Signed-off-by: Theodore Ts'o <[email protected]>
---
fs/ext4/ext4.h | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index a75fba6..b7f393d 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -364,7 +364,8 @@ struct flex_groups {
#define EXT4_DIRTY_FL 0x00000100
#define EXT4_COMPRBLK_FL 0x00000200 /* One or more compressed clusters */
#define EXT4_NOCOMPR_FL 0x00000400 /* Don't compress */
-#define EXT4_ECOMPR_FL 0x00000800 /* Compression error */
+ /* nb: was previously EXT2_ECOMPR_FL */
+#define EXT4_ENCRYPT_FL 0x00000800 /* encrypted file */
/* End compression flags --- maybe not all used */
#define EXT4_INDEX_FL 0x00001000 /* hash-indexed directory */
#define EXT4_IMAGIC_FL 0x00002000 /* AFS directory */
@@ -421,7 +422,7 @@ enum {
EXT4_INODE_DIRTY = 8,
EXT4_INODE_COMPRBLK = 9, /* One or more compressed clusters */
EXT4_INODE_NOCOMPR = 10, /* Don't compress */
- EXT4_INODE_ECOMPR = 11, /* Compression error */
+ EXT4_INODE_ENCRYPT = 11, /* Compression error */
/* End compression flags --- maybe not all used */
EXT4_INODE_INDEX = 12, /* hash-indexed directory */
EXT4_INODE_IMAGIC = 13, /* AFS directory */
@@ -466,7 +467,7 @@ static inline void ext4_check_flag_values(void)
CHECK_FLAG_VALUE(DIRTY);
CHECK_FLAG_VALUE(COMPRBLK);
CHECK_FLAG_VALUE(NOCOMPR);
- CHECK_FLAG_VALUE(ECOMPR);
+ CHECK_FLAG_VALUE(ENCRYPT);
CHECK_FLAG_VALUE(INDEX);
CHECK_FLAG_VALUE(IMAGIC);
CHECK_FLAG_VALUE(JOURNAL_DATA);
@@ -1043,6 +1044,12 @@ extern void ext4_set_bits(void *bm, int cur, int len);
/* Metadata checksum algorithm codes */
#define EXT4_CRC32C_CHKSUM 1
+/* Encryption algorithms */
+#define EXT4_ENCRYPTION_MODE_INVALID 0
+#define EXT4_ENCRYPTION_MODE_AES_256_XTS 1
+#define EXT4_ENCRYPTION_MODE_AES_256_GCM 2
+#define EXT4_ENCRYPTION_MODE_AES_256_CBC 3
+
/*
* Structure of the super block
*/
@@ -1156,7 +1163,8 @@ struct ext4_super_block {
__le32 s_grp_quota_inum; /* inode for tracking group quota */
__le32 s_overhead_clusters; /* overhead blocks/clusters in fs */
__le32 s_backup_bgs[2]; /* groups with sparse_super2 SBs */
- __le32 s_reserved[106]; /* Padding to the end of the block */
+ __u8 s_encrypt_algos[4]; /* Encryption algorithms in use */
+ __le32 s_reserved[105]; /* Padding to the end of the block */
__le32 s_checksum; /* crc32c(superblock) */
};
@@ -1537,6 +1545,7 @@ static inline void ext4_clear_state_flags(struct ext4_inode_info *ei)
#define EXT4_FEATURE_INCOMPAT_BG_USE_META_CSUM 0x2000 /* use crc32c for bg */
#define EXT4_FEATURE_INCOMPAT_LARGEDIR 0x4000 /* >2GB or 3-lvl htree */
#define EXT4_FEATURE_INCOMPAT_INLINE_DATA 0x8000 /* data in inode */
+#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000
#define EXT2_FEATURE_COMPAT_SUPP EXT4_FEATURE_COMPAT_EXT_ATTR
#define EXT2_FEATURE_INCOMPAT_SUPP (EXT4_FEATURE_INCOMPAT_FILETYPE| \
--
2.1.0
On Fri, Jan 23, 2015 at 02:36:21PM -0500, Theodore Ts'o wrote:
> Signed-off-by: Theodore Ts'o <[email protected]>
> ---
> fs/ext4/ext4.h | 17 +++++++++++++----
> 1 file changed, 13 insertions(+), 4 deletions(-)
>
> diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
> index a75fba6..b7f393d 100644
> --- a/fs/ext4/ext4.h
> +++ b/fs/ext4/ext4.h
> @@ -364,7 +364,8 @@ struct flex_groups {
> #define EXT4_DIRTY_FL 0x00000100
