Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3b1826ce authored by Mimi Zohar's avatar Mimi Zohar Committed by James Morris
Browse files

encrypted-keys: style and other cleanup 



Cleanup based on David Howells suggestions:
- use static const char arrays instead of #define
- rename init_sdesc to alloc_sdesc
- convert 'unsigned int' definitions to 'size_t'
- revert remaining 'const unsigned int' definitions to 'unsigned int'

Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
Acked-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 1f35065a

security/keys/encrypted_defined.c

+27 −33
Original line number Diff line number Diff line
@@ -32,21 +32,20 @@ 


#include "encrypted_defined.h"



#define KEY_TRUSTED_PREFIX "trusted:"

#define KEY_TRUSTED_PREFIX_LEN (sizeof (KEY_TRUSTED_PREFIX) - 1)

#define KEY_USER_PREFIX "user:"

#define KEY_USER_PREFIX_LEN (sizeof (KEY_USER_PREFIX) - 1)



#define HASH_SIZE SHA256_DIGEST_SIZE

#define MAX_DATA_SIZE 4096

#define MIN_DATA_SIZE  20



static const char KEY_TRUSTED_PREFIX[] = "trusted:";

static const char KEY_USER_PREFIX[] = "user:";

static const char hash_alg[] = "sha256";

static const char hmac_alg[] = "hmac(sha256)";

static const char blkcipher_alg[] = "cbc(aes)";

static unsigned int ivsize;

static int blksize;



#define KEY_TRUSTED_PREFIX_LEN (sizeof (KEY_TRUSTED_PREFIX) - 1)

#define KEY_USER_PREFIX_LEN (sizeof (KEY_USER_PREFIX) - 1)

#define HASH_SIZE SHA256_DIGEST_SIZE

#define MAX_DATA_SIZE 4096

#define MIN_DATA_SIZE  20



struct sdesc {

	struct shash_desc shash;

	char ctx[];
@@ -217,8 +216,7 @@ static char *datablob_format(struct encrypted_key_payload *epayload, 
 * data, trusted key type data is not visible decrypted from userspace.

 */

static struct key *request_trusted_key(const char *trusted_desc,

				       u8 **master_key,

				       unsigned int *master_keylen)

				       u8 **master_key, size_t *master_keylen)

{

	struct trusted_key_payload *tpayload;

	struct key *tkey;
@@ -241,7 +239,7 @@ static struct key *request_trusted_key(const char *trusted_desc, 
 * Use a user provided key to encrypt/decrypt an encrypted-key.

 */

static struct key *request_user_key(const char *master_desc, u8 **master_key,

				    unsigned int *master_keylen)

				    size_t *master_keylen)

{

	struct user_key_payload *upayload;

	struct key *ukey;
@@ -258,7 +256,7 @@ static struct key *request_user_key(const char *master_desc, u8 **master_key, 
	return ukey;

}



static struct sdesc *init_sdesc(struct crypto_shash *alg)

static struct sdesc *alloc_sdesc(struct crypto_shash *alg)

{

	struct sdesc *sdesc;

	int size;
@@ -272,13 +270,13 @@ static struct sdesc *init_sdesc(struct crypto_shash *alg) 
	return sdesc;

}



static int calc_hmac(u8 *digest, const u8 *key, const unsigned int keylen,

		     const u8 *buf, const unsigned int buflen)

static int calc_hmac(u8 *digest, const u8 *key, unsigned int keylen,

		     const u8 *buf, unsigned int buflen)

{

	struct sdesc *sdesc;

	int ret;



	sdesc = init_sdesc(hmacalg);

	sdesc = alloc_sdesc(hmacalg);

	if (IS_ERR(sdesc)) {

		pr_info("encrypted_key: can't alloc %s\n", hmac_alg);

		return PTR_ERR(sdesc);
@@ -291,12 +289,12 @@ static int calc_hmac(u8 *digest, const u8 *key, const unsigned int keylen, 
	return ret;

}



static int calc_hash(u8 *digest, const u8 *buf, const unsigned int buflen)

static int calc_hash(u8 *digest, const u8 *buf, unsigned int buflen)

{

	struct sdesc *sdesc;

	int ret;



	sdesc = init_sdesc(hashalg);

	sdesc = alloc_sdesc(hashalg);

	if (IS_ERR(sdesc)) {

		pr_info("encrypted_key: can't alloc %s\n", hash_alg);

		return PTR_ERR(sdesc);
@@ -311,8 +309,7 @@ enum derived_key_type { ENC_KEY, AUTH_KEY }; 


