41 static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret)  in wipe_master_key_secret()  argument
43 	fscrypt_destroy_hkdf(&secret->hkdf);  in wipe_master_key_secret()
44 	memzero_explicit(secret, sizeof(*secret));  in wipe_master_key_secret()
59 	 * The master key secret and any embedded subkeys should have already  in fscrypt_free_master_key()
409  * Allocate a new fscrypt_master_key, transfer the given secret over to it, and
413 			      struct fscrypt_master_key_secret *secret,  in add_new_master_key()  argument
441 	move_master_key_secret(&mk->mk_secret, secret);  in add_new_master_key()
458 				   struct fscrypt_master_key_secret *secret)  in add_existing_master_key()  argument
481 	/* Re-add the secret if needed. */  in add_existing_master_key()
485 		move_master_key_secret(&mk->mk_secret, secret);  in add_existing_master_key()
492 			     struct fscrypt_master_key_secret *secret,  in do_add_master_key()  argument
506 			err = add_new_master_key(sb, secret, mk_spec);  in do_add_master_key()
509 		 * Found the key in ->s_master_keys.  Re-add the secret if  in do_add_master_key()
513 		err = add_existing_master_key(mk, secret);  in do_add_master_key()
522 			err = add_new_master_key(sb, secret, mk_spec);  in do_add_master_key()
530 /* Size of software "secret" derived from hardware-wrapped key */
534 			  struct fscrypt_master_key_secret *secret,  in add_master_key()  argument
541 		u8 *kdf_key = secret->raw;  in add_master_key()
542 		unsigned int kdf_key_size = secret->size;  in add_master_key()
544 		if (secret->is_hw_wrapped) {  in add_master_key()
547 			err = fscrypt_derive_raw_secret(sb, secret->raw,  in add_master_key()
548 							secret->size,  in add_master_key()
553 		err = fscrypt_init_hkdf(&secret->hkdf, kdf_key, kdf_key_size);  in add_master_key()
563 		err = fscrypt_hkdf_expand(&secret->hkdf,  in add_master_key()
570 	return do_add_master_key(sb, secret, key_spec);  in add_master_key()
632  * store it into 'secret'.
646 			   struct fscrypt_master_key_secret *secret)  in get_keyring_key()  argument
666 	secret->size = key->datalen - sizeof(*payload);  in get_keyring_key()
667 	memcpy(secret->raw, payload->raw, secret->size);  in get_keyring_key()
707 	struct fscrypt_master_key_secret secret;  in fscrypt_ioctl_add_key()  local
728 	memset(&secret, 0, sizeof(secret));  in fscrypt_ioctl_add_key()
735 		secret.is_hw_wrapped = true;  in fscrypt_ioctl_add_key()
741 		err = get_keyring_key(arg.key_id, arg.key_spec.type, &secret);  in fscrypt_ioctl_add_key()
745 		if (secret.size > FSCRYPT_MAX_KEY_SIZE && !secret.is_hw_wrapped)  in fscrypt_ioctl_add_key()
749 		    arg.raw_size > (secret.is_hw_wrapped ?  in fscrypt_ioctl_add_key()
753 		secret.size = arg.raw_size;  in fscrypt_ioctl_add_key()
755 		if (copy_from_user(secret.raw, uarg->raw, secret.size))  in fscrypt_ioctl_add_key()
759 	err = add_master_key(sb, &secret, &arg.key_spec);  in fscrypt_ioctl_add_key()
771 	wipe_master_key_secret(&secret);  in fscrypt_ioctl_add_key()
785 	struct fscrypt_master_key_secret secret;  in fscrypt_add_test_dummy_key()  local
790 	memset(&secret, 0, sizeof(secret));  in fscrypt_add_test_dummy_key()
791 	secret.size = FSCRYPT_MAX_KEY_SIZE;  in fscrypt_add_test_dummy_key()
792 	memcpy(secret.raw, test_key, FSCRYPT_MAX_KEY_SIZE);  in fscrypt_add_test_dummy_key()
794 	err = add_master_key(sb, &secret, key_spec);  in fscrypt_add_test_dummy_key()
795 	wipe_master_key_secret(&secret);  in fscrypt_add_test_dummy_key()
984  * To "remove the key itself", first we wipe the actual master key secret, so
990  * state (without the actual secret key) where it tracks the list of remaining
992  * alternatively can re-add the secret key again.
1054 	/* No user claims remaining.  Go ahead and wipe the secret. */  in do_remove_key()
1075 	 * key, wiped the secret, or tried locking the files again.  Users need  in do_remove_key()
1105  * secret has been removed, but some files which had been unlocked with it are
1115  * secret key is shared by multiple users, applications may wish to add an