xref: /kernel/linux/linux-6.6/fs/ecryptfs/keystore.c

446  * @auth_tok: authentication token
453 				  struct ecryptfs_auth_tok **auth_tok)
457 	(*auth_tok) = ecryptfs_get_key_payload_data(auth_tok_key);
458 	if (IS_ERR(*auth_tok)) {
459 		rc = PTR_ERR(*auth_tok);
460 		*auth_tok = NULL;
464 	if (ecryptfs_verify_version((*auth_tok)->version)) {
472 	if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
473 	    && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
474 		printk(KERN_ERR "Invalid auth_tok structure "
486 	struct ecryptfs_auth_tok **auth_tok,
493 	(*auth_tok) = NULL;
515 				walker->global_auth_tok_key, auth_tok);
540  * @auth_tok: Set to the matching auth_tok; NULL if not found
542  * @sig: Sig of auth_tok to find
544  * For now, this function simply looks at the registered auth_tok's
547  * potentially try a lot harder to find auth_tok's (e.g., by calling
548  * out to ecryptfsd to dynamically retrieve an auth_tok object) so
549  * that static registration of auth_tok's will no longer be necessary.
556 	struct ecryptfs_auth_tok **auth_tok,
562 	rc = ecryptfs_find_global_auth_tok_for_sig(auth_tok_key, auth_tok,
574 		rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok,
596 	struct ecryptfs_auth_tok *auth_tok;
635 		&s->auth_tok, mount_crypt_stat,
736 	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
761 				 (u8 *)s->auth_tok->token.password.session_key_encryption_key,
762 				 s->auth_tok->token.password.session_key_encryption_key_bytes,
816 		s->auth_tok->token.password.session_key_encryption_key,
820 		       "rc = [%d]. s->auth_tok->token.password.session_key_"
824 		       s->auth_tok->token.password.session_key_encryption_key,
866 	struct ecryptfs_auth_tok *auth_tok;
962 					    &s->auth_tok, mount_crypt_stat,
1024 	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
1032 		s->auth_tok->token.password.session_key_encryption_key,
1036 		       "rc = [%d]. s->auth_tok->token.password.session_key_"
1040 		       s->auth_tok->token.password.session_key_encryption_key,
1098 ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok)
1103 	switch (auth_tok->token_type) {
1105 		(*sig) = auth_tok->token.password.signature;
1108 		(*sig) = auth_tok->token.private_key.signature;
1111 		printk(KERN_ERR "Cannot get sig for auth_tok of type [%d]\n",
1112 		       auth_tok->token_type);
1119  * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok.
1120  * @auth_tok: The key authentication token used to decrypt the session key
1126 decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1137 	rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok);
1140 		       auth_tok->token_type);
1143 	rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key),
1162 	rc = parse_tag_65_packet(&(auth_tok->session_key),
1169 	auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1170 	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1171 	       auth_tok->session_key.decrypted_key_size);
1172 	crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
1270 	(*new_auth_tok) = &auth_tok_list_item->auth_tok;
1404 	(*new_auth_tok) = &auth_tok_list_item->auth_tok;
1610 				      struct ecryptfs_auth_tok **auth_tok,
1627 	rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
1639  * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok.
1640  * @auth_tok: The passphrase authentication token to use to encrypt the FEK
1646 decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1659 			auth_tok->token.password.session_key_encryption_key_bytes);
1661 			auth_tok->token.password.session_key_encryption_key,
1662 			auth_tok->token.password.session_key_encryption_key_bytes);
1672 	rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
1673 				 auth_tok->session_key.encrypted_key_size,
1677 			"auth_tok->session_key.encrypted_key to scatterlist; "
1679 		       "auth_tok->session_key.encrypted_key_size = [%d]\n", rc,
1680 			auth_tok->session_key.encrypted_key_size);
1683 	auth_tok->session_key.decrypted_key_size =
1684 		auth_tok->session_key.encrypted_key_size;
1685 	rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
1686 				 auth_tok->session_key.decrypted_key_size,
1690 			"auth_tok->session_key.decrypted_key to scatterlist; "
1708 		tfm, auth_tok->token.password.session_key_encryption_key,
1717 				   auth_tok->session_key.encrypted_key_size,
1725 	auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1726 	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1727 	       auth_tok->session_key.decrypted_key_size);
1861 	 * necessary to decrypt the EFEK in the auth_tok parsed from
1867 		candidate_auth_tok = &auth_tok_list_item->auth_tok;
1932 			    == &auth_tok_list_item->auth_tok) {
1962 			struct ecryptfs_auth_tok *auth_tok,
1972 	rc = write_tag_66_packet(auth_tok->token.private_key.signature,
2009  *                @auth_tok
2010  * @auth_tok: The authentication token used for generating the tag 1 packet
2020 		   struct key *auth_tok_key, struct ecryptfs_auth_tok *auth_tok,
2031 	ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature,
2036 			auth_tok->session_key.encrypted_key[i];
2039 		       auth_tok->session_key.encrypted_key,
2040 		       auth_tok->session_key.encrypted_key_size);
2045 	if (auth_tok->session_key.encrypted_key_size == 0)
2046 		auth_tok->session_key.encrypted_key_size =
2047 			auth_tok->token.private_key.key_size;
2048 	rc = pki_encrypt_session_key(auth_tok_key, auth_tok, crypt_stat,
2165  * @auth_tok: Authentication token
2175 		   struct ecryptfs_auth_tok *auth_tok,
2195 	ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
2215 	if (auth_tok->session_key.encrypted_key_size == 0)
2216 		auth_tok->session_key.encrypted_key_size =
2221 		auth_tok->session_key.encrypted_key_size = 32;
2223 		auth_tok->session_key.encrypted_key_size = crypt_stat->key_size;
2225 		auth_tok->session_key.encrypted_key_size;
2227 	for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++)
2229 			auth_tok->session_key.encrypted_key[i];
2232 				"using auth_tok->session_key.encrypted_key, "
2236 		       auth_tok->session_key.encrypted_key,
2240 	if (auth_tok->token.password.flags &
2244 				auth_tok->token.password.
2247 		       auth_tok->token.password.session_key_encryption_key,
2366 	memcpy(&dest[(*packet_size)], auth_tok->token.password.salt,
2404 	struct ecryptfs_auth_tok *auth_tok;
2425 							   &auth_tok,
2434 		if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
2436 						&max, auth_tok,
2457 		} else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
2459 						auth_tok_key, auth_tok,

Indexes created Thu Nov 07 10:32:03 CST 2024