1 /* 2 * ecryptfs_format.c: helper functions for the encrypted key type 3 * 4 * Copyright (C) 2006 International Business Machines Corp. 5 * Copyright (C) 2010 Politecnico di Torino, Italy 6 * TORSEC group -- http://security.polito.it 7 * 8 * Authors: 9 * Michael A. Halcrow <mahalcro@us.ibm.com> 10 * Tyler Hicks <tyhicks@ou.edu> 11 * Roberto Sassu <roberto.sassu@polito.it> 12 * 13 * This program is free software; you can redistribute it and/or modify 14 * it under the terms of the GNU General Public License as published by 15 * the Free Software Foundation, version 2 of the License. 16 */ 17 18 #include <linux/export.h> 19 #include <linux/string.h> 20 #include "ecryptfs_format.h" 21 22 u8 *ecryptfs_get_auth_tok_key(struct ecryptfs_auth_tok *auth_tok) 23 { 24 return auth_tok->token.password.session_key_encryption_key; 25 } 26 EXPORT_SYMBOL(ecryptfs_get_auth_tok_key); 27 28 /* 29 * ecryptfs_get_versions() 30 * 31 * Source code taken from the software 'ecryptfs-utils' version 83. 32 * 33 */ 34 void ecryptfs_get_versions(int *major, int *minor, int *file_version) 35 { 36 *major = ECRYPTFS_VERSION_MAJOR; 37 *minor = ECRYPTFS_VERSION_MINOR; 38 if (file_version) 39 *file_version = ECRYPTFS_SUPPORTED_FILE_VERSION; 40 } 41 EXPORT_SYMBOL(ecryptfs_get_versions); 42 43 /* 44 * ecryptfs_fill_auth_tok - fill the ecryptfs_auth_tok structure 45 * 46 * Fill the ecryptfs_auth_tok structure with required ecryptfs data. 47 * The source code is inspired to the original function generate_payload() 48 * shipped with the software 'ecryptfs-utils' version 83. 49 * 50 */ 51 int ecryptfs_fill_auth_tok(struct ecryptfs_auth_tok *auth_tok, 52 const char *key_desc) 53 { 54 int major, minor; 55 56 ecryptfs_get_versions(&major, &minor, NULL); 57 auth_tok->version = (((uint16_t)(major << 8) & 0xFF00) 58 | ((uint16_t)minor & 0x00FF)); 59 auth_tok->token_type = ECRYPTFS_PASSWORD; 60 strncpy((char *)auth_tok->token.password.signature, key_desc, 61 ECRYPTFS_PASSWORD_SIG_SIZE); 62 auth_tok->token.password.session_key_encryption_key_bytes = 63 ECRYPTFS_MAX_KEY_BYTES; 64 /* 65 * Removed auth_tok->token.password.salt and 66 * auth_tok->token.password.session_key_encryption_key 67 * initialization from the original code 68 */ 69 /* TODO: Make the hash parameterizable via policy */ 70 auth_tok->token.password.flags |= 71 ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET; 72 /* The kernel code will encrypt the session key. */ 73 auth_tok->session_key.encrypted_key[0] = 0; 74 auth_tok->session_key.encrypted_key_size = 0; 75 /* Default; subject to change by kernel eCryptfs */ 76 auth_tok->token.password.hash_algo = PGP_DIGEST_ALGO_SHA512; 77 auth_tok->token.password.flags &= ~(ECRYPTFS_PERSISTENT_PASSWORD); 78 return 0; 79 } 80 EXPORT_SYMBOL(ecryptfs_fill_auth_tok); 81