[GIT PULL] fscrypt updates for 5.6

From: Eric Biggers
Date: Mon Jan 27 2020 - 20:47:22 EST


The following changes since commit fd6988496e79a6a4bdb514a4655d2920209eb85d:

Linux 5.5-rc4 (2019-12-29 15:29:16 -0800)

are available in the Git repository at:

https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git tags/fscrypt-for-linus

for you to fetch changes up to edc440e3d27fb31e6f9663cf413fad97d714c060:

fscrypt: improve format of no-key names (2020-01-22 14:50:03 -0800)

----------------------------------------------------------------

- Extend the FS_IOC_ADD_ENCRYPTION_KEY ioctl to allow the raw key to be
provided via a keyring key.

- Prepare for the new dirhash method (SipHash of plaintext name) that
will be used by directories that are both encrypted and casefolded.

- Switch to a new format for "no-key names" that prepares for the new
dirhash method, and also fixes a longstanding bug where multiple
filenames could map to the same no-key name.

- Allow the crypto algorithms used by fscrypt to be built as loadable
modules when the fscrypt-capable filesystems are.

- Optimize fscrypt_zeroout_range().

- Various cleanups.

----------------------------------------------------------------
Daniel Rosenberg (3):
fscrypt: don't allow v1 policies with casefolding
fscrypt: derive dirhash key for casefolded directories
fscrypt: improve format of no-key names

Eric Biggers (22):
fscrypt: support passing a keyring key to FS_IOC_ADD_ENCRYPTION_KEY
fscrypt: use crypto_skcipher_driver_name()
fscrypt: verify that the crypto_skcipher has the correct ivsize
fscrypt: constify struct fscrypt_hkdf parameter to fscrypt_hkdf_expand()
fscrypt: constify inode parameter to filename encryption functions
fscrypt: move fscrypt_d_revalidate() to fname.c
fscrypt: introduce fscrypt_needs_contents_encryption()
fscrypt: split up fscrypt_supported_policy() by policy version
fscrypt: check for appropriate use of DIRECT_KEY flag earlier
fscrypt: move fscrypt_valid_enc_modes() to policy.c
fscrypt: remove fscrypt_is_direct_key_policy()
fscrypt: don't check for ENOKEY from fscrypt_get_encryption_info()
fscrypt: include <linux/ioctl.h> in UAPI header
fscrypt: remove redundant bi_status check
fscrypt: optimize fscrypt_zeroout_range()
fscrypt: document gfp_flags for bounce page allocation
ubifs: use IS_ENCRYPTED() instead of ubifs_crypt_is_encrypted()
fscrypt: don't print name of busy file when removing key
fscrypt: add "fscrypt_" prefix to fname_encrypt()
fscrypt: clarify what is meant by a per-file key
ubifs: don't trigger assertion on invalid no-key filename
ubifs: allow both hash and disk name to be provided in no-key names

Herbert Xu (1):
fscrypt: Allow modular crypto algorithms

Documentation/filesystems/fscrypt.rst | 75 ++++++--
fs/crypto/Kconfig | 22 ++-
fs/crypto/bio.c | 114 ++++++++----
fs/crypto/crypto.c | 57 +-----
fs/crypto/fname.c | 316 +++++++++++++++++++++++++++-------
fs/crypto/fscrypt_private.h | 58 +++----
fs/crypto/hkdf.c | 2 +-
fs/crypto/hooks.c | 47 ++++-
fs/crypto/keyring.c | 147 +++++++++++++---
fs/crypto/keysetup.c | 102 ++++++-----
fs/crypto/keysetup_v1.c | 19 +-
fs/crypto/policy.c | 170 ++++++++++++------
fs/ext4/Kconfig | 1 +
fs/ext4/dir.c | 2 +-
fs/f2fs/Kconfig | 1 +
fs/f2fs/dir.c | 2 +-
fs/inode.c | 3 +-
fs/ubifs/Kconfig | 1 +
fs/ubifs/dir.c | 16 +-
fs/ubifs/file.c | 4 +-
fs/ubifs/journal.c | 10 +-
fs/ubifs/key.h | 1 -
fs/ubifs/ubifs.h | 7 -
include/linux/fscrypt.h | 122 +++++--------
include/uapi/linux/fscrypt.h | 14 +-
25 files changed, 864 insertions(+), 449 deletions(-)