Add support for the Adiantum encryption mode

Add Adiantum support to the fscrypt userspace tool. Supported in the kernel since v5.0-rc1, Adiantum is a length-preserving encryption mode based primarily on XChaCha12. It is fast even on CPUs without AES instructions. Unlike XTS it is also a wide-block encryption mode. Adiantum is supported for both contents and filenames encryption. For Adiantum encryption policies, also make the fscrypt tool provide the new DIRECT_KEY flag, which further improves performance by requesting that all files be encrypted directly with the policy key. This takes advantage of Adiantum's support for long tweaks. See the kernel commit "fscrypt: add Adiantum support" (https://git.kernel.org/torvalds/c/8094c3ceb21ad938) for more details.
author: Eric Biggers <ebiggers@google.com> 2019-01-14 18:43:25 -0800
committer: Eric Biggers <ebiggers@google.com> 2019-01-14 18:43:25 -0800
commit: 5f06ede200fb390aafb7831c8c944ddd677be023 (patch)
tree: 1cc8f54994a4c51797fde4df7b392e2c3f8cf02f
parent: 7e8d04041908d4867846bea00e009c089d878d01 (diff)
3 files changed, 77 insertions, 56 deletions
diff --git a/metadata/metadata.pb.go b/metadata/metadata.pb.go
index 94d5662..2b62a91 100644
--- a/metadata/metadata.pb.go
+++ b/metadata/metadata.pb.go
@@ -45,7 +45,7 @@ func (x SourceType) String() string {
 	return proto.EnumName(SourceType_name, int32(x))
 }
 func (SourceType) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_metadata_e565bd6b3feb0969, []int{0}
+	return fileDescriptor_metadata_5e732a616277e389, []int{0}
 }
 
 // Type of encryption; should match declarations of unix.FS_ENCRYPTION_MODE
@@ -59,6 +59,7 @@ const (
 	EncryptionOptions_AES_256_CTS EncryptionOptions_Mode = 4
 	EncryptionOptions_AES_128_CBC EncryptionOptions_Mode = 5
 	EncryptionOptions_AES_128_CTS EncryptionOptions_Mode = 6
+	EncryptionOptions_Adiantum    EncryptionOptions_Mode = 9
 )
 
 var EncryptionOptions_Mode_name = map[int32]string{
@@ -69,6 +70,7 @@ var EncryptionOptions_Mode_name = map[int32]string{
 	4: "AES_256_CTS",
 	5: "AES_128_CBC",
 	6: "AES_128_CTS",
+	9: "Adiantum",
 }
 var EncryptionOptions_Mode_value = map[string]int32{
 	"default":     0,
@@ -78,13 +80,14 @@ var EncryptionOptions_Mode_value = map[string]int32{
 	"AES_256_CTS": 4,
 	"AES_128_CBC": 5,
 	"AES_128_CTS": 6,
+	"Adiantum":    9,
 }
 
 func (x EncryptionOptions_Mode) String() string {
 	return proto.EnumName(EncryptionOptions_Mode_name, int32(x))
 }
 func (EncryptionOptions_Mode) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_metadata_e565bd6b3feb0969, []int{3, 0}
+	return fileDescriptor_metadata_5e732a616277e389, []int{3, 0}
 }
 
 // Cost parameters to be used in our hashing functions.
