xref: /linux/security/keys/encrypted-keys/ecryptfs_format.c (revision ead5d1f4d877e92c051e1a1ade623d0d30e71619)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * ecryptfs_format.c: helper functions for the encrypted key type
4  *
5  * Copyright (C) 2006 International Business Machines Corp.
6  * Copyright (C) 2010 Politecnico di Torino, Italy
7  *                    TORSEC group -- https://security.polito.it
8  *
9  * Authors:
10  * Michael A. Halcrow <mahalcro@us.ibm.com>
11  * Tyler Hicks <tyhicks@ou.edu>
12  * Roberto Sassu <roberto.sassu@polito.it>
13  */
14 
15 #include <linux/export.h>
16 #include <linux/string.h>
17 #include "ecryptfs_format.h"
18 
19 u8 *ecryptfs_get_auth_tok_key(struct ecryptfs_auth_tok *auth_tok)
20 {
21 	return auth_tok->token.password.session_key_encryption_key;
22 }
23 EXPORT_SYMBOL(ecryptfs_get_auth_tok_key);
24 
25 /*
26  * ecryptfs_get_versions()
27  *
28  * Source code taken from the software 'ecryptfs-utils' version 83.
29  *
30  */
31 void ecryptfs_get_versions(int *major, int *minor, int *file_version)
32 {
33 	*major = ECRYPTFS_VERSION_MAJOR;
34 	*minor = ECRYPTFS_VERSION_MINOR;
35 	if (file_version)
36 		*file_version = ECRYPTFS_SUPPORTED_FILE_VERSION;
37 }
38 EXPORT_SYMBOL(ecryptfs_get_versions);
39 
40 /*
41  * ecryptfs_fill_auth_tok - fill the ecryptfs_auth_tok structure
42  *
43  * Fill the ecryptfs_auth_tok structure with required ecryptfs data.
44  * The source code is inspired to the original function generate_payload()
45  * shipped with the software 'ecryptfs-utils' version 83.
46  *
47  */
48 int ecryptfs_fill_auth_tok(struct ecryptfs_auth_tok *auth_tok,
49 			   const char *key_desc)
50 {
51 	int major, minor;
52 
53 	ecryptfs_get_versions(&major, &minor, NULL);
54 	auth_tok->version = (((uint16_t)(major << 8) & 0xFF00)
55 			     | ((uint16_t)minor & 0x00FF));
56 	auth_tok->token_type = ECRYPTFS_PASSWORD;
57 	strncpy((char *)auth_tok->token.password.signature, key_desc,
58 		ECRYPTFS_PASSWORD_SIG_SIZE);
59 	auth_tok->token.password.session_key_encryption_key_bytes =
60 		ECRYPTFS_MAX_KEY_BYTES;
61 	/*
62 	 * Removed auth_tok->token.password.salt and
63 	 * auth_tok->token.password.session_key_encryption_key
64 	 * initialization from the original code
65 	 */
66 	/* TODO: Make the hash parameterizable via policy */
67 	auth_tok->token.password.flags |=
68 		ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET;
69 	/* The kernel code will encrypt the session key. */
70 	auth_tok->session_key.encrypted_key[0] = 0;
71 	auth_tok->session_key.encrypted_key_size = 0;
72 	/* Default; subject to change by kernel eCryptfs */
73 	auth_tok->token.password.hash_algo = PGP_DIGEST_ALGO_SHA512;
74 	auth_tok->token.password.flags &= ~(ECRYPTFS_PERSISTENT_PASSWORD);
75 	return 0;
76 }
77 EXPORT_SYMBOL(ecryptfs_fill_auth_tok);
78