fscrypt.git/crypto/crypto.go, branch master Go tool for managing Linux filesystem encryption Re-run 'make format' with latest version of gofmt 2023-09-09T18:30:45+00:00 Eric Biggers ebiggers@google.com 2023-09-09T18:30:45+00:00 e663a3ee2287be77dcd44631b29147a1eddcb4f0 






Adjust nested lists to prevent gofmt from flattening them
2023-09-09T18:30:45+00:00

Eric Biggers
ebiggers@google.com

2023-09-09T18:30:45+00:00

c999f0b04c526a85d061a7461c0e4211e94f9fb7

The latest version of gofmt flattens the nested lists in comments in
crypto.go and filesystem.go.  According to
https://go.dev/doc/comment#mistakes, "Go doc comments do not support
nested lists".  However, that page also mentions that a workaround is to
use different list markers for each level.  Do that.





The latest version of gofmt flattens the nested lists in comments in
crypto.go and filesystem.go.  According to
https://go.dev/doc/comment#mistakes, "Go doc comments do not support
nested lists".  However, that page also mentions that a workaround is to
use different list markers for each level.  Do that.







crypto: improve errors
2020-05-09T22:21:31+00:00

Eric Biggers
ebiggers@google.com

2020-05-09T21:52:07+00:00

9383d4be92981a4c956c775479bb48b7eec9db79

ErrKeyLock:
	Rename to ErrMlockUlimit for clarity.

ErrGetrandomFail:
ErrKeyAlloc:
ErrKeyFree:
ErrNegativeLength:
	Replace these with one-off unnamed errors because these were all
	returned in only one place and were never checked for.  Also
	these were all either wrapped backwards or discarded an
	underlying error, so fix that too.





ErrKeyLock:
	Rename to ErrMlockUlimit for clarity.

ErrGetrandomFail:
ErrKeyAlloc:
ErrKeyFree:
ErrNegativeLength:
	Replace these with one-off unnamed errors because these were all
	returned in only one place and were never checked for.  Also
	these were all either wrapped backwards or discarded an
	underlying error, so fix that too.







Metadata support for v2 encryption policies
2020-01-05T18:02:13+00:00

Eric Biggers
ebiggers@google.com

2019-12-16T03:31:39+00:00

2b25de6d445faefc28629603dd754aec9f744e60

Linux v5.4 and later supports v2 encryption policies.  These have
several advantages over v1 encryption policies:

- Their encryption keys can be added/removed to/from the filesystem by
  non-root users, thus gaining the benefits of the filesystem keyring
  while also retaining support for non-root use.

- They use a more standard, secure, and flexible key derivation
  function.  Because of this, some future kernel-level fscrypt features
  will be implemented for v2 policies only.

- They prevent a denial-of-service attack where a user could associate
  the wrong key with another user's encrypted files.

Prepare the fscrypt tool to support v2 encryption policies by:

- Adding a policy_version field to the EncryptionOptions, i.e. to the
  config file and to the policy metadata files.

- Using the kernel-specified algorithm to compute the key descriptor for
  v2 policies.

- Handling setting and getting v2 policies.

Actually adding/removing the keys for v2 policies to/from the kernel is
left for the next patch.





Linux v5.4 and later supports v2 encryption policies.  These have
several advantages over v1 encryption policies:

- Their encryption keys can be added/removed to/from the filesystem by
  non-root users, thus gaining the benefits of the filesystem keyring
  while also retaining support for non-root use.

- They use a more standard, secure, and flexible key derivation
  function.  Because of this, some future kernel-level fscrypt features
  will be implemented for v2 policies only.

- They prevent a denial-of-service attack where a user could associate
  the wrong key with another user's encrypted files.

Prepare the fscrypt tool to support v2 encryption policies by:

- Adding a policy_version field to the EncryptionOptions, i.e. to the
  config file and to the policy metadata files.

- Using the kernel-specified algorithm to compute the key descriptor for
  v2 policies.

- Handling setting and getting v2 policies.

Actually adding/removing the keys for v2 policies to/from the kernel is
left for the next patch.







Add keyring package
2020-01-05T18:02:13+00:00

Eric Biggers
ebiggers@google.com

2019-12-16T03:31:39+00:00

462d166d5355d33a05271d24de4d52f30dd62f67

In preparation for introducing support for the new filesystem-level
keyrings, move the existing user keyring management code from
security/keyring.go and crypto/crypto.go into a new package, 'keyring'.

This package provides functions AddEncryptionKey, RemoveEncryptionKey,
and GetEncryptionKeyStatus which delegate to either the filesystem
keyring (added by a later patch) or to the user keyring.  This provides
a common interface to both types of keyrings, to the extent possible.





In preparation for introducing support for the new filesystem-level
keyrings, move the existing user keyring management code from
security/keyring.go and crypto/crypto.go into a new package, 'keyring'.

This package provides functions AddEncryptionKey, RemoveEncryptionKey,
and GetEncryptionKeyStatus which delegate to either the filesystem
keyring (added by a later patch) or to the user keyring.  This provides
a common interface to both types of keyrings, to the extent possible.







Fix various typos and grammatical errors (#141)
2019-09-09T02:46:59+00:00

ebiggers
ebiggers@google.com

2019-09-09T02:46:59+00:00

6445dad7d66fa6a1867090fcd9602c98863649f6

These were found by a combination of manual review and a custom script
that checks for common errors.

Also removed an outdated sentence from the comment for setupBefore().




These were found by a combination of manual review and a custom script
that checks for common errors.

Also removed an outdated sentence from the comment for setupBefore().






crypto: Move from libargon2 -> x/crypto/argon2
2018-02-09T11:36:11+00:00

Joseph Richey
joerichey94@gmail.com

2018-02-08T10:37:42+00:00

5d71e1d16b069d7f6f22b7978f696af493a3c846

Use the golang library for the hashing function instead of the reference
C implementation. This removes the dependancy on libargon2. As we are no
longer doing our own error checking, we also eliminate those tests.





Use the golang library for the hashing function instead of the reference
C implementation. This removes the dependancy on libargon2. As we are no
longer doing our own error checking, we also eliminate those tests.







crypto: Handle when "ulimit -l" is too low
2017-08-29T18:17:10+00:00

Joe Richey
joerichey94@gmail.com

2017-08-29T18:17:10+00:00

7568ca2aab4a3266eb95cbda64298e2292743c7b












cmd/fscrypt: purge command now clears cache
2017-08-18T05:49:44+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-08-16T01:11:29+00:00

151e8965fa3a9c8f65e316430f9df0fa763fb02d












crypto: Switch from session to user keyring
2017-08-15T20:16:08+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-08-15T19:06:11+00:00

5e8dfc196020693d2a9dc809cf6bc87096ddc09f