aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2010-12-13 16:53:13 -0500
committerJames Morris <jmorris@namei.org>2010-12-15 01:44:34 -0500
commit3b1826cebe1d534ec05417a29b9a9f82651a5cb5 (patch)
tree38fc352e647df90c86a0b03722eff8f66b7eb607 /security/keys
parent1f35065a9e2573427ce3fd6c4a40b355c2ddfb92 (diff)
encrypted-keys: style and other cleanup
Cleanup based on David Howells suggestions: - use static const char arrays instead of #define - rename init_sdesc to alloc_sdesc - convert 'unsigned int' definitions to 'size_t' - revert remaining 'const unsigned int' definitions to 'unsigned int' Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/keys')
-rw-r--r--security/keys/encrypted_defined.c60
-rw-r--r--security/keys/encrypted_defined.h6
2 files changed, 29 insertions, 37 deletions
diff --git a/security/keys/encrypted_defined.c b/security/keys/encrypted_defined.c
index d653e991c69..32d27c85838 100644
--- a/security/keys/encrypted_defined.c
+++ b/security/keys/encrypted_defined.c
@@ -32,21 +32,20 @@
32 32
33#include "encrypted_defined.h" 33#include "encrypted_defined.h"
34 34
35#define KEY_TRUSTED_PREFIX "trusted:" 35static const char KEY_TRUSTED_PREFIX[] = "trusted:";
36#define KEY_TRUSTED_PREFIX_LEN (sizeof (KEY_TRUSTED_PREFIX) - 1) 36static const char KEY_USER_PREFIX[] = "user:";
37#define KEY_USER_PREFIX "user:"
38#define KEY_USER_PREFIX_LEN (sizeof (KEY_USER_PREFIX) - 1)
39
40#define HASH_SIZE SHA256_DIGEST_SIZE
41#define MAX_DATA_SIZE 4096
42#define MIN_DATA_SIZE 20
43
44static const char hash_alg[] = "sha256"; 37static const char hash_alg[] = "sha256";
45static const char hmac_alg[] = "hmac(sha256)"; 38static const char hmac_alg[] = "hmac(sha256)";
46static const char blkcipher_alg[] = "cbc(aes)"; 39static const char blkcipher_alg[] = "cbc(aes)";
47static unsigned int ivsize; 40static unsigned int ivsize;
48static int blksize; 41static int blksize;
49 42
43#define KEY_TRUSTED_PREFIX_LEN (sizeof (KEY_TRUSTED_PREFIX) - 1)
44#define KEY_USER_PREFIX_LEN (sizeof (KEY_USER_PREFIX) - 1)
45#define HASH_SIZE SHA256_DIGEST_SIZE
46#define MAX_DATA_SIZE 4096
47#define MIN_DATA_SIZE 20
48
50struct sdesc { 49struct sdesc {
51 struct shash_desc shash; 50 struct shash_desc shash;
52 char ctx[]; 51 char ctx[];
@@ -217,8 +216,7 @@ out:
217 * data, trusted key type data is not visible decrypted from userspace. 216 * data, trusted key type data is not visible decrypted from userspace.
218 */ 217 */
219static struct key *request_trusted_key(const char *trusted_desc, 218static struct key *request_trusted_key(const char *trusted_desc,
220 u8 **master_key, 219 u8 **master_key, size_t *master_keylen)
221 unsigned int *master_keylen)
222{ 220{
223 struct trusted_key_payload *tpayload; 221 struct trusted_key_payload *tpayload;
224 struct key *tkey; 222 struct key *tkey;
@@ -241,7 +239,7 @@ error:
241 * Use a user provided key to encrypt/decrypt an encrypted-key. 239 * Use a user provided key to encrypt/decrypt an encrypted-key.
