2
* Copyright (C) 2006 International Business Machines Corp.
3
* Author(s): Trevor S. Highland <trevor.highland@gmail.com>
5
* This program is free software; you can redistribute it and/or
6
* modify it under the terms of the GNU General Public License as
7
* published by the Free Software Foundation; either version 2 of the
8
* License, or (at your option) any later version.
10
* This program is distributed in the hope that it will be useful, but
11
* WITHOUT ANY WARRANTY; without even the implied warranty of
12
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13
* General Public License for more details.
15
* You should have received a copy of the GNU General Public License
16
* along with this program; if not, write to the Free Software
17
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
29
#include <openssl/pem.h>
30
#include <openssl/rsa.h>
31
#include <openssl/err.h>
32
#include <openssl/engine.h>
33
#include <sys/types.h>
35
#include "../include/ecryptfs.h"
37
#define RSA_KEY_SIZE_BYTES 128
45
static int get_pki_data(unsigned char *data, struct pki_openssl *pki_data)
51
path_length = data[i++] % 256;
52
path_length += data[i++] << 8;
54
pass_length = data[i++] % 256;
55
pass_length += data[i++] << 8;
56
pki_data->path = data + 2;
57
pki_data->password = pki_data->path + path_length + 2;
58
pki_data->signature = pki_data->password + pass_length + 2;
62
static int generate_signature(RSA *key, char *sig)
64
int len, nbits, ebits, i;
70
hash = malloc(SHA_DIGEST_LENGTH);
72
syslog(LOG_ERR, "Out of memory\n");
76
nbits = BN_num_bits(key->n);
80
ebits = BN_num_bits(key->e);
84
len = 10 + nbytes + ebytes;
85
data = malloc(3 + len);
87
syslog(LOG_ERR, "Out of memory\n");
93
data[i++] = (char)(len >> 8);
94
data[i++] = (char)len;
101
data[i++] = (char)(nbits >> 8);
102
data[i++] = (char)nbits;
103
BN_bn2bin(key->n, &(data[i]));
105
data[i++] = (char)(ebits >> 8);
106
data[i++] = (char)ebits;
107
BN_bn2bin(key->e, &(data[i]));
109
SHA1(data, len + 3, hash);
110
to_hex(sig, hash, ECRYPTFS_SIG_SIZE);
111
sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
118
static int write_key_to_file(RSA *rsa, char *filename, char *pass)
121
const EVP_CIPHER *enc = EVP_aes_256_cbc();
124
if ((out = BIO_new(BIO_s_file())) == NULL) {
125
syslog(LOG_ERR, "Unable to create BIO for output\n");
129
if (BIO_write_filename(out, filename) <= 0) {
130
syslog(LOG_ERR, "Failed to open file for reading\n");
134
if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0, NULL, pass)) {
136
syslog(LOG_ERR, "Failed to write key to file\n");
145
static int read_key(RSA **rsa, unsigned char *private_key_data)
147
struct pki_openssl *pki_data = NULL;
148
char *read_key_sig = NULL;
152
CRYPTO_malloc_init();
153
ERR_load_crypto_strings();
154
OpenSSL_add_all_algorithms();
155
ENGINE_load_builtin_engines();
156
pki_data = malloc(sizeof(struct pki_openssl));
158
syslog(LOG_ERR, "Out of memory\n");
162
get_pki_data(private_key_data, pki_data);
163
if ((in = BIO_new(BIO_s_file())) == NULL) {
164
syslog(LOG_ERR, "Unable to create BIO for output\n");
168
if (BIO_read_filename(in, pki_data->path) <= 0) {
169
syslog(LOG_ERR, "Unable to read filename [%s]\n",
174
if ((*rsa = PEM_read_bio_RSAPrivateKey(in, NULL, NULL,
175
pki_data->password )) == NULL) {
176
syslog(LOG_ERR, "Unable to read private key from file [%s]\n",
181
read_key_sig = malloc(ECRYPTFS_SIG_SIZE_HEX);
183
