Lines Matching refs:ci
149 * raw key, encryption mode (@ci->ci_mode), flag indicating which encryption
150 * implementation (fs-layer or blk-crypto) will be used (@ci->ci_inlinecrypt),
151 * and IV generation method (@ci->ci_policy.flags).
154 const u8 *raw_key, const struct fscrypt_inode_info *ci)
158 if (fscrypt_using_inline_encryption(ci))
160 ci->ci_mode->keysize,
161 false, ci);
163 tfm = fscrypt_allocate_skcipher(ci->ci_mode, raw_key, ci->ci_inode);
186 int fscrypt_set_per_file_enc_key(struct fscrypt_inode_info *ci,
189 ci->ci_owns_key = true;
190 return fscrypt_prepare_key(&ci->ci_enc_key, raw_key, ci);
193 static int setup_per_mode_enc_key(struct fscrypt_inode_info *ci,
198 const struct inode *inode = ci->ci_inode;
200 struct fscrypt_mode *mode = ci->ci_mode;
214 if (!fscrypt_using_inline_encryption(ci)) {
216 fscrypt_warn(ci->ci_inode,
219 fscrypt_warn(ci->ci_inode,
227 if (fscrypt_is_key_prepared(prep_key, ci)) {
228 ci->ci_enc_key = *prep_key;
234 if (fscrypt_is_key_prepared(prep_key, ci))
241 ci);
261 err = fscrypt_prepare_key(prep_key, mode_key, ci);
266 ci->ci_enc_key = *prep_key;
299 int fscrypt_derive_dirhash_key(struct fscrypt_inode_info *ci,
305 ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE,
306 &ci->ci_dirhash_key);
309 ci->ci_dirhash_key_initialized = true;
313 void fscrypt_hash_inode_number(struct fscrypt_inode_info *ci,
316 WARN_ON_ONCE(ci->ci_inode->i_ino == 0);
319 ci->ci_hashed_ino = (u32)siphash_1u64(ci->ci_inode->i_ino,
323 static int fscrypt_setup_iv_ino_lblk_32_key(struct fscrypt_inode_info *ci,
328 err = setup_per_mode_enc_key(ci, mk, mk->mk_iv_ino_lblk_32_keys,
358 if (ci->ci_inode->i_ino)
359 fscrypt_hash_inode_number(ci, mk);
363 static int fscrypt_setup_v2_file_key(struct fscrypt_inode_info *ci,
370 !(ci->ci_policy.v2.flags & (FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 |
372 fscrypt_warn(ci->ci_inode,
377 if (ci->ci_policy.v2.flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) {
386 err = setup_per_mode_enc_key(ci, mk, mk->mk_direct_keys,
388 } else if (ci->ci_policy.v2.flags &
396 err = setup_per_mode_enc_key(ci, mk, mk->mk_iv_ino_lblk_64_keys,
399 } else if (ci->ci_policy.v2.flags &
401 err = fscrypt_setup_iv_ino_lblk_32_key(ci, mk);
407 ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE,
408 derived_key, ci->ci_mode->keysize);
412 err = fscrypt_set_per_file_enc_key(ci, derived_key);
413 memzero_explicit(derived_key, ci->ci_mode->keysize);
420 err = fscrypt_derive_dirhash_key(ci, mk);
430 * encryption settings which a particular file will use (@ci).
438 * (but in practice we only need to consider @ci->ci_mode, since any other
440 * required key size over @ci->ci_mode). This allows AES-256-XTS keys to be
446 const struct fscrypt_inode_info *ci)
450 if (ci->ci_policy.version == FSCRYPT_POLICY_V1)
451 min_keysize = ci->ci_mode->keysize;
453 min_keysize = ci->ci_mode->security_strength;
477 static int setup_file_encryption_key(struct fscrypt_inode_info *ci,
481 struct super_block *sb = ci->ci_inode->i_sb;
486 err = fscrypt_policy_to_key_spec(&ci->ci_policy, &mk_spec);
502 fscrypt_policies_equal(dummy_policy, &ci->ci_policy)) {
510 if (ci->ci_policy.version != FSCRYPT_POLICY_V1)
513 err = fscrypt_select_encryption_impl(ci, false);
523 return fscrypt_setup_v1_file_key_via_subscribed_keyrings(ci);
533 if (!fscrypt_valid_master_key_size(mk, ci)) {
538 err = fscrypt_select_encryption_impl(ci, mk->mk_secret.is_hw_wrapped);
542 switch (ci->ci_policy.version) {
552 err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.bytes);
555 err = fscrypt_setup_v2_file_key(ci, mk, need_dirhash_key);
574 static void put_crypt_info(struct fscrypt_inode_info *ci)
578 if (!ci)
581 if (ci->ci_direct_key)
582 fscrypt_put_direct_key(ci->ci_direct_key);
583 else if (ci->ci_owns_key)
584 fscrypt_destroy_prepared_key(ci->ci_inode->i_sb,
585 &ci->ci_enc_key);
587 mk = ci->ci_master_key;
596 list_del(&ci->ci_master_key_link);
598 fscrypt_put_master_key_activeref(ci->ci_inode->i_sb, mk);
600 memzero_explicit(ci, sizeof(*ci));
601 kmem_cache_free(fscrypt_inode_info_cachep, ci);
836 const struct fscrypt_inode_info *ci = fscrypt_get_inode_info(inode);
839 * If ci is NULL, then the inode doesn't have an encryption key set up
844 if (!ci || !ci->ci_master_key)
865 return !READ_ONCE(ci->ci_master_key->mk_present);