fscrypt.git/actions/config.go, branch v0.2.6 Go tool for managing Linux filesystem encryption Metadata support for v2 encryption policies 2020-01-05T18:02:13+00:00 Eric Biggers ebiggers@google.com 2019-12-16T03:31:39+00:00 2b25de6d445faefc28629603dd754aec9f744e60 Linux v5.4 and later supports v2 encryption policies. These have several advantages over v1 encryption policies: - Their encryption keys can be added/removed to/from the filesystem by non-root users, thus gaining the benefits of the filesystem keyring while also retaining support for non-root use. - They use a more standard, secure, and flexible key derivation function. Because of this, some future kernel-level fscrypt features will be implemented for v2 policies only. - They prevent a denial-of-service attack where a user could associate the wrong key with another user's encrypted files. Prepare the fscrypt tool to support v2 encryption policies by: - Adding a policy_version field to the EncryptionOptions, i.e. to the config file and to the policy metadata files. - Using the kernel-specified algorithm to compute the key descriptor for v2 policies. - Handling setting and getting v2 policies. Actually adding/removing the keys for v2 policies to/from the kernel is left for the next patch. 
Linux v5.4 and later supports v2 encryption policies.  These have
several advantages over v1 encryption policies:

- Their encryption keys can be added/removed to/from the filesystem by
  non-root users, thus gaining the benefits of the filesystem keyring
  while also retaining support for non-root use.

- They use a more standard, secure, and flexible key derivation
  function.  Because of this, some future kernel-level fscrypt features
  will be implemented for v2 policies only.

- They prevent a denial-of-service attack where a user could associate
  the wrong key with another user's encrypted files.

Prepare the fscrypt tool to support v2 encryption policies by:

- Adding a policy_version field to the EncryptionOptions, i.e. to the
  config file and to the policy metadata files.

- Using the kernel-specified algorithm to compute the key descriptor for
  v2 policies.

- Handling setting and getting v2 policies.

Actually adding/removing the keys for v2 policies to/from the kernel is
left for the next patch.
actions/config: ensure config file is created with mode 0644 (#152) 2019-10-24T05:18:45+00:00 ebiggers ebiggers@google.com 2019-10-24T05:18:45+00:00 a5b805f03d5add8a1750f564bebf9f6eac035ec1 If the user has set a restrictive umask, e.g. 0077, then /etc/fscrypt.conf would be created without the world-readable bit set. Fix it by overriding the umask when creating the file. Resolves https://github.com/google/fscrypt/issues/151 
If the user has set a restrictive umask, e.g. 0077, then
/etc/fscrypt.conf would be created without the world-readable bit set.
Fix it by overriding the umask when creating the file.

Resolves https://github.com/google/fscrypt/issues/151
 Fix various typos and grammatical errors (#141) 2019-09-09T02:46:59+00:00 ebiggers ebiggers@google.com 2019-09-09T02:46:59+00:00 6445dad7d66fa6a1867090fcd9602c98863649f6 These were found by a combination of manual review and a custom script that checks for common errors. Also removed an outdated sentence from the comment for setupBefore(). 
These were found by a combination of manual review and a custom script
that checks for common errors.

Also removed an outdated sentence from the comment for setupBefore().
 Format files correctly 2018-01-11T04:37:25+00:00 Joe Richey joerichey@google.com joerichey@google.com 2018-01-11T04:37:25+00:00 a507228a795328d88c9c1ad4fd31fcfef639fa0f 






Limit the amount of RAM that will be used
2018-01-11T04:24:15+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2018-01-11T04:24:15+00:00

7b5380f9a81ad259a810d6bc965b206f37a8efeb

Fixes #73.

Adds maxMemoryBytes as 128MiB and cleans up the helper
functions/variables to make it more clear which values are a number of
bytes, and which values are a number of KiB.





Fixes #73.

Adds maxMemoryBytes as 128MiB and cleans up the helper
functions/variables to make it more clear which values are a number of
bytes, and which values are a number of KiB.







actions: calculate password hash difficulty correctly
2017-08-07T17:05:53+00:00

Eric Biggers
ebiggers@google.com

2017-08-07T17:05:53+00:00

297b46e65415c7d032844b39e7504bb862e2ea28

'fscrypt setup' is supposed to calibrate the Argon2 password hashing
difficulty to 1s by default, but actually it was setting it to only 1s /
num_cpus because the hashing is done with all CPUs and it is timed using
the CLOCK_PROCESS_CPUTIME_ID clock, which measures the time spent by all
threads in the process.  Fix this by dividing the elapsed time by
HashingCosts.Parallelism, which is used as the number of threads.





'fscrypt setup' is supposed to calibrate the Argon2 password hashing
difficulty to 1s by default, but actually it was setting it to only 1s /
num_cpus because the hashing is done with all CPUs and it is timed using
the CLOCK_PROCESS_CPUTIME_ID clock, which measures the time spent by all
threads in the process.  Fix this by dividing the elapsed time by
HashingCosts.Parallelism, which is used as the number of threads.







