diff options
| author | Jaegeuk Kim <jaegeuk@kernel.org> | 2016-05-04 22:05:01 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2016-06-01 12:17:59 -0700 |
| commit | ea27481a427ee75cb77088b785ae8591eb74870c (patch) | |
| tree | 9043e3774e4e55cd85fc7d2bfca66c0ce1679718 /include | |
| parent | 3718e19da2f1d32867a57bcbe53d6b535fc0909c (diff) | |
| download | lwn-ea27481a427ee75cb77088b785ae8591eb74870c.tar.gz lwn-ea27481a427ee75cb77088b785ae8591eb74870c.zip | |
fscrypto/f2fs: allow fs-specific key prefix for fs encryption
commit b5a7aef1ef436ec005fef0efe31a676ec5f4ab31 upstream.
This patch allows fscrypto to handle a second key prefix given by filesystem.
The main reason is to provide backward compatibility, since previously f2fs
used "f2fs:" as a crypto prefix instead of "fscrypt:".
Later, ext4 should also provide key_prefix() to give "ext4:".
One concern decribed by Ted would be kinda double check overhead of prefixes.
In x86, for example, validate_user_key consumes 8 ms after boot-up, which turns
out derive_key_aes() consumed most of the time to load specific crypto module.
After such the cold miss, it shows almost zero latencies, which treats as a
negligible overhead.
Note that request_key() detects wrong prefix in prior to derive_key_aes() even.
Cc: Ted Tso <tytso@mit.edu>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/fscrypto.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/fscrypto.h b/include/linux/fscrypto.h index 6027f6bbb061..cfa6cde25f8e 100644 --- a/include/linux/fscrypto.h +++ b/include/linux/fscrypto.h @@ -175,6 +175,7 @@ struct fscrypt_name { */ struct fscrypt_operations { int (*get_context)(struct inode *, void *, size_t); + int (*key_prefix)(struct inode *, u8 **); int (*prepare_context)(struct inode *); int (*set_context)(struct inode *, const void *, size_t, void *); int (*dummy_context)(struct inode *); |