fscrypt.git/metadata/policy.go, branch v0.2.5 Go tool for managing Linux filesystem encryption Add support for the Adiantum encryption mode 2019-01-15T02:43:25+00:00 Eric Biggers ebiggers@google.com 2019-01-15T02:43:25+00:00 5f06ede200fb390aafb7831c8c944ddd677be023 Add Adiantum support to the fscrypt userspace tool. Supported in the kernel since v5.0-rc1, Adiantum is a length-preserving encryption mode based primarily on XChaCha12. It is fast even on CPUs without AES instructions. Unlike XTS it is also a wide-block encryption mode. Adiantum is supported for both contents and filenames encryption. For Adiantum encryption policies, also make the fscrypt tool provide the new DIRECT_KEY flag, which further improves performance by requesting that all files be encrypted directly with the policy key. This takes advantage of Adiantum's support for long tweaks. See the kernel commit "fscrypt: add Adiantum support" (https://git.kernel.org/torvalds/c/8094c3ceb21ad938) for more details. 
Add Adiantum support to the fscrypt userspace tool.  Supported in the
kernel since v5.0-rc1, Adiantum is a length-preserving encryption mode
based primarily on XChaCha12.  It is fast even on CPUs without AES
instructions.  Unlike XTS it is also a wide-block encryption mode.
Adiantum is supported for both contents and filenames encryption.

For Adiantum encryption policies, also make the fscrypt tool provide the
new DIRECT_KEY flag, which further improves performance by requesting
that all files be encrypted directly with the policy key.  This takes
advantage of Adiantum's support for long tweaks.

See the kernel commit "fscrypt: add Adiantum support"
(https://git.kernel.org/torvalds/c/8094c3ceb21ad938) for more details.
Go 1.11 gofmt updatae 2018-08-30T10:54:52+00:00 Joe Richey joerichey@google.com joerichey@google.com 2018-08-30T10:54:52+00:00 3c4664d603fb288b70938a00b05437ce8b2d0e64 






vet: eliminate unnecessary shadowing
2018-02-12T07:56:49+00:00

Joseph Richey
joerichey94@gmail.com

2018-02-12T07:56:49+00:00

69630f37fcebe894b15872148bd8b2496806b60c

Running "go vet -shadow ./..." finds all places where a variable might
be incorrectly or unnecessarily shadowed. This fixes some of them.





Running "go vet -shadow ./..." finds all places where a variable might
be incorrectly or unnecessarily shadowed. This fixes some of them.







Finalize import paths and documentation
2017-06-28T22:15:21+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-06-28T20:57:55+00:00

2c52eca8727df744d093703bbcbd87fc39d57d30

This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.

Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).

Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280





This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.

Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).

Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280







Change error handling to new package
2017-06-28T21:06:52+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-06-21T16:52:40+00:00

77b226a90ef70b77ca556830528c013a23b01e57

This commit changes the error handing for the crypto, filesystem,
metadata, pam, and util packages to use the error handling library
github.com/pkg/errors. This means elimination of the FSError type, an
increased use of wrapping errors (as opposed to logging), switching
on the Cause() of an error (as opposed to its value), and improving our
integration tests involving TEST_FILESYSTEM_ROOT.

This commit also fixes a few bugs with the keyring code to ensure that
our {Find|Remove|Insert}PolicyKey functions are always operating on the
same keyring. The check for filesystem support has been moved from the
filesystem package to the metadata package. Finally, the API for the
filesystem package has been slightly modified:
	* filesystem.AllFilesystems() now returns all the filesystems in
	  sorted order
	* certain path methods are now public

O_SYNC is also removed for writing the metadata. We don't get that much
from syncing the metadata, as the actual file data could also be
corrupted by and IO error. The sync operation is also occasionally very
slow (~3 seconds) and can be unfriendly to battery life.

Change-Id: I392c2655141714b16dfdbc84ac09780072be2cf0





This commit changes the error handing for the crypto, filesystem,
metadata, pam, and util packages to use the error handling library
github.com/pkg/errors. This means elimination of the FSError type, an
increased use of wrapping errors (as opposed to logging), switching
on the Cause() of an error (as opposed to its value), and improving our
integration tests involving TEST_FILESYSTEM_ROOT.

This commit also fixes a few bugs with the keyring code to ensure that
our {Find|Remove|Insert}PolicyKey functions are always operating on the
same keyring. The check for filesystem support has been moved from the
filesystem package to the metadata package. Finally, the API for the
filesystem package has been slightly modified:
	* filesystem.AllFilesystems() now returns all the filesystems in
	  sorted order
	* certain path methods are now public

O_SYNC is also removed for writing the metadata. We don't get that much
from syncing the metadata, as the actual file data could also be
corrupted by and IO error. The sync operation is also occasionally very
slow (~3 seconds) and can be unfriendly to battery life.

