diff options
| author | Eric Biggers <ebiggers@google.com> | 2023-11-21 14:39:06 -0800 |
|---|---|---|
| committer | Zorro Lang <zlang@kernel.org> | 2024-01-14 20:39:09 +0800 |
| commit | 72dad8092e6238cc2dff451b194b0fda13e2c7b2 (patch) | |
| tree | f1ac362d39183ea13f8434f2b5ae77237ba2d010 | |
| parent | 3a0381a4595e37d591c25f9eb3713a310d621538 (diff) | |
| download | xfstests-dev-72dad8092e6238cc2dff451b194b0fda13e2c7b2.tar.gz | |
fscrypt-crypt-util: rename block to data unit
Rename the --block-size option to --data-unit-size, and rename the
--block-number option to --data-unit-index.
This does not change any functionality, but this avoids confusion now
that the kernel supports the case where the crypto data unit size is not
the same as the filesystem block size. fscrypt-crypt-util cares about
the crypto data unit size, not the filesystem block size.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Zorro Lang <zlang@redhat.com>
Signed-off-by: Zorro Lang <zlang@kernel.org>
| -rw-r--r-- | common/encrypt | 10 | ||||
| -rw-r--r-- | src/fscrypt-crypt-util.c | 93 | ||||
| -rwxr-xr-x | tests/f2fs/002 | 6 |
3 files changed, 55 insertions, 54 deletions
diff --git a/common/encrypt b/common/encrypt index 1a77e23bf5..5688745cc8 100644 --- a/common/encrypt +++ b/common/encrypt @@ -763,14 +763,14 @@ _do_verify_ciphertext_for_encryption_policy() nonce=$(_get_encryption_nonce $SCRATCH_DEV $inode) _dump_ciphertext_blocks $SCRATCH_DEV $blocklist > $tmp.actual_contents $crypt_contents_cmd $contents_encryption_mode $raw_key_hex \ - --file-nonce=$nonce --block-size=$blocksize \ + --file-nonce=$nonce --data-unit-size=$blocksize \ --inode-number=$inode < $src > $tmp.expected_contents if ! cmp $tmp.expected_contents $tmp.actual_contents; then _fail "Expected encrypted contents != actual encrypted contents. File: $f" fi $crypt_contents_cmd $contents_encryption_mode $raw_key_hex \ - --decrypt --file-nonce=$nonce --block-size=$blocksize \ - --inode-number=$inode \ + --decrypt --file-nonce=$nonce \ + --data-unit-size=$blocksize --inode-number=$inode \ < $tmp.actual_contents > $tmp.decrypted_contents if ! cmp $src $tmp.decrypted_contents; then _fail "Contents decryption sanity check failed. File: $f" @@ -786,14 +786,14 @@ _do_verify_ciphertext_for_encryption_policy() echo -n "$name" | \ $crypt_filename_cmd $filenames_encryption_mode \ $raw_key_hex --file-nonce=$nonce --padding=$padding \ - --block-size=255 --inode-number=$dir_inode \ + --data-unit-size=255 --inode-number=$dir_inode \ > $tmp.expected_name if ! cmp $tmp.expected_name $tmp.actual_name; then _fail "Expected encrypted filename != actual encrypted filename. File: $f" fi $crypt_filename_cmd $filenames_encryption_mode $raw_key_hex \ --decrypt --file-nonce=$nonce --padding=$padding \ - --block-size=255 --inode-number=$dir_inode \ + --data-unit-size=255 --inode-number=$dir_inode \ < $tmp.actual_name > $tmp.decrypted_name decrypted_name=$(tr -d '\0' < $tmp.decrypted_name) if [ "$name" != "$decrypted_name" ]; then diff --git a/src/fscrypt-crypt-util.c b/src/fscrypt-crypt-util.c index 96f04799d4..a1b5005d00 100644 --- a/src/fscrypt-crypt-util.c +++ b/src/fscrypt-crypt-util.c @@ -61,9 +61,9 @@ static void usage(FILE *fp) "WARNING: this program is only meant for testing, not for \"real\" use!\n" "\n" "Options:\n" -" --block-number=BNUM Starting block number for IV generation.\n" +" --data-unit-index=DUIDX Starting data unit index for IV generation.\n" " Default: 0\n" -" --block-size=BLOCK_SIZE Encrypt each BLOCK_SIZE bytes independently.\n" +" --data-unit-size=DUSIZE Encrypt each DUSIZE bytes independently.\n" " Default: 4096 bytes\n" " --decrypt Decrypt instead of encrypt\n" " --direct-key Use the format where the IVs include the file\n" @@ -86,8 +86,8 @@ static void usage(FILE *fp) " HKDF-SHA512, or none. Default: none\n" " --mode-num=NUM The encryption mode number. This may be required\n" " for key derivation, depending on other options.