Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp52892ybx;
        Wed, 6 Nov 2019 13:06:21 -0800 (PST)
X-Google-Smtp-Source: APXvYqyHf0hTiXdEpe2wpbVE/SDYfvTpROyC50s/08y9ck82/sOSrkrsuMd1JIVaTjA6Lf147Sxq
X-Received: by 2002:aa7:d299:: with SMTP id w25mr5248952edq.14.1573074381412;
        Wed, 06 Nov 2019 13:06:21 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1573074381; cv=none;
        d=google.com; s=arc-20160816;
        b=Fx2deVnVSO5qX7DeeyXI5dMRmqNBdw4ATzbd9dWp8JKeiTicjUxeg7M7xhP88tl+Ov
         ktO9V2jdPnH7aUUxSMY0Oi7Xcp2YpGiNi9Cx8fyJ9x8SI+xBQhOno201zXliKddMAhQT
         BRa+GsMbP1BePx4eeR1RfQ3GRnYfQSWbx/YTSnyhPgOXwPQ1bBzzQeToer30FyzVWndA
         WmTw9Jei08cQPugU5PNHiC8B3c1SnSMLsZdDHgeUpgQDvwXEt56UzKxT/Ey7KEGZe5bl
         luymEq+rlVcA3YVIjD39+gNX0NdxXhcqspP8sULRaLglE/tLZQIodNoH6r02X/HDgqUi
         KFHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:mail-followup-to
         :message-id:subject:cc:to:from:date:dkim-signature;
        bh=ccud3dLMQpcpAkVxqKG6sj5JPueJ0BZXmQ1WfHWHLvw=;
        b=MTgEjABVEwA85A6WsBOCjLW0QW64FpIxTpsIyh6t7Ifo446C+I3QVNS4e1FxbDN3Mn
         SywwG+z2frm6IB1B3vM6HQLOMWkoRuyXrV8TZhCMIhSPav3R8JTgwEAxQSz0f7b8CoEr
         sIztv/ffK0k/N4IWo+k9Rl/dUQedf9gLW3wfz+hFlmCugrNTj+flp3qYTb5y6axn6xFr
         6OLziNhK2GOEGFzUYV18CoJXC1gyRc3o1MZJbg3P7i8IKGYl49GvcT1y97KZsBvpb1lT
         bM61iAZf4qiQ5bI+8S/GKxKYXfrNe0PLxWjFQI84+QgrDG+PWhRw9NHUn9k5Aqs55m03
         Oaqg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ar8VeiM8;
       spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-ext4-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v13si24439eju.409.2019.11.06.13.05.48;
        Wed, 06 Nov 2019 13:06:21 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ar8VeiM8;
       spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727801AbfKFVEg (ORCPT <rfc822;lienze2010@gmail.com>
        + 99 others); Wed, 6 Nov 2019 16:04:36 -0500
Received: from mail.kernel.org ([198.145.29.99]:44344 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727351AbfKFVEg (ORCPT <rfc822;linux-ext4@vger.kernel.org>);
        Wed, 6 Nov 2019 16:04:36 -0500
Received: from gmail.com (unknown [104.132.1.77])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 7D4E020663;
        Wed,  6 Nov 2019 21:04:34 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1573074274;
        bh=gjl0DiLR6wZlVim/nV2ye21G7PfWS65h/U6LfKQDhOI=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=ar8VeiM8q2OQT8IoJYh3V+TV427A/Ul9oo2Nc+bBlNFftOaldwb8dJEju6gXLLTK/
         c5jxp1YbNtAI2dpDUDyh2rsJ6O/CA8ifSHEB7Cem82mpMWsqXgP77/aM3UnnzJ9dOF
         8vWJsJMWS7Rj2CGh8Qbh4EcGZaPviVhm4mbJmIo0=
Date:   Wed, 6 Nov 2019 13:04:33 -0800
From:   Eric Biggers <ebiggers@kernel.org>
To:     linux-fscrypt@vger.kernel.org
Cc:     linux-f2fs-devel@lists.sourceforge.net,
        "Theodore Y . Ts'o" <tytso@mit.edu>,
        Satya Tangirala <satyat@google.com>,
        Paul Lawrence <paullawrence@google.com>,
        linux-fsdevel@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org>,
        linux-ext4@vger.kernel.org, Paul Crowley <paulcrowley@google.com>
Subject: Re: [PATCH v2 0/3] fscrypt: support for IV_INO_LBLK_64 policies
Message-ID: <20191106210432.GB139580@gmail.com>
Mail-Followup-To: linux-fscrypt@vger.kernel.org,
        linux-f2fs-devel@lists.sourceforge.net,
        "Theodore Y . Ts'o" <tytso@mit.edu>,
        Satya Tangirala <satyat@google.com>,
        Paul Lawrence <paullawrence@google.com>,
        linux-fsdevel@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org>,
        linux-ext4@vger.kernel.org, Paul Crowley <paulcrowley@google.com>
References: <20191024215438.138489-1-ebiggers@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20191024215438.138489-1-ebiggers@kernel.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-ext4-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-ext4.vger.kernel.org>
X-Mailing-List: linux-ext4@vger.kernel.org

