« back to all changes in this revision
Viewing changes to src/pki/ecryptfs_pki_openssl.c
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Bazaar Package Importer
- Author(s): William Lima
- Date: 2007-05-09 16:21:23 UTC
- Revision ID: james.westby@ubuntu.com-20070509162123-b2ge8a5w7weqt5ea
Tags: upstream-15
ImportĀ upstreamĀ versionĀ 15
- files added:
- doc
- doc/beginners_guide
- doc/design_doc
- doc/manpage
- m4
- src
- src/daemon
- src/include
- src/jprobes
- src/libecryptfs
- src/pam_ecryptfs
- src/pki
- src/testcases
- src/utils
added
removed
src/pki/ecryptfs_pki_openssl.c
1
/**
2
* Copyright (C) 2006 International Business Machines Corp.
3
* Author(s): Trevor S. Highland <trevor.highland@gmail.com>
4
*
5
* This program is free software; you can redistribute it and/or
6
* modify it under the terms of the GNU General Public License as
7
* published by the Free Software Foundation; either version 2 of the
8
* License, or (at your option) any later version.
9
*
10
* This program is distributed in the hope that it will be useful, but
11
* WITHOUT ANY WARRANTY; without even the implied warranty of
12
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13
* General Public License for more details.
14
*
15
* You should have received a copy of the GNU General Public License
16
* along with this program; if not, write to the Free Software
17
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
18
* 02111-1307, USA.
19
*/
20
21
#include <fcntl.h>
22
#include <pwd.h>
23
#include <stdio.h>
24
#include <string.h>
25
#include <syslog.h>
26
#include <errno.h>
27
#include <stdlib.h>
28
#include <unistd.h>
29
#include <openssl/pem.h>
30
#include <openssl/rsa.h>
31
#include <openssl/err.h>
32
#include <openssl/engine.h>
33
#include <sys/types.h>
34
#include <sys/stat.h>
35
#include "../include/ecryptfs.h"
36
37
#define RSA_KEY_SIZE_BYTES 128
38
39
struct pki_openssl {
40
char *path;
41
char *password;
42
char *signature;
43
};
44
45
static int get_pki_data(unsigned char *data, struct pki_openssl *pki_data)
46
{
47
size_t path_length;
48
size_t pass_length;
49
size_t i = 0;
50
51
path_length = data[i++] % 256;
52
path_length += data[i++] << 8;
53
i += path_length;
54
pass_length = data[i++] % 256;
55
pass_length += data[i++] << 8;
56
pki_data->path = data + 2;
57
pki_data->password = pki_data->path + path_length + 2;
58
pki_data->signature = pki_data->password + pass_length + 2;
59
return 0;
60
}
61
62
static int generate_signature(RSA *key, char *sig)
63
{
64
int len, nbits, ebits, i;
65
int nbytes, ebytes;
66
char *hash;
67
char *data = NULL;
68
int rc = 0;
69
70
hash = malloc(SHA_DIGEST_LENGTH);
71
if (!hash) {
72
syslog(LOG_ERR, "Out of memory\n");
73
rc = -ENOMEM;
74
goto out;
75
}
76
nbits = BN_num_bits(key->n);
77
nbytes = nbits / 8;
78
if (nbits % 8)
79
nbytes++;
80
ebits = BN_num_bits(key->e);
81
ebytes = ebits / 8;
82
if (ebits % 8)
83
ebytes++;
84
len = 10 + nbytes + ebytes;
