| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251113123544.11287-2-thorsten.blum@linux.dev>
Date: Thu, 13 Nov 2025 13:35:44 +0100
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Mimi Zohar <zohar@...ux.ibm.com>,
David Howells <dhowells@...hat.com>,
Jarkko Sakkinen <jarkko@...nel.org>,
Paul Moore <paul@...l-moore.com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>
Cc: Thorsten Blum <thorsten.blum@...ux.dev>,
linux-integrity@...r.kernel.org,
keyrings@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] KEYS: encrypted: Use pr_fmt()
Use pr_fmt() to automatically prefix all pr_<level>() log messages with
"encrypted_key: " and remove all manually added prefixes.
Reformat the code accordingly and avoid line breaks in log messages.
Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
---
security/keys/encrypted-keys/encrypted.c | 74 +++++++++++-------------
security/keys/encrypted-keys/encrypted.h | 2 +-
2 files changed, 35 insertions(+), 41 deletions(-)
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 513c09e2b01c..a8e8bf949b4b 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -11,6 +11,8 @@
* See Documentation/security/keys/trusted-encrypted.rst
*/
+#define pr_fmt(fmt) "encrypted_key: " fmt
+
#include <linux/uaccess.h>
#include <linux/module.h>
#include <linux/init.h>
@@ -84,8 +86,7 @@ static int aes_get_sizes(void)
tfm = crypto_alloc_skcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm)) {
- pr_err("encrypted_key: failed to alloc_cipher (%ld)\n",
- PTR_ERR(tfm));
+ pr_err("failed to alloc_cipher (%ld)\n", PTR_ERR(tfm));
return PTR_ERR(tfm);
}
ivsize = crypto_skcipher_ivsize(tfm);
@@ -106,15 +107,14 @@ static int valid_ecryptfs_desc(const char *ecryptfs_desc)
int i;
if (strlen(ecryptfs_desc) != KEY_ECRYPTFS_DESC_LEN) {
- pr_err("encrypted_key: key description must be %d hexadecimal "
- "characters long\n", KEY_ECRYPTFS_DESC_LEN);
+ pr_err("key description must be %d hexadecimal characters long\n",
+ KEY_ECRYPTFS_DESC_LEN);
return -EINVAL;
}
for (i = 0; i < KEY_ECRYPTFS_DESC_LEN; i++) {
if (!isxdigit(ecryptfs_desc[i])) {
- pr_err("encrypted_key: key description must contain "
- "only hexadecimal characters\n");
+ pr_err("key description must contain only hexadecimal characters\n");
return -EINVAL;
}
}
@@ -180,7 +180,7 @@ static int datablob_parse(char *datablob, const char **format,
keyword = strsep(&datablob, " \t");
if (!keyword) {
- pr_info("encrypted_key: insufficient parameters specified\n");
+ pr_info("insufficient parameters specified\n");
return ret;
}
key_cmd = match_token(keyword, key_tokens, args);
@@ -188,7 +188,7 @@ static int datablob_parse(char *datablob, const char **format,
/* Get optional format: default | ecryptfs */
p = strsep(&datablob, " \t");
if (!p) {
- pr_err("encrypted_key: insufficient parameters specified\n");
+ pr_err("insufficient parameters specified\n");
return ret;
}
@@ -206,20 +206,20 @@ static int datablob_parse(char *datablob, const char **format,
}
if (!*master_desc) {
- pr_info("encrypted_key: master key parameter is missing\n");
+ pr_info("master key parameter is missing\n");
goto out;
}
if (valid_master_desc(*master_desc, NULL) < 0) {
- pr_info("encrypted_key: master key parameter \'%s\' "
- "is invalid\n", *master_desc);
+ pr_info("master key parameter \'%s\' is invalid\n",
+ *master_desc);
goto out;
}
if (decrypted_datalen) {
*decrypted_datalen = strsep(&datablob, " \t");
if (!*decrypted_datalen) {
- pr_info("encrypted_key: keylen parameter is missing\n");
+ pr_info("keylen parameter is missing\n");
goto out;
}
}
@@ -227,8 +227,8 @@ static int datablob_parse(char *datablob, const char **format,
switch (key_cmd) {
case Opt_new:
if (!decrypted_datalen) {
- pr_info("encrypted_key: keyword \'%s\' not allowed "
- "when called from .update method\n", keyword);
+ pr_info("keyword \'%s\' not allowed when called from .update method\n",
+ keyword);
break;
}
*decrypted_data = strsep(&datablob, " \t");
@@ -236,29 +236,27 @@ static int datablob_parse(char *datablob, const char **format,
break;
case Opt_load:
if (!decrypted_datalen) {
- pr_info("encrypted_key: keyword \'%s\' not allowed "
- "when called from .update method\n", keyword);
+ pr_info("keyword \'%s\' not allowed when called from .update method\n",
+ keyword);
break;
}
*hex_encoded_iv = strsep(&datablob, " \t");
if (!*hex_encoded_iv) {
- pr_info("encrypted_key: hex blob is missing\n");
+ pr_info("hex blob is missing\n");
break;
}
ret = 0;
break;
case Opt_update:
if (decrypted_datalen) {
- pr_info("encrypted_key: keyword \'%s\' not allowed "
- "when called from .instantiate method\n",
