fscrypt.rst - OpenGrok cross reference for /linux/Documentation/filesystems/fscrypt.rst

Lines Matching refs:policies
148 Limitations of v1 policies
151 v1 encryption policies have some weaknesses with respect to online
167 All the above problems are fixed with v2 encryption policies.  For
169 policies on all new encrypted directories.
212 the key is used for v1 encryption policies or for v2 encryption
213 policies.  Users **must not** use the same key for both v1 and v2
214 encryption policies.  (No real-world attack is currently known on this
218 For v1 encryption policies, the KDF only supports deriving per-file
224 For v2 encryption policies, the KDF is HKDF-SHA512.  The master key is
259 DIRECT_KEY policies
275 - For v1 encryption policies, the encryption is done directly with the
277   key for any other purpose, even for other v1 policies.
279 - For v2 encryption policies, the encryption is done with a per-mode
281   other v2 encryption policies.
283 IV_INO_LBLK_64 policies
298 IV_INO_LBLK_32 policies
301 IV_INO_LBLK_32 policies work like IV_INO_LBLK_64, except that for
315 For master keys used for v2 encryption policies, a unique 16-byte "key
379 - With `DIRECT_KEY policies`_, the file's nonce is appended to the IV.
382 - With `IV_INO_LBLK_64 policies`_, the logical block number is limited
386 - With `IV_INO_LBLK_32 policies`_, the logical block number is limited
403 alternatively has the file's nonce (for `DIRECT_KEY policies`_) or
404 inode number (for `IV_INO_LBLK_64 policies`_) included in the IVs.
471   For new encrypted directories, use v2 policies.
484   - FSCRYPT_POLICY_FLAG_DIRECT_KEY: See `DIRECT_KEY policies`_.
486     policies`_.
488     policies`_.
490   v1 encryption policies only support the PAD_* and DIRECT_KEY flags.
491   The other flags are only supported by v2 encryption policies.
496 - For v2 encryption policies, ``__reserved`` must be zeroed.
498 - For v1 encryption policies, ``master_key_descriptor`` specifies how
507   For v2 encryption policies, ``master_key_descriptor`` has been
553   flag enabled (casefolding is incompatible with v1 policies).
714 - If the key is being added for use by v1 encryption policies, then
723   policies, then ``key_spec.type`` must contain
792 For v1 encryption policies, a master encryption key can also be
798 policies) for several reasons.  First, it cannot be used in
876     - To remove a key used by v1 encryption policies, set
882     - To remove a key used by v2 encryption policies, set
978     - To get the status of a key for v1 encryption policies, set
982     - To get the status of a key for v2 encryption policies, set
1021 encryption policies using the legacy mechanism involving
1136 this by validating all top-level encryption policies prior to access.
1226 keys`_ and `DIRECT_KEY policies`_.