@@ -101,7 +104,7 @@ func (m *HashingCosts) Reset()         { *m = HashingCosts{} }
 func (m *HashingCosts) String() string { return proto.CompactTextString(m) }
 func (*HashingCosts) ProtoMessage()    {}
 func (*HashingCosts) Descriptor() ([]byte, []int) {
-	return fileDescriptor_metadata_e565bd6b3feb0969, []int{0}
+	return fileDescriptor_metadata_5e732a616277e389, []int{0}
 }
 func (m *HashingCosts) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_HashingCosts.Unmarshal(m, b)
@@ -156,7 +159,7 @@ func (m *WrappedKeyData) Reset()         { *m = WrappedKeyData{} }
 func (m *WrappedKeyData) String() string { return proto.CompactTextString(m) }
 func (*WrappedKeyData) ProtoMessage()    {}
 func (*WrappedKeyData) Descriptor() ([]byte, []int) {
-	return fileDescriptor_metadata_e565bd6b3feb0969, []int{1}
+	return fileDescriptor_metadata_5e732a616277e389, []int{1}
 }
 func (m *WrappedKeyData) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_WrappedKeyData.Unmarshal(m, b)
@@ -216,7 +219,7 @@ func (m *ProtectorData) Reset()         { *m = ProtectorData{} }
 func (m *ProtectorData) String() string { return proto.CompactTextString(m) }
 func (*ProtectorData) ProtoMessage()    {}
 func (*ProtectorData) Descriptor() ([]byte, []int) {
-	return fileDescriptor_metadata_e565bd6b3feb0969, []int{2}
+	return fileDescriptor_metadata_5e732a616277e389, []int{2}
 }
 func (m *ProtectorData) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ProtectorData.Unmarshal(m, b)
@@ -299,7 +302,7 @@ func (m *EncryptionOptions) Reset()         { *m = EncryptionOptions{} }
 func (m *EncryptionOptions) String() string { return proto.CompactTextString(m) }
 func (*EncryptionOptions) ProtoMessage()    {}
 func (*EncryptionOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_metadata_e565bd6b3feb0969, []int{3}
+	return fileDescriptor_metadata_5e732a616277e389, []int{3}
 }
 func (m *EncryptionOptions) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_EncryptionOptions.Unmarshal(m, b)
@@ -352,7 +355,7 @@ func (m *WrappedPolicyKey) Reset()         { *m = WrappedPolicyKey{} }
 func (m *WrappedPolicyKey) String() string { return proto.CompactTextString(m) }
 func (*WrappedPolicyKey) ProtoMessage()    {}
 func (*WrappedPolicyKey) Descriptor() ([]byte, []int) {
-	return fileDescriptor_metadata_e565bd6b3feb0969, []int{4}
+	return fileDescriptor_metadata_5e732a616277e389, []int{4}
 }
