setup_file_encryption

Name:Find the master key, then set up the inode's actual encryption key.* If the master key is found in the filesystem-level keyring, then the* corresponding 'struct key' is returned in *master_key_ret with* ->mk_secret_sem read-locked

Proto:static int setup_file_encryption_key(struct fscrypt_info *ci, struct key **master_key_ret)

Type:int

Parameter:

Type	Parameter	Name
struct fscrypt_info *	ci
struct key **	master_key_ret

236

struct fscrypt_master_key * mk = NULL

241

Case version == Legacy policy version; ad-hoc KDF and no key verification.* For new encrypted directories, use fscrypt_policy_v2 instead.* Careful: the .version field for this is actually 0, not 1.

242

of FSCRYPT_KEY_SPEC_TYPE_* = v1 policy keys are specified by an arbitrary 8-byte key "descriptor",* matching fscrypt_policy_v1::master_key_descriptor.

243

memcpy(descriptor, master_key_descriptor, FSCRYPT_KEY_DESCRIPTOR_SIZE)

246

Break

247

Case version == New policy version with HKDF and key verification (recommended).

248

of FSCRYPT_KEY_SPEC_TYPE_* = v2 policy keys are specified by a 16-byte key "identifier" which the kernel* calculates as a cryptographic hash of the key itself,* matching fscrypt_policy_v2::master_key_identifier.

249

memcpy(identifier, master_key_identifier, FSCRYPT_KEY_IDENTIFIER_SIZE)

252

Break

253

Default

254

WARN_ON(1)

255

Return -EINVAL

258

key = Find the specified master key in ->s_master_keys.* Returns ERR_PTR(-ENOKEY) if not found.

259

If IS_ERR(key) Then

260

If key != ERR_PTR( - ENOKEY) || version != Legacy policy version; ad-hoc KDF and no key verification.* For new encrypted directories, use fscrypt_policy_v2 instead.* Careful: the .version field for this is actually 0, not 1. Then Return PTR_ERR(key)

270

Return fscrypt_setup_v1_file_key_via_subscribed_keyrings(ci)

273

mk = data[0]

274

lock for reading

277

If Not is_master_key_secret_present( & The secret key material. After FS_IOC_REMOVE_ENCRYPTION_KEY is* executed, this is wiped and no new inodes can be unlocked with this* key; however, there may still be inodes in ->mk_decrypted_inodes* which could not be evicted) Then

278

err = -ENOKEY

279

Go to out_release_key

288

If Size of the raw key in bytes. Set even if ->raw isn't set. < keysize Then

289

fscrypt_warn(NULL, "key with %s %*phN is too short (got %u bytes, need %u+ bytes)", master_key_spec_type( & mk_spec), master_key_spec_len( & mk_spec), (u8 * ) & u, Size of the raw key in bytes. Set even if ->raw isn't set. , keysize)

294

err = -ENOKEY

295

Go to out_release_key

299

Case version == Legacy policy version; ad-hoc KDF and no key verification.* For new encrypted directories, use fscrypt_policy_v2 instead.* Careful: the .version field for this is actually 0, not 1.

300

err = fscrypt_setup_v1_file_key(ci, For v1 policy keys: the raw key. Wiped for v2 policy keys. )

301

Break

302

Case version == New policy version with HKDF and key verification (recommended).

303

err = fscrypt_setup_v2_file_key(ci, mk)

304

Break

305

Default

306

WARN_ON(1)

307

err = -EINVAL

308

Break

310

If err Then Go to out_release_key

313

master_key_ret = key

314

Return 0

316

out_release_key :

317

lease a read lock

318

key_put(key)

319

Return err

**Caller**
Name	Describe
fscrypt_get_encryption_info

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion

Function report