242 */ 240 */
243static struct key *request_user_key(const char *master_desc, u8 **master_key, 241static struct key *request_user_key(const char *master_desc, u8 **master_key,
244 unsigned int *master_keylen) 242 size_t *master_keylen)
245{ 243{
246 struct user_key_payload *upayload; 244 struct user_key_payload *upayload;
247 struct key *ukey; 245 struct key *ukey;
@@ -258,7 +256,7 @@ error:
258 return ukey; 256 return ukey;
259} 257}
260 258
261static struct sdesc *init_sdesc(struct crypto_shash *alg) 259static struct sdesc *alloc_sdesc(struct crypto_shash *alg)
262{ 260{
263 struct sdesc *sdesc; 261 struct sdesc *sdesc;
264 int size; 262 int size;
@@ -272,13 +270,13 @@ static struct sdesc *init_sdesc(struct crypto_shash *alg)
272 return sdesc; 270 return sdesc;
273} 271}
274 272
275static int calc_hmac(u8 *digest, const u8 *key, const unsigned int keylen, 273static int calc_hmac(u8 *digest, const u8 *key, unsigned int keylen,
276 const u8 *buf, const unsigned int buflen) 274 const u8 *buf, unsigned int buflen)
277{ 275{
278 struct sdesc *sdesc; 276 struct sdesc *sdesc;
279 int ret; 277 int ret;
280 278
281 sdesc = init_sdesc(hmacalg); 279 sdesc = alloc_sdesc(hmacalg);
282 if (IS_ERR(sdesc)) { 280 if (IS_ERR(sdesc)) {
283 pr_info("encrypted_key: can't alloc %s\n", hmac_alg); 281 pr_info("encrypted_key: can't alloc %s\n", hmac_alg);
284 return PTR_ERR(sdesc); 282 return PTR_ERR(sdesc);
@@ -291,12 +289,12 @@ static int calc_hmac(u8 *digest, const u8 *key, const unsigned int keylen,
291 return ret; 289 return ret;
292} 290}
293 291
294static int calc_hash(u8 *digest, const u8 *buf, const unsigned int buflen) 292static int calc_hash(u8 *digest, const u8 *buf, unsigned int buflen)
295{ 293{
296 struct sdesc *sdesc; 294 struct sdesc *sdesc;
297 int ret; 295 int ret;
298 296
299 sdesc = init_sdesc(hashalg); 297 sdesc = alloc_sdesc(hashalg);
300 if (IS_ERR(sdesc)) { 298 if (IS_ERR(sdesc)) {
301 pr_info("encrypted_key: can't alloc %s\n", hash_alg); 299 pr_info("encrypted_key: can't alloc %s\n", hash_alg);
302 return PTR_ERR(sdesc); 300 return PTR_ERR(sdesc);
@@ -311,8 +309,7 @@ enum derived_key_type { ENC_KEY, AUTH_KEY };
311 309
312/* Derive authentication/encryption key from trusted key */ 310/* Derive authentication/encryption key from trusted key */
313static int get_derived_key(u8 *derived_key, enum derived_key_type key_type, 311static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,
314 const u8 *master_key, 312 const u8 *master_key, size_t master_keylen)
315 const unsigned int master_keylen)
316{ 313{
317 u8 *derived_buf; 314 u8 *derived_buf;
318 unsigned int derived_buf_len; 315 unsigned int derived_buf_len;
@@ -340,8 +337,8 @@ static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,
340} 337}
341 338
342static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key, 339static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key,
343 const unsigned int key_len, const u8 *iv, 340 unsigned int key_len, const u8 *iv,
344 const unsigned int ivsize) 341 unsigned int ivsize)
345{ 342{
346 int ret; 343 int ret;
347 344
@@ -364,8 +361,7 @@ static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key,
364} 361}
365 362
366static struct key *request_master_key(struct encrypted_key_payload *epayload, 363static struct key *request_master_key(struct encrypted_key_payload *epayload,
367 u8 **master_key, 364 u8 **master_key, size_t *master_keylen)
368 unsigned int *master_keylen)
369{ 365{
370 struct key *mkey = NULL; 366 struct key *mkey = NULL;
371 367
@@ -394,7 +390,7 @@ out:
394/* Before returning data to userspace, encrypt decrypted data. */ 390/* Before returning data to userspace, encrypt decrypted data. */
395static int derived_key_encrypt(struct encrypted_key_payload *epayload, 391static int derived_key_encrypt(struct encrypted_key_payload *epayload,
396 const u8 *derived_key, 392 const u8 *derived_key,
397 const unsigned int derived_keylen) 393 unsigned int derived_keylen)
398{ 394{
399 struct scatterlist sg_in[2]; 395 struct scatterlist sg_in[2];
400 struct scatterlist sg_out[1]; 396 struct scatterlist sg_out[1];
