Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S935329AbcKMV35 (ORCPT <rfc822;w@1wt.eu>);
        Sun, 13 Nov 2016 16:29:57 -0500
Received: from mail.sigma-star.at ([95.130.255.111]:45997 "EHLO
        mail.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S935048AbcKMVVx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 13 Nov 2016 16:21:53 -0500
From: Richard Weinberger <richard@nod.at>
To: linux-mtd@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
        dedekind1@gmail.com, adrian.hunter@intel.com, tytso@mit.edu,
        jaegeuk@kernel.org, david@sigma-star.at, wd@denx.de, sbabic@denx.de,
        dengler@linutronix.de, ebiggers@google.com, mhalcrow@google.com,
        hch@infradead.org, Richard Weinberger <richard@nod.at>
Subject: [PATCH 00/29] UBIFS File Encryption v1
Date: Sun, 13 Nov 2016 22:20:43 +0100
Message-Id: <1479072072-6844-1-git-send-email-richard@nod.at>
X-Mailer: git-send-email 2.7.3
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 3961
Lines: 95

This patch series implements file level encryption for UBIFS.
It makes use of the generic fscrypto framework as used by ext4 and f2fs.
Among file contents also file names are encrypted,
for more details on fscrypto please see [0] and [1].

To support encrypted files in UBIFS multiple preparations were needed.
The first five patches touch fscrypto code and add support for
kmalloc()'ed pages.
UBIFS has a different IO model than ext4 and f2fs because it uses MTD
instead of the block layer. But the changes are small and non-invasive.
In UBIFS itself the biggest change was supporting hash lookups.
Now UBIFS is able to provide a 64bit cookie which can be used later
to locate a file. This change will also allow us implementing proper
NFS and telldir() support, but that will be a different patch series.
Because of these changes the UBIFS write version is now 5.

As userspace component I'm currently using e4crypt from e2fsprogs with
EXT2FS_KEY_DESC_PREFIX set to "fscrypt:" instead of "ext4:".
A common tool will hopefully emerge soon[2]. I don't want an UBIFS
specific tool in mtd-utils.

The series is based on 4.9-rc3.
It can be obtained from:
git://git.infradead.org/users/rw/linux.git ubifs_crypt_v1

[0] https://lwn.net/Articles/639427/
[1] https://docs.google.com/document/d/1ft26lUQyuSpiu6VleP70_npaWdRfXFoNnB8JYnykNTg/edit
[2] http://www.spinics.net/lists/linux-fsdevel/msg103107.html

Changes since v0, https://lwn.net/Articles/704261/
 - Rebased to v4.9-rc4
 - Made fscrypto functions generic instead of adding new versions (hch)
 - Addressed various comments (Eric and Ted)

David Gstir (5):
  fscrypt: Add in-place encryption mode
  fscrypt: Allow fscrypt_decrypt_page() to function with non-writeback
    pages
  fscrypt: Enable partial page encryption
  fscrypt: Constify struct inode pointer
  fscrypt: Let fs select encryption index/tweak

Richard Weinberger (24):
  ubifs: Export ubifs_check_dir_empty()
  ubifs: Export xattr get and set functions
  ubifs: Define UBIFS crypto context xattr
  ubifs: Add skeleton for fscrypto
  ubifs: Massage ubifs_listxattr() for encryption context
  ubifs: Implement directory open operation
  ubifs: Implement file open operation
  ubifs: Enforce crypto policy in ->link and ->rename
  ubifs: Preload crypto context in ->lookup()
  ubifs: Massage assert in ubifs_xattr_set() wrt. fscrypto
  ubifs: Enforce crypto policy in mmap
  ubifs: Introduce new data node field, compr_size
  ubifs: Constify struct inode pointer in ubifs_crypt_is_encrypted()
  ubifs: Implement encrypt/decrypt for all IO
  ubifs: Relax checks in ubifs_validate_entry()
  ubifs: Make r5 hash binary string aware
  ubifs: Implement encrypted filenames
  ubifs: Add support for encrypted symlinks
  ubifs: Rename tnc_read_node_nm
  ubifs: Add full hash lookup support
  ubifs: Use a random number for cookies
  ubifs: Implement UBIFS_FLG_DOUBLE_HASH
  ubifs: Implement UBIFS_FLG_ENCRYPTION
  ubifs: Raise write version to 5

 fs/crypto/crypto.c       |  83 ++++----
 fs/crypto/fname.c        |   4 +-
 fs/ext4/inode.c          |   7 +-
 fs/ext4/page-io.c        |   3 +-
 fs/f2fs/data.c           |   5 +-
 fs/ubifs/Kconfig         |  11 ++
 fs/ubifs/Makefile        |   1 +
 fs/ubifs/crypto.c        |  97 ++++++++++
 fs/ubifs/debug.c         |  14 +-
 fs/ubifs/dir.c           | 478 ++++++++++++++++++++++++++++++++++++++++-------
 fs/ubifs/file.c          | 108 ++++++++++-
 fs/ubifs/ioctl.c         |  40 ++++
 fs/ubifs/journal.c       | 224 ++++++++++++----------
 fs/ubifs/key.h           |  21 ++-
 fs/ubifs/replay.c        |  10 +-
 fs/ubifs/sb.c            |  59 ++++++
 fs/ubifs/super.c         |  17 +-
 fs/ubifs/tnc.c           | 168 +++++++++++++----
 fs/ubifs/ubifs-media.h   |  29 ++-
 fs/ubifs/ubifs.h         | 104 +++++++++--
 fs/ubifs/xattr.c         | 116 +++++++-----
 include/linux/fscrypto.h |  38 ++--
 22 files changed, 1299 insertions(+), 338 deletions(-)
 create mode 100644 fs/ubifs/crypto.c

-- 
2.7.3