• Michael Halcrow's avatar
    ext4 crypto: add ext4 encryption facilities · b30ab0e0
    Michael Halcrow authored
    On encrypt, we will re-assign the buffer_heads to point to a bounce
    page rather than the control_page (which is the original page to write
    that contains the plaintext). The block I/O occurs against the bounce
    page.  On write completion, we re-assign the buffer_heads to the
    original plaintext page.
    
    On decrypt, we will attach a read completion callback to the bio
    struct. This read completion will decrypt the read contents in-place
    prior to setting the page up-to-date.
    
    The current encryption mode, AES-256-XTS, lacks cryptographic
    integrity. AES-256-GCM is in-plan, but we will need to devise a
    mechanism for handling the integrity data.
    Signed-off-by: default avatarMichael Halcrow <mhalcrow@google.com>
    Signed-off-by: default avatarIldar Muslukhov <ildarm@google.com>
    Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    b30ab0e0
crypto.c 14.6 KB