 func (m *WrappedPolicyKey) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_WrappedPolicyKey.Unmarshal(m, b)
@@ -400,7 +403,7 @@ func (m *PolicyData) Reset()         { *m = PolicyData{} }
 func (m *PolicyData) String() string { return proto.CompactTextString(m) }
 func (*PolicyData) ProtoMessage()    {}
 func (*PolicyData) Descriptor() ([]byte, []int) {
-	return fileDescriptor_metadata_e565bd6b3feb0969, []int{5}
+	return fileDescriptor_metadata_5e732a616277e389, []int{5}
 }
 func (m *PolicyData) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_PolicyData.Unmarshal(m, b)
@@ -456,7 +459,7 @@ func (m *Config) Reset()         { *m = Config{} }
 func (m *Config) String() string { return proto.CompactTextString(m) }
 func (*Config) ProtoMessage()    {}
 func (*Config) Descriptor() ([]byte, []int) {
-	return fileDescriptor_metadata_e565bd6b3feb0969, []int{6}
+	return fileDescriptor_metadata_5e732a616277e389, []int{6}
 }
 func (m *Config) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Config.Unmarshal(m, b)
@@ -516,49 +519,49 @@ func init() {
 	proto.RegisterEnum("metadata.EncryptionOptions_Mode", EncryptionOptions_Mode_name, EncryptionOptions_Mode_value)
 }
 
-func init() { proto.RegisterFile("metadata/metadata.proto", fileDescriptor_metadata_e565bd6b3feb0969) }
-
-var fileDescriptor_metadata_e565bd6b3feb0969 = []byte{
-	// 641 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x94, 0xdf, 0x6e, 0xd3, 0x30,
-	0x14, 0xc6, 0x49, 0xd2, 0xb5, 0xeb, 0xe9, 0x1f, 0x32, 0x6f, 0x8c, 0x08, 0x6e, 0xaa, 0x00, 0xd2,
-	0x84, 0xa6, 0xa1, 0x15, 0x0d, 0x81, 0x84, 0x90, 0xa0, 0x9b, 0x60, 0x4c, 0x13, 0xc3, 0xad, 0x06,
-	0x48, 0x48, 0x95, 0x97, 0x78, 0xab, 0xb5, 0x24, 0xb6, 0x62, 0x57, 0x55, 0xee, 0x78, 0x07, 0xde,
-	0x81, 0x47, 0xe0, 0x21, 0x78, 0x2a, 0x64, 0xa7, 0x49, 0xd3, 0x4d, 0x9a, 0x06, 0x37, 0xd1, 0xf1,
-	0x67, 0xfb, 0x7c, 0xc7, 0x3f, 0xfb, 0x04, 0xee, 0xc7, 0x54, 0x91, 0x90, 0x28, 0xf2, 0xac, 0x08,
-	0x76, 0x44, 0xca, 0x15, 0x47, 0xab, 0xc5, 0xd8, 0xff, 0x0e, 0xed, 0x0f, 0x44, 0x4e, 0x58, 0x72,
-	0x31, 0xe0, 0x52, 0x49, 0x84, 0xa0, 0xa6, 0x58, 0x4c, 0x3d, 0xbb, 0x67, 0x6d, 0x39, 0xd8, 0xc4,
-	0x68, 0x13, 0xea, 0x31, 0x8d, 0x79, 0x9a, 0x79, 0x8e, 0x51, 0xe7, 0x23, 0xd4, 0x83, 0x96, 0x20,
-	0x29, 0x89, 0x22, 0x1a, 0x31, 0x19, 0x7b, 0x35, 0x33, 0x59, 0x95, 0xfc, 0x6f, 0xd0, 0xfd, 0x92,
-	0x12, 0x21, 0x68, 0x78, 0x44, 0xb3, 0x7d, 0xa2, 0x08, 0xea, 0x82, 0x7d, 0x78, 0xea, 0x59, 0x3d,
