H A D | encrypted.c | 275 static char *datablob_format(struct encrypted_key_payload *epayload, datablob_format() argument 279 u8 *iv = epayload->iv; datablob_format() 290 len = sprintf(ascii_buf, "%s %s %s ", epayload->format, datablob_format() 291 epayload->master_desc, epayload->datalen); datablob_format() 428 static struct key *request_master_key(struct encrypted_key_payload *epayload, request_master_key() argument 433 if (!strncmp(epayload->master_desc, KEY_TRUSTED_PREFIX, request_master_key() 435 mkey = request_trusted_key(epayload->master_desc + request_master_key() 438 } else if (!strncmp(epayload->master_desc, KEY_USER_PREFIX, request_master_key() 440 mkey = request_user_key(epayload->master_desc + request_master_key() 451 epayload->master_desc); request_master_key() 454 epayload->master_desc); request_master_key() 464 static int derived_key_encrypt(struct encrypted_key_payload *epayload, derived_key_encrypt() argument 476 encrypted_datalen = roundup(epayload->decrypted_datalen, blksize); derived_key_encrypt() 477 padlen = encrypted_datalen - epayload->decrypted_datalen; derived_key_encrypt() 480 epayload->iv, ivsize); derived_key_encrypt() 483 dump_decrypted_data(epayload); derived_key_encrypt() 487 sg_set_buf(&sg_in[0], epayload->decrypted_data, derived_key_encrypt() 488 epayload->decrypted_datalen); derived_key_encrypt() 492 sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen); derived_key_encrypt() 499 dump_encrypted_data(epayload, encrypted_datalen); derived_key_encrypt() 504 static int datablob_hmac_append(struct encrypted_key_payload *epayload, datablob_hmac_append() argument 515 digest = epayload->format + epayload->datablob_len; datablob_hmac_append() 517 epayload->format, epayload->datablob_len); datablob_hmac_append() 525 static int datablob_hmac_verify(struct encrypted_key_payload *epayload, datablob_hmac_verify() argument 539 len = epayload->datablob_len; datablob_hmac_verify() 541 p = epayload->master_desc; datablob_hmac_verify() 542 len -= strlen(epayload->format) + 1; datablob_hmac_verify() 544 p = epayload->format; datablob_hmac_verify() 549 ret = memcmp(digest, epayload->format + epayload->datablob_len, datablob_hmac_verify() 554 epayload->format + epayload->datablob_len, datablob_hmac_verify() 562 static int derived_key_decrypt(struct encrypted_key_payload *epayload, derived_key_decrypt() argument 573 encrypted_datalen = roundup(epayload->decrypted_datalen, blksize); derived_key_decrypt() 575 epayload->iv, ivsize); derived_key_decrypt() 578 dump_encrypted_data(epayload, encrypted_datalen); derived_key_decrypt() 583 sg_set_buf(sg_in, epayload->encrypted_data, encrypted_datalen); derived_key_decrypt() 584 sg_set_buf(&sg_out[0], epayload->decrypted_data, derived_key_decrypt() 585 epayload->decrypted_datalen); derived_key_decrypt() 592 dump_decrypted_data(epayload); derived_key_decrypt() 603 struct encrypted_key_payload *epayload = NULL; encrypted_key_alloc() local 640 epayload = kzalloc(sizeof(*epayload) + payload_datalen + encrypted_key_alloc() 642 if (!epayload) encrypted_key_alloc() 645 epayload->payload_datalen = payload_datalen; encrypted_key_alloc() 646 epayload->decrypted_datalen = decrypted_datalen; encrypted_key_alloc() 647 epayload->datablob_len = datablob_len; encrypted_key_alloc() 648 return epayload; encrypted_key_alloc() 651 static int encrypted_key_decrypt(struct encrypted_key_payload *epayload, encrypted_key_decrypt() argument 664 encrypted_datalen = roundup(epayload->decrypted_datalen, blksize); encrypted_key_decrypt() 670 ret = hex2bin(epayload->iv, hex_encoded_iv, ivsize); encrypted_key_decrypt() 673 ret = hex2bin(epayload->encrypted_data, hex_encoded_data, encrypted_key_decrypt() 678 hmac = epayload->format + epayload->datablob_len; encrypted_key_decrypt() 684 mkey = request_master_key(epayload, &master_key, &master_keylen); encrypted_key_decrypt() 688 ret = datablob_hmac_verify(epayload, format, master_key, master_keylen); encrypted_key_decrypt() 