| H A D | encrypted.c | 275 static char *datablob_format(struct encrypted_key_payload *epayload, datablob_format() argument
279 u8 *iv = epayload->iv; datablob_format()
290 len = sprintf(ascii_buf, "%s %s %s ", epayload->format, datablob_format()
291 epayload->master_desc, epayload->datalen); datablob_format()
428 static struct key *request_master_key(struct encrypted_key_payload *epayload, request_master_key() argument
433 if (!strncmp(epayload->master_desc, KEY_TRUSTED_PREFIX, request_master_key()
435 mkey = request_trusted_key(epayload->master_desc + request_master_key()
438 } else if (!strncmp(epayload->master_desc, KEY_USER_PREFIX, request_master_key()
440 mkey = request_user_key(epayload->master_desc + request_master_key()
451 epayload->master_desc); request_master_key()
454 epayload->master_desc); request_master_key()
464 static int derived_key_encrypt(struct encrypted_key_payload *epayload, derived_key_encrypt() argument
476 encrypted_datalen = roundup(epayload->decrypted_datalen, blksize); derived_key_encrypt()
477 padlen = encrypted_datalen - epayload->decrypted_datalen; derived_key_encrypt()
480 epayload->iv, ivsize); derived_key_encrypt()
483 dump_decrypted_data(epayload); derived_key_encrypt()
487 sg_set_buf(&sg_in[0], epayload->decrypted_data, derived_key_encrypt()
488 epayload->decrypted_datalen); derived_key_encrypt()
492 sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen); derived_key_encrypt()
499 dump_encrypted_data(epayload, encrypted_datalen); derived_key_encrypt()
504 static int datablob_hmac_append(struct encrypted_key_payload *epayload, datablob_hmac_append() argument
515 digest = epayload->format + epayload->datablob_len; datablob_hmac_append()
517 epayload->format, epayload->datablob_len); datablob_hmac_append()
525 static int datablob_hmac_verify(struct encrypted_key_payload *epayload, datablob_hmac_verify() argument
539 len = epayload->datablob_len; datablob_hmac_verify()
541 p = epayload->master_desc; datablob_hmac_verify()
542 len -= strlen(epayload->format) + 1; datablob_hmac_verify()
544 p = epayload->format; datablob_hmac_verify()
549 ret = memcmp(digest, epayload->format + epayload->datablob_len, datablob_hmac_verify()
554 epayload->format + epayload->datablob_len, datablob_hmac_verify()
562 static int derived_key_decrypt(struct encrypted_key_payload *epayload, derived_key_decrypt() argument
573 encrypted_datalen = roundup(epayload->decrypted_datalen, blksize); derived_key_decrypt()
575 epayload->iv, ivsize); derived_key_decrypt()
578 dump_encrypted_data(epayload, encrypted_datalen); derived_key_decrypt()
583 sg_set_buf(sg_in, epayload->encrypted_data, encrypted_datalen); derived_key_decrypt()
584 sg_set_buf(&sg_out[0], epayload->decrypted_data, derived_key_decrypt()
585 epayload->decrypted_datalen); derived_key_decrypt()
592 dump_decrypted_data(epayload); derived_key_decrypt()
603 struct encrypted_key_payload *epayload = NULL; encrypted_key_alloc() local
640 epayload = kzalloc(sizeof(*epayload) + payload_datalen + encrypted_key_alloc()
642 if (!epayload) encrypted_key_alloc()
645 epayload->payload_datalen = payload_datalen; encrypted_key_alloc()
646 epayload->decrypted_datalen = decrypted_datalen; encrypted_key_alloc()
647 epayload->datablob_len = datablob_len; encrypted_key_alloc()
648 return epayload; encrypted_key_alloc()
651 static int encrypted_key_decrypt(struct encrypted_key_payload *epayload, encrypted_key_decrypt() argument
664 encrypted_datalen = roundup(epayload->decrypted_datalen, blksize); encrypted_key_decrypt()
670 ret = hex2bin(epayload->iv, hex_encoded_iv, ivsize); encrypted_key_decrypt()
673 ret = hex2bin(epayload->encrypted_data, hex_encoded_data, encrypted_key_decrypt()
678 hmac = epayload->format + epayload->datablob_len; encrypted_key_decrypt()
684 mkey = request_master_key(epayload, &master_key, &master_keylen); encrypted_key_decrypt()
688 ret = datablob_hmac_verify(epayload, format, master_key, master_keylen); encrypted_key_decrypt()