+ pr_info("keyword \'%s\' not allowed when called from .instantiate method\n",
keyword);
break;
}
ret = 0;
break;
case Opt_err:
- pr_info("encrypted_key: keyword \'%s\' not recognized\n",
- keyword);
+ pr_info("keyword \'%s\' not recognized\n", keyword);
break;
}
out:
@@ -362,22 +360,21 @@ static struct skcipher_request *init_skcipher_req(const u8 *key,
tfm = crypto_alloc_skcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm)) {
- pr_err("encrypted_key: failed to load %s transform (%ld)\n",
- blkcipher_alg, PTR_ERR(tfm));
+ pr_err("failed to load %s transform (%ld)\n", blkcipher_alg,
+ PTR_ERR(tfm));
return ERR_CAST(tfm);
}
ret = crypto_skcipher_setkey(tfm, key, key_len);
if (ret < 0) {
- pr_err("encrypted_key: failed to setkey (%d)\n", ret);
+ pr_err("failed to setkey (%d)\n", ret);
crypto_free_skcipher(tfm);
return ERR_PTR(ret);
}
req = skcipher_request_alloc(tfm, GFP_KERNEL);
if (!req) {
- pr_err("encrypted_key: failed to allocate request for %s\n",
- blkcipher_alg);
+ pr_err("failed to allocate request for %s\n", blkcipher_alg);
crypto_free_skcipher(tfm);
return ERR_PTR(-ENOMEM);
}
@@ -406,13 +403,10 @@ static struct key *request_master_key(struct encrypted_key_payload *epayload,
if (IS_ERR(mkey)) {
int ret = PTR_ERR(mkey);
-
if (ret == -ENOTSUPP)
- pr_info("encrypted_key: key %s not supported",
- epayload->master_desc);
+ pr_info("key %s not supported", epayload->master_desc);
else
- pr_info("encrypted_key: key %s not found",
- epayload->master_desc);
+ pr_info("key %s not found", epayload->master_desc);
goto out;
}
@@ -457,7 +451,7 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
skcipher_request_free(req);
crypto_free_skcipher(tfm);
if (ret < 0)
- pr_err("encrypted_key: failed to encrypt (%d)\n", ret);
+ pr_err("failed to encrypt (%d)\n", ret);
else
dump_encrypted_data(epayload, encrypted_datalen);
out:
@@ -596,16 +590,16 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key,
if (decrypted_data) {
if (!user_decrypted_data) {
- pr_err("encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false\n");
+ pr_err("instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false\n");
return ERR_PTR(-EINVAL);
}
if (strlen(decrypted_data) != decrypted_datalen * 2) {
- pr_err("encrypted key: decrypted data provided does not match decrypted data length provided\n");
+ pr_err("decrypted data provided does not match decrypted data length provided\n");
return ERR_PTR(-EINVAL);
}
for (i = 0; i < strlen(decrypted_data); i++) {
if (!isxdigit(decrypted_data[i])) {
- pr_err("encrypted key: decrypted data provided must contain only hexadecimal characters\n");
+ pr_err("decrypted data provided must contain only hexadecimal characters\n");
return ERR_PTR(-EINVAL);
}
}
@@ -614,7 +608,7 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key,
if (format) {
if (!strcmp(format, key_format_ecryptfs)) {
if (dlen != ECRYPTFS_MAX_KEY_BYTES) {
- pr_err("encrypted_key: keylen for the ecryptfs format must be equal to %d bytes\n",
+ pr_err("keylen for the ecryptfs format must be equal to %d bytes\n",
ECRYPTFS_MAX_KEY_BYTES);
return ERR_PTR(-EINVAL);
}
@@ -622,8 +616,8 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key,
payload_datalen = sizeof(struct ecryptfs_auth_tok);
} else if (!strcmp(format, key_format_enc32)) {
if (decrypted_datalen != KEY_ENC32_PAYLOAD_LEN) {
- pr_err("encrypted_key: enc32 key payload incorrect length: %d\n",
- decrypted_datalen);
+ pr_err("enc32 key payload incorrect length: %d\n",
+ decrypted_datalen);
return ERR_PTR(-EINVAL);
}
}
@@ -689,7 +683,7 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,
ret = datablob_hmac_verify(epayload, format, master_key, master_keylen);
if (ret < 0) {
- pr_err("encrypted_key: bad hmac (%d)\n", ret);
+ pr_err("bad hmac (%d)\n", ret);
goto out;
}
@@ -699,7 +693,7 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,
ret = derived_key_decrypt(epayload, derived_key, sizeof derived_key);
if (ret < 0)
- pr_err("encrypted_key: failed to decrypt key (%d)\n", ret);
+ pr_err("failed to decrypt key (%d)\n", ret);
out:
up_read(&mkey->sem);
key_put(mkey);
diff --git a/security/keys/encrypted-keys/encrypted.h b/security/keys/encrypted-keys/encrypted.h
index 1809995db452..7b05c66bafa6 100644
--- a/security/keys/encrypted-keys/encrypted.h
+++ b/security/keys/encrypted-keys/encrypted.h
@@ -41,7 +41,7 @@ static inline void dump_hmac(const char *str, const u8 *digest,
unsigned int hmac_size)
{
if (str)
- pr_info("encrypted_key: %s", str);
+ pr_info("%s", str);
print_hex_dump(KERN_ERR, "hmac: ", DUMP_PREFIX_NONE, 32, 1, digest,
hmac_size, 0);
}
--
2.51.1
Powered by blists - more mailing lists