-	0x6b, 0xab, 0x8d, 0xed, 0xc3, 0x53, 0xf4, 0x08, 0x3a, 0x34, 0x09, 0xd2, 0x4c, 0x28, 0x1a, 0x8e,
-	0x2f, 0x69, 0x66, 0x8c, 0xdb, 0xb8, 0x5d, 0x8a, 0x47, 0x34, 0xd3, 0x45, 0x4d, 0x62, 0x12, 0x18,
-	0xfb, 0x36, 0x36, 0xb1, 0xff, 0xd3, 0x86, 0xce, 0x49, 0xca, 0x15, 0x0d, 0x14, 0x4f, 0x4d, 0xea,
-	0x5d, 0xd8, 0x10, 0x85, 0x30, 0x0e, 0xa9, 0x0c, 0x52, 0x26, 0x14, 0x4f, 0x8d, 0x59, 0x13, 0xaf,
-	0x97, 0x73, 0xfb, 0xe5, 0x14, 0xda, 0x86, 0xba, 0xe4, 0xd3, 0x34, 0xc8, 0xcf, 0xdb, 0xed, 0x6f,
-	0xec, 0x94, 0xa0, 0x86, 0x46, 0x1f, 0x65, 0x82, 0xe2, 0xf9, 0x1a, 0x5d, 0x46, 0x42, 0x62, 0x6a,
-	0xca, 0x68, 0x62, 0x13, 0xa3, 0x6d, 0x58, 0x09, 0x34, 0x38, 0x73, 0xfa, 0x56, 0x7f, 0x73, 0x91,
-	0xa0, 0x8a, 0x15, 0xe7, 0x8b, 0x74, 0x06, 0x49, 0x22, 0xe5, 0xad, 0xe4, 0x07, 0xd1, 0x31, 0x72,
-	0xc1, 0x99, 0xb2, 0xd0, 0xab, 0x1b, 0x7a, 0x3a, 0x44, 0xaf, 0xa0, 0x35, 0xcb, 0xa9, 0x19, 0x22,
-	0x0d, 0x93, 0xd9, 0x5b, 0x64, 0x5e, 0x46, 0x8a, 0x61, 0x56, 0x8e, 0xfd, 0x5f, 0x36, 0xac, 0x1d,
-	0xe4, 0xe8, 0x18, 0x4f, 0x3e, 0x99, 0xaf, 0x44, 0x1e, 0x34, 0x04, 0x09, 0x43, 0x96, 0x5c, 0x18,
-	0x18, 0x0e, 0x2e, 0x86, 0xe8, 0x35, 0xac, 0x06, 0x3c, 0x51, 0x34, 0x51, 0x72, 0x8e, 0xa0, 0xb7,
-	0xf0, 0xb9, 0x96, 0x68, 0xe7, 0x98, 0x87, 0x14, 0x97, 0x3b, 0xd0, 0x1b, 0x68, 0x9e, 0xb3, 0x88,
-	0x6a, 0x10, 0xd2, 0x50, 0xb9, 0xcd, 0xf6, 0xc5, 0x16, 0x3f, 0x83, 0x9a, 0x96, 0x50, 0x0b, 0x1a,
-	0x21, 0x3d, 0x27, 0xd3, 0x48, 0xb9, 0x77, 0xd0, 0x5d, 0x68, 0xbd, 0x3d, 0x18, 0x8e, 0xfb, 0x7b,
-	0x2f, 0xc6, 0x5f, 0x47, 0x43, 0xd7, 0xaa, 0x0a, 0xef, 0x07, 0xc7, 0xae, 0x5d, 0x15, 0x06, 0xef,
-	0x06, 0xae, 0xb3, 0x24, 0x8c, 0x86, 0x6e, 0xad, 0x10, 0x76, 0xfb, 0x2f, 0xcd, 0x8a, 0x95, 0x25,
-	0x61, 0x34, 0x74, 0xeb, 0xfe, 0x0f, 0x0b, 0xdc, 0x39, 0xc7, 0x13, 0x1e, 0xb1, 0x20, 0xd3, 0xef,
-	0xec, 0x3f, 0x5e, 0xd0, 0x95, 0xbb, 0xb2, 0xff, 0xe1, 0xae, 0x7e, 0x5b, 0x00, 0xb9, 0xb7, 0x79,
-	0xbe, 0x4f, 0xa0, 0x7b, 0x49, 0xb3, 0xeb, 0xb6, 0x9d, 0x4b, 0x9a, 0x55, 0x0c, 0xf7, 0xa0, 0xc1,
-	0x73, 0x9c, 0x73, 0xb3, 0x87, 0x37, 0x10, 0xc7, 0xc5, 0x5a, 0xf4, 0x11, 0xd6, 0x8b, 0x3a, 0x85,
-	0xf1, 0xd4, 0xe5, 0xea, 0x4b, 0x73, 0xb6, 0x5a, 0xfd, 0x07, 0xd7, 0xea, 0x2d, 0x99, 0xe0, 0xb5,
-	0xd9, 0x15, 0x45, 0xfa, 0x7f, 0x2c, 0xa8, 0x0f, 0x78, 0x72, 0xce, 0x2e, 0x2a, 0x0d, 0x64, 0xdd,
-	0xa2, 0x81, 0xf6, 0x00, 0x26, 0x44, 0x4e, 0xc6, 0x79, 0xc7, 0xd8, 0x37, 0x76, 0x4c, 0x53, 0xaf,
-	0xcc, 0xff, 0x49, 0x8f, 0xa1, 0x13, 0xf0, 0x58, 0x10, 0xc5, 0xce, 0x58, 0xc4, 0x54, 0x36, 0x6f,