698 ret = derived_key_decrypt(epayload, derived_key, sizeof derived_key); encrypted_key_decrypt() 707 static void __ekey_init(struct encrypted_key_payload *epayload, __ekey_init() argument 714 epayload->format = epayload->payload_data + epayload->payload_datalen; __ekey_init() 715 epayload->master_desc = epayload->format + format_len + 1; __ekey_init() 716 epayload->datalen = epayload->master_desc + strlen(master_desc) + 1; __ekey_init() 717 epayload->iv = epayload->datalen + strlen(datalen) + 1; __ekey_init() 718 epayload->encrypted_data = epayload->iv + ivsize + 1; __ekey_init() 719 epayload->decrypted_data = epayload->payload_data; __ekey_init() 722 memcpy(epayload->format, key_format_default, format_len); __ekey_init() 725 epayload->decrypted_data = __ekey_init() 726 ecryptfs_get_auth_tok_key((struct ecryptfs_auth_tok *)epayload->payload_data); __ekey_init() 728 memcpy(epayload->format, format, format_len); __ekey_init() 731 memcpy(epayload->master_desc, master_desc, strlen(master_desc)); __ekey_init() 732 memcpy(epayload->datalen, datalen, strlen(datalen)); __ekey_init() 741 static int encrypted_init(struct encrypted_key_payload *epayload, encrypted_init() argument 753 ecryptfs_fill_auth_tok((struct ecryptfs_auth_tok *)epayload->payload_data, encrypted_init() 757 __ekey_init(epayload, format, master_desc, datalen); encrypted_init() 759 get_random_bytes(epayload->iv, ivsize); encrypted_init() 761 get_random_bytes(epayload->decrypted_data, encrypted_init() 762 epayload->decrypted_datalen); encrypted_init() 764 ret = encrypted_key_decrypt(epayload, format, hex_encoded_iv); encrypted_init() 779 struct encrypted_key_payload *epayload = NULL; encrypted_instantiate() local 801 epayload = encrypted_key_alloc(key, format, master_desc, encrypted_instantiate() 803 if (IS_ERR(epayload)) { encrypted_instantiate() 804 ret = PTR_ERR(epayload); encrypted_instantiate() 807 ret = encrypted_init(epayload, key->description, format, master_desc, encrypted_instantiate() 810 kfree(epayload); encrypted_instantiate() 814 rcu_assign_keypointer(key, epayload); encrypted_instantiate() 822 struct encrypted_key_payload *epayload; encrypted_rcu_free() local 824 epayload = container_of(rcu, struct encrypted_key_payload, rcu); encrypted_rcu_free() 825 memset(epayload->decrypted_data, 0, epayload->decrypted_datalen); encrypted_rcu_free() 826 kfree(epayload); encrypted_rcu_free() 840 struct encrypted_key_payload *epayload = key->payload.data; encrypted_update() local 863 ret = valid_master_desc(new_master_desc, epayload->master_desc); encrypted_update() 867 new_epayload = encrypted_key_alloc(key, epayload->format, encrypted_update() 868 new_master_desc, epayload->datalen); encrypted_update() 874 __ekey_init(new_epayload, epayload->format, new_master_desc, encrypted_update() 875 epayload->datalen); encrypted_update() 877 memcpy(new_epayload->iv, epayload->iv, ivsize); encrypted_update() 878 memcpy(new_epayload->payload_data, epayload->payload_data, encrypted_update() 879 epayload->payload_datalen); encrypted_update() 882 call_rcu(&epayload->rcu, encrypted_rcu_free); encrypted_update() 899 struct encrypted_key_payload *epayload; encrypted_read() local 908 epayload = rcu_dereference_key(key); encrypted_read() 911 asciiblob_len = epayload->datablob_len + ivsize + 1 encrypted_read() 912 + roundup(epayload->decrypted_datalen, blksize) encrypted_read() 918 mkey = request_master_key(epayload, &master_key, &master_keylen); encrypted_read() 926 ret = derived_key_encrypt(epayload, derived_key, sizeof derived_key); encrypted_read() 930 ret = datablob_hmac_append(epayload, master_key, master_keylen); encrypted_read() 934 ascii_buf = datablob_format(epayload, asciiblob_len); encrypted_read() 962 struct encrypted_key_payload *epayload = key->payload.data; encrypted_destroy() local 964 if (!epayload) encrypted_destroy() 967 memset(epayload->decrypted_data, 0, epayload->decrypted_datalen); encrypted_destroy()
|