fscrypt.rst - OpenGrok cross reference for /kernel/linux/linux-6.6/Documentation/filesystems/fscrypt.rst

Lines Matching full:filenames
30 However, except for filenames, fscrypt does not encrypt filesystem
39 needed.  eCryptfs also limits encrypted filenames to 143 bytes,
57 protects the confidentiality of file contents and filenames in the
90 plaintext file contents or filenames from other users on the same
137 - In general, decrypted contents and filenames in the kernel VFS
179 greater of the security strength of the contents and filenames
263 suitable for both contents and filenames encryption, and it accepts
272 (contents or filenames) is encrypted, the file's 16-byte nonce is
290 key and a single filenames encryption key.  To still encrypt different
323 plaintext filenames, the KDF is also used to derive a 128-bit
324 SipHash-2-4 key per directory in order to hash filenames.  This works
333 and one encryption mode to be specified for filenames.  Different
341 - AES-256-XTS for contents and AES-256-CTS-CBC for filenames
342 - AES-256-XTS for contents and AES-256-HCTR2 for filenames
343 - Adiantum for both contents and filenames
344 - AES-128-CBC-ESSIV for contents and AES-128-CTS-CBC for filenames
345 - SM4-XTS for contents and SM4-CTS-CBC for filenames
353 or a wide-block cipher.  Filenames encryption uses a
363 upgrades the filenames encryption to use a wide-block cipher.  (A
366 entire result.)  As described in `Filenames encryption`_, a wide-block
408 API, but the filenames mode still does.
480 Filenames encryption
483 For filenames, each full filename is encrypted at once.  Because of
485 filenames of up to 255 bytes, the same IV is used for every filename
493 With CTS-CBC, the IV reuse means that when the plaintext filenames share a
495 corresponding encrypted filenames will also share a common prefix.  This is
499 All supported filenames encryption modes accept any plaintext length
501 filenames shorter than 16 bytes are NUL-padded to 16 bytes before
503 via their ciphertexts, all filenames are NUL-padded to the next 4, 8,
507 not otherwise a valid character in filenames, the padding will never
511 encrypted in the same way as filenames in directory entries, except
575     encrypting filenames.  If unsure, use FSCRYPT_POLICY_FLAGS_PAD_32
615 The filenames in the directory's entries will be encrypted as well.
1177 - Directories may be listed, in which case the filenames will be
1181   guaranteed that the presented filenames will be no longer than
1194   in encrypted form, similar to filenames in directories.  Hence, they
1376 plaintext filenames, since the plaintext filenames are unavailable
1377 without the key.  (Hashing the plaintext filenames would also make it
1379 directories.)  Instead, filesystems hash the ciphertext filenames,
1386 filenames.  Therefore, readdir() must base64url-encode the ciphertext
1387 for presentation.  For most filenames, this works fine; on ->lookup(),
1391 However, for very long filenames, base64url encoding would cause the
1393 actually presents long filenames in an abbreviated form which encodes
1401 Note that the precise way that filenames are presented to userspace
1403 as a way to temporarily present valid filenames so that commands like