[linux-2.6-block.git] / security / keys / encrypted-keys / ecryptfs_format.c

/*
 * ecryptfs_format.c: helper functions for the encrypted key type
 *
 * Copyright (C) 2006 International Business Machines Corp.
 * Copyright (C) 2010 Politecnico di Torino, Italy
 *                    TORSEC group -- http://security.polito.it
 *
 * Authors:
 * Michael A. Halcrow <mahalcro@us.ibm.com>
 * Tyler Hicks <tyhicks@ou.edu>
 * Roberto Sassu <roberto.sassu@polito.it>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, version 2 of the License.
 */

#include <linux/export.h>
#include <linux/string.h>
#include "ecryptfs_format.h"

u8 *ecryptfs_get_auth_tok_key(struct ecryptfs_auth_tok *auth_tok)
{
	return auth_tok->token.password.session_key_encryption_key;
}
EXPORT_SYMBOL(ecryptfs_get_auth_tok_key);

/*
 * ecryptfs_get_versions()
 *
 * Source code taken from the software 'ecryptfs-utils' version 83.
 *
 */
void ecryptfs_get_versions(int *major, int *minor, int *file_version)
{
	*major = ECRYPTFS_VERSION_MAJOR;
	*minor = ECRYPTFS_VERSION_MINOR;
	if (file_version)
		*file_version = ECRYPTFS_SUPPORTED_FILE_VERSION;
}
EXPORT_SYMBOL(ecryptfs_get_versions);

/*
 * ecryptfs_fill_auth_tok - fill the ecryptfs_auth_tok structure
 *
 * Fill the ecryptfs_auth_tok structure with required ecryptfs data.
 * The source code is inspired to the original function generate_payload()
 * shipped with the software 'ecryptfs-utils' version 83.
 *
 */
int ecryptfs_fill_auth_tok(struct ecryptfs_auth_tok *auth_tok,
			   const char *key_desc)
{
	int major, minor;

	ecryptfs_get_versions(&major, &minor, NULL);
	auth_tok->version = (((uint16_t)(major << 8) & 0xFF00)
			     | ((uint16_t)minor & 0x00FF));
	auth_tok->token_type = ECRYPTFS_PASSWORD;
	strncpy((char *)auth_tok->token.password.signature, key_desc,
		ECRYPTFS_PASSWORD_SIG_SIZE);
	auth_tok->token.password.session_key_encryption_key_bytes =
		ECRYPTFS_MAX_KEY_BYTES;
	/*
	 * Removed auth_tok->token.password.salt and
	 * auth_tok->token.password.session_key_encryption_key
	 * initialization from the original code
	 */
	/* TODO: Make the hash parameterizable via policy */
	auth_tok->token.password.flags |=
		ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET;
	/* The kernel code will encrypt the session key. */
	auth_tok->session_key.encrypted_key[0] = 0;
	auth_tok->session_key.encrypted_key_size = 0;
	/* Default; subject to change by kernel eCryptfs */
	auth_tok->token.password.hash_algo = PGP_DIGEST_ALGO_SHA512;
	auth_tok->token.password.flags &= ~(ECRYPTFS_PERSISTENT_PASSWORD);
	return 0;
}
EXPORT_SYMBOL(ecryptfs_fill_auth_tok);
Commit	Line	Data
79a73d18 RS	1	/*
	2	* ecryptfs_format.c: helper functions for the encrypted key type
	3	*
	4	* Copyright (C) 2006 International Business Machines Corp.
	5	* Copyright (C) 2010 Politecnico di Torino, Italy
	6	* TORSEC group -- http://security.polito.it
	7	*
	8	* Authors:
	9	* Michael A. Halcrow <mahalcro@us.ibm.com>
	10	* Tyler Hicks <tyhicks@ou.edu>
	11	* Roberto Sassu <roberto.sassu@polito.it>
	12	*
	13	* This program is free software; you can redistribute it and/or modify
	14	* it under the terms of the GNU General Public License as published by
	15	* the Free Software Foundation, version 2 of the License.
	16	*/
	17
a7986080 PG	18	#include <linux/export.h>
a7986080 PG	19	#include <linux/string.h>
79a73d18 RS	20	#include "ecryptfs_format.h"
	21
	22	u8 ecryptfs_get_auth_tok_key(struct ecryptfs_auth_tok auth_tok)
	23	{
	24	return auth_tok->token.password.session_key_encryption_key;
	25	}
	26	EXPORT_SYMBOL(ecryptfs_get_auth_tok_key);
	27
	28	/*
	29	* ecryptfs_get_versions()
	30	*
	31	* Source code taken from the software 'ecryptfs-utils' version 83.
	32	*
	33	*/
	34	void ecryptfs_get_versions(int major, int minor, int *file_version)
	35	{
	36	*major = ECRYPTFS_VERSION_MAJOR;
	37	*minor = ECRYPTFS_VERSION_MINOR;
	38	if (file_version)
	39	*file_version = ECRYPTFS_SUPPORTED_FILE_VERSION;
	40	}
	41	EXPORT_SYMBOL(ecryptfs_get_versions);
	42
	43	/*
	44	* ecryptfs_fill_auth_tok - fill the ecryptfs_auth_tok structure
	45	*
	46	* Fill the ecryptfs_auth_tok structure with required ecryptfs data.
	47	* The source code is inspired to the original function generate_payload()
	48	* shipped with the software 'ecryptfs-utils' version 83.
	49	*
	50	*/
	51	int ecryptfs_fill_auth_tok(struct ecryptfs_auth_tok *auth_tok,
	52	const char *key_desc)
	53	{
	54	int major, minor;
	55
	56	ecryptfs_get_versions(&major, &minor, NULL);
	57	auth_tok->version = (((uint16_t)(major << 8) & 0xFF00)
	58	\| ((uint16_t)minor & 0x00FF));
	59	auth_tok->token_type = ECRYPTFS_PASSWORD;
	60	strncpy((char *)auth_tok->token.password.signature, key_desc,
	61	ECRYPTFS_PASSWORD_SIG_SIZE);
	62	auth_tok->token.password.session_key_encryption_key_bytes =
	63	ECRYPTFS_MAX_KEY_BYTES;
	64	/*
	65	* Removed auth_tok->token.password.salt and
	66	* auth_tok->token.password.session_key_encryption_key
	67	* initialization from the original code
	68	*/
	69	/* TODO: Make the hash parameterizable via policy */
	70	auth_tok->token.password.flags \|=
	71	ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET;
	72	/* The kernel code will encrypt the session key. */
	73	auth_tok->session_key.encrypted_key[0] = 0;
	74	auth_tok->session_key.encrypted_key_size = 0;
	75	/* Default; subject to change by kernel eCryptfs */
	76	auth_tok->token.password.hash_algo = PGP_DIGEST_ALGO_SHA512;
	77	auth_tok->token.password.flags &= ~(ECRYPTFS_PERSISTENT_PASSWORD);
	78	return 0;
	79	}
	80	EXPORT_SYMBOL(ecryptfs_fill_auth_tok);