Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/security/keys/encrypted-keys/ecryptfs_format.c
26424 views
1
// SPDX-License-Identifier: GPL-2.0-only

2
/*

3
 * ecryptfs_format.c: helper functions for the encrypted key type

4
 *

5
 * Copyright (C) 2006 International Business Machines Corp.

6
 * Copyright (C) 2010 Politecnico di Torino, Italy

7
 *                    TORSEC group -- https://security.polito.it

8
 *

9
 * Authors:

10
 * Michael A. Halcrow <[email protected]>

11
 * Tyler Hicks <[email protected]>

12
 * Roberto Sassu <[email protected]>

13
 */

14


15
#include <linux/export.h>

16
#include <linux/string.h>

17
#include "ecryptfs_format.h"

18


19
u8 *ecryptfs_get_auth_tok_key(struct ecryptfs_auth_tok *auth_tok)

20
{

21
	return auth_tok->token.password.session_key_encryption_key;

22
}

23
EXPORT_SYMBOL(ecryptfs_get_auth_tok_key);

24


25
/*

26
 * ecryptfs_get_versions()

27
 *

28
 * Source code taken from the software 'ecryptfs-utils' version 83.

29
 *

30
 */

31
void ecryptfs_get_versions(int *major, int *minor, int *file_version)

32
{

33
	*major = ECRYPTFS_VERSION_MAJOR;

34
	*minor = ECRYPTFS_VERSION_MINOR;

35
	if (file_version)

36
		*file_version = ECRYPTFS_SUPPORTED_FILE_VERSION;

37
}

38
EXPORT_SYMBOL(ecryptfs_get_versions);

39


40
/*

41
 * ecryptfs_fill_auth_tok - fill the ecryptfs_auth_tok structure

42
 *

43
 * Fill the ecryptfs_auth_tok structure with required ecryptfs data.

44
 * The source code is inspired to the original function generate_payload()

45
 * shipped with the software 'ecryptfs-utils' version 83.

46
 *

47
 */

48
int ecryptfs_fill_auth_tok(struct ecryptfs_auth_tok *auth_tok,

49
			   const char *key_desc)

50
{

51
	int major, minor;

52


53
	ecryptfs_get_versions(&major, &minor, NULL);

54
	auth_tok->version = (((uint16_t)(major << 8) & 0xFF00)

55
			     | ((uint16_t)minor & 0x00FF));

56
	auth_tok->token_type = ECRYPTFS_PASSWORD;

57
	strncpy((char *)auth_tok->token.password.signature, key_desc,

58
		ECRYPTFS_PASSWORD_SIG_SIZE);

59
	auth_tok->token.password.session_key_encryption_key_bytes =

60
		ECRYPTFS_MAX_KEY_BYTES;

61
	/*

62
	 * Removed auth_tok->token.password.salt and

63
	 * auth_tok->token.password.session_key_encryption_key

64
	 * initialization from the original code

65
	 */

66
	/* TODO: Make the hash parameterizable via policy */

67
	auth_tok->token.password.flags |=

68
		ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET;

69
	/* The kernel code will encrypt the session key. */

70
	auth_tok->session_key.encrypted_key[0] = 0;

71
	auth_tok->session_key.encrypted_key_size = 0;

72
	/* Default; subject to change by kernel eCryptfs */

73
	auth_tok->token.password.hash_algo = PGP_DIGEST_ALGO_SHA512;

74
	auth_tok->token.password.flags &= ~(ECRYPTFS_PERSISTENT_PASSWORD);

75
	return 0;

76
}

77
EXPORT_SYMBOL(ecryptfs_fill_auth_tok);

78


79