encrypted-keys: style and other cleanup

Cleanup based on David Howells suggestions:
- use static const char arrays instead of #define
- rename init_sdesc to alloc_sdesc
- convert 'unsigned int' definitions to 'size_t'
- revert remaining 'const unsigned int' definitions to 'unsigned int'

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Mimi Zohar 2010-12-13 16:53:13 -05:00 committed by James Morris
parent 1f35065a9e
commit 3b1826cebe
2 changed files with 29 additions and 37 deletions

View File

@ -32,21 +32,20 @@
#include "encrypted_defined.h" #include "encrypted_defined.h"
#define KEY_TRUSTED_PREFIX "trusted:" static const char KEY_TRUSTED_PREFIX[] = "trusted:";
#define KEY_TRUSTED_PREFIX_LEN (sizeof (KEY_TRUSTED_PREFIX) - 1) static const char KEY_USER_PREFIX[] = "user:";
#define KEY_USER_PREFIX "user:"
#define KEY_USER_PREFIX_LEN (sizeof (KEY_USER_PREFIX) - 1)
#define HASH_SIZE SHA256_DIGEST_SIZE
#define MAX_DATA_SIZE 4096
#define MIN_DATA_SIZE 20
static const char hash_alg[] = "sha256"; static const char hash_alg[] = "sha256";
static const char hmac_alg[] = "hmac(sha256)"; static const char hmac_alg[] = "hmac(sha256)";
static const char blkcipher_alg[] = "cbc(aes)"; static const char blkcipher_alg[] = "cbc(aes)";
static unsigned int ivsize; static unsigned int ivsize;
static int blksize; static int blksize;
#define KEY_TRUSTED_PREFIX_LEN (sizeof (KEY_TRUSTED_PREFIX) - 1)
#define KEY_USER_PREFIX_LEN (sizeof (KEY_USER_PREFIX) - 1)
#define HASH_SIZE SHA256_DIGEST_SIZE
#define MAX_DATA_SIZE 4096
#define MIN_DATA_SIZE 20
struct sdesc { struct sdesc {
struct shash_desc shash; struct shash_desc shash;
char ctx[]; char ctx[];
@ -217,8 +216,7 @@ out:
* data, trusted key type data is not visible decrypted from userspace. * data, trusted key type data is not visible decrypted from userspace.
*/ */
static struct key *request_trusted_key(const char *trusted_desc, static struct key *request_trusted_key(const char *trusted_desc,
u8 **master_key, u8 **master_key, size_t *master_keylen)
unsigned int *master_keylen)
{ {
struct trusted_key_payload *tpayload; struct trusted_key_payload *tpayload;
struct key *tkey; struct key *tkey;
@ -241,7 +239,7 @@ error:
* Use a user provided key to encrypt/decrypt an encrypted-key. * Use a user provided key to encrypt/decrypt an encrypted-key.
*/ */
static struct key *request_user_key(const char *master_desc, u8 **master_key, static struct key *request_user_key(const char *master_desc, u8 **master_key,
unsigned int *master_keylen) size_t *master_keylen)
{ {
struct user_key_payload *upayload; struct user_key_payload *upayload;
struct key *ukey; struct key *ukey;
@ -258,7 +256,7 @@ error:
return ukey; return ukey;
} }
static struct sdesc *init_sdesc(struct crypto_shash *alg) static struct sdesc *alloc_sdesc(struct crypto_shash *alg)
{ {
struct sdesc *sdesc; struct sdesc *sdesc;
int size; int size;
@ -272,13 +270,13 @@ static struct sdesc *init_sdesc(struct crypto_shash *alg)
return sdesc; return sdesc;
} }
static int calc_hmac(u8 *digest, const u8 *key, const unsigned int keylen, static int calc_hmac(u8 *digest, const u8 *key, unsigned int keylen,
const u8 *buf, const unsigned int buflen) const u8 *buf, unsigned int buflen)
{ {
struct sdesc *sdesc; struct sdesc *sdesc;
int ret; int ret;
sdesc = init_sdesc(hmacalg); sdesc = alloc_sdesc(hmacalg);
if (IS_ERR(sdesc)) { if (IS_ERR(sdesc)) {
pr_info("encrypted_key: can't alloc %s\n", hmac_alg); pr_info("encrypted_key: can't alloc %s\n", hmac_alg);
return PTR_ERR(sdesc); return PTR_ERR(sdesc);
@ -291,12 +289,12 @@ static int calc_hmac(u8 *digest, const u8 *key, const unsigned int keylen,
return ret; return ret;
} }
static int calc_hash(u8 *digest, const u8 *buf, const unsigned int buflen) static int calc_hash(u8 *digest, const u8 *buf, unsigned int buflen)
{ {
struct sdesc *sdesc; struct sdesc *sdesc;
int ret; int ret;
sdesc = init_sdesc(hashalg); sdesc = alloc_sdesc(hashalg);
if (IS_ERR(sdesc)) { if (IS_ERR(sdesc)) {
pr_info("encrypted_key: can't alloc %s\n", hash_alg); pr_info("encrypted_key: can't alloc %s\n", hash_alg);
return PTR_ERR(sdesc); return PTR_ERR(sdesc);
@ -311,8 +309,7 @@ enum derived_key_type { ENC_KEY, AUTH_KEY };
/* Derive authentication/encryption key from trusted key */ /* Derive authentication/encryption key from trusted key */
static int get_derived_key(u8 *derived_key, enum derived_key_type key_type, static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,
const u8 *master_key, const u8 *master_key, size_t master_keylen)
const unsigned int master_keylen)
{ {
u8 *derived_buf; u8 *derived_buf;
unsigned int derived_buf_len; unsigned int derived_buf_len;
