keys/encrypted-keys/ecryptfs_format.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * ecryptfs_format.c: helper functions for the encrypted key type
0004  *
0005  * Copyright (C) 2006 International Business Machines Corp.
0006  * Copyright (C) 2010 Politecnico di Torino, Italy
0007  *                    TORSEC group -- https://security.polito.it
0008  *
0009  * Authors:
0010  * Michael A. Halcrow <mahalcro@us.ibm.com>
0011  * Tyler Hicks <tyhicks@ou.edu>
0012  * Roberto Sassu <roberto.sassu@polito.it>
0013  */
0014
0015 #include <linux/export.h>
0016 #include <linux/string.h>
0017 #include "ecryptfs_format.h"
0018
0019 u8 *ecryptfs_get_auth_tok_key(struct ecryptfs_auth_tok *auth_tok)
0020 {
0021     return auth_tok->token.password.session_key_encryption_key;
0022 }
0023 EXPORT_SYMBOL(ecryptfs_get_auth_tok_key);
0024
0025 /*
0026  * ecryptfs_get_versions()
0027  *
0028  * Source code taken from the software 'ecryptfs-utils' version 83.
0029  *
0030  */
0031 void ecryptfs_get_versions(int *major, int *minor, int *file_version)
0032 {
0033     *major = ECRYPTFS_VERSION_MAJOR;
0034     *minor = ECRYPTFS_VERSION_MINOR;
0035     if (file_version)
0036         *file_version = ECRYPTFS_SUPPORTED_FILE_VERSION;
0037 }
0038 EXPORT_SYMBOL(ecryptfs_get_versions);
0039
0040 /*
0041  * ecryptfs_fill_auth_tok - fill the ecryptfs_auth_tok structure
0042  *
0043  * Fill the ecryptfs_auth_tok structure with required ecryptfs data.
0044  * The source code is inspired to the original function generate_payload()
0045  * shipped with the software 'ecryptfs-utils' version 83.
0046  *
0047  */
0048 int ecryptfs_fill_auth_tok(struct ecryptfs_auth_tok *auth_tok,
0049                const char *key_desc)
0050 {
0051     int major, minor;
0052
0053     ecryptfs_get_versions(&major, &minor, NULL);
0054     auth_tok->version = (((uint16_t)(major << 8) & 0xFF00)
0055                  | ((uint16_t)minor & 0x00FF));
0056     auth_tok->token_type = ECRYPTFS_PASSWORD;
0057     strncpy((char *)auth_tok->token.password.signature, key_desc,
0058         ECRYPTFS_PASSWORD_SIG_SIZE);
0059     auth_tok->token.password.session_key_encryption_key_bytes =
0060         ECRYPTFS_MAX_KEY_BYTES;
0061     /*
0062      * Removed auth_tok->token.password.salt and
0063      * auth_tok->token.password.session_key_encryption_key
0064      * initialization from the original code
0065      */
0066     /* TODO: Make the hash parameterizable via policy */
0067     auth_tok->token.password.flags |=
0068         ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET;
0069     /* The kernel code will encrypt the session key. */
0070     auth_tok->session_key.encrypted_key[0] = 0;
0071     auth_tok->session_key.encrypted_key_size = 0;
0072     /* Default; subject to change by kernel eCryptfs */
0073     auth_tok->token.password.hash_algo = PGP_DIGEST_ALGO_SHA512;
0074     auth_tok->token.password.flags &= ~(ECRYPTFS_PERSISTENT_PASSWORD);
0075     return 0;
0076 }
0077 EXPORT_SYMBOL(ecryptfs_fill_auth_tok);