41 static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret)  in wipe_master_key_secret()  argument
43 	fscrypt_destroy_hkdf(&secret->hkdf);  in wipe_master_key_secret()
44 	memzero_explicit(secret, sizeof(*secret));  in wipe_master_key_secret()
59 	 * The master key secret and any embedded subkeys should have already  in fscrypt_free_master_key()
410  * Allocate a new fscrypt_master_key, transfer the given secret over to it, and
414 			      struct fscrypt_master_key_secret *secret,  in add_new_master_key()  argument
441 	move_master_key_secret(&mk->mk_secret, secret);  in add_new_master_key()
458 				   struct fscrypt_master_key_secret *secret)  in add_existing_master_key()  argument
481 	/* Re-add the secret if needed. */  in add_existing_master_key()
485 		move_master_key_secret(&mk->mk_secret, secret);  in add_existing_master_key()
492 			     struct fscrypt_master_key_secret *secret,  in do_add_master_key()  argument
506 			err = add_new_master_key(sb, secret, mk_spec);  in do_add_master_key()
509 		 * Found the key in ->s_master_keys.  Re-add the secret if  in do_add_master_key()
513 		err = add_existing_master_key(mk, secret);  in do_add_master_key()
522 			err = add_new_master_key(sb, secret, mk_spec);  in do_add_master_key()
531 			  struct fscrypt_master_key_secret *secret,  in add_master_key()  argument
537 		err = fscrypt_init_hkdf(&secret->hkdf, secret->raw,  in add_master_key()
538 					secret->size);  in add_master_key()
546 		memzero_explicit(secret->raw, secret->size);  in add_master_key()
549 		err = fscrypt_hkdf_expand(&secret->hkdf,  in add_master_key()
556 	return do_add_master_key(sb, secret, key_spec);  in add_master_key()
616  * store it into 'secret'.
630 			   struct fscrypt_master_key_secret *secret)  in get_keyring_key()  argument
650 	secret->size = key->datalen - sizeof(*payload);  in get_keyring_key()
651 	memcpy(secret->raw, payload->raw, secret->size);  in get_keyring_key()
691 	struct fscrypt_master_key_secret secret;  in fscrypt_ioctl_add_key()  local
712 	memset(&secret, 0, sizeof(secret));  in fscrypt_ioctl_add_key()
716 		err = get_keyring_key(arg.key_id, arg.key_spec.type, &secret);  in fscrypt_ioctl_add_key()
723 		secret.size = arg.raw_size;  in fscrypt_ioctl_add_key()
725 		if (copy_from_user(secret.raw, uarg->raw, secret.size))  in fscrypt_ioctl_add_key()
729 	err = add_master_key(sb, &secret, &arg.key_spec);  in fscrypt_ioctl_add_key()
741 	wipe_master_key_secret(&secret);  in fscrypt_ioctl_add_key()
747 fscrypt_get_test_dummy_secret(struct fscrypt_master_key_secret *secret)  in fscrypt_get_test_dummy_secret()  argument
753 	memset(secret, 0, sizeof(*secret));  in fscrypt_get_test_dummy_secret()
754 	secret->size = FSCRYPT_MAX_KEY_SIZE;  in fscrypt_get_test_dummy_secret()
755 	memcpy(secret->raw, test_key, FSCRYPT_MAX_KEY_SIZE);  in fscrypt_get_test_dummy_secret()
761 	struct fscrypt_master_key_secret secret;  in fscrypt_get_test_dummy_key_identifier()  local
764 	fscrypt_get_test_dummy_secret(&secret);  in fscrypt_get_test_dummy_key_identifier()
766 	err = fscrypt_init_hkdf(&secret.hkdf, secret.raw, secret.size);  in fscrypt_get_test_dummy_key_identifier()
769 	err = fscrypt_hkdf_expand(&secret.hkdf, HKDF_CONTEXT_KEY_IDENTIFIER,  in fscrypt_get_test_dummy_key_identifier()
773 	wipe_master_key_secret(&secret);  in fscrypt_get_test_dummy_key_identifier()
792 	struct fscrypt_master_key_secret secret;  in fscrypt_add_test_dummy_key()  local
795 	fscrypt_get_test_dummy_secret(&secret);  in fscrypt_add_test_dummy_key()
796 	err = add_master_key(sb, &secret, key_spec);  in fscrypt_add_test_dummy_key()
797 	wipe_master_key_secret(&secret);  in fscrypt_add_test_dummy_key()
986  * To "remove the key itself", first we wipe the actual master key secret, so
992  * state (without the actual secret key) where it tracks the list of remaining
994  * alternatively can re-add the secret key again.
1056 	/* No user claims remaining.  Go ahead and wipe the secret. */  in do_remove_key()
1077 	 * key, wiped the secret, or tried locking the files again.  Users need  in do_remove_key()
1107  * secret has been removed, but some files which had been unlocked with it are
1117  * secret key is shared by multiple users, applications may wish to add an