mke2fs: teach mke2fs tool about encryption modes

Signed-off-by: Ildar Muslukhov <muslukhovi@gmail.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2015-02-06 16:32:13 -08:00 · 2015-02-06 16:32:13 -08:00 · 33bdbc3210
parent 8f8be9f412
commit 33bdbc3210
4 changed files with 33 additions and 3 deletions
--- a/lib/ext2fs/ext2_fs.h
+++ b/lib/ext2fs/ext2_fs.h
@ -801,7 +801,8 @@ struct ext2_super_block {

 #define EXT2_FEATURE_COMPAT_SUPP	0
 #define EXT2_FEATURE_INCOMPAT_SUPP    (EXT2_FEATURE_INCOMPAT_FILETYPE| \
-				       EXT4_FEATURE_INCOMPAT_MMP)
+				       EXT4_FEATURE_INCOMPAT_MMP | \
+				       EXT4_FEATURE_INCOMPAT_ENCRYPT)
 #define EXT2_FEATURE_RO_COMPAT_SUPP	(EXT2_FEATURE_RO_COMPAT_SPARSE_SUPER| \
 					 EXT2_FEATURE_RO_COMPAT_LARGE_FILE| \
 					 EXT4_FEATURE_RO_COMPAT_DIR_NLINK| \
--- a/lib/ext2fs/ext2fs.h
+++ b/lib/ext2fs/ext2fs.h
@ -598,7 +598,8 @@ typedef struct ext2_icount *ext2_icount_t;
 					 EXT4_FEATURE_INCOMPAT_FLEX_BG|\
 					 EXT4_LIB_INCOMPAT_MMP|\
 					 EXT4_FEATURE_INCOMPAT_64BIT|\
-					 EXT4_FEATURE_INCOMPAT_INLINE_DATA)
+					 EXT4_FEATURE_INCOMPAT_INLINE_DATA| \
+					 EXT4_FEATURE_INCOMPAT_ENCRYPT)

 #define EXT2_LIB_FEATURE_RO_COMPAT_SUPP	(EXT2_FEATURE_RO_COMPAT_SPARSE_SUPER|\
 					 EXT4_FEATURE_RO_COMPAT_HUGE_FILE|\
--- a/lib/ext2fs/initialize.c
+++ b/lib/ext2fs/initialize.c
@ -173,6 +173,13 @@ errcode_t ext2fs_initialize(const char *name, int flags,
 	set_field(s_raid_stripe_width, 0);	/* default stripe width: 0 */
 	set_field(s_log_groups_per_flex, 0);
 	set_field(s_flags, 0);
+	/* Encryption algorithms for data and filename encryption */
+	if (super->s_feature_incompat & EXT4_FEATURE_INCOMPAT_ENCRYPT) {
+		set_field(s_encrypt_algos[0],
+			  EXT4_ENCRYPTION_MODE_AES_256_XTS);
+		set_field(s_encrypt_algos[1],
+			  EXT4_ENCRYPTION_MODE_AES_256_CBC);
+	}
 	assign_field(s_backup_bgs[0]);
 	assign_field(s_backup_bgs[1]);
 	if (super->s_feature_incompat & ~EXT2_LIB_FEATURE_INCOMPAT_SUPP) {
--- a/misc/mke2fs.c
+++ b/misc/mke2fs.c
@ -638,6 +638,20 @@ write_superblock:
 	}
 }

+static char * encryption_algo2string(int mode)
+{
+	switch (mode) {
+	case EXT4_ENCRYPTION_MODE_INVALID:
+		return "Invalid";
+	case  EXT4_ENCRYPTION_MODE_AES_256_XTS:
+		return "AES-256-XTS";
+	case  EXT4_ENCRYPTION_MODE_AES_256_GCM:
+		return "AES-256-GCM";
+	case  EXT4_ENCRYPTION_MODE_AES_256_CBC:
+		return "AES-256-CBC";
+	}
+}
+
 static void show_stats(ext2_filsys fs)
 {
 	struct ext2_super_block *s = fs->super;
@ -711,6 +725,12 @@ skip_details:

 	if (!e2p_is_null_uuid(s->s_uuid))
 		printf(_("Filesystem UUID: %s\n"), e2p_uuid2str(s->s_uuid));
+	if (s->s_feature_incompat& EXT4_FEATURE_INCOMPAT_ENCRYPT) {
+		printf(_("File encryption: %s\n"),
+			 encryption_algo2string(s->s_encrypt_algos[0]));
+		printf(_("Directory encryption: %s\n"),
+			 encryption_algo2string(s->s_encrypt_algos[1]));
+	}
 	printf("%s", _("Superblock backups stored on blocks: "));
 	group_block = s->s_first_data_block;
 	col_left = 0;
@ -1076,7 +1096,8 @@ static __u32 ok_features[3] = {
 		EXT4_FEATURE_INCOMPAT_FLEX_BG|
 		EXT4_FEATURE_INCOMPAT_MMP |
 		EXT4_FEATURE_INCOMPAT_64BIT|
-		EXT4_FEATURE_INCOMPAT_INLINE_DATA,
+		EXT4_FEATURE_INCOMPAT_INLINE_DATA|
+		EXT4_FEATURE_INCOMPAT_ENCRYPT,
 	/* R/O compat */
 	EXT2_FEATURE_RO_COMPAT_LARGE_FILE|
 		EXT4_FEATURE_RO_COMPAT_HUGE_FILE|