fscrypt.git/metadata/constants.go, branch v0.3.4 Go tool for managing Linux filesystem encryption Metadata support for v2 encryption policies 2020-01-05T18:02:13+00:00 Eric Biggers ebiggers@google.com 2019-12-16T03:31:39+00:00 2b25de6d445faefc28629603dd754aec9f744e60 Linux v5.4 and later supports v2 encryption policies. These have several advantages over v1 encryption policies: - Their encryption keys can be added/removed to/from the filesystem by non-root users, thus gaining the benefits of the filesystem keyring while also retaining support for non-root use. - They use a more standard, secure, and flexible key derivation function. Because of this, some future kernel-level fscrypt features will be implemented for v2 policies only. - They prevent a denial-of-service attack where a user could associate the wrong key with another user's encrypted files. Prepare the fscrypt tool to support v2 encryption policies by: - Adding a policy_version field to the EncryptionOptions, i.e. to the config file and to the policy metadata files. - Using the kernel-specified algorithm to compute the key descriptor for v2 policies. - Handling setting and getting v2 policies. Actually adding/removing the keys for v2 policies to/from the kernel is left for the next patch. 
Linux v5.4 and later supports v2 encryption policies.  These have
several advantages over v1 encryption policies:

- Their encryption keys can be added/removed to/from the filesystem by
  non-root users, thus gaining the benefits of the filesystem keyring
  while also retaining support for non-root use.

- They use a more standard, secure, and flexible key derivation
  function.  Because of this, some future kernel-level fscrypt features
  will be implemented for v2 policies only.

- They prevent a denial-of-service attack where a user could associate
  the wrong key with another user's encrypted files.

Prepare the fscrypt tool to support v2 encryption policies by:

- Adding a policy_version field to the EncryptionOptions, i.e. to the
  config file and to the policy metadata files.

- Using the kernel-specified algorithm to compute the key descriptor for
  v2 policies.

- Handling setting and getting v2 policies.

Actually adding/removing the keys for v2 policies to/from the kernel is
left for the next patch.
Use latest fscrypt declarations from sys/unix 2019-11-27T19:28:14+00:00 Eric Biggers ebiggers@google.com 2019-11-27T19:28:14+00:00 82d01438a66212ce802721397a62c18a0b71b7ea Use the new name for fscrypt constants and structures which have been given a new name. Also use the named constant for the DIRECT_KEY fscrypt policy flag. No change in behavior. This is just preparing for future work. 
Use the new name for fscrypt constants and structures which have been
given a new name.

Also use the named constant for the DIRECT_KEY fscrypt policy flag.

No change in behavior.  This is just preparing for future work.
metadata: change encryption mode names 2017-06-16T05:32:35+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-06-08T17:41:55+00:00 d5f89f8fcc5172be183fb02b802fa23ed3e9f8fa As new encryption modes are being added to the kernel that use 128 bit keys (see https://patchwork.kernel.org/patch/9741913), we will need the encryption modes to be more descriptive. This change breaks backwards compatibility for the protobuf, but that's fine because we have not released yet. Change-Id: Ifb58d3d5a42db491f1e5393c12f3d260d9a091de 
As new encryption modes are being added to the kernel that use 128 bit
keys (see https://patchwork.kernel.org/patch/9741913), we will need the
encryption modes to be more descriptive.

This change breaks backwards compatibility for the protobuf, but that's
fine because we have not released yet.

Change-Id: Ifb58d3d5a42db491f1e5393c12f3d260d9a091de
metadata: reorganize and add consistency checks 2017-05-31T19:35:28+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-05-24T01:38:38+00:00 44c2c7aeda3de09a405ed06aadacbc2c0c7f2a67 This commit adds in IsValid() checks for the metadata structures that let us enforce stronger invariants than those imposed by the protobuf package. The main uses of this will be to check that metadata is valid before writing it to the filesystem, and to check that the filesystem contains valid metadata before returning it to the user. These functions also will log the exact reason if the validity checks fail. To have these checks in the metadata package, all of the various constants have been moved to a single metadata/constants.go file. The uses of these constants were changed accordingly. Finally, this commit standardizes our use of errors so that they always begin with an appropriate prefix. Change-Id: I99008e2ee803ebe5f6236eb8d83fc83efcd22718 
This commit adds in IsValid() checks for the metadata structures that
let us enforce stronger invariants than those imposed by the protobuf
package. The main uses of this will be to check that metadata is valid
before writing it to the filesystem, and to check that the filesystem
contains valid metadata before returning it to the user. These functions
also will log the exact reason if the validity checks fail.

To have these checks in the metadata package, all of the various
constants have been moved to a single metadata/constants.go file. The
uses of these constants were changed accordingly.

Finally, this commit standardizes our use of errors so that they always
begin with an appropriate prefix.

Change-Id: I99008e2ee803ebe5f6236eb8d83fc83efcd22718