129 			bool is_hw_wrapped, const struct fscrypt_info *ci)  in fscrypt_prepare_key()  argument
133 	if (fscrypt_using_inline_encryption(ci))  in fscrypt_prepare_key()
135 				raw_key, raw_key_size, is_hw_wrapped, ci);  in fscrypt_prepare_key()
137 	if (WARN_ON(is_hw_wrapped || raw_key_size != ci->ci_mode->keysize))  in fscrypt_prepare_key()
140 	tfm = fscrypt_allocate_skcipher(ci->ci_mode, raw_key, ci->ci_inode);  in fscrypt_prepare_key()
162 int fscrypt_set_per_file_enc_key(struct fscrypt_info *ci, const u8 *raw_key)  in fscrypt_set_per_file_enc_key()  argument
164 	ci->ci_owns_key = true;  in fscrypt_set_per_file_enc_key()
165 	return fscrypt_prepare_key(&ci->ci_enc_key, raw_key,  in fscrypt_set_per_file_enc_key()
166 				   ci->ci_mode->keysize,  in fscrypt_set_per_file_enc_key()
167 				   false /*is_hw_wrapped*/, ci);  in fscrypt_set_per_file_enc_key()
170 static int setup_per_mode_enc_key(struct fscrypt_info *ci,  in setup_per_mode_enc_key()  argument
175 	const struct inode *inode = ci->ci_inode;  in setup_per_mode_enc_key()
177 	struct fscrypt_mode *mode = ci->ci_mode;  in setup_per_mode_enc_key()
189 	if (fscrypt_is_key_prepared(prep_key, ci)) {  in setup_per_mode_enc_key()
190 		ci->ci_enc_key = *prep_key;  in setup_per_mode_enc_key()
196 	if (fscrypt_is_key_prepared(prep_key, ci))  in setup_per_mode_enc_key()
202 		if (!fscrypt_using_inline_encryption(ci)) {  in setup_per_mode_enc_key()
203 			fscrypt_warn(ci->ci_inode,  in setup_per_mode_enc_key()
209 			if (fscrypt_is_key_prepared(&keys[i], ci)) {  in setup_per_mode_enc_key()
210 				fscrypt_warn(ci->ci_inode,  in setup_per_mode_enc_key()
217 					  mk->mk_secret.size, true, ci);  in setup_per_mode_enc_key()
236 					  false /*is_hw_wrapped*/, ci);  in setup_per_mode_enc_key()
242 	ci->ci_enc_key = *prep_key;  in setup_per_mode_enc_key()
275 int fscrypt_derive_dirhash_key(struct fscrypt_info *ci,  in fscrypt_derive_dirhash_key()  argument
281 					 ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE,  in fscrypt_derive_dirhash_key()
282 					 &ci->ci_dirhash_key);  in fscrypt_derive_dirhash_key()
285 	ci->ci_dirhash_key_initialized = true;  in fscrypt_derive_dirhash_key()
289 void fscrypt_hash_inode_number(struct fscrypt_info *ci,  in fscrypt_hash_inode_number()  argument
292 	WARN_ON(ci->ci_inode->i_ino == 0);  in fscrypt_hash_inode_number()
295 	ci->ci_hashed_ino = (u32)siphash_1u64(ci->ci_inode->i_ino,  in fscrypt_hash_inode_number()
299 static int fscrypt_setup_iv_ino_lblk_32_key(struct fscrypt_info *ci,  in fscrypt_setup_iv_ino_lblk_32_key()  argument
304 	err = setup_per_mode_enc_key(ci, mk, mk->mk_iv_ino_lblk_32_keys,  in fscrypt_setup_iv_ino_lblk_32_key()
334 	if (ci->ci_inode->i_ino)  in fscrypt_setup_iv_ino_lblk_32_key()
335 		fscrypt_hash_inode_number(ci, mk);  in fscrypt_setup_iv_ino_lblk_32_key()
339 static int fscrypt_setup_v2_file_key(struct fscrypt_info *ci,  in fscrypt_setup_v2_file_key()  argument
346 	    !(ci->ci_policy.v2.flags & (FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 |  in fscrypt_setup_v2_file_key()
348 		fscrypt_warn(ci->ci_inode,  in fscrypt_setup_v2_file_key()
353 	if (ci->ci_policy.v2.flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) {  in fscrypt_setup_v2_file_key()
362 		err = setup_per_mode_enc_key(ci, mk, mk->mk_direct_keys,  in fscrypt_setup_v2_file_key()
364 	} else if (ci->ci_policy.v2.flags &  in fscrypt_setup_v2_file_key()
372 		err = setup_per_mode_enc_key(ci, mk, mk->mk_iv_ino_lblk_64_keys,  in fscrypt_setup_v2_file_key()
375 	} else if (ci->ci_policy.v2.flags &  in fscrypt_setup_v2_file_key()
377 		err = fscrypt_setup_iv_ino_lblk_32_key(ci, mk);  in fscrypt_setup_v2_file_key()
383 					  ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE,  in fscrypt_setup_v2_file_key()
384 					  derived_key, ci->ci_mode->keysize);  in fscrypt_setup_v2_file_key()
388 		err = fscrypt_set_per_file_enc_key(ci, derived_key);  in fscrypt_setup_v2_file_key()
389 		memzero_explicit(derived_key, ci->ci_mode->keysize);  in fscrypt_setup_v2_file_key()
396 		err = fscrypt_derive_dirhash_key(ci, mk);  in fscrypt_setup_v2_file_key()
406  * encryption settings which a particular file will use (@ci).
