fs/ceph/crypto.h
Source file repositories/reference/linux-study-clean/fs/ceph/crypto.h
File Facts
- System
- Linux kernel
- Corpus path
fs/ceph/crypto.h- Extension
.h- Size
- 7573 bytes
- Lines
- 273
- Domain
- Core OS
- Bucket
- VFS And Filesystem Core
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
crypto/sha2.hlinux/fscrypt.hlinux/base64.h
Detected Declarations
struct ceph_fs_clientstruct ceph_acl_sec_ctxstruct ceph_mds_requeststruct ceph_fnamestruct ceph_fscrypt_truncate_size_headerstruct ceph_fscrypt_authfunction ceph_fscrypt_auth_lenfunction ceph_fname_alloc_bufferfunction ceph_fname_free_bufferfunction ceph_fscrypt_blocksfunction ceph_fscrypt_adjust_off_and_lenfunction ceph_fscrypt_set_opsfunction ceph_fscrypt_as_ctx_to_reqfunction ceph_fname_alloc_bufferfunction ceph_fname_free_bufferfunction ceph_fscrypt_prepare_readdirfunction ceph_fscrypt_adjust_off_and_lenfunction ceph_fscrypt_encrypt_block_inplacefunction ceph_fscrypt_decrypt_pagesfunction ceph_fscrypt_decrypt_extentsfunction ceph_fscrypt_encrypt_pagesfunction ceph_fscrypt_page_offset
Annotated Snippet
struct ceph_fname {
struct inode *dir;
char *name; // b64 encoded, possibly hashed
unsigned char *ctext; // binary crypttext (if any)
u32 name_len; // length of name buffer
u32 ctext_len; // length of crypttext
bool no_copy;
};
/*
* Header for the encrypted file when truncating the size, this
* will be sent to MDS, and the MDS will update the encrypted
* last block and then truncate the size.
*/
struct ceph_fscrypt_truncate_size_header {
__u8 ver;
__u8 compat;
/*
* It will be sizeof(assert_ver + file_offset + block_size)
* if the last block is empty when it's located in a file
* hole. Or the data_len will plus CEPH_FSCRYPT_BLOCK_SIZE.
*/
__le32 data_len;
__le64 change_attr;
__le64 file_offset;
__le32 block_size;
} __packed;
struct ceph_fscrypt_auth {
__le32 cfa_version;
__le32 cfa_blob_len;
u8 cfa_blob[FSCRYPT_SET_CONTEXT_MAX_SIZE];
} __packed;
#define CEPH_FSCRYPT_AUTH_VERSION 1
static inline u32 ceph_fscrypt_auth_len(struct ceph_fscrypt_auth *fa)
{
u32 ctxsize = le32_to_cpu(fa->cfa_blob_len);
return offsetof(struct ceph_fscrypt_auth, cfa_blob) + ctxsize;
}
#ifdef CONFIG_FS_ENCRYPTION
/*
* We want to encrypt filenames when creating them, but the encrypted
* versions of those names may have illegal characters in them. To mitigate
* that, we base64 encode them, but that gives us a result that can exceed
* NAME_MAX.
*
* Follow a similar scheme to fscrypt itself, and cap the filename to a
* smaller size. If the ciphertext name is longer than the value below, then
* sha256 hash the remaining bytes.
*
* For the fscrypt_nokey_name struct the dirhash[2] member is useless in ceph
* so the corresponding struct will be:
*
* struct fscrypt_ceph_nokey_name {
* u8 bytes[157];
* u8 sha256[SHA256_DIGEST_SIZE];
* }; // 180 bytes => 240 bytes base64-encoded, which is <= NAME_MAX (255)
*
* (240 bytes is the maximum size allowed for snapshot names to take into
* account the format: '_<SNAPSHOT-NAME>_<INODE-NUMBER>'.)
*
* Note that for long names that end up having their tail portion hashed, we
* must also store the full encrypted name (in the dentry's alternate_name
* field).
*/
#define CEPH_NOHASH_NAME_MAX (180 - SHA256_DIGEST_SIZE)
void ceph_fscrypt_set_ops(struct super_block *sb);
void ceph_fscrypt_free_dummy_policy(struct ceph_fs_client *fsc);
int ceph_fscrypt_prepare_context(struct inode *dir, struct inode *inode,
struct ceph_acl_sec_ctx *as);
void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req,
struct ceph_acl_sec_ctx *as);
int ceph_encode_encrypted_dname(struct inode *parent, char *buf, int len);
static inline int ceph_fname_alloc_buffer(struct inode *parent,
struct fscrypt_str *fname)
{
if (!IS_ENCRYPTED(parent))
return 0;
return fscrypt_fname_alloc_buffer(NAME_MAX, fname);
}
Annotation
- Immediate include surface: `crypto/sha2.h`, `linux/fscrypt.h`, `linux/base64.h`.
- Detected declarations: `struct ceph_fs_client`, `struct ceph_acl_sec_ctx`, `struct ceph_mds_request`, `struct ceph_fname`, `struct ceph_fscrypt_truncate_size_header`, `struct ceph_fscrypt_auth`, `function ceph_fscrypt_auth_len`, `function ceph_fname_alloc_buffer`, `function ceph_fname_free_buffer`, `function ceph_fscrypt_blocks`.
- Atlas domain: Core OS / VFS And Filesystem Core.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.