1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * ecryptfs_format.c: helper functions for the encrypted key type 4 * 5 * Copyright (C) 2006 International Business Machines Corp. 6 * Copyright (C) 2010 Politecnico di Torino, Italy 7 * TORSEC group -- https://security.polito.it 8 * 9 * Authors: 10 * Michael A. Halcrow <mahalcro@us.ibm.com> 11 * Tyler Hicks <tyhicks@ou.edu> 12 * Roberto Sassu <roberto.sassu@polito.it> 13 */ 14 15#include <linux/export.h> 16#include <linux/string.h> 17#include "ecryptfs_format.h" 18 19u8 *ecryptfs_get_auth_tok_key(struct ecryptfs_auth_tok *auth_tok) 20{ 21 return auth_tok->token.password.session_key_encryption_key; 22} 23EXPORT_SYMBOL(ecryptfs_get_auth_tok_key); 24 25/* 26 * ecryptfs_get_versions() 27 * 28 * Source code taken from the software 'ecryptfs-utils' version 83. 29 * 30 */ 31void ecryptfs_get_versions(int *major, int *minor, int *file_version) 32{ 33 *major = ECRYPTFS_VERSION_MAJOR; 34 *minor = ECRYPTFS_VERSION_MINOR; 35 if (file_version) 36 *file_version = ECRYPTFS_SUPPORTED_FILE_VERSION; 37} 38EXPORT_SYMBOL(ecryptfs_get_versions); 39 40/* 41 * ecryptfs_fill_auth_tok - fill the ecryptfs_auth_tok structure 42 * 43 * Fill the ecryptfs_auth_tok structure with required ecryptfs data. 44 * The source code is inspired to the original function generate_payload() 45 * shipped with the software 'ecryptfs-utils' version 83. 46 * 47 */ 48int ecryptfs_fill_auth_tok(struct ecryptfs_auth_tok *auth_tok, 49 const char *key_desc) 50{ 51 int major, minor; 52 53 ecryptfs_get_versions(&major, &minor, NULL); 54 auth_tok->version = (((uint16_t)(major << 8) & 0xFF00) 55 | ((uint16_t)minor & 0x00FF)); 56 auth_tok->token_type = ECRYPTFS_PASSWORD; 57 strncpy((char *)auth_tok->token.password.signature, key_desc, 58 ECRYPTFS_PASSWORD_SIG_SIZE); 59 auth_tok->token.password.session_key_encryption_key_bytes = 60 ECRYPTFS_MAX_KEY_BYTES; 61 /* 62 * Removed auth_tok->token.password.salt and 63 * auth_tok->token.password.session_key_encryption_key 64 * initialization from the original code 65 */ 66 /* TODO: Make the hash parameterizable via policy */ 67 auth_tok->token.password.flags |= 68 ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET; 69 /* The kernel code will encrypt the session key. */ 70 auth_tok->session_key.encrypted_key[0] = 0; 71 auth_tok->session_key.encrypted_key_size = 0; 72 /* Default; subject to change by kernel eCryptfs */ 73 auth_tok->token.password.hash_algo = PGP_DIGEST_ALGO_SHA512; 74 auth_tok->token.password.flags &= ~(ECRYPTFS_PERSISTENT_PASSWORD); 75 return 0; 76} 77EXPORT_SYMBOL(ecryptfs_fill_auth_tok); 78