> #define EXT4_COMPRBLK_FL 0x00000200 /* One or more compressed clusters */
> #define EXT4_NOCOMPR_FL 0x00000400 /* Don't compress */
> -#define EXT4_ECOMPR_FL 0x00000800 /* Compression error */
> + /* nb: was previously EXT2_ECOMPR_FL */
> +#define EXT4_ENCRYPT_FL 0x00000800 /* encrypted file */
> /* End compression flags --- maybe not all used */
> #define EXT4_INDEX_FL 0x00001000 /* hash-indexed directory */
> #define EXT4_IMAGIC_FL 0x00002000 /* AFS directory */
> @@ -421,7 +422,7 @@ enum {
> EXT4_INODE_DIRTY = 8,
> EXT4_INODE_COMPRBLK = 9, /* One or more compressed clusters */
> EXT4_INODE_NOCOMPR = 10, /* Don't compress */
> - EXT4_INODE_ECOMPR = 11, /* Compression error */
> + EXT4_INODE_ENCRYPT = 11, /* Compression error */
Encryption error?
> /* End compression flags --- maybe not all used */
> EXT4_INODE_INDEX = 12, /* hash-indexed directory */
> EXT4_INODE_IMAGIC = 13, /* AFS directory */
> @@ -466,7 +467,7 @@ static inline void ext4_check_flag_values(void)
> CHECK_FLAG_VALUE(DIRTY);
> CHECK_FLAG_VALUE(COMPRBLK);
> CHECK_FLAG_VALUE(NOCOMPR);
> - CHECK_FLAG_VALUE(ECOMPR);
> + CHECK_FLAG_VALUE(ENCRYPT);
> CHECK_FLAG_VALUE(INDEX);
> CHECK_FLAG_VALUE(IMAGIC);
> CHECK_FLAG_VALUE(JOURNAL_DATA);
> @@ -1043,6 +1044,12 @@ extern void ext4_set_bits(void *bm, int cur, int len);
> /* Metadata checksum algorithm codes */
> #define EXT4_CRC32C_CHKSUM 1
>
> +/* Encryption algorithms */
> +#define EXT4_ENCRYPTION_MODE_INVALID 0
> +#define EXT4_ENCRYPTION_MODE_AES_256_XTS 1
> +#define EXT4_ENCRYPTION_MODE_AES_256_GCM 2
> +#define EXT4_ENCRYPTION_MODE_AES_256_CBC 3
> +
> /*
> * Structure of the super block
> */
> @@ -1156,7 +1163,8 @@ struct ext4_super_block {
> __le32 s_grp_quota_inum; /* inode for tracking group quota */
> __le32 s_overhead_clusters; /* overhead blocks/clusters in fs */
> __le32 s_backup_bgs[2]; /* groups with sparse_super2 SBs */
> - __le32 s_reserved[106]; /* Padding to the end of the block */
> + __u8 s_encrypt_algos[4]; /* Encryption algorithms in use */
Does this imply that one can have up to 4 algorithms in use at once?
Are there any other disk format changes that the wiki documentation should be
aware of?
--D
> + __le32 s_reserved[105]; /* Padding to the end of the block */
> __le32 s_checksum; /* crc32c(superblock) */
> };
>
> @@ -1537,6 +1545,7 @@ static inline void ext4_clear_state_flags(struct ext4_inode_info *ei)
> #define EXT4_FEATURE_INCOMPAT_BG_USE_META_CSUM 0x2000 /* use crc32c for bg */
> #define EXT4_FEATURE_INCOMPAT_LARGEDIR 0x4000 /* >2GB or 3-lvl htree */
> #define EXT4_FEATURE_INCOMPAT_INLINE_DATA 0x8000 /* data in inode */
> +#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000
>
> #define EXT2_FEATURE_COMPAT_SUPP EXT4_FEATURE_COMPAT_EXT_ATTR
> #define EXT2_FEATURE_INCOMPAT_SUPP (EXT4_FEATURE_INCOMPAT_FILETYPE| \
> --
> 2.1.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Is one of the encryption types able to be hardware accelerated by
newer CPUs, as we do for CRC32c? My recollection is that AES-NI
can be hardware accelerated, but I don't know whether that maps
to the AES-256-{XTS, GCM, CBC} modes that are included with
this patch. It would be worthwhile to confirm this before hard-coding
the supported encryption types in the kernel.
