See:
https://lore.kernel.org/linux-crypto/ZDefxOq6Ax0JeTRH@xxxxxxxxxxxxxxxxxxx/T/#u

For now, only shash and ahash tfms can be cloned.  However, it looks like
support for cloning skcipher tfms could be added.

With "cloning" skcipher tfms, there could just be a crypto_skcipher per extent,
allocated on the I/O path.  That would solve the problem we've been trying to
solve, without having to bring in the complexity of "pooled prepared keys".
Huh. A cool new thing for sure. I suppose one would have an initial tfm per supported crypto alg, and clone it for each extent as needed. That's definitely better than pooling prepared keys. I'll explore this after everything else, and work on blk-crypto oriented for now. 

Thanks!

Sweet Tea
[Index of Archives]     [linux Cryptography]     [Asterisk App Development]     [PJ SIP]     [Gnu Gatekeeper]     [IETF Sipping]     [Info Cyrus]     [ALSA User]     [Fedora Linux Users]     [Linux SCTP]     [DCCP]     [Gimp]     [Yosemite News]     [Deep Creek Hot Springs]     [Yosemite Campsites]     [ISDN Cause Codes]

  Powered by Linux