698 ret = derived_key_decrypt(epayload, derived_key, sizeof derived_key); encrypted_key_decrypt()
707 static void __ekey_init(struct encrypted_key_payload *epayload, __ekey_init() argument
714 epayload->format = epayload->payload_data + epayload->payload_datalen; __ekey_init()
715 epayload->master_desc = epayload->format + format_len + 1; __ekey_init()
716 epayload->datalen = epayload->master_desc + strlen(master_desc) + 1; __ekey_init()
717 epayload->iv = epayload->datalen + strlen(datalen) + 1; __ekey_init()
718 epayload->encrypted_data = epayload->iv + ivsize + 1; __ekey_init()
719 epayload->decrypted_data = epayload->payload_data; __ekey_init()
722 memcpy(epayload->format, key_format_default, format_len); __ekey_init()
725 epayload->decrypted_data = __ekey_init()
726 ecryptfs_get_auth_tok_key((struct ecryptfs_auth_tok *)epayload->payload_data); __ekey_init()
728 memcpy(epayload->format, format, format_len); __ekey_init()
731 memcpy(epayload->master_desc, master_desc, strlen(master_desc)); __ekey_init()
732 memcpy(epayload->datalen, datalen, strlen(datalen)); __ekey_init()
741 static int encrypted_init(struct encrypted_key_payload *epayload, encrypted_init() argument
753 ecryptfs_fill_auth_tok((struct ecryptfs_auth_tok *)epayload->payload_data, encrypted_init()
757 __ekey_init(epayload, format, master_desc, datalen); encrypted_init()
759 get_random_bytes(epayload->iv, ivsize); encrypted_init()
761 get_random_bytes(epayload->decrypted_data, encrypted_init()
762 epayload->decrypted_datalen); encrypted_init()
764 ret = encrypted_key_decrypt(epayload, format, hex_encoded_iv); encrypted_init()
779 struct encrypted_key_payload *epayload = NULL; encrypted_instantiate() local
801 epayload = encrypted_key_alloc(key, format, master_desc, encrypted_instantiate()
803 if (IS_ERR(epayload)) { encrypted_instantiate()
804 ret = PTR_ERR(epayload); encrypted_instantiate()
807 ret = encrypted_init(epayload, key->description, format, master_desc, encrypted_instantiate()
810 kfree(epayload); encrypted_instantiate()
814 rcu_assign_keypointer(key, epayload); encrypted_instantiate()
822 struct encrypted_key_payload *epayload; encrypted_rcu_free() local
824 epayload = container_of(rcu, struct encrypted_key_payload, rcu); encrypted_rcu_free()
825 memset(epayload->decrypted_data, 0, epayload->decrypted_datalen); encrypted_rcu_free()
826 kfree(epayload); encrypted_rcu_free()
840 struct encrypted_key_payload *epayload = key->payload.data; encrypted_update() local
863 ret = valid_master_desc(new_master_desc, epayload->master_desc); encrypted_update()
867 new_epayload = encrypted_key_alloc(key, epayload->format, encrypted_update()
868 new_master_desc, epayload->datalen); encrypted_update()
874 __ekey_init(new_epayload, epayload->format, new_master_desc, encrypted_update()
875 epayload->datalen); encrypted_update()
877 memcpy(new_epayload->iv, epayload->iv, ivsize); encrypted_update()
878 memcpy(new_epayload->payload_data, epayload->payload_data, encrypted_update()
879 epayload->payload_datalen); encrypted_update()
882 call_rcu(&epayload->rcu, encrypted_rcu_free); encrypted_update()
899 struct encrypted_key_payload *epayload; encrypted_read() local
908 epayload = rcu_dereference_key(key); encrypted_read()
911 asciiblob_len = epayload->datablob_len + ivsize + 1 encrypted_read()
912 + roundup(epayload->decrypted_datalen, blksize) encrypted_read()
918 mkey = request_master_key(epayload, &master_key, &master_keylen); encrypted_read()
926 ret = derived_key_encrypt(epayload, derived_key, sizeof derived_key); encrypted_read()
930 ret = datablob_hmac_append(epayload, master_key, master_keylen); encrypted_read()
934 ascii_buf = datablob_format(epayload, asciiblob_len); encrypted_read()
962 struct encrypted_key_payload *epayload = key->payload.data; encrypted_destroy() local
964 if (!epayload) encrypted_destroy()
967 memset(epayload->decrypted_data, 0, epayload->decrypted_datalen); encrypted_destroy()
|