Project Description

Implement a checksum algorithm for BTRFS that uses and authenticated (keyed) hash. There are 2 cryptographically secure hashes supported by btrfs, sha256 and blake2b.

Status: prototypes exist for most of the goals below, need polishing and testing

Goals for Hackweek 22

This has been ongoing, there's prototype for the kernel side but is not complete and does not cover the whole use case. One drawback for the key requirement is that there's no way to verify the data/metadata validity without it. To address that, combine authenticated hash and a regular checksum into (e.g. split the 256 bits to 224 bits for sha256 and 32 bits for crc32c). To allow a use case with authenticated hash but without the private key stored on the host explore the public key signature for checksum.

  • implement the basic authenticated hashes
  • implement the combined authenticated and secondary hash
  • finalize the interfaces (command line options, mount options), support for all commands
  • bonus goal 1: implement checksum based on public key signature (DSA)
  • bonus goal 2: prototype using blake3 and xxh3 as another types of cryptographic and checksum algorithms


  • refactoring old branches, refreshing on to newer base (auth, auth+sum)
  • implementing auth+sum in progs
  • public key signature (example): implementing ->sign for ecdsa with p-256 curve
  • XXH3 in kernel does not seem to be better than xxh64 (, the user space implementation heavily relies on SSE2 which is not easily available in kernel (FPU context switch overhead)

Goals for Hackweek 23

  • put together user space library for ECC and ECDSA, using kernel code for parity and to verify the functionality
  • start again with the authenticated hashes, do all combinations of {sha256, blake2} x {none, crc32c, xxhash}, based on user feedback hardcoding the secondary hash to xxhash is not great, this is 6 new checksum algorithms


  • refreshed code for kernel and btrfs-progs, closer to sending an RFC, some parts still missing (namely dealing with corner cases of secondary checksums in various contexts)
  • new prototypes written and scrapped, ECC research continues

Looking for hackers with the skills:

linux btrfs kernel cryptography

This project is part of:

Hack Week 22 Hack Week 23


  • over 1 year ago: dsterba liked this project.
  • over 1 year ago: dmdiss liked this project.
  • over 1 year ago: c-hagenest liked this project.
  • over 1 year ago: dsterba added keyword "cryptography" to this project.
  • over 1 year ago: dsterba added keyword "linux" to this project.
  • over 1 year ago: dsterba added keyword "btrfs" to this project.
  • over 1 year ago: dsterba added keyword "kernel" to this project.
  • over 1 year ago: dsterba started this project.
  • over 1 year ago: dsterba originated this project.

  • Comments

    Be the first to comment!

    Similar Projects

    Linux incarnation of the Party Parrot by rsimai

    Project Description

    Lesser on the coding s...

    Extract generic testing framework from Linux Test Project code base by acervesato

    Project Description

    The Linux Test Projec...

    Avahi Integration and Network Connection by vojha

    Avahi Integration and Network Connection


    Generic text file preprocessor using custom syntax for define include ifdef by mdati

    Project Description

    Scope of this project...

    Testing and adding GNU/Linux distributions on Uyuni by juliogonzalezgil

    Join the Gitter channel! [

    openSUSE with openZFS as home NAS by mpagot

    Main output is in the form of a Project blog: h...

    early stage kdump support by mbrugger

    [comment]: # (Please use the project descriptio...

    Model checking the BPF verifier by shunghsiyu

    Project Description

    BPF verifier plays a ...