xref: /kernel/linux/linux-6.6/fs/crypto/keyring.c

41 static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret)
43 	fscrypt_destroy_hkdf(&secret->hkdf);
44 	memzero_explicit(secret, sizeof(*secret));
59 	 * The master key secret and any embedded subkeys should have already
410  * Allocate a new fscrypt_master_key, transfer the given secret over to it, and
414 			      struct fscrypt_master_key_secret *secret,
441 	move_master_key_secret(&mk->mk_secret, secret);
458 				   struct fscrypt_master_key_secret *secret)
481 	/* Re-add the secret if needed. */
485 		move_master_key_secret(&mk->mk_secret, secret);
492 			     struct fscrypt_master_key_secret *secret,
506 			err = add_new_master_key(sb, secret, mk_spec);
509 		 * Found the key in ->s_master_keys.  Re-add the secret if
513 		err = add_existing_master_key(mk, secret);
522 			err = add_new_master_key(sb, secret, mk_spec);
531 			  struct fscrypt_master_key_secret *secret,
537 		err = fscrypt_init_hkdf(&secret->hkdf, secret->raw,
538 					secret->size);
546 		memzero_explicit(secret->raw, secret->size);
549 		err = fscrypt_hkdf_expand(&secret->hkdf,
556 	return do_add_master_key(sb, secret, key_spec);
616  * store it into 'secret'.
630 			   struct fscrypt_master_key_secret *secret)
650 	secret->size = key->datalen - sizeof(*payload);
651 	memcpy(secret->raw, payload->raw, secret->size);
691 	struct fscrypt_master_key_secret secret;
712 	memset(&secret, 0, sizeof(secret));
716 		err = get_keyring_key(arg.key_id, arg.key_spec.type, &secret);
723 		secret.size = arg.raw_size;
725 		if (copy_from_user(secret.raw, uarg->raw, secret.size))
729 	err = add_master_key(sb, &secret, &arg.key_spec);
741 	wipe_master_key_secret(&secret);
747 fscrypt_get_test_dummy_secret(struct fscrypt_master_key_secret *secret)
753 	memset(secret, 0, sizeof(*secret));
754 	secret->size = FSCRYPT_MAX_KEY_SIZE;
755 	memcpy(secret->raw, test_key, FSCRYPT_MAX_KEY_SIZE);
761 	struct fscrypt_master_key_secret secret;
764 	fscrypt_get_test_dummy_secret(&secret);
766 	err = fscrypt_init_hkdf(&secret.hkdf, secret.raw, secret.size);
769 	err = fscrypt_hkdf_expand(&secret.hkdf, HKDF_CONTEXT_KEY_IDENTIFIER,
773 	wipe_master_key_secret(&secret);
792 	struct fscrypt_master_key_secret secret;
795 	fscrypt_get_test_dummy_secret(&secret);
796 	err = add_master_key(sb, &secret, key_spec);
797 	wipe_master_key_secret(&secret);
986  * To "remove the key itself", first we wipe the actual master key secret, so
992  * state (without the actual secret key) where it tracks the list of remaining
994  * alternatively can re-add the secret key again.
1056 	/* No user claims remaining.  Go ahead and wipe the secret. */
1077 	 * key, wiped the secret, or tried locking the files again.  Users need
1107  * secret has been removed, but some files which had been unlocked with it are
1117  * secret key is shared by multiple users, applications may wish to add an

Indexes created Thu Nov 07 10:32:03 CST 2024