xref: /linux/security/keys/encrypted-keys/ecryptfs_format.c (revision bd628c1bed7902ec1f24ba0fe70758949146abbe) 
1 /*
2  * ecryptfs_format.c: helper functions for the encrypted key type
3  *
4  * Copyright (C) 2006 International Business Machines Corp.
5  * Copyright (C) 2010 Politecnico di Torino, Italy
6  *                    TORSEC group -- http://security.polito.it
7  *
8  * Authors:
9  * Michael A. Halcrow <mahalcro@us.ibm.com>
10  * Tyler Hicks <tyhicks@ou.edu>
11  * Roberto Sassu <roberto.sassu@polito.it>
12  *
13  * This program is free software; you can redistribute it and/or modify
14  * it under the terms of the GNU General Public License as published by
15  * the Free Software Foundation, version 2 of the License.
16  */
17 
18 #include <linux/export.h>
19 #include <linux/string.h>
20 #include "ecryptfs_format.h"
21 
22 u8 *ecryptfs_get_auth_tok_key(struct ecryptfs_auth_tok *auth_tok)
23 {
24 	return auth_tok->token.password.session_key_encryption_key;
25 }
26 EXPORT_SYMBOL(ecryptfs_get_auth_tok_key);
27 
28 /*
29  * ecryptfs_get_versions()
30  *
31  * Source code taken from the software 'ecryptfs-utils' version 83.
32  *
33  */
34 void ecryptfs_get_versions(int *major, int *minor, int *file_version)
35 {
36 	*major = ECRYPTFS_VERSION_MAJOR;
37 	*minor = ECRYPTFS_VERSION_MINOR;
38 	if (file_version)
39 		*file_version = ECRYPTFS_SUPPORTED_FILE_VERSION;
40 }
41 EXPORT_SYMBOL(ecryptfs_get_versions);
42 
43 /*
44  * ecryptfs_fill_auth_tok - fill the ecryptfs_auth_tok structure
45  *
46  * Fill the ecryptfs_auth_tok structure with required ecryptfs data.
47  * The source code is inspired to the original function generate_payload()
48  * shipped with the software 'ecryptfs-utils' version 83.
49  *
50  */
51 int ecryptfs_fill_auth_tok(struct ecryptfs_auth_tok *auth_tok,
52 			   const char *key_desc)
53 {
54 	int major, minor;
55 
56 	ecryptfs_get_versions(&major, &minor, NULL);
57 	auth_tok->version = (((uint16_t)(major << 8) & 0xFF00)
58 			     | ((uint16_t)minor & 0x00FF));
59 	auth_tok->token_type = ECRYPTFS_PASSWORD;
60 	strncpy((char *)auth_tok->token.password.signature, key_desc,
61 		ECRYPTFS_PASSWORD_SIG_SIZE);
62 	auth_tok->token.password.session_key_encryption_key_bytes =
63 		ECRYPTFS_MAX_KEY_BYTES;
64 	/*
65 	 * Removed auth_tok->token.password.salt and
66 	 * auth_tok->token.password.session_key_encryption_key
67 	 * initialization from the original code
68 	 */
69 	/* TODO: Make the hash parameterizable via policy */
70 	auth_tok->token.password.flags |=
71 		ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET;
72 	/* The kernel code will encrypt the session key. */
73 	auth_tok->session_key.encrypted_key[0] = 0;
74 	auth_tok->session_key.encrypted_key_size = 0;
75 	/* Default; subject to change by kernel eCryptfs */
76 	auth_tok->token.password.hash_algo = PGP_DIGEST_ALGO_SHA512;
77 	auth_tok->token.password.flags &= ~(ECRYPTFS_PERSISTENT_PASSWORD);
78 	return 0;
79 }
80 EXPORT_SYMBOL(ecryptfs_fill_auth_tok);
81