85
data = malloc(3 + len);
86
if (!data) {
87
syslog(LOG_ERR, "Out of memory\n");
88
rc = -ENOMEM;
89
goto out;
90
}
91
i = 0;
92
data[i++] = '\x99';
93
data[i++] = (char)(len >> 8);
94
data[i++] = (char)len;
95
data[i++] = '\x04';
96
data[i++] = '\00';
97
data[i++] = '\00';
98
data[i++] = '\00';
99
data[i++] = '\00';
100
data[i++] = '\02';
101
data[i++] = (char)(nbits >> 8);
102
data[i++] = (char)nbits;
103
BN_bn2bin(key->n, &(data[i]));
104
i += nbytes;
105
data[i++] = (char)(ebits >> 8);
106
data[i++] = (char)ebits;
107
BN_bn2bin(key->e, &(data[i]));
108
i += ebytes;
109
SHA1(data, len + 3, hash);
110
to_hex(sig, hash, ECRYPTFS_SIG_SIZE);
111
sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
112
out:
113
free(data);
114
free(hash);
115
return rc;
116
}
117
118
static int write_key_to_file(RSA *rsa, char *filename, char *pass)
119
{
120
BIO *out;
121
const EVP_CIPHER *enc = EVP_aes_256_cbc();
122
int rc = 0;
123
124
if ((out = BIO_new(BIO_s_file())) == NULL) {
125
syslog(LOG_ERR, "Unable to create BIO for output\n");
126
rc= -EIO;
127
goto out;
128
}
129
if (BIO_write_filename(out, filename) <= 0) {
130
syslog(LOG_ERR, "Failed to open file for reading\n");
131
rc = -EIO;
132
goto out;
133
}
134
if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0, NULL, pass)) {
135
rc = -1;
136
syslog(LOG_ERR, "Failed to write key to file\n");
137
goto out;
138
}
139
out:
140
if (out)
141
BIO_free_all(out);
142
return rc;
143
}
144
145
static int read_key(RSA **rsa, unsigned char *private_key_data)
146
{
147
struct pki_openssl *pki_data = NULL;
148
char *read_key_sig = NULL;
149
BIO *in = NULL;
150
int rc;
151
152
CRYPTO_malloc_init();
153
ERR_load_crypto_strings();
154
OpenSSL_add_all_algorithms();
155
ENGINE_load_builtin_engines();
156
pki_data = malloc(sizeof(struct pki_openssl));
157
if (!pki_data) {
158
syslog(LOG_ERR, "Out of memory\n");
159
rc = -ENOMEM;
160
goto out;
161
}
162
get_pki_data(private_key_data, pki_data);
163
if ((in = BIO_new(BIO_s_file())) == NULL) {
164
syslog(LOG_ERR, "Unable to create BIO for output\n");
165
rc = -EIO;
166
goto out;
167
}
168
if (BIO_read_filename(in, pki_data->path) <= 0) {
169
syslog(LOG_ERR, "Unable to read filename [%s]\n",
170
pki_data->path);
171
rc = -EIO;
172
goto out;
173
}
174
if ((*rsa = PEM_read_bio_RSAPrivateKey(in, NULL, NULL,
175
pki_data->password )) == NULL) {
176
syslog(LOG_ERR, "Unable to read private key from file [%s]\n",
177
pki_data->password);
178
rc = -EIO;
179
goto out;
180
}
181
read_key_sig = malloc(ECRYPTFS_SIG_SIZE_HEX);
182
if (!read_key_sig) {
183
syslog(LOG_ERR, "Out of memory\n");
184
rc = -ENOMEM;
185
goto out;
186
}
187
rc = generate_signature(*rsa, read_key_sig);
188
if (strcmp(pki_data->signature, read_key_sig)) {
189
syslog(LOG_ERR, "The loaded key has incorrect signature\n");
190
rc = -EINVAL;
191
}
192
out:
193
free(read_key_sig);
194
free(pki_data);
195
BIO_free_all(in);
196
EVP_cleanup();
197