-	0xc0, 0x65, 0xb1, 0x0a, 0xa6, 0x76, 0x7b, 0x30, 0x4f, 0x3f, 0x03, 0x2c, 0x2a, 0x5d, 0x7e, 0x89,
-	0x08, 0xba, 0x82, 0xc4, 0x63, 0x41, 0xa4, 0x14, 0x93, 0x94, 0x48, 0xea, 0x5a, 0xe8, 0x1e, 0xac,
-	0x05, 0x53, 0xa9, 0xf8, 0x92, 0x6c, 0xeb, 0x7d, 0x29, 0x99, 0x69, 0xa6, 0xae, 0x73, 0x56, 0x37,
-	0x3f, 0xd9, 0xe7, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff, 0x7f, 0xc6, 0x2e, 0x75, 0x7f, 0x05, 0x00,
-	0x00,
+func init() { proto.RegisterFile("metadata/metadata.proto", fileDescriptor_metadata_5e732a616277e389) }
+
+var fileDescriptor_metadata_5e732a616277e389 = []byte{
+	// 656 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x94, 0xef, 0x6a, 0xdb, 0x3c,
+	0x14, 0xc6, 0x5f, 0xdb, 0x69, 0xd2, 0x9c, 0xfc, 0x79, 0x5d, 0xb5, 0x6f, 0x5f, 0xb3, 0x7d, 0x09,
+	0xde, 0x06, 0x65, 0x94, 0x8e, 0x66, 0x74, 0x6c, 0x30, 0x06, 0x5d, 0x5a, 0xb6, 0xae, 0x94, 0x75,
+	0x4a, 0xe8, 0x36, 0x18, 0x04, 0xd5, 0x56, 0x1b, 0x51, 0xdb, 0x12, 0x96, 0x42, 0xf0, 0xb7, 0x7d,
+	0xdb, 0x05, 0xec, 0x5a, 0xb6, 0x8b, 0xd8, 0x55, 0x0d, 0xc9, 0xb1, 0xe3, 0xb4, 0x50, 0xba, 0x7d,
+	0x31, 0x47, 0x8f, 0xa4, 0xf3, 0x1c, 0xfd, 0xa4, 0x63, 0xf8, 0x3f, 0xa6, 0x8a, 0x84, 0x44, 0x91,
+	0x27, 0x45, 0xb0, 0x23, 0x52, 0xae, 0x38, 0x5a, 0x2d, 0xc6, 0xfe, 0x17, 0x68, 0xbf, 0x25, 0x72,
+	0xc2, 0x92, 0xcb, 0x01, 0x97, 0x4a, 0x22, 0x04, 0x35, 0xc5, 0x62, 0xea, 0xd9, 0x3d, 0x6b, 0xcb,
+	0xc1, 0x26, 0x46, 0x9b, 0x50, 0x8f, 0x69, 0xcc, 0xd3, 0xcc, 0x73, 0x8c, 0x3a, 0x1f, 0xa1, 0x1e,
+	0xb4, 0x04, 0x49, 0x49, 0x14, 0xd1, 0x88, 0xc9, 0xd8, 0xab, 0x99, 0xc9, 0xaa, 0xe4, 0x7f, 0x86,
+	0xee, 0xc7, 0x94, 0x08, 0x41, 0xc3, 0x63, 0x9a, 0x1d, 0x10, 0x45, 0x50, 0x17, 0xec, 0xa3, 0x33,
+	0xcf, 0xea, 0x59, 0x5b, 0x6d, 0x6c, 0x1f, 0x9d, 0xa1, 0x07, 0xd0, 0xa1, 0x49, 0x90, 0x66, 0x42,
+	0xd1, 0x70, 0x7c, 0x45, 0x33, 0x63, 0xdc, 0xc6, 0xed, 0x52, 0x3c, 0xa6, 0x99, 0x2e, 0x6a, 0x12,
+	0x93, 0xc0, 0xd8, 0xb7, 0xb1, 0x89, 0xfd, 0xef, 0x36, 0x74, 0x4e, 0x53, 0xae, 0x68, 0xa0, 0x78,
+	0x6a, 0x52, 0xef, 0xc2, 0x86, 0x28, 0x84, 0x71, 0x48, 0x65, 0x90, 0x32, 0xa1, 0x78, 0x6a, 0xcc,
+	0x9a, 0x78, 0xbd, 0x9c, 0x3b, 0x28, 0xa7, 0xd0, 0x36, 0xd4, 0x25, 0x9f, 0xa6, 0x41, 0x7e, 0xde,
+	0x6e, 0x7f, 0x63, 0xa7, 0x04, 0x35, 0x34, 0xfa, 0x28, 0x13, 0x14, 0xcf, 0xd7, 0xe8, 0x32, 0x12,
+	0x12, 0x53, 0x53, 0x46, 0x13, 0x9b, 0x18, 0x6d, 0xc3, 0x4a, 0xa0, 0xc1, 0x99, 0xd3, 0xb7, 0xfa,
+	0x9b, 0x8b, 0x04, 0x55, 0xac, 0x38, 0x5f, 0xa4, 0x33, 0x48, 0x12, 0x29, 0x6f, 0x25, 0x3f, 0x88,