/* Derive authentication/encryption key from trusted key */

static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,

			   const u8 *master_key,

			   const unsigned int master_keylen)

			   const u8 *master_key, size_t master_keylen)

{

	u8 *derived_buf;

	unsigned int derived_buf_len;
@@ -340,8 +337,8 @@ static int get_derived_key(u8 *derived_key, enum derived_key_type key_type, 
}



static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key,

			       const unsigned int key_len, const u8 *iv,

			       const unsigned int ivsize)

			       unsigned int key_len, const u8 *iv,

			       unsigned int ivsize)

{

	int ret;
@@ -364,8 +361,7 @@ static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key, 
}



static struct key *request_master_key(struct encrypted_key_payload *epayload,

				      u8 **master_key,

				      unsigned int *master_keylen)

				      u8 **master_key, size_t *master_keylen)

{

	struct key *mkey = NULL;
@@ -394,7 +390,7 @@ static struct key *request_master_key(struct encrypted_key_payload *epayload, 
/* Before returning data to userspace, encrypt decrypted data. */

static int derived_key_encrypt(struct encrypted_key_payload *epayload,

			       const u8 *derived_key,

			       const unsigned int derived_keylen)

			       unsigned int derived_keylen)

{

	struct scatterlist sg_in[2];

	struct scatterlist sg_out[1];
@@ -433,8 +429,7 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload, 
}



static int datablob_hmac_append(struct encrypted_key_payload *epayload,

				const u8 *master_key,

				const unsigned int master_keylen)

				const u8 *master_key, size_t master_keylen)

{

	u8 derived_key[HASH_SIZE];

	u8 *digest;
@@ -455,8 +450,7 @@ static int datablob_hmac_append(struct encrypted_key_payload *epayload, 


/* verify HMAC before decrypting encrypted key */

static int datablob_hmac_verify(struct encrypted_key_payload *epayload,

				const u8 *master_key,

				const unsigned int master_keylen)

				const u8 *master_key, size_t master_keylen)

{

	u8 derived_key[HASH_SIZE];

	u8 digest[HASH_SIZE];
@@ -485,7 +479,7 @@ static int datablob_hmac_verify(struct encrypted_key_payload *epayload, 


static int derived_key_decrypt(struct encrypted_key_payload *epayload,

			       const u8 *derived_key,

			       const unsigned int derived_keylen)

			       unsigned int derived_keylen)

{

	struct scatterlist sg_in[1];

	struct scatterlist sg_out[2];
@@ -506,7 +500,7 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload, 
	sg_init_table(sg_out, 2);

	sg_set_buf(sg_in, epayload->encrypted_data, encrypted_datalen);

	sg_set_buf(&sg_out[0], epayload->decrypted_data,

		   (unsigned int)epayload->decrypted_datalen);

		   epayload->decrypted_datalen);

	sg_set_buf(&sg_out[1], pad, sizeof pad);



	ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, encrypted_datalen);
@@ -563,8 +557,8 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload, 
	u8 *master_key;

	u8 *hmac;

	const char *hex_encoded_data;

	unsigned int master_keylen;

	unsigned int encrypted_datalen;

	size_t master_keylen;

	size_t asciilen;

	int ret;
@@ -765,7 +759,7 @@ static long encrypted_read(const struct key *key, char __user *buffer, 
	struct encrypted_key_payload *epayload;

	struct key *mkey;

	u8 *master_key;

	unsigned int master_keylen;

	size_t master_keylen;

	char derived_key[HASH_SIZE];

	char *ascii_buf;

	size_t asciiblob_len;

security/keys/encrypted_defined.h

+2 −4
Original line number Diff line number Diff line
@@ -4,8 +4,7 @@ 
#define ENCRYPTED_DEBUG 0



#if ENCRYPTED_DEBUG

static inline void dump_master_key(const u8 *master_key,

				   unsigned int master_keylen)

static inline void dump_master_key(const u8 *master_key, size_t master_keylen)

{

	print_hex_dump(KERN_ERR, "master key: ", DUMP_PREFIX_NONE, 32, 1,

		       master_key, master_keylen, 0);
@@ -34,8 +33,7 @@ static inline void dump_hmac(const char *str, const u8 *digest, 
		       hmac_size, 0);

}

#else

static inline void dump_master_key(const u8 *master_key,

				   unsigned int master_keylen)

static inline void dump_master_key(const u8 *master_key, size_t master_keylen)

{

}