From: Anand Jain <anand.jain@oracle.com>
To: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>,
linux-btrfs@vger.kernel.org, fstests@vger.kernel.org,
kernel-team@meta.com, ebiggers@google.com, fdmanana@suse.com,
linux-fscrypt@vger.kernel.org, fsverity@lists.linux.dev,
zlang@kernel.org
Subject: Re: [RFC PATCH v3 2/9] common/encrypt: add btrfs to get_encryption_*nonce
Date: Mon, 2 Oct 2023 19:22:12 +0800 [thread overview]
Message-ID: <af816e3b-305c-d6a1-ab65-e5f9be5f0902@oracle.com> (raw)
In-Reply-To: <dd7c1bbeb443fbb6d0836fe2b5be394c991dc4d0.1691530000.git.sweettea-kernel@dorminy.me>
On 09/08/2023 01:21, Sweet Tea Dorminy wrote:
> Add the modes of getting the encryption nonces, either inode or extent,
> to the various get_encryption_nonce functions. For now, no encrypt test
> makes a file with more than one extent, so we can just grab the first
> extent's nonce for the data nonce; when we write a bigger file test,
> we'll need to change that.
>
> Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
> ---
> common/encrypt | 31 +++++++++++++++++++++++++++++++
> tests/generic/613 | 4 ++++
> 2 files changed, 35 insertions(+)
>
> diff --git a/common/encrypt b/common/encrypt
> index 04b6e5ac..fc1c8cc7 100644
> --- a/common/encrypt
> +++ b/common/encrypt
> @@ -531,6 +531,17 @@ _get_encryption_file_nonce()
> found = 0;
> }'
> ;;
> + btrfs)
> + # Retrieve the fscrypt context for an inode as a hex string.
> + # btrfs prints these like:
> + # item 14 key ($inode FSCRYPT_CTXT_ITEM 0) itemoff 15491 itemsize 40
> + # value: 02010400000000008fabf3dd745d41856e812458cd765bf0140f41d62853f4c0351837daff4dcc8f
> +
> + $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \
> + grep -A 1 "key ($inode FSCRYPT_CTXT_ITEM 0)" | \
> + grep --only-matching 'value: [[:xdigit:]]\+' | \
> + tr -d ' \n' | tail -c 32
> + ;;
> *)
> _fail "_get_encryption_file_nonce() isn't implemented on $FSTYP"
> ;;
> @@ -550,6 +561,23 @@ _get_encryption_data_nonce()
> ext4|f2fs)
> _get_encryption_file_nonce $device $inode
> ;;
> + btrfs)
> + # Retrieve the encryption IV of the first file extent in an inode as a hex
> + # string. btrfs prints the file extents (for simple unshared
> + # inodes) like:
> + # item 21 key ($inode EXTENT_DATA 0) itemoff 2534 itemsize 69
> + # generation 7 type 1 (regular)
> + # extent data disk byte 5304320 nr 1048576
> + # extent data offset 0 nr 1048576 ram 1048576
> + # extent compression 0 (none)
> + # extent encryption 161 ((1, 40: context 0201040200000000116a77667261d7422a4b1ed8c427e685edb7a0d370d0c9d40030333033333330))
Mixed indentation.
another nit to consider fixing if sending a reroll.
Thanks, Anand
> +
> +
> + $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \
> + grep -A 5 "key ($inode EXTENT_DATA 0)" | \
> + grep --only-matching 'context [[:xdigit:]]\+' | \
> + tr -d ' \n' | tail -c 32
> + ;;
> *)
> _fail "_get_encryption_data_nonce() isn't implemented on $FSTYP"
> ;;
> @@ -572,6 +600,9 @@ _require_get_encryption_nonce_support()
> # Otherwise the xattr is incorrectly parsed as v1. But just let
> # the test fail in that case, as it was an f2fs-tools bug...
> ;;
> + btrfs)
> + _require_command "$BTRFS_UTIL_PROG" btrfs
> + ;;
> *)
> _notrun "_get_encryption_*nonce() isn't implemented on $FSTYP"
> ;;
> diff --git a/tests/generic/613 b/tests/generic/613
> index 47c60e9c..279b1bfb 100755
> --- a/tests/generic/613
> +++ b/tests/generic/613
> @@ -69,6 +69,10 @@ echo -n > $tmp.nonces_hex
> echo -n > $tmp.nonces_bin
> for inode in "${inodes[@]}"; do
> nonce=$(_get_encryption_data_nonce $SCRATCH_DEV $inode)
> + if [ "$FSTYP" == "btrfs" ] && [ "$nonce" == "" ]
> + then
> + nonce=$(_get_encryption_file_nonce $SCRATCH_DEV $inode)
> + fi
> if (( ${#nonce} != 32 )) || [ -n "$(echo "$nonce" | tr -d 0-9a-fA-F)" ]
> then
> _fail "Expected nonce for inode $inode to be 16 bytes (32 hex characters), but got \"$nonce\""
next prev parent reply other threads:[~2023-10-02 11:22 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-08 17:21 [RFC PATCH v3 0/9] fstests: add btrfs encryption testing Sweet Tea Dorminy
2023-08-08 17:21 ` [RFC PATCH v3 1/9] common/encrypt: separate data and inode nonces Sweet Tea Dorminy
2023-08-08 17:21 ` [RFC PATCH v3 2/9] common/encrypt: add btrfs to get_encryption_*nonce Sweet Tea Dorminy
2023-10-02 11:22 ` Anand Jain [this message]
2023-08-08 17:21 ` [RFC PATCH v3 3/9] common/encrypt: add btrfs to get_ciphertext_filename Sweet Tea Dorminy
2023-08-08 17:21 ` [RFC PATCH v3 4/9] common/encrypt: enable making a encrypted btrfs filesystem Sweet Tea Dorminy
2023-08-08 17:21 ` [RFC PATCH v3 5/9] generic/613: write some actual data for btrfs Sweet Tea Dorminy
2023-08-08 17:21 ` [RFC PATCH v3 6/9] tests: adjust generic/429 for extent encryption Sweet Tea Dorminy
2023-10-02 11:20 ` Anand Jain
2023-08-08 17:21 ` [RFC PATCH v3 7/9] common/verity: explicitly don't allow btrfs encryption Sweet Tea Dorminy
2023-08-08 17:21 ` [RFC PATCH v3 8/9] btrfs: add simple test of reflink of encrypted data Sweet Tea Dorminy
2023-08-08 17:21 ` [RFC PATCH v3 9/9] btrfs: test snapshotting encrypted subvol Sweet Tea Dorminy
2023-08-08 18:46 ` Sweet Tea Dorminy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=af816e3b-305c-d6a1-ab65-e5f9be5f0902@oracle.com \
--to=anand.jain@oracle.com \
--cc=ebiggers@google.com \
--cc=fdmanana@suse.com \
--cc=fstests@vger.kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=kernel-team@meta.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=sweettea-kernel@dorminy.me \
--cc=zlang@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).