+	0x8e, 0x91, 0x0b, 0xce, 0x94, 0x85, 0x5e, 0xdd, 0xd0, 0xd3, 0x21, 0x7a, 0x01, 0xad, 0x59, 0x4e,
+	0xcd, 0x10, 0x69, 0x98, 0xcc, 0xde, 0x22, 0xf3, 0x32, 0x52, 0x0c, 0xb3, 0x72, 0xec, 0xff, 0xb0,
+	0x61, 0xed, 0x30, 0x47, 0xc7, 0x78, 0xf2, 0xde, 0x7c, 0x25, 0xf2, 0xa0, 0x21, 0x48, 0x18, 0xb2,
+	0xe4, 0xd2, 0xc0, 0x70, 0x70, 0x31, 0x44, 0x2f, 0x61, 0x35, 0xe0, 0x89, 0xa2, 0x89, 0x92, 0x73,
+	0x04, 0xbd, 0x85, 0xcf, 0x8d, 0x44, 0x3b, 0x27, 0x3c, 0xa4, 0xb8, 0xdc, 0x81, 0x5e, 0x41, 0xf3,
+	0x82, 0x45, 0x54, 0x83, 0x90, 0x86, 0xca, 0x5d, 0xb6, 0x2f, 0xb6, 0xf8, 0xdf, 0x2c, 0xa8, 0x69,
+	0x0d, 0xb5, 0xa0, 0x11, 0xd2, 0x0b, 0x32, 0x8d, 0x94, 0xfb, 0x0f, 0xfa, 0x17, 0x5a, 0xfb, 0x87,
+	0xc3, 0x71, 0x7f, 0xef, 0xd9, 0xf8, 0xd3, 0x68, 0xe8, 0x5a, 0x55, 0xe1, 0xcd, 0xe0, 0xc4, 0xb5,
+	0xab, 0xc2, 0xe0, 0xf5, 0xc0, 0x75, 0x96, 0x84, 0xd1, 0xd0, 0xad, 0x15, 0xc2, 0x6e, 0xff, 0xb9,
+	0x59, 0xb1, 0xb2, 0x24, 0x8c, 0x86, 0x6e, 0x1d, 0xb5, 0x61, 0x75, 0x3f, 0x64, 0x24, 0x51, 0xd3,
+	0xd8, 0x6d, 0xfa, 0x5f, 0x2d, 0x70, 0xe7, 0x58, 0x4f, 0x79, 0xc4, 0x82, 0x4c, 0x3f, 0xbb, 0xbf,
+	0x78, 0x50, 0xd7, 0xae, 0xce, 0xfe, 0x83, 0xab, 0xfb, 0x69, 0x01, 0xe4, 0xde, 0xe6, 0x35, 0x3f,
+	0x82, 0xee, 0x15, 0xcd, 0x6e, 0xda, 0x76, 0xae, 0x68, 0x56, 0x31, 0xdc, 0x83, 0x06, 0xcf, 0xe9,
+	0xce, 0xcd, 0xee, 0xdf, 0x72, 0x01, 0xb8, 0x58, 0x8b, 0xde, 0xc1, 0x7a, 0x51, 0xa7, 0x30, 0x9e,
+	0xba, 0x5c, 0x7d, 0x87, 0xce, 0x56, 0xab, 0x7f, 0xef, 0x46, 0xbd, 0x25, 0x13, 0xbc, 0x36, 0xbb,
+	0xa6, 0x48, 0xff, 0x97, 0x05, 0xf5, 0x01, 0x4f, 0x2e, 0xd8, 0x65, 0xa5, 0x9f, 0xac, 0x3b, 0xf4,
+	0xd3, 0x1e, 0xc0, 0x84, 0xc8, 0xc9, 0x38, 0x6f, 0x20, 0xfb, 0xd6, 0x06, 0x6a, 0xea, 0x95, 0xf9,
+	0x2f, 0xea, 0x21, 0x74, 0x02, 0x1e, 0x0b, 0xa2, 0xd8, 0x39, 0x8b, 0x98, 0xca, 0xe6, 0xfd, 0xb8,
+	0x2c, 0x56, 0xc1, 0xd4, 0xee, 0x0e, 0xe6, 0xf1, 0x07, 0x80, 0x45, 0xa5, 0xcb, 0xef, 0x12, 0x41,
+	0x57, 0x90, 0x78, 0x2c, 0x88, 0x94, 0x62, 0x92, 0x12, 0x49, 0x5d, 0x0b, 0xfd, 0x07, 0x6b, 0xc1,
+	0x54, 0x2a, 0xbe, 0x24, 0xdb, 0x7a, 0x5f, 0x4a, 0x66, 0x9a, 0xa9, 0xeb, 0x9c, 0xd7, 0xcd, 0x3f,
+	0xf7, 0xe9, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0x4b, 0xbe, 0x84, 0xbc, 0x8e, 0x05, 0x00, 0x00,
 }
diff --git a/metadata/metadata.proto b/metadata/metadata.proto
index 5e1b9dd..6fe0ad9 100644
--- a/metadata/metadata.proto
+++ b/metadata/metadata.proto
@@ -72,6 +72,7 @@ message EncryptionOptions {
     AES_256_CTS = 4;
