fscrypt: add inline encryption support
authorSatya Tangirala <satyat@google.com>
Thu, 2 Jul 2020 01:56:05 +0000 (01:56 +0000)
committerEric Biggers <ebiggers@google.com>
Wed, 8 Jul 2020 17:29:30 +0000 (10:29 -0700)
commit5fee36095cda45d34555aed3a2e8973b80cd6bf8
tree631af4525c5cca73b935c4ff495813576de6614f
parent457e7a135cbf0a0b5ed2717c192c0c57112c3b32
fscrypt: add inline encryption support

Add support for inline encryption to fs/crypto/.  With "inline
encryption", the block layer handles the decryption/encryption as part
of the bio, instead of the filesystem doing the crypto itself via
Linux's crypto API. This model is needed in order to take advantage of
the inline encryption hardware present on most modern mobile SoCs.

To use inline encryption, the filesystem needs to be mounted with
'-o inlinecrypt'. Blk-crypto will then be used instead of the traditional
filesystem-layer crypto whenever possible to encrypt the contents
of any encrypted files in that filesystem. Fscrypt still provides the key
and IV to use, and the actual ciphertext on-disk is still the same;
therefore it's testable using the existing fscrypt ciphertext verification
tests.

Note that since blk-crypto has a fallback to Linux's crypto API, and
also supports all the encryption modes currently supported by fscrypt,
this feature is usable and testable even without actual inline
encryption hardware.

Per-filesystem changes will be needed to set encryption contexts when
submitting bios and to implement the 'inlinecrypt' mount option.  This
patch just adds the common code.

Signed-off-by: Satya Tangirala <satyat@google.com>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Link: https://lore.kernel.org/r/20200702015607.1215430-3-satyat@google.com
Co-developed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
12 files changed:
Documentation/filesystems/fscrypt.rst
fs/crypto/Kconfig
fs/crypto/Makefile
fs/crypto/bio.c
fs/crypto/crypto.c
fs/crypto/fname.c
fs/crypto/fscrypt_private.h
fs/crypto/inline_crypt.c [new file with mode: 0644]
fs/crypto/keyring.c
fs/crypto/keysetup.c
fs/crypto/keysetup_v1.c
include/linux/fscrypt.h