syslog(LOG_ERR, "Out of memory\n");
187
rc = generate_signature(*rsa, read_key_sig);
188
if (strcmp(pki_data->signature, read_key_sig)) {
189
syslog(LOG_ERR, "The loaded key has incorrect signature\n");
197
CRYPTO_cleanup_all_ex_data();
203
/* TODO: If sig == NULL, just return *length; the caller can use this
204
* information to allocate memory and call again. There should also be
205
* a max_length parameter. -Halcrow */
206
int set_key_data(unsigned char *private_key_data, char *sig, int *length)
208
struct pki_openssl *pki_data = NULL;
213
CRYPTO_malloc_init();
214
ERR_load_crypto_strings();
215
OpenSSL_add_all_algorithms();
216
ENGINE_load_builtin_engines();
217
pki_data = malloc(sizeof(pki_data));
219
syslog(LOG_ERR, "Out of memory\n");
223
get_pki_data(private_key_data, pki_data);
224
if ((in = BIO_new(BIO_s_file())) == NULL) {
225
syslog(LOG_ERR, "Unable to create BIO for output\n");
229
if (BIO_read_filename(in, pki_data->path) <= 0) {
230
syslog(LOG_ERR, "Unable to read filename [%s]\n",
235
if ((rsa = PEM_read_bio_RSAPrivateKey(in, NULL, NULL,
236
pki_data->password )) == NULL) {
237
syslog(LOG_ERR, "Unable to read private key from file\n");
241
*length = RSA_size(rsa);
242
rc = generate_signature(rsa, pki_data->signature);
243
memcpy(sig, pki_data->signature, ECRYPTFS_SIG_SIZE_HEX + 1);
249
CRYPTO_cleanup_all_ex_data();
255
int ecryptfs_generate_key(char *filename)
272
if (BN_set_bit(e, 0) == 0 || BN_set_bit(e, 16) == 0) {
276
rsa = RSA_generate_key(1024, 65537, NULL, NULL);
277
if (write_key_to_file(rsa, filename, NULL))
283
syslog(LOG_ERR, "Failed to write key file rc = [%x]\n", rc);
287
int ecryptfs_encrypt(int size, char *from, char *to,
288
unsigned char *private_key_data)
293
rc = read_key(&rsa, private_key_data);
295
rc = -(int)ERR_get_error();
296
syslog(LOG_ERR, "Error attempting to read RSA key from file;"
300
rc = RSA_public_encrypt(size, from, to, rsa,
301
RSA_PKCS1_OAEP_PADDING);
303
rc = -(int)ERR_get_error();
304
syslog(LOG_ERR, "Error attempting to perform RSA public key "
305
"encryption; rc = [%d]\n", rc);
314
/* currently assumes that a single block is passed in for decryption */
315
int decrypt(char *from, char *to, size_t *decrypted_key_size,
316
unsigned char *private_key_data)
321
rc = read_key(&rsa, private_key_data);
323
rc = -(int)ERR_get_error();
324
syslog(LOG_ERR, "Error attempting to read RSA key from file;"
328
rc = RSA_private_decrypt(RSA_size(rsa), from, to,
329
rsa, RSA_PKCS1_OAEP_PADDING);
331
rc = -(int)ERR_get_error();
332
syslog(LOG_ERR, "Error attempting to perform RSA public key "
333
"decryption; rc = [%d]\n", rc);
335
*decrypted_key_size = rc;
343
/* TODO: This seems a bit magical. Should it be a NULL mode in a
344
* serialize function, perhaps? -Halcrow */
345
int get_pki_data_length(struct ecryptfs_name_val_pair *pair)
354
else if (!strcmp(pair->name, "passphrase"))
355
password = pair->value;
356
else if (!strcmp(pair->name, "path"))
361
length = (strlen(path) + 3);
365
length += (strlen(password) + 3);
368
length += (2 + (ECRYPTFS_SIG_SIZE_HEX + 1));
372
struct pki_nvp_map_elem {
377
static struct pki_nvp_map_elem pki_nvp_map[] = {
378
{"path", ECRYPTFS_ECHO | ECRYPTFS_DEFAULT_VALUE_SET},
379
{"passphrase", ECRYPTFS_MLOCK},
383
int generate_name_val_list(struct ecryptfs_name_val_pair *head)
389
struct passwd *pw = getpwuid(id);
391
while (pki_nvp_map[i].name) {
392
