Message ID | 20190805162521.90882-1-ebiggers@kernel.org |
---|---|
Headers | show
Return-Path: <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="AZ8WUtYP"; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="Jj9v+7sB"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 462NZC5bYbz9s7T for <incoming@patchwork.ozlabs.org>; Tue, 6 Aug 2019 02:31:31 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=eiXQmfe8vmR8aEcVStRX1+MLyWHIe4pnhD6aPSuXW0U=; b=AZ8WUtYP6Lu0Am M7Wa4n2AgHmP//rg8ouM8HI/N5pEKLvVm8Lxf7geOHelnQCkuxIjdccaQMxm2NzcJRIMIED5s6JpS YdDhvjZ2VVUT88nHVGkzcL/oFtVUMQrAgohP8NdWEgcMODXQM//3Pcya9cGdGGM/hfgyGbWoTZL83 g7lq+WC3PD+GLIUW3UEO7WpAhXFFxl3YfcS2nw66M8u53n4jPjqUyT6Qx/hI+pLn4KSKeKr33Ny8x wu5GmKS0opvQTsRqTCzMOI7AAv6sECKJ6cHdK2GE9TNDe0I7ks/lr6f3Q+68CnXQu2WI6Zn1R2RHo /2uZ4OqS3pBkh/T+R8lA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1huftB-0002hi-95; Mon, 05 Aug 2019 16:31:13 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hufqc-0008K9-4q for linux-mtd@lists.infradead.org; Mon, 05 Aug 2019 16:28:38 +0000 Received: from ebiggers-linuxstation.mtv.corp.google.com (unknown [104.132.1.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BEDFE2086D; Mon, 5 Aug 2019 16:28:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565022510; bh=LqkJPwRbIJWtTHNU/mQ+ZTHl9Y6z46DQPE4wViYyWpY=; h=From:To:Cc:Subject:Date:From; b=Jj9v+7sB6Z88nnGXHknp8hg9fJROfiKAgjPeVw69CrAucIln0d0DJMQ8AjcBHurFS oCanS3XIpi2kEGEJEjduU5NrseXQo6VwAuIhAXTzwT8wZWfPSNjJI9iVlRkd9NLINP BRUZpvXPd5Wr5zolve8SVg4hxAZQQpQa18Gx5x+g= From: Eric Biggers <ebiggers@kernel.org> To: linux-fscrypt@vger.kernel.org Subject: [PATCH v8 00/20] fscrypt: key management improvements Date: Mon, 5 Aug 2019 09:25:01 -0700 Message-Id: <20190805162521.90882-1-ebiggers@kernel.org> X-Mailer: git-send-email 2.22.0.770.g0f2c4a37fd-goog MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190805_092834_847765_C0D1A808 X-CRM114-Status: GOOD ( 26.37 ) X-Spam-Score: -5.2 (-----) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-5.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/, high trust [198.145.29.99 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux MTD discussion mailing list <linux-mtd.lists.infradead.org> List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-mtd>, <mailto:linux-mtd-request@lists.infradead.org?subject=unsubscribe> List-Archive: <http://lists.infradead.org/pipermail/linux-mtd/> List-Post: <mailto:linux-mtd@lists.infradead.org> List-Help: <mailto:linux-mtd-request@lists.infradead.org?subject=help> List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-mtd>, <mailto:linux-mtd-request@lists.infradead.org?subject=subscribe> Cc: Satya Tangirala <satyat@google.com>, Theodore Ts'o <tytso@mit.edu>, linux-api@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, keyrings@vger.kernel.org, linux-mtd@lists.infradead.org, linux-crypto@vger.kernel.org, linux-fsdevel@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org>, linux-ext4@vger.kernel.org, Paul Crowley <paulcrowley@google.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org> Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org |
Series |
fscrypt: key management improvements
|
expand
|
On Mon, Aug 05, 2019 at 09:25:01AM -0700, Eric Biggers wrote: > Hello, > > [Note: I'd like to apply this for v5.4. Additional review is greatly > appreciated, especially of the API before it's set in stone. Thanks!] > > This patchset makes major improvements to how keys are added, removed, > and derived in fscrypt, aka ext4/f2fs/ubifs encryption. It does this by > adding new ioctls that add and remove encryption keys directly to/from > the filesystem, and by adding a new encryption policy version ("v2") > where the user-provided keys are only used as input to HKDF-SHA512 and > are identified by their cryptographic hash. > > All new APIs and all cryptosystem changes are documented in > Documentation/filesystems/fscrypt.rst. Userspace can use the new key > management ioctls with existing encrypted directories, but migrating to > v2 encryption policies is needed for the full benefits. > I've applied this patchset to the fscrypt tree for 5.4. - Eric