@ -340,8 +337,8 @@ static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,
} }
static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key, static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key,
const unsigned int key_len, const u8 *iv, unsigned int key_len, const u8 *iv,
const unsigned int ivsize) unsigned int ivsize)
{ {
int ret; int ret;
@ -364,8 +361,7 @@ static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key,
} }
static struct key *request_master_key(struct encrypted_key_payload *epayload, static struct key *request_master_key(struct encrypted_key_payload *epayload,
u8 **master_key, u8 **master_key, size_t *master_keylen)
unsigned int *master_keylen)
{ {
struct key *mkey = NULL; struct key *mkey = NULL;
@ -394,7 +390,7 @@ out:
/* Before returning data to userspace, encrypt decrypted data. */ /* Before returning data to userspace, encrypt decrypted data. */
static int derived_key_encrypt(struct encrypted_key_payload *epayload, static int derived_key_encrypt(struct encrypted_key_payload *epayload,
const u8 *derived_key, const u8 *derived_key,
const unsigned int derived_keylen) unsigned int derived_keylen)
{ {
struct scatterlist sg_in[2]; struct scatterlist sg_in[2];
struct scatterlist sg_out[1]; struct scatterlist sg_out[1];
@ -433,8 +429,7 @@ out:
} }
static int datablob_hmac_append(struct encrypted_key_payload *epayload, static int datablob_hmac_append(struct encrypted_key_payload *epayload,
const u8 *master_key, const u8 *master_key, size_t master_keylen)
const unsigned int master_keylen)
{ {
u8 derived_key[HASH_SIZE]; u8 derived_key[HASH_SIZE];
u8 *digest; u8 *digest;
@ -455,8 +450,7 @@ out:
/* verify HMAC before decrypting encrypted key */ /* verify HMAC before decrypting encrypted key */
static int datablob_hmac_verify(struct encrypted_key_payload *epayload, static int datablob_hmac_verify(struct encrypted_key_payload *epayload,
const u8 *master_key, const u8 *master_key, size_t master_keylen)
const unsigned int master_keylen)
{ {
u8 derived_key[HASH_SIZE]; u8 derived_key[HASH_SIZE];
u8 digest[HASH_SIZE]; u8 digest[HASH_SIZE];
@ -485,7 +479,7 @@ out:
static int derived_key_decrypt(struct encrypted_key_payload *epayload, static int derived_key_decrypt(struct encrypted_key_payload *epayload,
const u8 *derived_key, const u8 *derived_key,
const unsigned int derived_keylen) unsigned int derived_keylen)
{ {
struct scatterlist sg_in[1]; struct scatterlist sg_in[1];
struct scatterlist sg_out[2]; struct scatterlist sg_out[2];
@ -506,7 +500,7 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload,
sg_init_table(sg_out, 2); sg_init_table(sg_out, 2);
sg_set_buf(sg_in, epayload->encrypted_data, encrypted_datalen); sg_set_buf(sg_in, epayload->encrypted_data, encrypted_datalen);
sg_set_buf(&sg_out[0], epayload->decrypted_data, sg_set_buf(&sg_out[0], epayload->decrypted_data,
(unsigned int)epayload->decrypted_datalen); epayload->decrypted_datalen);
sg_set_buf(&sg_out[1], pad, sizeof pad); sg_set_buf(&sg_out[1], pad, sizeof pad);
ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, encrypted_datalen); ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, encrypted_datalen);
@ -563,8 +557,8 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,
u8 *master_key; u8 *master_key;
u8 *hmac; u8 *hmac;
const char *hex_encoded_data; const char *hex_encoded_data;
unsigned int master_keylen;
unsigned int encrypted_datalen; unsigned int encrypted_datalen;
size_t master_keylen;
size_t asciilen; size_t asciilen;
int ret; int ret;
@ -765,7 +759,7 @@ static long encrypted_read(const struct key *key, char __user *buffer,
struct encrypted_key_payload *epayload; struct encrypted_key_payload *epayload;
struct key *mkey; struct key *mkey;
u8 *master_key; u8 *master_key;
unsigned int master_keylen; size_t master_keylen;
char derived_key[HASH_SIZE]; char derived_key[HASH_SIZE];
char *ascii_buf; char *ascii_buf;
size_t asciiblob_len; size_t asciiblob_len;

View File

@ -4,8 +4,7 @@
#define ENCRYPTED_DEBUG 0 #define ENCRYPTED_DEBUG 0
#if ENCRYPTED_DEBUG #if ENCRYPTED_DEBUG
static inline void dump_master_key(const u8 *master_key, static inline void dump_master_key(const u8 *master_key, size_t master_keylen)
unsigned int master_keylen)
{ {
print_hex_dump(KERN_ERR, "master key: ", DUMP_PREFIX_NONE, 32, 1, print_hex_dump(KERN_ERR, "master key: ", DUMP_PREFIX_NONE, 32, 1,
master_key, master_keylen, 0); master_key, master_keylen, 0);
@ -34,8 +33,7 @@ static inline void dump_hmac(const char *str, const u8 *digest,
hmac_size, 0); hmac_size, 0);
} }
#else #else
static inline void dump_master_key(const u8 *master_key, static inline void dump_master_key(const u8 *master_key, size_t master_keylen)
unsigned int master_keylen)
{ {
} }