ext4 crypto: enable encryption feature flag

Also add the test dummy encryption mode flag so we can more easily
test the encryption patches using xfstests.

Signed-off-by: Michael Halcrow <mhalcrow@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/fs/ext4/crypto_key.c b/fs/ext4/crypto_key.c
index 572bd97..c8392af 100644 (file)
--- a/fs/ext4/crypto_key.c
+++ b/fs/ext4/crypto_key.c
@@ -98,6 +98,7 @@ int ext4_generate_encryption_key(struct inode *inode)
        struct ext4_encryption_key *master_key;
        struct ext4_encryption_context ctx;
        struct user_key_payload *ukp;
+       struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
        int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
                                 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
                                 &ctx, sizeof(ctx));
@@ -109,6 +110,20 @@ int ext4_generate_encryption_key(struct inode *inode)
        }
        res = 0;
 
+       if (S_ISREG(inode->i_mode))
+               crypt_key->mode = ctx.contents_encryption_mode;
+       else if (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode))
+               crypt_key->mode = ctx.filenames_encryption_mode;
+       else {
+               printk(KERN_ERR "ext4 crypto: Unsupported inode type.\n");
+               BUG();
+       }
+       crypt_key->size = ext4_encryption_key_size(crypt_key->mode);
+       BUG_ON(!crypt_key->size);
+       if (DUMMY_ENCRYPTION_ENABLED(sbi)) {
+               memset(crypt_key->raw, 0x42, EXT4_AES_256_XTS_KEY_SIZE);
+               goto out;
+       }
        memcpy(full_key_descriptor, EXT4_KEY_DESC_PREFIX,
               EXT4_KEY_DESC_PREFIX_SIZE);
        sprintf(full_key_descriptor + EXT4_KEY_DESC_PREFIX_SIZE,
@@ -129,21 +144,9 @@ int ext4_generate_encryption_key(struct inode *inode)
                goto out;
        }
        master_key = (struct ext4_encryption_key *)ukp->data;
-
-       if (S_ISREG(inode->i_mode))
-               crypt_key->mode = ctx.contents_encryption_mode;
-       else if (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode))
-               crypt_key->mode = ctx.filenames_encryption_mode;
-       else {
-               printk(KERN_ERR "ext4 crypto: Unsupported inode type.\n");
-               BUG();
-       }
-       crypt_key->size = ext4_encryption_key_size(crypt_key->mode);
-       BUG_ON(!crypt_key->size);
        BUILD_BUG_ON(EXT4_AES_128_ECB_KEY_SIZE !=
                     EXT4_KEY_DERIVATION_NONCE_SIZE);
        BUG_ON(master_key->size != EXT4_AES_256_XTS_KEY_SIZE);
-       BUG_ON(crypt_key->size < EXT4_AES_256_CBC_KEY_SIZE);
        res = ext4_derive_key_aes(ctx.nonce, master_key->raw, crypt_key->raw);
 out:
        if (keyring_key)

diff --git a/fs/ext4/crypto_policy.c b/fs/ext4/crypto_policy.c
index 749ed6e..30eaf9e 100644 (file)
--- a/fs/ext4/crypto_policy.c
+++ b/fs/ext4/crypto_policy.c
@@ -169,13 +169,25 @@ int ext4_inherit_context(struct inode *parent, struct inode *child)
                                 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
                                 &ctx, sizeof(ctx));
 
-       if (res != sizeof(ctx))
-               return -ENOENT;
-
+       if (res != sizeof(ctx)) {
+               if (DUMMY_ENCRYPTION_ENABLED(EXT4_SB(parent->i_sb))) {
+                       ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1;
+                       ctx.contents_encryption_mode =
+                               EXT4_ENCRYPTION_MODE_AES_256_XTS;
+                       ctx.filenames_encryption_mode =
+                               EXT4_ENCRYPTION_MODE_AES_256_CTS;
+                       memset(ctx.master_key_descriptor, 0x42,
+                              EXT4_KEY_DESCRIPTOR_SIZE);
+                       res = 0;
+               } else {
+                       goto out;
+               }
+       }
        get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE);
        res = ext4_xattr_set(child, EXT4_XATTR_INDEX_ENCRYPTION,
                             EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
                             sizeof(ctx), 0);
+out:
        if (!res)
                ext4_set_inode_flag(child, EXT4_INODE_ENCRYPT);
        return res;

diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 86d1570..0179654 100644 (file)
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1200,8 +1200,16 @@ struct ext4_super_block {
 /*
  * run-time mount flags
  */
-#define EXT4_MF_MNTDIR_SAMPLED 0x0001
-#define EXT4_MF_FS_ABORTED     0x0002  /* Fatal error detected */
+#define EXT4_MF_MNTDIR_SAMPLED         0x0001
+#define EXT4_MF_FS_ABORTED             0x0002  /* Fatal error detected */
+#define EXT4_MF_TEST_DUMMY_ENCRYPTION  0x0004
+
+#ifdef CONFIG_EXT4_FS_ENCRYPTION
+#define DUMMY_ENCRYPTION_ENABLED(sbi) (unlikely((sbi)->s_mount_flags & \
+                                               EXT4_MF_TEST_DUMMY_ENCRYPTION))
+#else
+#define DUMMY_ENCRYPTION_ENABLED(sbi) (0)
+#endif
 
 /* Number of quota types we support */
 #define EXT4_MAXQUOTAS 2
@@ -1613,8 +1621,9 @@ static inline int ext4_encrypted_inode(struct inode *inode)
                                         EXT4_FEATURE_INCOMPAT_EXTENTS| \
                                         EXT4_FEATURE_INCOMPAT_64BIT| \
                                         EXT4_FEATURE_INCOMPAT_FLEX_BG| \
-                                        EXT4_FEATURE_INCOMPAT_MMP |    \
-                                        EXT4_FEATURE_INCOMPAT_INLINE_DATA)
+                                        EXT4_FEATURE_INCOMPAT_MMP | \
+                                        EXT4_FEATURE_INCOMPAT_INLINE_DATA | \
+                                        EXT4_FEATURE_INCOMPAT_ENCRYPT)
 #define EXT4_FEATURE_RO_COMPAT_SUPP    (EXT4_FEATURE_RO_COMPAT_SPARSE_SUPER| \
                                         EXT4_FEATURE_RO_COMPAT_LARGE_FILE| \
                                         EXT4_FEATURE_RO_COMPAT_GDT_CSUM| \

diff --cc fs/ext4/ialloc.c
Simple merge

diff --cc fs/ext4/namei.c
Simple merge

diff --cc fs/ext4/super.c
Simple merge