CRYPTO_cleanup_all_ex_data();
198
ERR_remove_state(0);
199
ERR_free_strings();
200
return rc;
201
}
202
203
/* TODO: If sig == NULL, just return *length; the caller can use this
204
* information to allocate memory and call again. There should also be
205
* a max_length parameter. -Halcrow */
206
int set_key_data(unsigned char *private_key_data, char *sig, int *length)
207
{
208
struct pki_openssl *pki_data = NULL;
209
BIO *in = NULL;
210
RSA *rsa = NULL;
211
int rc;
212
213
CRYPTO_malloc_init();
214
ERR_load_crypto_strings();
215
OpenSSL_add_all_algorithms();
216
ENGINE_load_builtin_engines();
217
pki_data = malloc(sizeof(pki_data));
218
if (!pki_data) {
219
syslog(LOG_ERR, "Out of memory\n");
220
rc = -ENOMEM;
221
goto out;
222
}
223
get_pki_data(private_key_data, pki_data);
224
if ((in = BIO_new(BIO_s_file())) == NULL) {
225
syslog(LOG_ERR, "Unable to create BIO for output\n");
226
rc = -EIO;
227
goto out;
228
}
229
if (BIO_read_filename(in, pki_data->path) <= 0) {
230
syslog(LOG_ERR, "Unable to read filename [%s]\n",
231
pki_data->path);
232
rc = -EIO;
233
goto out;
234
}
235
if ((rsa = PEM_read_bio_RSAPrivateKey(in, NULL, NULL,
236
pki_data->password )) == NULL) {
237
syslog(LOG_ERR, "Unable to read private key from file\n");
238
rc = -EIO;
239
goto out;
240
}
241
*length = RSA_size(rsa);
242
rc = generate_signature(rsa, pki_data->signature);
243
memcpy(sig, pki_data->signature, ECRYPTFS_SIG_SIZE_HEX + 1);
244
out:
245
free(pki_data);
246
RSA_free(rsa);
247
BIO_free_all(in);
248
EVP_cleanup();
249
CRYPTO_cleanup_all_ex_data();
250
ERR_remove_state(0);
251
ERR_free_strings();
252
return rc;
253
}
254
255
int ecryptfs_generate_key(char *filename)
256
{
257
RSA *rsa;
258
BIGNUM *e;
259
int rc = 0;
260
261
rsa = RSA_new();
262
if (!rsa) {
263
rc = -ENOMEM;
264
goto out;
265
}
266
e = BN_new();
267
if (!rsa) {
268
rc = -ENOMEM;
269
goto out;
270
}
271
/* Set e to 65537 */
272
if (BN_set_bit(e, 0) == 0 || BN_set_bit(e, 16) == 0) {
273
rc = -EINVAL;
274
goto out;
275
}
276
rsa = RSA_generate_key(1024, 65537, NULL, NULL);
277
if (write_key_to_file(rsa, filename, NULL))
278
rc = -EIO;
279
out:
280
BN_free(e);
281
RSA_free(rsa);
282
if (rc)
283
syslog(LOG_ERR, "Failed to write key file rc = [%x]\n", rc);
284
return rc;
285
}
286
287
int ecryptfs_encrypt(int size, char *from, char *to,
288
unsigned char *private_key_data)
289
{
290
RSA *rsa = NULL;
291
int rc;
292
293
rc = read_key(&rsa, private_key_data);
294
if (rc) {
295
rc = -(int)ERR_get_error();
296
syslog(LOG_ERR, "Error attempting to read RSA key from file;"
297
" rc = [%d]\n", rc);
298
goto out;
299
}
300
rc = RSA_public_encrypt(size, from, to, rsa,
301
RSA_PKCS1_OAEP_PADDING);
302
if (rc == -1) {
303
rc = -(int)ERR_get_error();
304
syslog(LOG_ERR, "Error attempting to perform RSA public key "
305
"encryption; rc = [%d]\n", rc);
306
} else {
307
rc = 0;
308
}
309
out:
310
RSA_free(rsa);
311
return rc;
312
}
313
314
