keysetup_v1.c - OpenGrok cross reference for /kernel/linux/linux-6.6/fs/crypto/keysetup

Lines Matching defs:key
18  * - Handling policies with the DIRECT_KEY flag set using a master key table
36  * v1 key derivation function.  This generates the derived key by encrypting the
37  * master key with AES-128-ECB using the nonce as the AES key.  This provides a
38  * unique derived key with sufficient entropy for each inode.  However, it's
40  * master key, and is trivially reversible: an attacker who compromises a
41  * derived key can "decrypt" it to get back to the master key, then derive any
42  * other key.  For all new code, use HKDF instead.
44  * The master key must be at least as long as the derived key.  If the master
45  * key is longer, then only the first 'derived_keysize' bytes are used.
87  * Search the current task's subscribed keyrings for a "logon" key with
91 static struct key *
98 	struct key *key;
107 	key = request_key(&key_type_logon, description, NULL);
109 	if (IS_ERR(key))
110 		return key;
112 	down_read(&key->sem);
113 	ukp = user_key_payload_locked(key);
115 	if (!ukp) /* was the key revoked before we acquired its semaphore? */
123 			     "key with description '%s' has invalid payload",
124 			     key->description);
130 			     "key with description '%s' is too short (got %u bytes, need %u+ bytes)",
131 			     key->description, payload->size, min_keysize);
136 	return key;
139 	up_read(&key->sem);
140 	key_put(key);
144 /* Master key referenced by DIRECT_KEY policy */
174  * Find/insert the given key into the fscrypt_direct_keys table.  If found, it
187 	 * Careful: to avoid potentially leaking secret key bytes via timing
188 	 * information, we must key the hash table by descriptor rather than by
189 	 * raw key, and use crypto_memneq() when comparing raw keys.
219 /* Prepare to encrypt directly using the master key in the given mode */
226 	/* Is there already a tfm for this key? */
252 /* v1 policy, DIRECT_KEY: use the master key directly */
266 /* v1 policy, !DIRECT_KEY: derive the file's encryption key */
302 	struct key *key;
306 	key = find_and_lock_process_key(FSCRYPT_KEY_DESC_PREFIX,
309 	if (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {
310 		key = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix,
314 	if (IS_ERR(key))
315 		return PTR_ERR(key);
318 	up_read(&key->sem);
319 	key_put(key);