414  * (but in practice we only need to consider @ci->ci_mode, since any other
416  * required key size over @ci->ci_mode).  This allows AES-256-XTS keys to be
422 					  const struct fscrypt_info *ci)  in fscrypt_valid_master_key_size()  argument
426 	if (ci->ci_policy.version == FSCRYPT_POLICY_V1)  in fscrypt_valid_master_key_size()
427 		min_keysize = ci->ci_mode->keysize;  in fscrypt_valid_master_key_size()
429 		min_keysize = ci->ci_mode->security_strength;  in fscrypt_valid_master_key_size()
452 static int setup_file_encryption_key(struct fscrypt_info *ci,  in setup_file_encryption_key()  argument
460 	switch (ci->ci_policy.version) {  in setup_file_encryption_key()
464 		       ci->ci_policy.v1.master_key_descriptor,  in setup_file_encryption_key()
470 		       ci->ci_policy.v2.master_key_identifier,  in setup_file_encryption_key()
478 	mk = fscrypt_find_master_key(ci->ci_inode->i_sb, &mk_spec);  in setup_file_encryption_key()
480 		if (ci->ci_policy.version != FSCRYPT_POLICY_V1)  in setup_file_encryption_key()
483 		err = fscrypt_select_encryption_impl(ci, false);  in setup_file_encryption_key()
493 		return fscrypt_setup_v1_file_key_via_subscribed_keyrings(ci);  in setup_file_encryption_key()
503 	if (!fscrypt_valid_master_key_size(mk, ci)) {  in setup_file_encryption_key()
508 	err = fscrypt_select_encryption_impl(ci, mk->mk_secret.is_hw_wrapped);  in setup_file_encryption_key()
512 	switch (ci->ci_policy.version) {  in setup_file_encryption_key()
514 		err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);  in setup_file_encryption_key()
517 		err = fscrypt_setup_v2_file_key(ci, mk, need_dirhash_key);  in setup_file_encryption_key()
536 static void put_crypt_info(struct fscrypt_info *ci)  in put_crypt_info()  argument
540 	if (!ci)  in put_crypt_info()
543 	if (ci->ci_direct_key)  in put_crypt_info()
544 		fscrypt_put_direct_key(ci->ci_direct_key);  in put_crypt_info()
545 	else if (ci->ci_owns_key)  in put_crypt_info()
546 		fscrypt_destroy_prepared_key(&ci->ci_enc_key);  in put_crypt_info()
548 	mk = ci->ci_master_key;  in put_crypt_info()
557 		list_del(&ci->ci_master_key_link);  in put_crypt_info()
561 	memzero_explicit(ci, sizeof(*ci));  in put_crypt_info()
562 	kmem_cache_free(fscrypt_info_cachep, ci);  in put_crypt_info()
789 	const struct fscrypt_info *ci = fscrypt_get_info(inode);  in fscrypt_drop_inode()  local
792 	 * If ci is NULL, then the inode doesn't have an encryption key set up  in fscrypt_drop_inode()
797 	if (!ci || !ci->ci_master_key)  in fscrypt_drop_inode()
817 	return !is_master_key_secret_present(&ci->ci_master_key->mk_secret);  in fscrypt_drop_inode()