2  * e4crypt.c - ext4 encryption management utility
54 #define KEY_SPEC_THREAD_KEYRING		-1
55 #define KEY_SPEC_PROCESS_KEYRING	-2
56 #define KEY_SPEC_SESSION_KEYRING	-3
57 #define KEY_SPEC_USER_KEYRING		-4
58 #define KEY_SPEC_USER_SESSION_KEYRING	-5
59 #define KEY_SPEC_GROUP_KEYRING		-6
162 		return -EINVAL;  in hex2byte()
166 			return -EINVAL;  in hex2byte()
169 			return -EINVAL;  in hex2byte()
171 			return -EINVAL;  in hex2byte()
172 		bytes[x >> 1] = (((unsigned char)(h - hexchars) << 4) +  in hex2byte()
173 				 (unsigned char)(l - hexchars));  in hex2byte()
199 		if ((p->salt_len == salt_len) &&  in find_by_salt()
200 		    !memcmp(p->salt, salt, salt_len))  in find_by_salt()
237 	exit(-1);  in die_signal_handler()
292 		if (fd == -1 && errno == ENOTDIR)  in parse_salt()
294 		if (fd == -1) {  in parse_salt()
329 				(((unsigned char)(h - hexchars) << 4) +  in parse_salt()
330 				 (unsigned char)(l - hexchars));  in parse_salt()
366 		if (fd == -1) {  in set_policy()
390 		memcpy(policy.master_key_descriptor, salt->key_desc,  in set_policy()
398 			       strerror(errno), salt->key_ref_str, argv[x]);  in set_policy()
402 		       salt->key_ref_str, argv[x]);  in set_policy()
406 static void pbkdf2_sha512(const char *passphrase, struct salt *salt,  in pbkdf2_sha512()  argument
410 	size_t passphrase_size = strlen(passphrase);  in pbkdf2_sha512()
422 		printf("Passphrase size is %zd; max is %d.\n", passphrase_size,  in pbkdf2_sha512()
426 	if (salt->salt_len > EXT4_MAX_SALT_SIZE) {  in pbkdf2_sha512()
427 		printf("Salt size is %zd; max is %d.\n", salt->salt_len,  in pbkdf2_sha512()
433 	memcpy(saltbuf, salt->salt, salt->salt_len);  in pbkdf2_sha512()
434 	memcpy(&saltbuf[EXT4_MAX_SALT_SIZE], passphrase, passphrase_size);  in pbkdf2_sha512()
436 	memcpy(&buf[SHA512_LENGTH], passphrase, passphrase_size);  in pbkdf2_sha512()
443 			 * buf: [previous hash || passphrase]  in pbkdf2_sha512()
469 static void get_passphrase(char *passphrase, int len)  in get_passphrase()  argument
476 	p = fgets(passphrase, len, stdin);  in get_passphrase()
483 	p = strrchr(passphrase, '\n');  in get_passphrase()
485 		p = passphrase + len - 1;  in get_passphrase()
537 	ext2fs_sha512(salt->key, EXT4_MAX_KEY_SIZE, key_ref1);  in generate_key_ref_str()
539 	memcpy(salt->key_desc, key_ref2, EXT4_KEY_DESCRIPTOR_SIZE);  in generate_key_ref_str()
541 		sprintf(&salt->key_ref_str[x * 2], "%02x",  in generate_key_ref_str()
542 			salt->key_desc[x]);  in generate_key_ref_str()
544 	salt->key_ref_str[EXT4_KEY_REF_STR_BUF_SIZE - 1] = '\0';  in generate_key_ref_str()
560 		salt->key_ref_str);  in insert_key_into_keyring()
563 	if (rc != -1) {  in insert_key_into_keyring()
566 			       salt->key_ref_str);  in insert_key_into_keyring()
568 	} else if ((rc == -1) && (errno != ENOKEY)) {  in insert_key_into_keyring()
575 	memcpy(key.raw, salt->key, EXT4_MAX_KEY_SIZE);  in insert_key_into_keyring()
582 	 * kernel to create a session keyring --- which will then get  in insert_key_into_keyring()
600 	if (rc == -1) {  in insert_key_into_keyring()
605 			       "%s\n", salt->key_ref_str, strerror(errno));  in insert_key_into_keyring()
611 			       salt->key_ref_str);  in insert_key_into_keyring()
621 		if (strcmp(mnt->mnt_type, "ext4") ||  in get_default_salts()
622 		    access(mnt->mnt_dir, R_OK))  in get_default_salts()
624 		parse_salt(mnt->mnt_dir, PARSE_FLAGS_NOTSUPP_OK);  in get_default_salts()
645 "e4crypt add_key -S salt [ -k keyring ] [-v] [-q] [ -p pad ] [ path ... ]\n\n" \
646 "Prompts the user for a passphrase and inserts it into the specified\n" \
661 	while ((opt = getopt(argc, argv, "k:S:p:vq")) != -1) {  in do_add_key()
672 				fputs("May only provide -S once\n", stderr);  in do_add_key()
675 			/* Salt value for passphrase. */  in do_add_key()
691 			fputs(cmd->cmd_help, stderr);  in do_add_key()
705 	printf("Enter passphrase (echo disabled): ");  in do_add_key()
709 			      EXT4_PBKDF2_ITERATIONS, salt->key);  in do_add_key()
723 "e4crypt set_policy [ -p pad ] policy path ... \n\n" \
746 		fputs(cmd->cmd_help, stderr);  in do_set_policy()
754 		       "are 0-9 and a-f, lower case.  "  in do_set_policy()
778 		fputs(cmd->cmd_help, stderr);  in do_get_policy()
784 		if (fd == -1) {  in do_get_policy()
817 		fputs(cmd->cmd_help, stderr);  in do_new_session()
852 		for (p = cmd_list; p->cmd_name; p++) {  in do_help()
853 			if (p->cmd_flags & CMD_HIDDEN)  in do_help()
855 			if (strcmp(p->cmd_name, argv[1]) == 0) {  in do_help()
858 				fputs(p->cmd_help, stdout);  in do_help()
866 	for (p = cmd_list; p->cmd_name; p++) {  in do_help()
867 		if (p->cmd_flags & CMD_HIDDEN)  in do_help()
869 		printf("  %-20s %s\n", p->cmd_name, p->cmd_desc);  in do_help()
884 	for (cmd = cmd_list; cmd->cmd_name; cmd++) {  in main()
885 		if (strcmp(cmd->cmd_name, argv[1]) == 0) {  in main()
886 			cmd->cmd_func(argc-1, argv+1, cmd);  in main()