Update Inline Crypto Engine support for File based Encryption
Few changes done to better support ICE+FBE:
1. Check for ICE device support instead of mode while
creating dummy context.
2. Support only AES-256 mode for file name encryption
as of now for ICE based FBE.
3. Revert changes made on top of F2FS+FBE patch
0017-fscrypt-updates-on-4.15-rc4.patch
The change was done to fix boot up issue with this
patch but now this can be reverted since fix is made
to support bootup with this patch.
Change-Id: I839e2215db62ae9bebf1ba3b932395fb2555d315
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
diff --git a/fs/crypto/fscrypt_ice.h b/fs/crypto/fscrypt_ice.h
index c540506..d448eae 100644
--- a/fs/crypto/fscrypt_ice.h
+++ b/fs/crypto/fscrypt_ice.h
@@ -21,7 +21,7 @@ static inline bool fscrypt_should_be_processed_by_ice(const struct inode *inode)
{
if (!inode->i_sb->s_cop)
return 0;
- if (!inode->i_sb->s_cop->is_encrypted((struct inode *)inode))
+ if (!IS_ENCRYPTED((struct inode *)inode))
return 0;
return fscrypt_using_hardware_encryption(inode);
diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h
index 03ff3aa..6563f88 100644
--- a/fs/crypto/fscrypt_private.h
+++ b/fs/crypto/fscrypt_private.h
@@ -105,7 +105,8 @@ static inline bool fscrypt_valid_enc_modes(u32 contents_mode,
filenames_mode == FS_ENCRYPTION_MODE_SPECK128_256_CTS)
return true;
- if (contents_mode == FS_ENCRYPTION_MODE_PRIVATE)
+ if (contents_mode == FS_ENCRYPTION_MODE_PRIVATE &&
+ filenames_mode == FS_ENCRYPTION_MODE_AES_256_CTS)
return true;
return false;
diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c
index 737b6fc..1866733 100644
--- a/fs/crypto/keyinfo.c
+++ b/fs/crypto/keyinfo.c
@@ -267,7 +267,7 @@ void __exit fscrypt_essiv_cleanup(void)
static int fscrypt_data_encryption_mode(struct inode *inode)
{
- return fscrypt_should_be_processed_by_ice(inode) ?
+ return fscrypt_is_ice_capable(inode->i_sb) ?
FS_ENCRYPTION_MODE_PRIVATE : FS_ENCRYPTION_MODE_AES_256_XTS;
}
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 23c5716..e95b6e1 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1180,11 +1180,6 @@ static unsigned ext4_max_namelen(struct inode *inode)
EXT4_NAME_LEN;
}
-static inline bool ext4_is_encrypted(struct inode *inode)
-{
- return ext4_encrypted_inode(inode);
-}
-
static const struct fscrypt_operations ext4_cryptops = {
.key_prefix = "ext4:",
.get_context = ext4_get_context,
@@ -1192,7 +1187,6 @@ static const struct fscrypt_operations ext4_cryptops = {
.dummy_context = ext4_dummy_context,
.empty_dir = ext4_empty_dir,
.max_namelen = ext4_max_namelen,
- .is_encrypted = ext4_is_encrypted,
};
#endif
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index a7711d7..2a20e3d 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -1940,11 +1940,6 @@ static unsigned f2fs_max_namelen(struct inode *inode)
inode->i_sb->s_blocksize : F2FS_NAME_LEN;
}
-static inline bool f2fs_is_encrypted(struct inode *inode)
-{
- return f2fs_encrypted_file(inode);
-}
-
static const struct fscrypt_operations f2fs_cryptops = {
.key_prefix = "f2fs:",
.get_context = f2fs_get_context,
@@ -1952,7 +1947,6 @@ static const struct fscrypt_operations f2fs_cryptops = {
.dummy_context = f2fs_dummy_context,
.empty_dir = f2fs_empty_dir,
.max_namelen = f2fs_max_namelen,
- .is_encrypted = f2fs_is_encrypted,
};
#endif
diff --git a/include/linux/fscrypt_supp.h b/include/linux/fscrypt_supp.h
index 32e2b6c..2f62d5b 100644
--- a/include/linux/fscrypt_supp.h
+++ b/include/linux/fscrypt_supp.h
@@ -29,7 +29,6 @@ struct fscrypt_operations {
bool (*dummy_context)(struct inode *);
bool (*empty_dir)(struct inode *);
unsigned (*max_namelen)(struct inode *);
- bool (*is_encrypted)(struct inode *);
};
struct fscrypt_ctx {