security/keys/encrypted-keys/encrypted.c
Source file repositories/reference/linux-study-clean/security/keys/encrypted-keys/encrypted.c
File Facts
- System
- Linux kernel
- Corpus path
security/keys/encrypted-keys/encrypted.c- Extension
.c- Size
- 26909 bytes
- Lines
- 1003
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: exported/initcall integration point
- Status
- integration implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Exports symbols or registers init work; inspect boot/module ordering and who consumes the exported contract.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/uaccess.hlinux/module.hlinux/hex.hlinux/init.hlinux/slab.hlinux/parser.hlinux/string.hlinux/err.hkeys/user-type.hkeys/trusted-type.hkeys/encrypted-type.hlinux/key-type.hlinux/random.hlinux/rcupdate.hlinux/scatterlist.hlinux/ctype.hcrypto/aes.hcrypto/sha2.hcrypto/skcipher.hcrypto/utils.hencrypted.hecryptfs_format.h
Detected Declarations
enum derived_key_typefunction aes_get_sizesfunction valid_ecryptfs_descfunction valid_master_descfunction datablob_parsefunction get_derived_keyfunction derived_key_encryptfunction datablob_hmac_appendfunction datablob_hmac_verifyfunction derived_key_decryptfunction encrypted_key_decryptfunction __ekey_initfunction encrypted_initfunction encrypted_instantiatefunction encrypted_rcu_freefunction encrypted_updatefunction encrypted_readfunction encrypted_destroyfunction init_encryptedfunction cleanup_encryptedexport key_type_encrypted
Annotated Snippet
if (!isxdigit(ecryptfs_desc[i])) {
pr_err("encrypted_key: key description must contain "
"only hexadecimal characters\n");
return -EINVAL;
}
}
return 0;
}
/*
* valid_master_desc - verify the 'key-type:desc' of a new/updated master-key
*
* key-type:= "trusted:" | "user:"
* desc:= master-key description
*
* Verify that 'key-type' is valid and that 'desc' exists. On key update,
* only the master key description is permitted to change, not the key-type.
* The key-type remains constant.
*
* On success returns 0, otherwise -EINVAL.
*/
static int valid_master_desc(const char *new_desc, const char *orig_desc)
{
int prefix_len;
if (!strncmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN))
prefix_len = KEY_TRUSTED_PREFIX_LEN;
else if (!strncmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN))
prefix_len = KEY_USER_PREFIX_LEN;
else
return -EINVAL;
if (!new_desc[prefix_len])
return -EINVAL;
if (orig_desc && strncmp(new_desc, orig_desc, prefix_len))
return -EINVAL;
return 0;
}
/*
* datablob_parse - parse the keyctl data
*
* datablob format:
* new [<format>] <master-key name> <decrypted data length> [<decrypted data>]
* load [<format>] <master-key name> <decrypted data length>
* <encrypted iv + data>
* update <new-master-key name>
*
* Tokenizes a copy of the keyctl data, returning a pointer to each token,
* which is null terminated.
*
* On success returns 0, otherwise -EINVAL.
*/
static int datablob_parse(char *datablob, const char **format,
char **master_desc, char **decrypted_datalen,
char **hex_encoded_iv, char **decrypted_data)
{
substring_t args[MAX_OPT_ARGS];
int ret = -EINVAL;
int key_cmd;
int key_format;
char *p, *keyword;
keyword = strsep(&datablob, " \t");
if (!keyword) {
pr_info("encrypted_key: insufficient parameters specified\n");
return ret;
}
key_cmd = match_token(keyword, key_tokens, args);
/* Get optional format: default | ecryptfs */
p = strsep(&datablob, " \t");
if (!p) {
pr_err("encrypted_key: insufficient parameters specified\n");
return ret;
}
key_format = match_token(p, key_format_tokens, args);
switch (key_format) {
case Opt_ecryptfs:
case Opt_enc32:
case Opt_default:
*format = p;
*master_desc = strsep(&datablob, " \t");
break;
case Opt_error:
*master_desc = p;
Annotation
- Immediate include surface: `linux/uaccess.h`, `linux/module.h`, `linux/hex.h`, `linux/init.h`, `linux/slab.h`, `linux/parser.h`, `linux/string.h`, `linux/err.h`.
- Detected declarations: `enum derived_key_type`, `function aes_get_sizes`, `function valid_ecryptfs_desc`, `function valid_master_desc`, `function datablob_parse`, `function get_derived_key`, `function derived_key_encrypt`, `function datablob_hmac_append`, `function datablob_hmac_verify`, `function derived_key_decrypt`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: integration implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.