On Thu, Oct 24, 2019 at 02:54:35PM -0700, Eric Biggers wrote:
> Hello,
> 
> In preparation for adding inline encryption support to fscrypt, this
> patchset adds a new fscrypt policy flag which modifies the encryption to
> be optimized for inline encryption hardware compliant with the UFS v2.1
> standard or the upcoming version of the eMMC standard.
> 
> This means using per-mode keys instead of per-file keys, and in
> compensation including the inode number in the IVs.  For ext4, this
> precludes filesystem shrinking, so I've also added a compat feature
> which will prevent the filesystem from being shrunk.
> 
> I've separated this from the full "Inline Encryption Support" patchset
> (https://lkml.kernel.org/linux-fsdevel/20190821075714.65140-1-satyat@google.com/)
> to avoid conflating an implementation (inline encryption) with a new
> on-disk format (IV_INO_LBLK_64).  This patchset purely adds support for
> IV_INO_LBLK_64 policies to fscrypt, but implements them using the
> existing filesystem layer crypto.
> 
> We're planning to make the *implementation* (filesystem layer or inline
> crypto) be controlled by a mount option '-o inlinecrypt'.
> 
> This patchset applies to fscrypt.git#master and can also be retrieved from
> https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=inline-crypt-optimized-v2
> 
> I've written a ciphertext verification test for this new type of policy:
> https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/xfstests-dev.git/log/?h=inline-encryption
> 
> Work-in-progress patches for the inline encryption implementation of
> both IV_INO_LBLK_64 and regular policies can be found at
> https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=inline-encryption-wip
> 
> Changes v1 => v2:
> 
> - Rename the flag from INLINE_CRYPT_OPTIMIZED to IV_INO_LBLK_64.
> 
> - Use the same key derivation and IV generation scheme for filenames
>   encryption too.
> 
> - Improve the documentation and commit messages.
> 
> Eric Biggers (3):
>   fscrypt: add support for IV_INO_LBLK_64 policies
>   ext4: add support for IV_INO_LBLK_64 encryption policies
>   f2fs: add support for IV_INO_LBLK_64 encryption policies
> 
>  Documentation/filesystems/fscrypt.rst | 63 +++++++++++++++++----------
>  fs/crypto/crypto.c                    | 10 ++++-
>  fs/crypto/fscrypt_private.h           | 16 +++++--
>  fs/crypto/keyring.c                   |  6 ++-
>  fs/crypto/keysetup.c                  | 45 ++++++++++++++-----
>  fs/crypto/policy.c                    | 41 ++++++++++++++++-
>  fs/ext4/ext4.h                        |  2 +
>  fs/ext4/super.c                       | 14 ++++++
>  fs/f2fs/super.c                       | 26 ++++++++---
>  include/linux/fscrypt.h               |  3 ++
>  include/uapi/linux/fscrypt.h          |  3 +-
>  11 files changed, 182 insertions(+), 47 deletions(-)
> 
> -- 

Applied to fscrypt.git#master for 5.5.

- Eric