\n" -" --padding=PADDING If last block is partial, zero-pad it to next\n" -" PADDING-byte boundary. Default: BLOCK_SIZE\n" +" --padding=PADDING If last data unit is partial, zero-pad it to next\n" +" PADDING-byte boundary. Default: DUSIZE\n" , fp); } @@ -1975,8 +1975,8 @@ static const struct fscrypt_cipher *find_fscrypt_cipher(const char *name) union fscrypt_iv { /* usual IV format */ struct { - /* logical block number within the file */ - __le64 block_number; + /* data unit index within the file */ + __le64 data_unit_index; /* per-file nonce; only set in DIRECT_KEY mode */ u8 nonce[FILE_NONCE_SIZE]; @@ -1984,11 +1984,11 @@ union fscrypt_iv { /* IV format for IV_INO_LBLK_* modes */ struct { /* - * IV_INO_LBLK_64: logical block number within the file - * IV_INO_LBLK_32: hashed inode number + logical block number - * within the file, mod 2^32 + * IV_INO_LBLK_64: data unit index within the file + * IV_INO_LBLK_32: hashed inode number + data unit index within + * the file, mod 2^32 */ - __le32 block_number32; + __le32 data_unit_index32; /* IV_INO_LBLK_64: inode number */ __le32 inode_number; @@ -1999,18 +1999,19 @@ union fscrypt_iv { static void crypt_loop(const struct fscrypt_cipher *cipher, const u8 *key, union fscrypt_iv *iv, bool decrypting, - size_t block_size, size_t padding, bool is_bnum_32bit) + size_t data_unit_size, size_t padding, + bool is_data_unit_index_32bit) { - u8 *buf = xmalloc(block_size); + u8 *buf = xmalloc(data_unit_size); size_t res; - while ((res = xread(STDIN_FILENO, buf, block_size)) > 0) { - size_t crypt_len = block_size; + while ((res = xread(STDIN_FILENO, buf, data_unit_size)) > 0) { + size_t crypt_len = data_unit_size; if (padding > 0) { crypt_len = MAX(res, cipher->min_input_size); crypt_len = ROUND_UP(crypt_len, padding); - crypt_len = MIN(crypt_len, block_size); + crypt_len = MIN(crypt_len, data_unit_size); } ASSERT(crypt_len >= res); memset(&buf[res], 0, crypt_len - res); @@ -2022,12 +2023,12 @@ static void crypt_loop(const struct fscrypt_cipher *cipher, const u8 *key, full_write(STDOUT_FILENO, buf, crypt_len); - if (is_bnum_32bit) - iv->block_number32 = cpu_to_le32( - le32_to_cpu(iv->block_number32) + 1); + if (is_data_unit_index_32bit) + iv->data_unit_index32 = cpu_to_le32( + le32_to_cpu(iv->data_unit_index32) + 1); else - iv->block_number = cpu_to_le64( - le64_to_cpu(iv->block_number) + 1); + iv->data_unit_index = cpu_to_le64( + le64_to_cpu(iv->data_unit_index) + 1); } free(buf); } @@ -2070,7 +2071,7 @@ struct key_and_iv_params { bool direct_key; bool iv_ino_lblk_64; bool iv_ino_lblk_32; - u64 block_number; + u64 data_unit_index; u64 inode_number; u8 fs_uuid[UUID_SIZE]; bool fs_uuid_specified; @@ -2178,26 +2179,26 @@ static void generate_iv(const struct key_and_iv_params *params, if (params->direct_key) { if (!params->file_nonce_specified) die("--direct-key requires --file-nonce"); - iv->block_number = cpu_to_le64(params->block_number); + iv->data_unit_index = cpu_to_le64(params->data_unit_index); memcpy(iv->nonce, params->file_nonce, FILE_NONCE_SIZE); } else if (params->iv_ino_lblk_64) { - if (params->block_number > UINT32_MAX) - die("iv-ino-lblk-64 can't use --block-number > UINT32_MAX"); + if (params->data_unit_index > UINT32_MAX) + die("iv-ino-lblk-64 can't use --data-unit-index > UINT32_MAX"); if (params->inode_number == 0) die("iv-ino-lblk-64 requires --inode-number"); if (params->inode_number > UINT32_MAX) die("iv-ino-lblk-64 can't use --inode-number > UINT32_MAX"); - iv->block_number32 = cpu_to_le32(params->block_number); + iv->data_unit_index32 = cpu_to_le32(params->data_unit_index); iv->inode_number = cpu_to_le32(params->inode_number); } else if (params->iv_ino_lblk_32) { - if (params->block_number > UINT32_MAX) - die("iv-ino-lblk-32 can't use --block-number > UINT32_MAX"); + if (params->data_unit_index > UINT32_MAX) + die("iv-ino-lblk-32 can't use --data-unit-index > UINT32_MAX"); if (params->inode_number == 0) die("iv-ino-lblk-32 requires --inode-number"); - iv->block_number32 = cpu_to_le32(hash_inode_number(params) + - params->block_number); + iv->data_unit_index32 = cpu_to_le32(hash_inode_number(params) + + params->data_unit_index); } else { - iv->block_number = cpu_to_le64(params->block_number); + iv->data_unit_index = cpu_to_le64(params->data_unit_index); } } @@ -2252,8 +2253,8 @@ static void parse_master_key(const char *arg, struct key_and_iv_params *params) } enum { - OPT_BLOCK_NUMBER, - OPT_BLOCK_SIZE, + OPT_DATA_UNIT_INDEX, + OPT_DATA_UNIT_SIZE, OPT_DECRYPT, OPT_DIRECT_KEY, OPT_DUMP_KEY_IDENTIFIER, @@ -2269,8 +2270,8 @@ enum { }; static const struct option longopts[] = { - { "block-number", required_argument, NULL, OPT_BLOCK_NUMBER }, - { "block-size", required_argument, NULL, OPT_BLOCK_SIZE }, + { "data-unit-index", required_argument, NULL, OPT_DATA_UNIT_INDEX }, + { "data-unit-size", required_argument, NULL, OPT_DATA_UNIT_SIZE }, { "decrypt", no_argument, NULL, OPT_DECRYPT }, { "direct-key", no_argument, NULL, OPT_DIRECT_KEY }, { "dump-key-identifier", no_argument, NULL, OPT_DUMP_KEY_IDENTIFIER }, @@ -2288,7 +2289,7 @@ static const struct option longopts[] = { int main(int argc, char *argv[]) { - size_t block_size = 4096; + size_t data_unit_size = 4096; bool decrypting = false; bool dump_key_identifier = false; struct key_and_iv_params params; @@ -2315,17 +2316,17 @@ int main(int argc, char *argv[]) while ((c = getopt_long(argc, argv, "", longopts, NULL)) != -1) { switch (c) { - case OPT_BLOCK_NUMBER: + case OPT_DATA_UNIT_INDEX: errno = 0; - params.block_number = strtoull(optarg, &tmp, 10); + params.data_unit_index = strtoull(optarg, &tmp, 10); if (*tmp || errno) - die("Invalid block number: %s", optarg); + die("Invalid data unit index: %s", optarg); break; - case OPT_BLOCK_SIZE: + case OPT_DATA_UNIT_SIZE: errno = 0; - block_size = strtoul(optarg, &tmp, 10); - if (block_size <= 0 || *tmp || errno) - die("Invalid block size: %s", optarg); + data_unit_size = strtoul(optarg, &tmp, 10); + if (data_unit_size <= 0 || *tmp || errno) + die("Invalid data unit size: %s", optarg); break; case OPT_DECRYPT: decrypting = true; @@ -2401,9 +2402,9 @@ int main(int argc, char *argv[]) if (cipher == NULL) die("Unknown cipher: %s", argv[0]); - if (block_size < cipher->min_input_size) - die("Block size of %zu bytes is too small for cipher %s", - block_size, cipher->name); + if (data_unit_size < cipher->min_input_size) + die("Data unit size of %zu bytes is too small for cipher %s", + data_unit_size, cipher->name); parse_master_key(argv[1], ¶ms); @@ -2412,7 +2413,7 @@ int main(int argc, char *argv[]) get_key_and_iv(¶ms, real_key, cipher->keysize, &iv); - crypt_loop(cipher, real_key, &iv, decrypting, block_size, padding, + crypt_loop(cipher, real_key, &iv, decrypting, data_unit_size, padding, params.iv_ino_lblk_64 || params.iv_ino_lblk_32); return 0; } diff --git a/tests/f2fs/002 b/tests/f2fs/002 index 8235d88aeb..c0bf440b49 100755 --- a/tests/f2fs/002 +++ b/tests/f2fs/002 @@ -140,16 +140,16 @@ decrypt_blocks() { $here/src/fscrypt-crypt-util "$@" \ --decrypt \ - --block-size=$block_size \ + --data-unit-size=$block_size \ --file-nonce=$nonce \ --kdf=HKDF-SHA512 \ AES-256-XTS \ $TEST_RAW_KEY_HEX } head -c $num_compressible_bytes $tmp.raw \ - | decrypt_blocks --block-number=1 > $tmp.decrypted + | decrypt_blocks --data-unit-index=1 > $tmp.decrypted dd if=$tmp.raw bs=$cluster_bytes skip=$num_compressible_clusters status=none \ - | decrypt_blocks --block-number=$num_compressible_blocks \ + | decrypt_blocks --data-unit-index=$num_compressible_blocks \ >> $tmp.decrypted # Decompress the compressed clusters using the lz4 command-line tool. |