Change-Id: I392c2655141714b16dfdbc84ac09780072be2cf0







metadata: change encryption mode names
2017-06-16T05:32:35+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-06-08T17:41:55+00:00

d5f89f8fcc5172be183fb02b802fa23ed3e9f8fa

As new encryption modes are being added to the kernel that use 128 bit
keys (see https://patchwork.kernel.org/patch/9741913), we will need the
encryption modes to be more descriptive.

This change breaks backwards compatibility for the protobuf, but that's
fine because we have not released yet.

Change-Id: Ifb58d3d5a42db491f1e5393c12f3d260d9a091de





As new encryption modes are being added to the kernel that use 128 bit
keys (see https://patchwork.kernel.org/patch/9741913), we will need the
encryption modes to be more descriptive.

This change breaks backwards compatibility for the protobuf, but that's
fine because we have not released yet.

Change-Id: Ifb58d3d5a42db491f1e5393c12f3d260d9a091de







metadata: reorganize and add consistency checks
2017-05-31T19:35:28+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-05-24T01:38:38+00:00

44c2c7aeda3de09a405ed06aadacbc2c0c7f2a67

This commit adds in IsValid() checks for the metadata structures that
let us enforce stronger invariants than those imposed by the protobuf
package. The main uses of this will be to check that metadata is valid
before writing it to the filesystem, and to check that the filesystem
contains valid metadata before returning it to the user. These functions
also will log the exact reason if the validity checks fail.

To have these checks in the metadata package, all of the various
constants have been moved to a single metadata/constants.go file. The
uses of these constants were changed accordingly.

Finally, this commit standardizes our use of errors so that they always
begin with an appropriate prefix.

Change-Id: I99008e2ee803ebe5f6236eb8d83fc83efcd22718





This commit adds in IsValid() checks for the metadata structures that
let us enforce stronger invariants than those imposed by the protobuf
package. The main uses of this will be to check that metadata is valid
before writing it to the filesystem, and to check that the filesystem
contains valid metadata before returning it to the user. These functions
also will log the exact reason if the validity checks fail.

To have these checks in the metadata package, all of the various
constants have been moved to a single metadata/constants.go file. The
uses of these constants were changed accordingly.

Finally, this commit standardizes our use of errors so that they always
begin with an appropriate prefix.

Change-Id: I99008e2ee803ebe5f6236eb8d83fc83efcd22718







crypto: insert key into keyring from go
2017-05-02T20:39:18+00:00

Joe Richey
joerichey@google.com

2017-03-02T19:47:07+00:00

53d15f466a665e4e564af3afdcbcfe9ff1c91331

This commit adds in the ability to insert Keys into the kernel keyring
from go code. This is done via a patched version of x/sys/unix. We
also expose the specific requirements for keys that will be placed in
the keyring, namely PolicyKeyLen. The legacy services are also exposed.

Change-Id: I177928c9aa676cae13b749042b9a3996e7490f68





This commit adds in the ability to insert Keys into the kernel keyring
from go code. This is done via a patched version of x/sys/unix. We
also expose the specific requirements for keys that will be placed in
the keyring, namely PolicyKeyLen. The legacy services are also exposed.

Change-Id: I177928c9aa676cae13b749042b9a3996e7490f68







metadata: get and set policies from go
2017-05-02T20:39:18+00:00

Joe Richey
joerichey@google.com

2017-03-02T18:38:33+00:00

a683ab55245aa44ada5059f8e9816adbd94198ff

This commit adds in the ability to get and set policy data from go using
the GetPolicy and SetPolicy functions. This is done via a patch of the
x/sys/unix package that exposes the filesystem encryption structures.

Note that not all the fields of the PolicyData protocol buffer are
needed to get and set policies. The wrapped_policy_keys are not used and
will be written and read by other components of fscrypt.

To run the policy tests, the environment variable BASE_TEST_DIR must be
set to a directory for testing on a filesystem that supports encryption.

Change-Id: I13b1d983356845f3ffc1945cedf53234218f32e5





This commit adds in the ability to get and set policy data from go using
the GetPolicy and SetPolicy functions. This is done via a patch of the
x/sys/unix package that exposes the filesystem encryption structures.

Note that not all the fields of the PolicyData protocol buffer are
needed to get and set policies. The wrapped_policy_keys are not used and
will be written and read by other components of fscrypt.

To run the policy tests, the environment variable BASE_TEST_DIR must be
set to a directory for testing on a filesystem that supports encryption.

Change-Id: I13b1d983356845f3ffc1945cedf53234218f32e5