Cheers, Andreas
> On Jan 23, 2015, at 11:36, Theodore Ts'o <[email protected]> wrote:
>
> Signed-off-by: Theodore Ts'o <[email protected]>
> ---
> fs/ext4/ext4.h | 17 +++++++++++++----
> 1 file changed, 13 insertions(+), 4 deletions(-)
>
> diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
> index a75fba6..b7f393d 100644
> --- a/fs/ext4/ext4.h
> +++ b/fs/ext4/ext4.h
> @@ -364,7 +364,8 @@ struct flex_groups {
> #define EXT4_DIRTY_FL 0x00000100
> #define EXT4_COMPRBLK_FL 0x00000200 /* One or more compressed clusters */
> #define EXT4_NOCOMPR_FL 0x00000400 /* Don't compress */
> -#define EXT4_ECOMPR_FL 0x00000800 /* Compression error */
> + /* nb: was previously EXT2_ECOMPR_FL */
> +#define EXT4_ENCRYPT_FL 0x00000800 /* encrypted file */
> /* End compression flags --- maybe not all used */
> #define EXT4_INDEX_FL 0x00001000 /* hash-indexed directory */
> #define EXT4_IMAGIC_FL 0x00002000 /* AFS directory */
> @@ -421,7 +422,7 @@ enum {
> EXT4_INODE_DIRTY = 8,
> EXT4_INODE_COMPRBLK = 9, /* One or more compressed clusters */
> EXT4_INODE_NOCOMPR = 10, /* Don't compress */
> - EXT4_INODE_ECOMPR = 11, /* Compression error */
> + EXT4_INODE_ENCRYPT = 11, /* Compression error */
> /* End compression flags --- maybe not all used */
> EXT4_INODE_INDEX = 12, /* hash-indexed directory */
> EXT4_INODE_IMAGIC = 13, /* AFS directory */
> @@ -466,7 +467,7 @@ static inline void ext4_check_flag_values(void)
> CHECK_FLAG_VALUE(DIRTY);
> CHECK_FLAG_VALUE(COMPRBLK);
> CHECK_FLAG_VALUE(NOCOMPR);
> - CHECK_FLAG_VALUE(ECOMPR);
> + CHECK_FLAG_VALUE(ENCRYPT);
> CHECK_FLAG_VALUE(INDEX);
> CHECK_FLAG_VALUE(IMAGIC);
> CHECK_FLAG_VALUE(JOURNAL_DATA);
> @@ -1043,6 +1044,12 @@ extern void ext4_set_bits(void *bm, int cur, int len);
> /* Metadata checksum algorithm codes */
> #define EXT4_CRC32C_CHKSUM 1
>
> +/* Encryption algorithms */
> +#define EXT4_ENCRYPTION_MODE_INVALID 0
> +#define EXT4_ENCRYPTION_MODE_AES_256_XTS 1
> +#define EXT4_ENCRYPTION_MODE_AES_256_GCM 2
> +#define EXT4_ENCRYPTION_MODE_AES_256_CBC 3
> +
> /*
> * Structure of the super block
> */
> @@ -1156,7 +1163,8 @@ struct ext4_super_block {
> __le32 s_grp_quota_inum; /* inode for tracking group quota */
> __le32 s_overhead_clusters; /* overhead blocks/clusters in fs */
> __le32 s_backup_bgs[2]; /* groups with sparse_super2 SBs */
> - __le32 s_reserved[106]; /* Padding to the end of the block */
> + __u8 s_encrypt_algos[4]; /* Encryption algorithms in use */
> + __le32 s_reserved[105]; /* Padding to the end of the block */
> __le32 s_checksum; /* crc32c(superblock) */
> };
>
> @@ -1537,6 +1545,7 @@ static inline void ext4_clear_state_flags(struct ext4_inode_info *ei)
> #define EXT4_FEATURE_INCOMPAT_BG_USE_META_CSUM 0x2000 /* use crc32c for bg */
> #define EXT4_FEATURE_INCOMPAT_LARGEDIR 0x4000 /* >2GB or 3-lvl htree */
> #define EXT4_FEATURE_INCOMPAT_INLINE_DATA 0x8000 /* data in inode */
> +#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000
>