/* currently assumes that a single block is passed in for decryption */
315
int decrypt(char *from, char *to, size_t *decrypted_key_size,
316
unsigned char *private_key_data)
317
{
318
RSA *rsa = NULL;
319
int rc;
320
321
rc = read_key(&rsa, private_key_data);
322
if (rc) {
323
rc = -(int)ERR_get_error();
324
syslog(LOG_ERR, "Error attempting to read RSA key from file;"
325
" rc = [%d]\n", rc);
326
goto out;
327
}
328
rc = RSA_private_decrypt(RSA_size(rsa), from, to,
329
rsa, RSA_PKCS1_OAEP_PADDING);
330
if (rc == -1) {
331
rc = -(int)ERR_get_error();
332
syslog(LOG_ERR, "Error attempting to perform RSA public key "
333
"decryption; rc = [%d]\n", rc);
334
} else {
335
*decrypted_key_size = rc;
336
rc = 0;
337
}
338
out:
339
RSA_free(rsa);
340
return 0;
341
}
342
343
/* TODO: This seems a bit magical. Should it be a NULL mode in a
344
* serialize function, perhaps? -Halcrow */
345
int get_pki_data_length(struct ecryptfs_name_val_pair *pair)
346
{
347
size_t length;
348
char *password;
349
char *path;
350
351
while (pair) {
352
if (!pair->name)
353
;
354
else if (!strcmp(pair->name, "passphrase"))
355
password = pair->value;
356
else if (!strcmp(pair->name, "path"))
357
path = pair->value;
358
pair = pair->next;
359
}
360
if (path)
361
length = (strlen(path) + 3);
362
else
363
return -1;
364
if (password)
365
length += (strlen(password) + 3);
366
else
367
return -1;
368
length += (2 + (ECRYPTFS_SIG_SIZE_HEX + 1));
369
return length;
370
}
371
372
struct pki_nvp_map_elem {
373
char *name;
374
uint32_t flags;
375
};
376
377
static struct pki_nvp_map_elem pki_nvp_map[] = {
378
{"path", ECRYPTFS_ECHO | ECRYPTFS_DEFAULT_VALUE_SET},
379
{"passphrase", ECRYPTFS_MLOCK},
380
{NULL, 0}
381
};
382
383
int generate_name_val_list(struct ecryptfs_name_val_pair *head)
384
{
385
int i = 0;
386
int rc = 0;
387
struct stat buf;
388
uid_t id = getuid();
389
struct passwd *pw = getpwuid(id);
390
391
while (pki_nvp_map[i].name) {
392
head->next = malloc(sizeof(struct ecryptfs_name_val_pair));
393
if (!head->next) {
394
rc = -ENOMEM;
395
goto out;
396
}
397
head = head->next;
398
head->name = pki_nvp_map[i].name;
399
head->flags = pki_nvp_map[i].flags;
400
if (!strcmp(head->name, "path")) {
401
asprintf(&head->value,
402
"%s/.ecryptfs/pki/openssl/key.pem",
403
pw->pw_dir);
404
if (stat(head->value, &buf))
405
head->flags &= ~ECRYPTFS_DEFAULT_VALUE_SET;
406
}
407
i++;
408
}
409
head->next = NULL;
410
out:
411
return rc;
412
}
413
414
/* TODO: In general, we should be passing the head of the lists
415
* around; the head's only job is to provide a pointer to the first
416
* real element in the list. Please update this function to reflect
417
* that. -Halcrow */
418
int set_pki_data(struct ecryptfs_name_val_pair *pair, unsigned char *data)
419
{
420
size_t password_length;
421
size_t path_length;
422
char *password;
423
char *path;
424
size_t i = 0;
425
426
while (pair) {
427
if (!pair->name)
428
;
429
else if (!strcmp(pair->name, "passphrase"))
