1. 24 Jun, 2017 1 commit
    • Daniel Walter's avatar
      fscrypt: add support for AES-128-CBC · b7e7cf7a
      Daniel Walter authored
      fscrypt provides facilities to use different encryption algorithms which
      are selectable by userspace when setting the encryption policy. Currently,
      only AES-256-XTS for file contents and AES-256-CBC-CTS for file names are
      implemented. This is a clear case of kernel offers the mechanism and
      userspace selects a policy. Similar to what dm-crypt and ecryptfs have.
      
      This patch adds support for using AES-128-CBC for file contents and
      AES-128-CBC-CTS for file name encryption. To mitigate watermarking
      attacks, IVs are generated using the ESSIV algorithm. While AES-CBC is
      actually slightly less secure than AES-XTS from a security point of view,
      there is more widespread hardware support. Using AES-CBC gives us the
      acceptable performance while still providing a moderate level of security
      for persistent storage.
      
      Especially low-powered embedded devices with crypto accelerators such as
      CAAM or CESA often only support AES-CBC. Since using AES-CBC over AES-XTS
      is basically thought of a last resort, we use AES-128-CBC over AES-256-CBC
      since it has less encryption rounds and yields noticeable better
      performance starting from a file size of just a few kB.
      Signed-off-by: default avatarDaniel Walter <dwalter@sigma-star.at>
      [david@sigma-star.at: addressed review comments]
      Signed-off-by: David Gstir's avatarDavid Gstir <david@sigma-star.at>
      Reviewed-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      b7e7cf7a
  2. 01 Jan, 2017 1 commit
  3. 11 Dec, 2016 1 commit
  4. 18 Mar, 2016 1 commit
    • Jaegeuk Kim's avatar
      fs crypto: move per-file encryption from f2fs tree to fs/crypto · 0b81d077
      Jaegeuk Kim authored
      This patch adds the renamed functions moved from the f2fs crypto files.
      
      1. definitions for per-file encryption used by ext4 and f2fs.
      
      2. crypto.c for encrypt/decrypt functions
       a. IO preparation:
        - fscrypt_get_ctx / fscrypt_release_ctx
       b. before IOs:
        - fscrypt_encrypt_page
        - fscrypt_decrypt_page
        - fscrypt_zeroout_range
       c. after IOs:
        - fscrypt_decrypt_bio_pages
        - fscrypt_pullback_bio_page
        - fscrypt_restore_control_page
      
      3. policy.c supporting context management.
       a. For ioctls:
        - fscrypt_process_policy
        - fscrypt_get_policy
       b. For context permission
        - fscrypt_has_permitted_context
        - fscrypt_inherit_context
      
      4. keyinfo.c to handle permissions
        - fscrypt_get_encryption_info
        - fscrypt_free_encryption_info
      
      5. fname.c to support filename encryption
       a. general wrapper functions
        - fscrypt_fname_disk_to_usr
        - fscrypt_fname_usr_to_disk
        - fscrypt_setup_filename
        - fscrypt_free_filename
      
       b. specific filename handling functions
        - fscrypt_fname_alloc_buffer
        - fscrypt_fname_free_buffer
      
      6. Makefile and Kconfig
      
      Cc: Al Viro <viro@ftp.linux.org.uk>
      Signed-off-by: default avatarMichael Halcrow <mhalcrow@google.com>
      Signed-off-by: default avatarIldar Muslukhov <ildarm@google.com>
      Signed-off-by: default avatarUday Savagaonkar <savagaon@google.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      0b81d077