@@ -433,8 +429,7 @@ out:
433} 429}
434 430
435static int datablob_hmac_append(struct encrypted_key_payload *epayload, 431static int datablob_hmac_append(struct encrypted_key_payload *epayload,
436 const u8 *master_key, 432 const u8 *master_key, size_t master_keylen)
437 const unsigned int master_keylen)
438{ 433{
439 u8 derived_key[HASH_SIZE]; 434 u8 derived_key[HASH_SIZE];
440 u8 *digest; 435 u8 *digest;
@@ -455,8 +450,7 @@ out:
455 450
456/* verify HMAC before decrypting encrypted key */ 451/* verify HMAC before decrypting encrypted key */
457static int datablob_hmac_verify(struct encrypted_key_payload *epayload, 452static int datablob_hmac_verify(struct encrypted_key_payload *epayload,
458 const u8 *master_key, 453 const u8 *master_key, size_t master_keylen)
459 const unsigned int master_keylen)
460{ 454{
461 u8 derived_key[HASH_SIZE]; 455 u8 derived_key[HASH_SIZE];
462 u8 digest[HASH_SIZE]; 456 u8 digest[HASH_SIZE];
@@ -485,7 +479,7 @@ out:
485 479
486static int derived_key_decrypt(struct encrypted_key_payload *epayload, 480static int derived_key_decrypt(struct encrypted_key_payload *epayload,
487 const u8 *derived_key, 481 const u8 *derived_key,
488 const unsigned int derived_keylen) 482 unsigned int derived_keylen)
489{ 483{
490 struct scatterlist sg_in[1]; 484 struct scatterlist sg_in[1];
491 struct scatterlist sg_out[2]; 485 struct scatterlist sg_out[2];
@@ -506,7 +500,7 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload,
506 sg_init_table(sg_out, 2); 500 sg_init_table(sg_out, 2);
507 sg_set_buf(sg_in, epayload->encrypted_data, encrypted_datalen); 501 sg_set_buf(sg_in, epayload->encrypted_data, encrypted_datalen);
508 sg_set_buf(&sg_out[0], epayload->decrypted_data, 502 sg_set_buf(&sg_out[0], epayload->decrypted_data,
509 (unsigned int)epayload->decrypted_datalen); 503 epayload->decrypted_datalen);
510 sg_set_buf(&sg_out[1], pad, sizeof pad); 504 sg_set_buf(&sg_out[1], pad, sizeof pad);
511 505
512 ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, encrypted_datalen); 506 ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, encrypted_datalen);
@@ -563,8 +557,8 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,
563 u8 *master_key; 557 u8 *master_key;
564 u8 *hmac; 558 u8 *hmac;
565 const char *hex_encoded_data; 559 const char *hex_encoded_data;
566 unsigned int master_keylen;
567 unsigned int encrypted_datalen; 560 unsigned int encrypted_datalen;
561 size_t master_keylen;
568 size_t asciilen; 562 size_t asciilen;
569 int ret; 563 int ret;
570 564
@@ -765,7 +759,7 @@ static long encrypted_read(const struct key *key, char __user *buffer,
765 struct encrypted_key_payload *epayload; 759 struct encrypted_key_payload *epayload;
766 struct key *mkey; 760 struct key *mkey;
767 u8 *master_key; 761 u8 *master_key;
768 unsigned int master_keylen; 762 size_t master_keylen;
769 char derived_key[HASH_SIZE]; 763 char derived_key[HASH_SIZE];
770 char *ascii_buf; 764 char *ascii_buf;
771 size_t asciiblob_len; 765 size_t asciiblob_len;
diff --git a/security/keys/encrypted_defined.h b/security/keys/encrypted_defined.h
index c298a3f1cf7..cef5e2f2b7d 100644
--- a/security/keys/encrypted_defined.h
+++ b/security/keys/encrypted_defined.h
@@ -4,8 +4,7 @@
4#define ENCRYPTED_DEBUG 0 4#define ENCRYPTED_DEBUG 0
5 5
6#if ENCRYPTED_DEBUG 6#if ENCRYPTED_DEBUG
7static inline void dump_master_key(const u8 *master_key, 7static inline void dump_master_key(const u8 *master_key, size_t master_keylen)
8 unsigned int master_keylen)
9{ 8{
10 print_hex_dump(KERN_ERR, "master key: ", DUMP_PREFIX_NONE, 32, 1, 9 print_hex_dump(KERN_ERR, "master key: ", DUMP_PREFIX_NONE, 32, 1,
11 master_key, master_keylen, 0); 10 master_key, master_keylen, 0);
@@ -34,8 +33,7 @@ static inline void dump_hmac(const char *str, const u8 *digest,
34 hmac_size, 0); 33 hmac_size, 0);
35} 34}
36#else 35#else
37static inline void dump_master_key(const u8 *master_key, 36static inline void dump_master_key(const u8 *master_key, size_t master_keylen)
38 unsigned int master_keylen)
39{ 37{
40} 38}
41 39
generated by cgit v1.2.2 (git 2.25.0) at 2026-04-25 15:09:54 -0400