1 | // SPDX-License-Identifier: GPL-2.0-only |
---|---|
2 | /* |
3 | * ecryptfs_format.c: helper functions for the encrypted key type |
4 | * |
5 | * Copyright (C) 2006 International Business Machines Corp. |
6 | * Copyright (C) 2010 Politecnico di Torino, Italy |
7 | * TORSEC group -- https://security.polito.it |
8 | * |
9 | * Authors: |
10 | * Michael A. Halcrow <mahalcro@us.ibm.com> |
11 | * Tyler Hicks <tyhicks@ou.edu> |
12 | * Roberto Sassu <roberto.sassu@polito.it> |
13 | */ |
14 | |
15 | #include <linux/export.h> |
16 | #include <linux/string.h> |
17 | #include "ecryptfs_format.h" |
18 | |
19 | u8 *ecryptfs_get_auth_tok_key(struct ecryptfs_auth_tok *auth_tok) |
20 | { |
21 | return auth_tok->token.password.session_key_encryption_key; |
22 | } |
23 | EXPORT_SYMBOL(ecryptfs_get_auth_tok_key); |
24 | |
25 | /* |
26 | * ecryptfs_get_versions() |
27 | * |
28 | * Source code taken from the software 'ecryptfs-utils' version 83. |
29 | * |
30 | */ |
31 | void ecryptfs_get_versions(int *major, int *minor, int *file_version) |
32 | { |
33 | *major = ECRYPTFS_VERSION_MAJOR; |
34 | *minor = ECRYPTFS_VERSION_MINOR; |
35 | if (file_version) |
36 | *file_version = ECRYPTFS_SUPPORTED_FILE_VERSION; |
37 | } |
38 | EXPORT_SYMBOL(ecryptfs_get_versions); |
39 | |
40 | /* |
41 | * ecryptfs_fill_auth_tok - fill the ecryptfs_auth_tok structure |
42 | * |
43 | * Fill the ecryptfs_auth_tok structure with required ecryptfs data. |
44 | * The source code is inspired to the original function generate_payload() |
45 | * shipped with the software 'ecryptfs-utils' version 83. |
46 | * |
47 | */ |
48 | int ecryptfs_fill_auth_tok(struct ecryptfs_auth_tok *auth_tok, |
49 | const char *key_desc) |
50 | { |
51 | int major, minor; |
52 | |
53 | ecryptfs_get_versions(&major, &minor, NULL); |
54 | auth_tok->version = (((uint16_t)(major << 8) & 0xFF00) |
55 | | ((uint16_t)minor & 0x00FF)); |
56 | auth_tok->token_type = ECRYPTFS_PASSWORD; |
57 | strncpy(p: (char *)auth_tok->token.password.signature, q: key_desc, |
58 | ECRYPTFS_PASSWORD_SIG_SIZE); |
59 | auth_tok->token.password.session_key_encryption_key_bytes = |
60 | ECRYPTFS_MAX_KEY_BYTES; |
61 | /* |
62 | * Removed auth_tok->token.password.salt and |
63 | * auth_tok->token.password.session_key_encryption_key |
64 | * initialization from the original code |
65 | */ |
66 | /* TODO: Make the hash parameterizable via policy */ |
67 | auth_tok->token.password.flags |= |
68 | ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET; |
69 | /* The kernel code will encrypt the session key. */ |
70 | auth_tok->session_key.encrypted_key[0] = 0; |
71 | auth_tok->session_key.encrypted_key_size = 0; |
72 | /* Default; subject to change by kernel eCryptfs */ |
73 | auth_tok->token.password.hash_algo = PGP_DIGEST_ALGO_SHA512; |
74 | auth_tok->token.password.flags &= ~(ECRYPTFS_PERSISTENT_PASSWORD); |
75 | return 0; |
76 | } |
77 | EXPORT_SYMBOL(ecryptfs_fill_auth_tok); |
78 |