xref: /kernel/linux/linux-5.10/fs/ecryptfs/keystore.c

446  * @auth_tok: authentication token
453 				  struct ecryptfs_auth_tok **auth_tok)
457 	(*auth_tok) = ecryptfs_get_key_payload_data(auth_tok_key);
458 	if (IS_ERR(*auth_tok)) {
459 		rc = PTR_ERR(*auth_tok);
460 		*auth_tok = NULL;
464 	if (ecryptfs_verify_version((*auth_tok)->version)) {
472 	if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
473 	    && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
474 		printk(KERN_ERR "Invalid auth_tok structure "
486 	struct ecryptfs_auth_tok **auth_tok,
493 	(*auth_tok) = NULL;
515 				walker->global_auth_tok_key, auth_tok);
539  * @auth_tok: Set to the matching auth_tok; NULL if not found
541  * @sig: Sig of auth_tok to find
543  * For now, this function simply looks at the registered auth_tok's
546  * potentially try a lot harder to find auth_tok's (e.g., by calling
547  * out to ecryptfsd to dynamically retrieve an auth_tok object) so
548  * that static registration of auth_tok's will no longer be necessary.
555 	struct ecryptfs_auth_tok **auth_tok,
561 	rc = ecryptfs_find_global_auth_tok_for_sig(auth_tok_key, auth_tok,
573 		rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok,
595 	struct ecryptfs_auth_tok *auth_tok;
634 		&s->auth_tok, mount_crypt_stat,
735 	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
760 				 (u8 *)s->auth_tok->token.password.session_key_encryption_key,
761 				 s->auth_tok->token.password.session_key_encryption_key_bytes,
815 		s->auth_tok->token.password.session_key_encryption_key,
819 		       "rc = [%d]. s->auth_tok->token.password.session_key_"
823 		       s->auth_tok->token.password.session_key_encryption_key,
865 	struct ecryptfs_auth_tok *auth_tok;
961 					    &s->auth_tok, mount_crypt_stat,
1023 	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
1031 		s->auth_tok->token.password.session_key_encryption_key,
1035 		       "rc = [%d]. s->auth_tok->token.password.session_key_"
1039 		       s->auth_tok->token.password.session_key_encryption_key,
1097 ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok)
1102 	switch (auth_tok->token_type) {
1104 		(*sig) = auth_tok->token.password.signature;
1107 		(*sig) = auth_tok->token.private_key.signature;
1110 		printk(KERN_ERR "Cannot get sig for auth_tok of type [%d]\n",
1111 		       auth_tok->token_type);
1118  * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok.
1119  * @auth_tok: The key authentication token used to decrypt the session key
1125 decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1136 	rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok);
1139 		       auth_tok->token_type);
1142 	rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key),
1161 	rc = parse_tag_65_packet(&(auth_tok->session_key),
1168 	auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1169 	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1170 	       auth_tok->session_key.decrypted_key_size);
1171 	crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
1269 	(*new_auth_tok) = &auth_tok_list_item->auth_tok;
1403 	(*new_auth_tok) = &auth_tok_list_item->auth_tok;
1609 				      struct ecryptfs_auth_tok **auth_tok,
1626 	rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
1638  * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok.
1639  * @auth_tok: The passphrase authentication token to use to encrypt the FEK
1645 decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1658 			auth_tok->token.password.session_key_encryption_key_bytes);
1660 			auth_tok->token.password.session_key_encryption_key,
1661 			auth_tok->token.password.session_key_encryption_key_bytes);
1671 	rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
1672 				 auth_tok->session_key.encrypted_key_size,
1676 			"auth_tok->session_key.encrypted_key to scatterlist; "
1678 		       "auth_tok->session_key.encrypted_key_size = [%d]\n", rc,
1679 			auth_tok->session_key.encrypted_key_size);
1682 	auth_tok->session_key.decrypted_key_size =
1683 		auth_tok->session_key.encrypted_key_size;
1684 	rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
1685 				 auth_tok->session_key.decrypted_key_size,
1689 			"auth_tok->session_key.decrypted_key to scatterlist; "
1707 		tfm, auth_tok->token.password.session_key_encryption_key,
1716 				   auth_tok->session_key.encrypted_key_size,
1724 	auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1725 	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1726 	       auth_tok->session_key.decrypted_key_size);
1860 	 * necessary to decrypt the EFEK in the auth_tok parsed from
1866 		candidate_auth_tok = &auth_tok_list_item->auth_tok;
1931 			    == &auth_tok_list_item->auth_tok) {
1961 			struct ecryptfs_auth_tok *auth_tok,
1971 	rc = write_tag_66_packet(auth_tok->token.private_key.signature,
2008  *                @auth_tok
2009  * @auth_tok: The authentication token used for generating the tag 1 packet
2019 		   struct key *auth_tok_key, struct ecryptfs_auth_tok *auth_tok,
2030 	ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature,
2035 			auth_tok->session_key.encrypted_key[i];
2038 		       auth_tok->session_key.encrypted_key,
2039 		       auth_tok->session_key.encrypted_key_size);
2044 	if (auth_tok->session_key.encrypted_key_size == 0)
2045 		auth_tok->session_key.encrypted_key_size =
2046 			auth_tok->token.private_key.key_size;
2047 	rc = pki_encrypt_session_key(auth_tok_key, auth_tok, crypt_stat,
2164  * @auth_tok: Authentication token
2174 		   struct ecryptfs_auth_tok *auth_tok,
2194 	ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
2214 	if (auth_tok->session_key.encrypted_key_size == 0)
2215 		auth_tok->session_key.encrypted_key_size =
2220 		auth_tok->session_key.encrypted_key_size = 32;
2222 		auth_tok->session_key.encrypted_key_size = crypt_stat->key_size;
2224 		auth_tok->session_key.encrypted_key_size;
2226 	for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++)
2228 			auth_tok->session_key.encrypted_key[i];
2231 				"using auth_tok->session_key.encrypted_key, "
2235 		       auth_tok->session_key.encrypted_key,
2239 	if (auth_tok->token.password.flags &
2243 				auth_tok->token.password.
2246 		       auth_tok->token.password.session_key_encryption_key,
2365 	memcpy(&dest[(*packet_size)], auth_tok->token.password.salt,
2403 	struct ecryptfs_auth_tok *auth_tok;
2424 							   &auth_tok,
2433 		if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
2435 						&max, auth_tok,
2456 		} else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
2458 						auth_tok_key, auth_tok,

Indexes created Thu Nov 07 10:32:03 CST 2024