xref: /kernel/linux/linux-5.10/security/keys/encrypted-keys/encrypted.c

24 #include <linux/key-type.h>
98  * valid_ecryptfs_desc - verify the description of a new/loaded encrypted key
100  * The description of a encrypted key with format 'ecryptfs' must contain
109 		pr_err("encrypted_key: key description must be %d hexadecimal "
116 			pr_err("encrypted_key: key description must contain "
126  * valid_master_desc - verify the 'key-type:desc' of a new/updated master-key
128  * key-type:= "trusted:" | "user:"
129  * desc:= master-key description
131  * Verify that 'key-type' is valid and that 'desc' exists. On key update,
132  * only the master key description is permitted to change, not the key-type.
133  * The key-type remains constant.
161  * new [<format>] <master-key name> <decrypted data length>
162  * load [<format>] <master-key name> <decrypted data length>
164  * update <new-master-key name>
209 		pr_info("encrypted_key: master key parameter is missing\n");
214 		pr_info("encrypted_key: master key parameter \'%s\' "
297  * request_user_key - request the user key
299  * Use a user provided key to encrypt/decrypt an encrypted-key.
301 static struct key *request_user_key(const char *master_desc, const u8 **master_key,
305 	struct key *ukey;
314 		/* key was revoked before we acquired its semaphore */
326 static int calc_hmac(u8 *digest, const u8 *key, unsigned int keylen,
339 	err = crypto_shash_setkey(tfm, key, keylen);
348 /* Derive authentication/encryption key from trusted key */
377 static struct skcipher_request *init_skcipher_req(const u8 *key,
391 	ret = crypto_skcipher_setkey(tfm, key, key_len);
410 static struct key *request_master_key(struct encrypted_key_payload *epayload,
413 	struct key *mkey = ERR_PTR(-EINVAL);
432 			pr_info("encrypted_key: key %s not supported",
435 			pr_info("encrypted_key: key %s not found",
509 /* verify HMAC before decrypting encrypted key */
594 /* Allocate memory for decrypted key and datablob. */
595 static struct encrypted_key_payload *encrypted_key_alloc(struct key *key,
627 				pr_err("encrypted_key: enc32 key payload incorrect length: %d\n",
639 	ret = key_payload_reserve(key, payload_datalen + datablob_len
658 	struct key *mkey;
704 		pr_err("encrypted_key: failed to decrypt key (%d)\n", ret);
741  * encrypted_init - initialize an encrypted key
743  * For a new key, use a random number for both the iv and data
744  * itself.  For an old key, decrypt the hex encoded data.
774  * encrypted_instantiate - instantiate an encrypted key
776  * Decrypt an existing encrypted datablob or create a new encrypted key
781 static int encrypted_instantiate(struct key *key,
806 	epayload = encrypted_key_alloc(key, format, master_desc,
812 	ret = encrypted_init(epayload, key->description, format, master_desc,
819 	rcu_assign_keypointer(key, epayload);
834  * encrypted_update - update the master key description
836  * Change the master key description for an existing encrypted key.
838  * master key description.
842 static int encrypted_update(struct key *key, struct key_preparsed_payload *prep)
844 	struct encrypted_key_payload *epayload = key->payload.data[0];
852 	if (key_is_negative(key))
871 	new_epayload = encrypted_key_alloc(key, epayload->format,
885 	rcu_assign_keypointer(key, new_epayload);
896  * <master-key name> <decrypted data length> <encrypted iv> <encrypted data>
898  * On success, return to userspace the encrypted key datablob size.
900 static long encrypted_read(const struct key *key, char *buffer,
904 	struct key *mkey;
912 	epayload = dereference_key_locked(key);
960  * encrypted_destroy - clear and free the key's payload
962 static void encrypted_destroy(struct key *key)
964 	kfree_sensitive(key->payload.data[0]);

Indexes created Thu Nov 07 10:32:03 CST 2024