head->next = malloc(sizeof(struct ecryptfs_name_val_pair));
398
head->name = pki_nvp_map[i].name;
399
head->flags = pki_nvp_map[i].flags;
400
if (!strcmp(head->name, "path")) {
401
asprintf(&head->value,
402
"%s/.ecryptfs/pki/openssl/key.pem",
404
if (stat(head->value, &buf))
405
head->flags &= ~ECRYPTFS_DEFAULT_VALUE_SET;
414
/* TODO: In general, we should be passing the head of the lists
415
* around; the head's only job is to provide a pointer to the first
416
* real element in the list. Please update this function to reflect
418
int set_pki_data(struct ecryptfs_name_val_pair *pair, unsigned char *data)
420
size_t password_length;
429
else if (!strcmp(pair->name, "passphrase"))
430
password = pair->value;
431
else if (!strcmp(pair->name, "path"))
436
path_length = strlen(path) + 1;
437
data[i++] = path_length % 256;
438
data[i++] = path_length >> 8;
439
memcpy(&data[i], path, path_length);
445
password_length = strlen(password) + 1;
446
data[i++] = password_length % 256;
447
data[i++] = password_length >> 8;
448
memcpy(&data[i], password, password_length);
449
i += password_length;
456
static int ssl_sig(struct ecryptfs_pki_elem *pki, struct val_node **head)
458
struct ecryptfs_name_val_pair *openssl_nvp;
463
pki->nvp_head.next = malloc(sizeof(struct ecryptfs_name_val_pair));
464
if (!pki->nvp_head.next) {
468
openssl_nvp = pki->nvp_head.next;
469
openssl_nvp->name = "passphrase";
470
stack_pop_val(head, (void *)&(openssl_nvp->value));
471
openssl_nvp->next = malloc(sizeof(struct ecryptfs_name_val_pair));
472
if (!openssl_nvp->next) {
476
openssl_nvp = openssl_nvp->next;
477
openssl_nvp->name = "path";
478
stack_pop_val(head, (void *)&(openssl_nvp->value));
479
openssl_nvp->next = NULL;
480
sig = malloc(ECRYPTFS_SIG_SIZE_HEX + 1);
485
rc = add_public_key_key_to_keyring(sig, pki);
490
asprintf(¶m, "ecryptfs_sig=%s", sig);
492
stack_push(head, param);
499
static int tf_ssl_file(struct ecryptfs_ctx *ctx, struct param_node *node,
500
struct val_node **head, void **foo)
502
stack_push(head, node->val);
507
static int tf_ssl_passwd(struct ecryptfs_ctx *ctx, struct param_node *node,
508
struct val_node **head, void **foo)
510
stack_push(head, node->val);
512
return ssl_sig((struct ecryptfs_pki_elem *)*foo, head);
515
static int tf_ssl_passfile(struct ecryptfs_ctx *ctx, struct param_node *node,
516
struct val_node **head, void **foo)
519
char *tmp_val = NULL;
521
struct ecryptfs_name_val_pair *file_head = NULL;
522
struct ecryptfs_name_val_pair *walker = NULL;
524
file_head = malloc(sizeof(struct ecryptfs_name_val_pair));
529
memset(file_head, 0, sizeof(struct ecryptfs_name_val_pair));
530
if (strcmp(node->mnt_opt_names[0], "passfile") == 0)
531
fd = open(node->val, O_RDONLY);
532
else if (strcmp(node->mnt_opt_names[0], "passfd") == 0)
533
fd = strtol(node->val, NULL, 0);
538
rc = parse_options_file(fd, file_head);
544
walker = file_head->next;
546
if (strcmp(walker->name, "passwd") == 0) {
547
asprintf(&tmp_val, "%s", walker->value);
548
stack_push(head, tmp_val);
551
walker = walker->next;
557
free_name_val_pairs(file_head);
560
rc = ssl_sig((struct ecryptfs_pki_elem *)*foo, head);
567
#define OPENSSL_TOK 0
568
#define SSL_FILE_TOK 1
569
#define SSL_PASSWD_TOK 2
570
#define SSL_PASS_FILE_TOK 3
571
#define SSL_PASS_ENV_TOK 4
572
#define SSL_PASS_FD_TOK 5
573
#define SSL_PASS_STDIN_TOK 6
574
#define SSL_DEFAULT_PASS_TOK 7
575
static struct param_node ssl_param_nodes[] = {
576