430
password = pair->value;
431
else if (!strcmp(pair->name, "path"))
432
path = pair->value;
433
pair = pair->next;
434
}
435
if (path) {
436
path_length = strlen(path) + 1;
437
data[i++] = path_length % 256;
438
data[i++] = path_length >> 8;
439
memcpy(&data[i], path, path_length);
440
i += path_length;
441
} else {
442
return -1;
443
}
444
if (password) {
445
password_length = strlen(password) + 1;
446
data[i++] = password_length % 256;
447
data[i++] = password_length >> 8;
448
memcpy(&data[i], password, password_length);
449
i += password_length;
450
} else {
451
return -1;
452
}
453
return 0;
454
}
455
456
static int ssl_sig(struct ecryptfs_pki_elem *pki, struct val_node **head)
457
{
458
struct ecryptfs_name_val_pair *openssl_nvp;
459
char *sig;
460
char *param;
461
int rc;
462
463
pki->nvp_head.next = malloc(sizeof(struct ecryptfs_name_val_pair));
464
if (!pki->nvp_head.next) {
465
rc = -ENOMEM;
466
goto out;
467
}
468
openssl_nvp = pki->nvp_head.next;
469
openssl_nvp->name = "passphrase";
470
stack_pop_val(head, (void *)&(openssl_nvp->value));
471
openssl_nvp->next = malloc(sizeof(struct ecryptfs_name_val_pair));
472
if (!openssl_nvp->next) {
473
rc = -ENOMEM;
474
goto out;
475
}
476
openssl_nvp = openssl_nvp->next;
477
openssl_nvp->name = "path";
478
stack_pop_val(head, (void *)&(openssl_nvp->value));
479
openssl_nvp->next = NULL;
480
sig = malloc(ECRYPTFS_SIG_SIZE_HEX + 1);
481
if (!sig) {
482
rc = -ENOMEM;
483
goto out;
484
}
485
rc = add_public_key_key_to_keyring(sig, pki);
486
if (rc < 0)
487
goto out;
488
else
489
rc = 0;
490
asprintf(¶m, "ecryptfs_sig=%s", sig);
491
free(sig);
492
stack_push(head, param);
493
out:
494
if (rc)
495
return MOUNT_ERROR;
496
return DEFAULT_TOK;
497
}
498
499
static int tf_ssl_file(struct ecryptfs_ctx *ctx, struct param_node *node,
500
struct val_node **head, void **foo)
501
{
502
stack_push(head, node->val);
503
node->val = NULL;
504
return DEFAULT_TOK;
505
}
506
507
static int tf_ssl_passwd(struct ecryptfs_ctx *ctx, struct param_node *node,
508
struct val_node **head, void **foo)
509
{
510
stack_push(head, node->val);
511
node->val = NULL;
512
return ssl_sig((struct ecryptfs_pki_elem *)*foo, head);
513
}
514
515
static int tf_ssl_passfile(struct ecryptfs_ctx *ctx, struct param_node *node,
516
struct val_node **head, void **foo)
517
{
518
int rc = 0;
519
char *tmp_val = NULL;
520
int fd;
521
struct ecryptfs_name_val_pair *file_head = NULL;
522
struct ecryptfs_name_val_pair *walker = NULL;
523
524
file_head = malloc(sizeof(struct ecryptfs_name_val_pair));
525
if (!file_head) {
526
rc = -ENOMEM;
527
goto out;
528
}
529
memset(file_head, 0, sizeof(struct ecryptfs_name_val_pair));
530
if (strcmp(node->mnt_opt_names[0], "passfile") == 0)
531
fd = open(node->val, O_RDONLY);
532
else if (strcmp(node->mnt_opt_names[0], "passfd") == 0)
533
fd = strtol(node->val, NULL, 0);
534
else {
535
rc = MOUNT_ERROR;
536
goto out;
537
}
