mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-12-27 13:30:45 -05:00
a0a76e3f8d
strncpy() is deprecated for NUL-terminated destination buffers; use strscpy_pad() instead to retain the NUL-padding behavior of strncpy(). The destination buffer is initialized using kzalloc() with a 'signature' size of ECRYPTFS_PASSWORD_SIG_SIZE + 1. strncpy() then copies up to ECRYPTFS_PASSWORD_SIG_SIZE bytes from 'key_desc', NUL-padding any remaining bytes if needed, but expects the last byte to be zero. strscpy_pad() also copies the source string to 'signature', and NUL-pads the destination buffer if needed, but ensures it's always NUL-terminated without relying on it being zero-initialized. strscpy_pad() automatically determines the size of the fixed-length destination buffer via sizeof() when the optional size argument is omitted, making an explicit size unnecessary. In encrypted_init(), the source string 'key_desc' is validated by valid_ecryptfs_desc() before calling ecryptfs_fill_auth_tok(), and is therefore NUL-terminated and satisfies the __must_be_cstr() requirement of strscpy_pad(). Link: https://github.com/KSPP/linux/issues/90 Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Reviewed-by: Kees Cook <kees@kernel.org> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
77 lines
2.4 KiB
C
77 lines
2.4 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* ecryptfs_format.c: helper functions for the encrypted key type
|
|
*
|
|
* Copyright (C) 2006 International Business Machines Corp.
|
|
* Copyright (C) 2010 Politecnico di Torino, Italy
|
|
* TORSEC group -- https://security.polito.it
|
|
*
|
|
* Authors:
|
|
* Michael A. Halcrow <mahalcro@us.ibm.com>
|
|
* Tyler Hicks <tyhicks@ou.edu>
|
|
* Roberto Sassu <roberto.sassu@polito.it>
|
|
*/
|
|
|
|
#include <linux/export.h>
|
|
#include <linux/string.h>
|
|
#include "ecryptfs_format.h"
|
|
|
|
u8 *ecryptfs_get_auth_tok_key(struct ecryptfs_auth_tok *auth_tok)
|
|
{
|
|
return auth_tok->token.password.session_key_encryption_key;
|
|
}
|
|
EXPORT_SYMBOL(ecryptfs_get_auth_tok_key);
|
|
|
|
/*
|
|
* ecryptfs_get_versions()
|
|
*
|
|
* Source code taken from the software 'ecryptfs-utils' version 83.
|
|
*
|
|
*/
|
|
void ecryptfs_get_versions(int *major, int *minor, int *file_version)
|
|
{
|
|
*major = ECRYPTFS_VERSION_MAJOR;
|
|
*minor = ECRYPTFS_VERSION_MINOR;
|
|
if (file_version)
|
|
*file_version = ECRYPTFS_SUPPORTED_FILE_VERSION;
|
|
}
|
|
EXPORT_SYMBOL(ecryptfs_get_versions);
|
|
|
|
/*
|
|
* ecryptfs_fill_auth_tok - fill the ecryptfs_auth_tok structure
|
|
*
|
|
* Fill the ecryptfs_auth_tok structure with required ecryptfs data.
|
|
* The source code is inspired to the original function generate_payload()
|
|
* shipped with the software 'ecryptfs-utils' version 83.
|
|
*
|
|
*/
|
|
int ecryptfs_fill_auth_tok(struct ecryptfs_auth_tok *auth_tok,
|
|
const char *key_desc)
|
|
{
|
|
int major, minor;
|
|
|
|
ecryptfs_get_versions(&major, &minor, NULL);
|
|
auth_tok->version = (((uint16_t)(major << 8) & 0xFF00)
|
|
| ((uint16_t)minor & 0x00FF));
|
|
auth_tok->token_type = ECRYPTFS_PASSWORD;
|
|
strscpy_pad(auth_tok->token.password.signature, key_desc);
|
|
auth_tok->token.password.session_key_encryption_key_bytes =
|
|
ECRYPTFS_MAX_KEY_BYTES;
|
|
/*
|
|
* Removed auth_tok->token.password.salt and
|
|
* auth_tok->token.password.session_key_encryption_key
|
|
* initialization from the original code
|
|
*/
|
|
/* TODO: Make the hash parameterizable via policy */
|
|
auth_tok->token.password.flags |=
|
|
ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET;
|
|
/* The kernel code will encrypt the session key. */
|
|
auth_tok->session_key.encrypted_key[0] = 0;
|
|
auth_tok->session_key.encrypted_key_size = 0;
|
|
/* Default; subject to change by kernel eCryptfs */
|
|
auth_tok->token.password.hash_algo = PGP_DIGEST_ALGO_SHA512;
|
|
auth_tok->token.password.flags &= ~(ECRYPTFS_PERSISTENT_PASSWORD);
|
|
return 0;
|
|
}
|
|
EXPORT_SYMBOL(ecryptfs_fill_auth_tok);
|