{.num_mnt_opt_names = 1,
577
.mnt_opt_names = {"keyformat"},
578
.prompt = "Key format",
581
.display_opts = NULL,
582
.default_val = "keyfile",
584
.num_transitions = 1,
585
.tl = {{.val = "default",
586
.pretty_val = "OpenSSL Key File",
587
.next_token = &ssl_param_nodes[SSL_FILE_TOK],
588
.trans_func = NULL}}},
590
{.num_mnt_opt_names = 1,
591
.mnt_opt_names = {"keyfile"},
592
.prompt = "SSL key file",
595
.display_opts = NULL,
598
.num_transitions = 6,
599
.tl = {{.val = "passwd",
601
.next_token = &ssl_param_nodes[SSL_PASSWD_TOK],
602
.trans_func = tf_ssl_file},
604
.pretty_val = "Passphrase File",
605
.next_token = &ssl_param_nodes[SSL_PASS_FILE_TOK],
606
.trans_func = tf_ssl_file},
608
.pretty_val = "Passphrase ENV",
609
.next_token = &ssl_param_nodes[SSL_PASS_ENV_TOK],
610
.trans_func = tf_ssl_file},
612
.pretty_val = "Passphrase File Descriptor",
613
.next_token = &ssl_param_nodes[SSL_PASS_FD_TOK],
614
.trans_func = tf_ssl_file},
616
.pretty_val = "Passphrase STDIN",
617
.next_token = &ssl_param_nodes[SSL_PASS_STDIN_TOK],
618
.trans_func = tf_ssl_file},
620
.pretty_val = "Passphrase",
621
.next_token = &ssl_param_nodes[SSL_DEFAULT_PASS_TOK],
622
.trans_func = tf_ssl_file}}},
624
{.num_mnt_opt_names = 1,
625
.mnt_opt_names = {"passwd"},
626
.prompt = "Passphrase",
629
.display_opts = NULL,
631
.flags = MASK_OUTPUT,
632
.num_transitions = 1,
636
.trans_func = tf_ssl_passwd}}},
638
{.num_mnt_opt_names = 1,
639
.mnt_opt_names = {"passfile"},
640
.prompt = "Passphrase",
643
.display_opts = NULL,
645
.flags = MASK_OUTPUT,
646
.num_transitions = 1,
650
.trans_func = tf_ssl_passfile}}},
652
{.num_mnt_opt_names = 1,
653
.mnt_opt_names = {"passenv"},
654
.prompt = "Passphrase",
657
.display_opts = NULL,
659
.flags = MASK_OUTPUT,
660
.num_transitions = 1,
664
.trans_func = tf_ssl_passwd}}},
666
{.num_mnt_opt_names = 1,
667
.mnt_opt_names = {"passfd"},
668
.prompt = "Passphrase",
671
.display_opts = NULL,
673
.flags = MASK_OUTPUT,
674
.num_transitions = 1,
678
.trans_func = tf_ssl_passfile}}},
680
{.num_mnt_opt_names = 1,
681
.mnt_opt_names = {"passstdin"},
682
.prompt = "Passphrase",
685
.display_opts = NULL,
687
.flags = VERIFY_VALUE | STDIN_REQUIRED,
688
.num_transitions = 1,
692
.trans_func = tf_ssl_passwd}}},
694
{.num_mnt_opt_names = 1,
695
.mnt_opt_names = {"defaultpass"},
696
.prompt = "Passphrase",
699
.display_opts = NULL,
701
.flags = VERIFY_VALUE | STDIN_REQUIRED,
702
.num_transitions = 1,
706
.trans_func = tf_ssl_passwd}}},
709
static int tf_openssl_enter(struct ecryptfs_ctx *ctx, struct param_node *node,
710
struct val_node **head, void **foo)
713
rc = ecryptfs_find_pki(ctx, node->val,
714
(struct ecryptfs_pki_elem **)foo);
718
struct transition_node openssl_transition = {
720
.pretty_val = "OpenSSL module",
721
.next_token = &(ssl_param_nodes[0]),
722
.trans_func = tf_openssl_enter
725
static int get_param_subgraph_trans_node(struct transition_node **trans,
728
if ((version & ECRYPTFS_VERSIONING_PUBKEY) == 0)
730
*trans = &openssl_transition;
734
int init_pki(char **pki_name, struct ecryptfs_pki_elem *pki)
738
rc = generate_name_val_list(&pki->nvp_head);
741
if (asprintf(pki_name, "openssl") == -1) {
742
ecryptfs_syslog(LOG_ERR, "Out of memory\n");
745
struct ecryptfs_pki_ops ops = {
747
&ecryptfs_generate_key,
750
&get_pki_data_length,
752
&get_param_subgraph_trans_node
754
memcpy(&pki->ops, &ops, sizeof(struct ecryptfs_pki_ops));