538
rc = parse_options_file(fd, file_head);
539
if (rc) {
540
rc = MOUNT_ERROR;
541
goto out;
542
}
543
close(fd);
544
walker = file_head->next;
545
while (walker) {
546
if (strcmp(walker->name, "passwd") == 0) {
547
asprintf(&tmp_val, "%s", walker->value);
548
stack_push(head, tmp_val);
549
break;
550
}
551
walker = walker->next;
552
}
553
if (!walker) {
554
rc = MOUNT_ERROR;
555
goto out;
556
}
557
free_name_val_pairs(file_head);
558
file_head = NULL;
559
walker = NULL;
560
rc = ssl_sig((struct ecryptfs_pki_elem *)*foo, head);
561
out:
562
free(node->val);
563
node->val = NULL;
564
return rc;
565
}
566
567
#define OPENSSL_TOK 0
568
#define SSL_FILE_TOK 1
569
#define SSL_PASSWD_TOK 2
570
#define SSL_PASS_FILE_TOK 3
571
#define SSL_PASS_ENV_TOK 4
572
#define SSL_PASS_FD_TOK 5
573
#define SSL_PASS_STDIN_TOK 6
574
#define SSL_DEFAULT_PASS_TOK 7
575
static struct param_node ssl_param_nodes[] = {
576
{.num_mnt_opt_names = 1,
577
.mnt_opt_names = {"keyformat"},
578
.prompt = "Key format",
579
.val_type = VAL_STR,
580
.val = NULL,
581
.display_opts = NULL,
582
.default_val = "keyfile",
583
.flags = NO_VALUE,
584
.num_transitions = 1,
585
.tl = {{.val = "default",
586
.pretty_val = "OpenSSL Key File",
587
.next_token = &ssl_param_nodes[SSL_FILE_TOK],
588
.trans_func = NULL}}},
589
590
{.num_mnt_opt_names = 1,
591
.mnt_opt_names = {"keyfile"},
592
.prompt = "SSL key file",
593
.val_type = VAL_STR,
594
.val = NULL,
595
.display_opts = NULL,
596
.default_val = NULL,
597
.flags = ECHO_INPUT,
598
.num_transitions = 6,
599
.tl = {{.val = "passwd",
600
.pretty_val = "",
601
.next_token = &ssl_param_nodes[SSL_PASSWD_TOK],
602
.trans_func = tf_ssl_file},
603
{.val = "passfile",
604
.pretty_val = "Passphrase File",
605
.next_token = &ssl_param_nodes[SSL_PASS_FILE_TOK],
606
.trans_func = tf_ssl_file},
607
{.val = "passenv",
608
.pretty_val = "Passphrase ENV",
609
.next_token = &ssl_param_nodes[SSL_PASS_ENV_TOK],
610
.trans_func = tf_ssl_file},
611
{.val = "passfd",
612
.pretty_val = "Passphrase File Descriptor",
613
.next_token = &ssl_param_nodes[SSL_PASS_FD_TOK],
614
.trans_func = tf_ssl_file},
615
{.val = "passstdin",
616
.pretty_val = "Passphrase STDIN",
617
.next_token = &ssl_param_nodes[SSL_PASS_STDIN_TOK],
618
.trans_func = tf_ssl_file},
619
{.val = "default",
620
.pretty_val = "Passphrase",
621
.next_token = &ssl_param_nodes[SSL_DEFAULT_PASS_TOK],
622
.trans_func = tf_ssl_file}}},
623
624
{.num_mnt_opt_names = 1,
625
.mnt_opt_names = {"passwd"},
626
.prompt = "Passphrase",
627
.val_type = VAL_STR,
628
.val = NULL,
629
.display_opts = NULL,
630
.default_val = NULL,
631
.flags = MASK_OUTPUT,
632
.num_transitions = 1,
633
.tl = {{.val = NULL,
634
.pretty_val = NULL,
635
.next_token = NULL,
636
.trans_func = tf_ssl_passwd}}},
637
638
{.num_mnt_opt_names = 1,
639
.mnt_opt_names = {"passfile"},
640
.prompt = "Passphrase",
641
.val_type = VAL_STR,
642
.val = NULL,
643
.display_opts = NULL,
644
