encrypted-keys/ecryptfs_format.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * ecryptfs_format.c: helper functions for the encrypted key type
   4  *
   5  * Copyright (C) 2006 International Business Machines Corp.
   6  * Copyright (C) 2010 Politecnico di Torino, Italy
   7  *                    TORSEC group -- https://security.polito.it
   8  *
   9  * Authors:
  10  * Michael A. Halcrow <mahalcro@us.ibm.com>
  11  * Tyler Hicks <tyhicks@ou.edu>
  12  * Roberto Sassu <roberto.sassu@polito.it>
  13  */
  14
  15 #include <linux/export.h>
  16 #include <linux/string.h>
  17 #include "ecryptfs_format.h"
  18
  19 u8 *ecryptfs_get_auth_tok_key(struct ecryptfs_auth_tok *auth_tok)
  20 {
  21         return auth_tok->token.password.session_key_encryption_key;
  22 }
  23 EXPORT_SYMBOL(ecryptfs_get_auth_tok_key);
  24
  25 /*
  26  * ecryptfs_get_versions()
  27  *
  28  * Source code taken from the software 'ecryptfs-utils' version 83.
  29  *
  30  */
  31 void ecryptfs_get_versions(int *major, int *minor, int *file_version)
  32 {
  33         *major = ECRYPTFS_VERSION_MAJOR;
  34         *minor = ECRYPTFS_VERSION_MINOR;
  35         if (file_version)
  36                 *file_version = ECRYPTFS_SUPPORTED_FILE_VERSION;
  37 }
  38 EXPORT_SYMBOL(ecryptfs_get_versions);
  39
  40 /*
  41  * ecryptfs_fill_auth_tok - fill the ecryptfs_auth_tok structure
  42  *
  43  * Fill the ecryptfs_auth_tok structure with required ecryptfs data.
  44  * The source code is inspired to the original function generate_payload()
  45  * shipped with the software 'ecryptfs-utils' version 83.
  46  *
  47  */
  48 int ecryptfs_fill_auth_tok(struct ecryptfs_auth_tok *auth_tok,
  49                            const char *key_desc)
  50 {
  51         int major, minor;
  52
  53         ecryptfs_get_versions(&major, &minor, NULL);
  54         auth_tok->version = (((uint16_t)(major << 8) & 0xFF00)
  55                              | ((uint16_t)minor & 0x00FF));
  56         auth_tok->token_type = ECRYPTFS_PASSWORD;
  57         strncpy((char *)auth_tok->token.password.signature, key_desc,
  58                 ECRYPTFS_PASSWORD_SIG_SIZE);
  59         auth_tok->token.password.session_key_encryption_key_bytes =
  60                 ECRYPTFS_MAX_KEY_BYTES;
  61         /*
  62          * Removed auth_tok->token.password.salt and
  63          * auth_tok->token.password.session_key_encryption_key
  64          * initialization from the original code
  65          */
  66         /* TODO: Make the hash parameterizable via policy */
  67         auth_tok->token.password.flags |=
  68                 ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET;
  69         /* The kernel code will encrypt the session key. */
  70         auth_tok->session_key.encrypted_key[0] = 0;
  71         auth_tok->session_key.encrypted_key_size = 0;
  72         /* Default; subject to change by kernel eCryptfs */
  73         auth_tok->token.password.hash_algo = PGP_DIGEST_ALGO_SHA512;
  74         auth_tok->token.password.flags &= ~(ECRYPTFS_PERSISTENT_PASSWORD);
  75         return 0;
  76 }
  77 EXPORT_SYMBOL(ecryptfs_fill_auth_tok);