151 			const u8 *raw_key, const struct fscrypt_info *ci)  in fscrypt_prepare_key()  argument
155 	if (fscrypt_using_inline_encryption(ci))  in fscrypt_prepare_key()
156 		return fscrypt_prepare_inline_crypt_key(prep_key, raw_key, ci);  in fscrypt_prepare_key()
158 	tfm = fscrypt_allocate_skcipher(ci->ci_mode, raw_key, ci->ci_inode);  in fscrypt_prepare_key()
181 int fscrypt_set_per_file_enc_key(struct fscrypt_info *ci, const u8 *raw_key)  in fscrypt_set_per_file_enc_key()  argument
183 	ci->ci_owns_key = true;  in fscrypt_set_per_file_enc_key()
184 	return fscrypt_prepare_key(&ci->ci_enc_key, raw_key, ci);  in fscrypt_set_per_file_enc_key()
187 static int setup_per_mode_enc_key(struct fscrypt_info *ci,  in setup_per_mode_enc_key()  argument
192 	const struct inode *inode = ci->ci_inode;  in setup_per_mode_enc_key()
194 	struct fscrypt_mode *mode = ci->ci_mode;  in setup_per_mode_enc_key()
206 	if (fscrypt_is_key_prepared(prep_key, ci)) {  in setup_per_mode_enc_key()
207 		ci->ci_enc_key = *prep_key;  in setup_per_mode_enc_key()
213 	if (fscrypt_is_key_prepared(prep_key, ci))  in setup_per_mode_enc_key()
230 	err = fscrypt_prepare_key(prep_key, mode_key, ci);  in setup_per_mode_enc_key()
235 	ci->ci_enc_key = *prep_key;  in setup_per_mode_enc_key()
268 int fscrypt_derive_dirhash_key(struct fscrypt_info *ci,  in fscrypt_derive_dirhash_key()  argument
274 					 ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE,  in fscrypt_derive_dirhash_key()
275 					 &ci->ci_dirhash_key);  in fscrypt_derive_dirhash_key()
278 	ci->ci_dirhash_key_initialized = true;  in fscrypt_derive_dirhash_key()
282 void fscrypt_hash_inode_number(struct fscrypt_info *ci,  in fscrypt_hash_inode_number()  argument
285 	WARN_ON_ONCE(ci->ci_inode->i_ino == 0);  in fscrypt_hash_inode_number()
288 	ci->ci_hashed_ino = (u32)siphash_1u64(ci->ci_inode->i_ino,  in fscrypt_hash_inode_number()
292 static int fscrypt_setup_iv_ino_lblk_32_key(struct fscrypt_info *ci,  in fscrypt_setup_iv_ino_lblk_32_key()  argument
297 	err = setup_per_mode_enc_key(ci, mk, mk->mk_iv_ino_lblk_32_keys,  in fscrypt_setup_iv_ino_lblk_32_key()
327 	if (ci->ci_inode->i_ino)  in fscrypt_setup_iv_ino_lblk_32_key()
328 		fscrypt_hash_inode_number(ci, mk);  in fscrypt_setup_iv_ino_lblk_32_key()
332 static int fscrypt_setup_v2_file_key(struct fscrypt_info *ci,  in fscrypt_setup_v2_file_key()  argument
338 	if (ci->ci_policy.v2.flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) {  in fscrypt_setup_v2_file_key()
347 		err = setup_per_mode_enc_key(ci, mk, mk->mk_direct_keys,  in fscrypt_setup_v2_file_key()
349 	} else if (ci->ci_policy.v2.flags &  in fscrypt_setup_v2_file_key()
357 		err = setup_per_mode_enc_key(ci, mk, mk->mk_iv_ino_lblk_64_keys,  in fscrypt_setup_v2_file_key()
360 	} else if (ci->ci_policy.v2.flags &  in fscrypt_setup_v2_file_key()
362 		err = fscrypt_setup_iv_ino_lblk_32_key(ci, mk);  in fscrypt_setup_v2_file_key()
368 					  ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE,  in fscrypt_setup_v2_file_key()
369 					  derived_key, ci->ci_mode->keysize);  in fscrypt_setup_v2_file_key()
373 		err = fscrypt_set_per_file_enc_key(ci, derived_key);  in fscrypt_setup_v2_file_key()
374 		memzero_explicit(derived_key, ci->ci_mode->keysize);  in fscrypt_setup_v2_file_key()
381 		err = fscrypt_derive_dirhash_key(ci, mk);  in fscrypt_setup_v2_file_key()
407 					  const struct fscrypt_info *ci)  in fscrypt_valid_master_key_size()  argument
411 	if (ci->ci_policy.version == FSCRYPT_POLICY_V1)  in fscrypt_valid_master_key_size()
412 		min_keysize = ci->ci_mode->keysize;  in fscrypt_valid_master_key_size()
414 		min_keysize = ci->ci_mode->security_strength;  in fscrypt_valid_master_key_size()
437 static int setup_file_encryption_key(struct fscrypt_info *ci,  in setup_file_encryption_key()  argument
441 	struct super_block *sb = ci->ci_inode->i_sb;  in setup_file_encryption_key()
446 	err = fscrypt_select_encryption_impl(ci);  in setup_file_encryption_key()
450 	err = fscrypt_policy_to_key_spec(&ci->ci_policy, &mk_spec);  in setup_file_encryption_key()
466 		    fscrypt_policies_equal(dummy_policy, &ci->ci_policy)) {  in setup_file_encryption_key()
474 		if (ci->ci_policy.version != FSCRYPT_POLICY_V1)  in setup_file_encryption_key()
483 		return fscrypt_setup_v1_file_key_via_subscribed_keyrings(ci);  in setup_file_encryption_key()
493 	if (!fscrypt_valid_master_key_size(mk, ci)) {  in setup_file_encryption_key()
498 	switch (ci->ci_policy.version) {  in setup_file_encryption_key()
500 		err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);  in setup_file_encryption_key()
503 		err = fscrypt_setup_v2_file_key(ci, mk, need_dirhash_key);  in setup_file_encryption_key()
522 static void put_crypt_info(struct fscrypt_info *ci)  in put_crypt_info()  argument
526 	if (!ci)  in put_crypt_info()
529 	if (ci->ci_direct_key)  in put_crypt_info()
530 		fscrypt_put_direct_key(ci->ci_direct_key);  in put_crypt_info()
531 	else if (ci->ci_owns_key)  in put_crypt_info()
532 		fscrypt_destroy_prepared_key(ci->ci_inode->i_sb,  in put_crypt_info()
533 					     &ci->ci_enc_key);  in put_crypt_info()
535 	mk = ci->ci_master_key;  in put_crypt_info()
544 		list_del(&ci->ci_master_key_link);  in put_crypt_info()
546 		fscrypt_put_master_key_activeref(ci->ci_inode->i_sb, mk);  in put_crypt_info()
548 	memzero_explicit(ci, sizeof(*ci));  in put_crypt_info()
549 	kmem_cache_free(fscrypt_info_cachep, ci);  in put_crypt_info()
776 	const struct fscrypt_info *ci = fscrypt_get_info(inode);  in fscrypt_drop_inode()  local
784 	if (!ci || !ci->ci_master_key)  in fscrypt_drop_inode()
804 	return !is_master_key_secret_present(&ci->ci_master_key->mk_secret);  in fscrypt_drop_inode()