.default_val = NULL,
645
.flags = MASK_OUTPUT,
646
.num_transitions = 1,
647
.tl = {{.val = NULL,
648
.pretty_val = NULL,
649
.next_token = NULL,
650
.trans_func = tf_ssl_passfile}}},
651
652
{.num_mnt_opt_names = 1,
653
.mnt_opt_names = {"passenv"},
654
.prompt = "Passphrase",
655
.val_type = VAL_STR,
656
.val = NULL,
657
.display_opts = NULL,
658
.default_val = NULL,
659
.flags = MASK_OUTPUT,
660
.num_transitions = 1,
661
.tl = {{.val = NULL,
662
.pretty_val = NULL,
663
.next_token = NULL,
664
.trans_func = tf_ssl_passwd}}},
665
666
{.num_mnt_opt_names = 1,
667
.mnt_opt_names = {"passfd"},
668
.prompt = "Passphrase",
669
.val_type = VAL_STR,
670
.val = NULL,
671
.display_opts = NULL,
672
.default_val = NULL,
673
.flags = MASK_OUTPUT,
674
.num_transitions = 1,
675
.tl = {{.val = NULL,
676
.pretty_val = NULL,
677
.next_token = NULL,
678
.trans_func = tf_ssl_passfile}}},
679
680
{.num_mnt_opt_names = 1,
681
.mnt_opt_names = {"passstdin"},
682
.prompt = "Passphrase",
683
.val_type = VAL_STR,
684
.val = NULL,
685
.display_opts = NULL,
686
.default_val = NULL,
687
.flags = VERIFY_VALUE | STDIN_REQUIRED,
688
.num_transitions = 1,
689
.tl = {{.val = NULL,
690
.pretty_val = NULL,
691
.next_token = NULL,
692
.trans_func = tf_ssl_passwd}}},
693
694
{.num_mnt_opt_names = 1,
695
.mnt_opt_names = {"defaultpass"},
696
.prompt = "Passphrase",
697
.val_type = VAL_STR,
698
.val = NULL,
699
.display_opts = NULL,
700
.default_val = NULL,
701
.flags = VERIFY_VALUE | STDIN_REQUIRED,
702
.num_transitions = 1,
703
.tl = {{.val = NULL,
704
.pretty_val = NULL,
705
.next_token = NULL,
706
.trans_func = tf_ssl_passwd}}},
707
};
708
709
static int tf_openssl_enter(struct ecryptfs_ctx *ctx, struct param_node *node,
710
struct val_node **head, void **foo)
711
{
712
int rc;
713
rc = ecryptfs_find_pki(ctx, node->val,
714
(struct ecryptfs_pki_elem **)foo);
715
return rc;
716
}
717
718
struct transition_node openssl_transition = {
719
.val = "openssl",
720
.pretty_val = "OpenSSL module",
721
.next_token = &(ssl_param_nodes[0]),
722
.trans_func = tf_openssl_enter
723
};
724
725
static int get_param_subgraph_trans_node(struct transition_node **trans,
726
uint32_t version)
727
{
728
if ((version & ECRYPTFS_VERSIONING_PUBKEY) == 0)
729
return -1;
730
*trans = &openssl_transition;
731
return 0;
732
}
733
734
int init_pki(char **pki_name, struct ecryptfs_pki_elem *pki)
735
{
736
int rc;
737
738
rc = generate_name_val_list(&pki->nvp_head);
739
if (rc)
740
goto out;
741
if (asprintf(pki_name, "openssl") == -1) {
742
ecryptfs_syslog(LOG_ERR, "Out of memory\n");
743
goto out;
744
}
745
struct ecryptfs_pki_ops ops = {
746
&set_key_data,
747
&ecryptfs_generate_key,
748
&ecryptfs_encrypt,
749
&decrypt,
750
&get_pki_data_length,
751
&set_pki_data,
752
&get_param_subgraph_trans_node
753
};
754
memcpy(&pki->ops, &ops, sizeof(struct ecryptfs_pki_ops));
755
out:
756
return 0;
757
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1