From 11fcbfa9de4a5170abc2c5df2a6e4e02f0f84268 Mon Sep 17 00:00:00 2001 From: Sebastien Buisson Date: Tue, 9 Jun 2020 15:27:53 +0000 Subject: [PATCH] LU-12275 sec: force file name encryption policy to null Force file/directory name encryption policy to null on newly created inodes. This is required because first implementation step of client side encryption only supports content encryption, and not names. This imposes to force usage of embedded llcrypt lib to the detriment of in-kernel fscrypt lib, even if the kernel provides it. This patch will have to be reverted when name encryption is implemented. Test-Parameters: testlist=sanity-sec envdefinitions=ONLY="36 37 38 39 40 41 42 43 44 45 46 47 48" clientdistro=el8.1 fstype=ldiskfs mdscount=2 mdtcount=4 Test-Parameters: testlist=sanity-sec envdefinitions=ONLY="36 37 38 39 40 41 42 43 44 45 46 47 48" clientdistro=el8.1 fstype=zfs mdscount=2 mdtcount=4 Signed-off-by: Sebastien Buisson Change-Id: Ia697a29006507278c218088d7c3a5e5ade620a15 Reviewed-on: https://review.whamcloud.com/38882 Reviewed-by: James Simmons Reviewed-by: Andreas Dilger Tested-by: jenkins Tested-by: Maloo Reviewed-by: Oleg Drokin --- libcfs/libcfs/crypto/keysetup.c | 9 ++++++++- libcfs/libcfs/crypto/policy.c | 15 +++++++++++++++ lustre/autoconf/lustre-core.m4 | 8 +++++++- 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/libcfs/libcfs/crypto/keysetup.c b/libcfs/libcfs/crypto/keysetup.c index c28add0..2d35266 100644 --- a/libcfs/libcfs/crypto/keysetup.c +++ b/libcfs/libcfs/crypto/keysetup.c @@ -463,8 +463,15 @@ int llcrypt_get_encryption_info(struct inode *inode) /* Fake up a context for an unencrypted directory */ memset(&ctx, 0, sizeof(ctx)); ctx.version = LLCRYPT_CONTEXT_V1; + /* Force file/directory name encryption policy to null. + * This is needed for interoperability with future versions. + * Change to be reverted back when Lustre supports name + * encryption. + */ + CWARN("inode %lu: setting policy filenames_encryption_mode to null\n", + inode->i_ino); ctx.v1.contents_encryption_mode = LLCRYPT_MODE_AES_256_XTS; - ctx.v1.filenames_encryption_mode = LLCRYPT_MODE_AES_256_CTS; + ctx.v1.filenames_encryption_mode = LLCRYPT_MODE_NULL; memset(ctx.v1.master_key_descriptor, 0x42, LLCRYPT_KEY_DESCRIPTOR_SIZE); res = sizeof(ctx.v1); diff --git a/libcfs/libcfs/crypto/policy.c b/libcfs/libcfs/crypto/policy.c index 8d209e2..90e3907 100644 --- a/libcfs/libcfs/crypto/policy.c +++ b/libcfs/libcfs/crypto/policy.c @@ -314,6 +314,21 @@ int llcrypt_ioctl_set_policy(struct file *filp, const void __user *arg) return -EFAULT; policy.version = version; + /* Force file/directory name encryption policy to null. + * This is needed for interoperability with future versions. + * Code to be removed when Lustre supports name encryption. + */ + CWARN("inode %lu: forcing policy filenames_encryption_mode to null\n", + inode->i_ino); + switch (policy.version) { + case LLCRYPT_POLICY_V1: + policy.v1.filenames_encryption_mode = LLCRYPT_MODE_NULL; + break; + case LLCRYPT_POLICY_V2: + policy.v2.filenames_encryption_mode = LLCRYPT_MODE_NULL; + break; + } + if (!inode_owner_or_capable(inode)) return -EACCES; diff --git a/lustre/autoconf/lustre-core.m4 b/lustre/autoconf/lustre-core.m4 index af03b84..9d96ed0 100644 --- a/lustre/autoconf/lustre-core.m4 +++ b/lustre/autoconf/lustre-core.m4 @@ -2230,7 +2230,13 @@ fscrypt_support, [ ],[ fscrypt_ioctl_get_policy_ex(NULL, NULL); ],[ - has_fscrypt_support="yes" + dnl When Lustre supports file name encryption, restore "yes" value + dnl for has_fscrypt_support and remove warning message. + has_fscrypt_support="no" + AC_MSG_WARN([ +This version of Lustre lacks file name encryption support, +so it cannot make use of in-kernel fscrypt. +Will use embedded llcrypt if possible.]) ]) ]) # LC_FSCRYPT_SUPPORT -- 1.8.3.1