     AES_128_CBC = 5;
     AES_128_CTS = 6;
+    Adiantum = 9;
   }
 
   Mode contents = 2;
diff --git a/metadata/policy.go b/metadata/policy.go
index d83aa9d..7926e9e 100644
--- a/metadata/policy.go
+++ b/metadata/policy.go
@@ -109,6 +109,18 @@ func GetPolicy(path string) (*PolicyData, error) {
 	}, nil
 }
 
+// For improved performance, use the DIRECT_KEY flag when using ciphers that
+// support it, e.g. Adiantum.  It is safe because fscrypt won't reuse the key
+// for any other policy.  (Multiple directories with same policy are okay.)
+func shouldUseDirectKeyFlag(options *EncryptionOptions) bool {
+	// Contents and filenames encryption modes must be the same
+	if options.Contents != options.Filenames {
+		return false
+	}
+	// Whitelist the modes that take a 24+ byte IV (enough room for the per-file nonce)
+	return options.Contents == EncryptionOptions_Adiantum
+}
+
 // SetPolicy sets up the specified directory to be encrypted with the specified
 // policy. Returns an error if we cannot set the policy for any reason (not a
 // directory, invalid options or KeyDescriptor, etc).
@@ -124,7 +136,7 @@ func SetPolicy(path string, data *PolicyData) error {
 	}
 
 	// This lookup should always succeed (as policy is valid)
-	paddingFlag, ok := util.Lookup(data.Options.Padding, paddingArray, flagsArray)
+	flags, ok := util.Lookup(data.Options.Padding, paddingArray, flagsArray)
 	if !ok {
 		log.Panicf("padding of %d was not found", data.Options.Padding)
 	}
@@ -134,11 +146,16 @@ func SetPolicy(path string, data *PolicyData) error {
 		return errors.New("invalid descriptor: " + data.KeyDescriptor)
 	}
 
+	if shouldUseDirectKeyFlag(data.Options) {
+		// TODO: use unix.FS_POLICY_FLAG_DIRECT_KEY here once available
+		flags |= 0x4
+	}
+
 	policy := unix.FscryptPolicy{
 		Version:                   0, // Version must always be zero
 		Contents_encryption_mode:  uint8(data.Options.Contents),
 		Filenames_encryption_mode: uint8(data.Options.Filenames),
-		Flags:                     uint8(paddingFlag),
+		Flags:                     uint8(flags),
 	}
 	copy(policy.Master_key_descriptor[:], descriptorBytes)
author	Eric Biggers <ebiggers@google.com>	2019-01-14 18:43:25 -0800
committer	Eric Biggers <ebiggers@google.com>	2019-01-14 18:43:25 -0800
commit	5f06ede200fb390aafb7831c8c944ddd677be023 (patch)
tree	1cc8f54994a4c51797fde4df7b392e2c3f8cf02f
parent	7e8d04041908d4867846bea00e009c089d878d01 (diff)