LU-12275 sec: force file name encryption policy to null

Force file/directory name encryption policy to null on newly created
inodes. This is required because first implementation step of client
side encryption only supports content encryption, and not names.
This imposes to force usage of embedded llcrypt lib to the detriment
of in-kernel fscrypt lib, even if the kernel provides it.

This patch will have to be reverted when name encryption is
implemented.

Test-Parameters: testlist=sanity-sec envdefinitions=ONLY="36 37 38 39 40 41 42 43 44 45 46 47 48" clientdistro=el8.1 fstype=ldiskfs mdscount=2 mdtcount=4
Test-Parameters: testlist=sanity-sec envdefinitions=ONLY="36 37 38 39 40 41 42 43 44 45 46 47 48" clientdistro=el8.1 fstype=zfs mdscount=2 mdtcount=4
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: Ia697a29006507278c218088d7c3a5e5ade620a15
Reviewed-on: https://review.whamcloud.com/38882
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/libcfs/libcfs/crypto/keysetup.c b/libcfs/libcfs/crypto/keysetup.c
index c28add0..2d35266 100644 (file)
--- a/libcfs/libcfs/crypto/keysetup.c
+++ b/libcfs/libcfs/crypto/keysetup.c
@@ -463,8 +463,15 @@ int llcrypt_get_encryption_info(struct inode *inode)
                /* Fake up a context for an unencrypted directory */
                memset(&ctx, 0, sizeof(ctx));
                ctx.version = LLCRYPT_CONTEXT_V1;
+               /* Force file/directory name encryption policy to null.
+                * This is needed for interoperability with future versions.
+                * Change to be reverted back when Lustre supports name
+                * encryption.
+                */
+               CWARN("inode %lu: setting policy filenames_encryption_mode to null\n",
+                     inode->i_ino);
                ctx.v1.contents_encryption_mode = LLCRYPT_MODE_AES_256_XTS;
-               ctx.v1.filenames_encryption_mode = LLCRYPT_MODE_AES_256_CTS;
+               ctx.v1.filenames_encryption_mode = LLCRYPT_MODE_NULL;
                memset(ctx.v1.master_key_descriptor, 0x42,
                       LLCRYPT_KEY_DESCRIPTOR_SIZE);
                res = sizeof(ctx.v1);

diff --git a/libcfs/libcfs/crypto/policy.c b/libcfs/libcfs/crypto/policy.c
index 8d209e2..90e3907 100644 (file)
--- a/libcfs/libcfs/crypto/policy.c
+++ b/libcfs/libcfs/crypto/policy.c
@@ -314,6 +314,21 @@ int llcrypt_ioctl_set_policy(struct file *filp, const void __user *arg)
                return -EFAULT;
        policy.version = version;
 
+       /* Force file/directory name encryption policy to null.
+        * This is needed for interoperability with future versions.
+        * Code to be removed when Lustre supports name encryption.
+        */
+       CWARN("inode %lu: forcing policy filenames_encryption_mode to null\n",
+             inode->i_ino);
+       switch (policy.version) {
+       case LLCRYPT_POLICY_V1:
+               policy.v1.filenames_encryption_mode = LLCRYPT_MODE_NULL;
+               break;
+       case LLCRYPT_POLICY_V2:
+               policy.v2.filenames_encryption_mode = LLCRYPT_MODE_NULL;
+               break;
+       }
+
        if (!inode_owner_or_capable(inode))
                return -EACCES;
 

diff --git a/lustre/autoconf/lustre-core.m4 b/lustre/autoconf/lustre-core.m4
index af03b84..9d96ed0 100644 (file)
--- a/lustre/autoconf/lustre-core.m4
+++ b/lustre/autoconf/lustre-core.m4
@@ -2230,7 +2230,13 @@ fscrypt_support, [
 ],[
        fscrypt_ioctl_get_policy_ex(NULL, NULL);
 ],[
-       has_fscrypt_support="yes"
+       dnl When Lustre supports file name encryption, restore "yes" value
+       dnl for has_fscrypt_support and remove warning message.
+       has_fscrypt_support="no"
+       AC_MSG_WARN([
+This version of Lustre lacks file name encryption support,
+so it cannot make use of in-kernel fscrypt.
+Will use embedded llcrypt if possible.])
 ])
 ]) # LC_FSCRYPT_SUPPORT