security/keys/encrypted-keys/ecryptfs_format.c

   1 /*
   2  * ecryptfs_format.c: helper functions for the encrypted key type
   3  *
   4  * Copyright (C) 2006 International Business Machines Corp.
   5  * Copyright (C) 2010 Politecnico di Torino, Italy
   6  *                    TORSEC group -- http://security.polito.it
   7  *
   8  * Authors:
   9  * Michael A. Halcrow <mahalcro@us.ibm.com>
  10  * Tyler Hicks <tyhicks@ou.edu>
  11  * Roberto Sassu <roberto.sassu@polito.it>
  12  *
  13  * This program is free software; you can redistribute it and/or modify
  14  * it under the terms of the GNU General Public License as published by
  15  * the Free Software Foundation, version 2 of the License.
  16  */
  17
  18 #include <linux/export.h>
  19 #include <linux/string.h>
  20 #include "ecryptfs_format.h"
  21
  22 u8 *ecryptfs_get_auth_tok_key(struct ecryptfs_auth_tok *auth_tok)
  23 {
  24         return auth_tok->token.password.session_key_encryption_key;
  25 }
  26 EXPORT_SYMBOL(ecryptfs_get_auth_tok_key);
  27
  28 /*
  29  * ecryptfs_get_versions()
  30  *
  31  * Source code taken from the software 'ecryptfs-utils' version 83.
  32  *
  33  */
  34 void ecryptfs_get_versions(int *major, int *minor, int *file_version)
  35 {
  36         *major = ECRYPTFS_VERSION_MAJOR;
  37         *minor = ECRYPTFS_VERSION_MINOR;
  38         if (file_version)
  39                 *file_version = ECRYPTFS_SUPPORTED_FILE_VERSION;
  40 }
  41 EXPORT_SYMBOL(ecryptfs_get_versions);
  42
  43 /*
  44  * ecryptfs_fill_auth_tok - fill the ecryptfs_auth_tok structure
  45  *
  46  * Fill the ecryptfs_auth_tok structure with required ecryptfs data.
  47  * The source code is inspired to the original function generate_payload()
  48  * shipped with the software 'ecryptfs-utils' version 83.
  49  *
  50  */
  51 int ecryptfs_fill_auth_tok(struct ecryptfs_auth_tok *auth_tok,
  52                            const char *key_desc)
  53 {
  54         int major, minor;
  55
  56         ecryptfs_get_versions(&major, &minor, NULL);
  57         auth_tok->version = (((uint16_t)(major << 8) & 0xFF00)
  58                              | ((uint16_t)minor & 0x00FF));
  59         auth_tok->token_type = ECRYPTFS_PASSWORD;
  60         strncpy((char *)auth_tok->token.password.signature, key_desc,
  61                 ECRYPTFS_PASSWORD_SIG_SIZE);
  62         auth_tok->token.password.session_key_encryption_key_bytes =
  63                 ECRYPTFS_MAX_KEY_BYTES;
  64         /*
  65          * Removed auth_tok->token.password.salt and
  66          * auth_tok->token.password.session_key_encryption_key
  67          * initialization from the original code
  68          */
  69         /* TODO: Make the hash parameterizable via policy */
  70         auth_tok->token.password.flags |=
  71                 ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET;
  72         /* The kernel code will encrypt the session key. */
  73         auth_tok->session_key.encrypted_key[0] = 0;
  74         auth_tok->session_key.encrypted_key_size = 0;
  75         /* Default; subject to change by kernel eCryptfs */
  76         auth_tok->token.password.hash_algo = PGP_DIGEST_ALGO_SHA512;
  77         auth_tok->token.password.flags &= ~(ECRYPTFS_PERSISTENT_PASSWORD);
  78         return 0;
  79 }
  80 EXPORT_SYMBOL(ecryptfs_fill_auth_tok);