Finalize import paths and documentation
2017-06-28T22:15:21+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-06-28T20:57:55+00:00

2c52eca8727df744d093703bbcbd87fc39d57d30

This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.

Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).

Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280





This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.

Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).

Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280







actions: error handling and API changed
2017-06-28T22:15:15+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-06-21T17:03:44+00:00

93415b198a3ef427c02893b8fdf036aa75ffe50f

This commit changes the error handling for the actions package to use
the error handling library github.com/pkg/errors. This means replacing
"errors" with "github.com/pkg/errors", reworking some of the error
values, and wrapping some errors with additional context.

This commit also changes the Protector/Policy API, moving most of the
package functionality into Protector or Policy methods. These types are
now "locked" when they are queried from the filesystem, and Unlock()
must be used to get their corresponding keys. Note that only certain
operations will require unlocking the keys. Certain unnecessary
functions and methods are also removed.

This CL also fixes two bugs reported by Tyler Hicks in CreateConfigFile.
CPU time is used instead of wall time, and kiB is used instead of kB.

Change-Id: I88f45659e9fe4938d148843e3289e7b6d5b698d8





This commit changes the error handling for the actions package to use
the error handling library github.com/pkg/errors. This means replacing
"errors" with "github.com/pkg/errors", reworking some of the error
values, and wrapping some errors with additional context.

This commit also changes the Protector/Policy API, moving most of the
package functionality into Protector or Policy methods. These types are
now "locked" when they are queried from the filesystem, and Unlock()
must be used to get their corresponding keys. Note that only certain
operations will require unlocking the keys. Certain unnecessary
functions and methods are also removed.

This CL also fixes two bugs reported by Tyler Hicks in CreateConfigFile.
CPU time is used instead of wall time, and kiB is used instead of kB.

Change-Id: I88f45659e9fe4938d148843e3289e7b6d5b698d8







actions: Simplify the callback mechanism
2017-06-26T22:40:08+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-06-01T00:54:35+00:00

defd27f75df3a6eef84ac33adf89b1ce255e738c

This commit makes the callbacks for getting keys easier to understand.
Functions which need keys now take a KeyFunc callback. This callback
contains a ProtectorInfo parameter (basically a read-only version of
metadata.ProtectorData) and a boolean which indicates if the call is
being retried. The documentation is also updated to say which functions
will retry the KeyFunc.

For selecting a protector, there is now an OptionFunc callback which
takes a slice of ProtectorOptions. A ProtectorOption is a ProtectorInfo
along with additional information about a linked filesystem (if
applicable).

This commit also adds in methods for getting the protector options for a
specific filesystem or policy. It also adds a function for getting the
policy descriptor for a specific path.

Change-Id: I41e0d94ffd44e7166b0c5cf1b5d18437960bdf90





This commit makes the callbacks for getting keys easier to understand.
Functions which need keys now take a KeyFunc callback. This callback
contains a ProtectorInfo parameter (basically a read-only version of
metadata.ProtectorData) and a boolean which indicates if the call is
being retried. The documentation is also updated to say which functions
will retry the KeyFunc.

For selecting a protector, there is now an OptionFunc callback which
takes a slice of ProtectorOptions. A ProtectorOption is a ProtectorInfo
along with additional information about a linked filesystem (if
applicable).

This commit also adds in methods for getting the protector options for a
specific filesystem or policy. It also adds a function for getting the
policy descriptor for a specific path.

Change-Id: I41e0d94ffd44e7166b0c5cf1b5d18437960bdf90







actions: generate a config file for fscrypt
2017-05-31T19:41:30+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-05-24T01:57:13+00:00

a14724d335a87c3f7a12f7f0837cfc01ec995b82

This commit adds in the actions package. This package will be the
highest-level interface to the fscrypt packages. The public functions
in this package will be called directly from cmd/fscrypt.

The actions added in this commit pertain to creating and reading the
fscrypt global config file "fscrypt.conf". The challenging part about
creating this file is finding the correct hashing parameters for the
desired time target.

The getHashingCosts() function finds the desired costs by doubling the
costs and running the passphrase hash until the target is exceeded.
Then, a cost estimate is obtained using a linear interpolation between
the last two costs (and their time results).

Change-Id: I4a0eaf4856ec4ff49eb4360da3267f7caa9d07b2





This commit adds in the actions package. This package will be the
highest-level interface to the fscrypt packages. The public functions
in this package will be called directly from cmd/fscrypt.

The actions added in this commit pertain to creating and reading the
fscrypt global config file "fscrypt.conf". The challenging part about
creating this file is finding the correct hashing parameters for the
desired time target.

The getHashingCosts() function finds the desired costs by doubling the
costs and running the passphrase hash until the target is exceeded.
Then, a cost estimate is obtained using a linear interpolation between
the last two costs (and their time results).

Change-Id: I4a0eaf4856ec4ff49eb4360da3267f7caa9d07b2