> #define EXT2_FEATURE_COMPAT_SUPP EXT4_FEATURE_COMPAT_EXT_ATTR
> #define EXT2_FEATURE_INCOMPAT_SUPP (EXT4_FEATURE_INCOMPAT_FILETYPE| \
> --
> 2.1.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Jan 23, 2015 at 11:41:25AM -0800, Darrick J. Wong wrote:
> On Fri, Jan 23, 2015 at 02:36:21PM -0500, Theodore Ts'o wrote:
> > Signed-off-by: Theodore Ts'o <[email protected]>
> > ---
> > fs/ext4/ext4.h | 17 +++++++++++++----
> > 1 file changed, 13 insertions(+), 4 deletions(-)
> >
> > diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
> > index a75fba6..b7f393d 100644
> > --- a/fs/ext4/ext4.h
> > +++ b/fs/ext4/ext4.h
> > @@ -364,7 +364,8 @@ struct flex_groups {
> > #define EXT4_DIRTY_FL 0x00000100
> > #define EXT4_COMPRBLK_FL 0x00000200 /* One or more compressed clusters */
> > #define EXT4_NOCOMPR_FL 0x00000400 /* Don't compress */
> > -#define EXT4_ECOMPR_FL 0x00000800 /* Compression error */
> > + /* nb: was previously EXT2_ECOMPR_FL */
> > +#define EXT4_ENCRYPT_FL 0x00000800 /* encrypted file */
> > /* End compression flags --- maybe not all used */
> > #define EXT4_INDEX_FL 0x00001000 /* hash-indexed directory */
> > #define EXT4_IMAGIC_FL 0x00002000 /* AFS directory */
> > @@ -421,7 +422,7 @@ enum {
> > EXT4_INODE_DIRTY = 8,
> > EXT4_INODE_COMPRBLK = 9, /* One or more compressed clusters */
> > EXT4_INODE_NOCOMPR = 10, /* Don't compress */
> > - EXT4_INODE_ECOMPR = 11, /* Compression error */
> > + EXT4_INODE_ENCRYPT = 11, /* Compression error */
>
> Encryption error?
No, it should actually be "inode is encrypted". My bad for not
catching the error in the comment; I'll fix that up.
- Ted
On Fri, Jan 23, 2015 at 11:41:25AM -0800, Darrick J. Wong wrote:
> On Fri, Jan 23, 2015 at 02:36:21PM -0500, Theodore Ts'o wrote:
> > +/* Encryption algorithms */
> > +#define EXT4_ENCRYPTION_MODE_INVALID 0
> > +#define EXT4_ENCRYPTION_MODE_AES_256_XTS 1
> > +#define EXT4_ENCRYPTION_MODE_AES_256_GCM 2
> > +#define EXT4_ENCRYPTION_MODE_AES_256_CBC 3
> > +
> > /*
> > * Structure of the super block
> > */
> > @@ -1156,7 +1163,8 @@ struct ext4_super_block {
> > __le32 s_grp_quota_inum; /* inode for tracking group quota */
> > __le32 s_overhead_clusters; /* overhead blocks/clusters in fs */
> > __le32 s_backup_bgs[2]; /* groups with sparse_super2 SBs */
> > - __le32 s_reserved[106]; /* Padding to the end of the block */
> > + __u8 s_encrypt_algos[4]; /* Encryption algorithms in use */
>
> Does this imply that one can have up to 4 algorithms in use at once?
For now. But that may be more in the future. According to what's
in-plan, the data contents may be protected with XTS or
GCM. Encryption happens on a per-file basis, so several different
files may be encrypted with several different modes in the same
volume. The file names are protected with CBC.
It's possible that we may want to add an integrity-only mode down the
road, such as HMAC-SHA1. Or when the CAESAR competition yields some
promising modes, we may want to use one of them.