int main(int argc, char *argv[]) { char *passphrase; char auth_tok_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1]; char salt[ECRYPTFS_SALT_SIZE]; char salt_hex[ECRYPTFS_SALT_SIZE_HEX]; int rc = 0; int fnek = 0; uint32_t version; if (argc == 1) { /* interactive mode */ passphrase = ecryptfs_get_passphrase("Passphrase"); } else if (argc == 2 && strlen(argv[1]) == 6 && strncmp(argv[1], "--fnek", 6) == 0) { /* interactive mode, plus fnek */ passphrase = ecryptfs_get_passphrase("Passphrase"); fnek = 1; } else if (argc == 2 && strlen(argv[1]) == 1 && strncmp(argv[1], "-", 1) == 0) { /* stdin mode */ passphrase = ecryptfs_get_passphrase(NULL); } else if (argc == 3 && /* stdin mode, plus fnek */ (strlen(argv[1])==6 && strncmp(argv[1], "--fnek", 6)==0) && (strlen(argv[2])==1 && strncmp(argv[2], "-", 1)==0)) { passphrase = ecryptfs_get_passphrase(NULL); fnek = 1; } else { usage(); goto out; } if (passphrase == NULL || strlen(passphrase) > ECRYPTFS_MAX_PASSWORD_LENGTH) { usage(); rc = 1; goto out; } if (fnek == 1) { rc = ecryptfs_get_version(&version); if (rc!=0 || !ecryptfs_supports_filename_encryption(version)) { fprintf(stderr, "%s\n", ECRYPTFS_ERROR_FNEK_SUPPORT); rc = 1; goto out; } } rc = ecryptfs_read_salt_hex_from_rc(salt_hex); if (rc) { from_hex(salt, ECRYPTFS_DEFAULT_SALT_HEX, ECRYPTFS_SALT_SIZE); } else from_hex(salt, salt_hex, ECRYPTFS_SALT_SIZE); if ((rc = ecryptfs_add_passphrase_key_to_keyring(auth_tok_sig_hex, passphrase, salt)) < 0) { fprintf(stderr, "%s [%d]\n", ECRYPTFS_ERROR_INSERT_KEY, rc); fprintf(stderr, "%s\n", ECRYPTFS_INFO_CHECK_LOG); rc = 1; goto out; } else rc = 0; auth_tok_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0'; printf("Inserted auth tok with sig [%s] into the user session " "keyring\n", auth_tok_sig_hex); if (fnek == 0) { goto out; } /* If we make it here, filename encryption is enabled, and it has * been requested that we add the fnek to the keyring too */ if ((rc = ecryptfs_add_passphrase_key_to_keyring(auth_tok_sig_hex, passphrase, ECRYPTFS_DEFAULT_SALT_FNEK_HEX)) < 0) { fprintf(stderr, "%s [%d]\n", ECRYPTFS_ERROR_INSERT_KEY, rc); fprintf(stderr, "%s\n", ECRYPTFS_INFO_CHECK_LOG); rc = 1; goto out; } else rc = 0; auth_tok_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0'; printf("Inserted auth tok with sig [%s] into the user session " "keyring\n", auth_tok_sig_hex); out: return rc; }
int main(int argc, char **argv) { int quit, rc, selection; uint32_t version; char passphrase[ECRYPTFS_MAX_PASSWORD_LENGTH]; char salt[ECRYPTFS_SALT_SIZE]; struct ecryptfs_ctx ecryptfs_ctx; struct val_node *dummy_mnt_params; char auth_tok_sig[ECRYPTFS_SIG_SIZE_HEX+1]; if ((rc = ecryptfs_validate_keyring())) { printf("Error attempting to validate keyring integrity; " "rc = [%d]\n", rc); return 1; } memset(passphrase, 0, ECRYPTFS_MAX_PASSWORD_LENGTH); memset(salt, 0, ECRYPTFS_SALT_SIZE); selection: quit = 0; selection = manager_menu(); switch (selection) { case MME_MOUNT_PASSPHRASE: if ((rc = read_passphrase_salt(passphrase, salt))) goto out_wipe; if (!(*salt)) memcpy(salt, common_salt, ECRYPTFS_SALT_SIZE); rc = ecryptfs_add_passphrase_key_to_keyring(auth_tok_sig, passphrase, salt); if (rc == 1) { rc = 0; printf("\nThat key was already in the keyring.\n\n"); } else if (!rc) printf("\nAdded key to keyring with signature [%s]." "\n\n", auth_tok_sig); memset(passphrase, 0, ECRYPTFS_MAX_PASSWORD_LENGTH); memset(salt, 0, ECRYPTFS_SALT_SIZE); break; case MME_MOUNT_PUBKEY: if ((rc = ecryptfs_get_version(&version))) { printf("\nUnable to get the version number of the kernel\n"); printf("module. Please make sure that you have the eCryptfs\n"); printf("kernel module loaded, you have sysfs mounted, and\n"); printf("the sysfs mount point is in /etc/mtab. This is\n"); printf("necessary so that the mount helper knows which \n"); printf("kernel options are supported.\n\n"); printf("Make sure that your system is set up to auto-load\n" "your filesystem kernel module on mount.\n\n"); printf("Enabling passphrase-mode only for now.\n\n"); version = ECRYPTFS_VERSIONING_PASSPHRASE; } ecryptfs_ctx.get_string = &get_string_stdin; if ((dummy_mnt_params = malloc(sizeof(struct val_node))) == NULL) { rc = -ENOMEM; goto out; } if ((rc = ecryptfs_process_decision_graph( &ecryptfs_ctx, &dummy_mnt_params, version, "", ECRYPTFS_KEY_MODULE_ONLY))) { printf("Error processing key generation decision graph;" " rc = [%d]\n", rc); goto out; } if ((rc = ecryptfs_free_key_mod_list(&ecryptfs_ctx))) { printf("\nUnable to free key modules\n"); } printf("Returning to main menu\n"); break; case MME_GEN_PUBKEY: memset(&ecryptfs_ctx, 0, sizeof(struct ecryptfs_ctx)); if ((rc = ecryptfs_get_version(&version))) { printf("\nUnable to get the version number of the kernel\n"); printf("module. Please make sure that you have the eCryptfs\n"); printf("kernel module loaded, you have sysfs mounted, and\n"); printf("the sysfs mount point is in /etc/mtab. This is\n"); printf("necessary so that the mount helper knows which \n"); printf("kernel options are supported.\n\n"); printf("Make sure that your system is set up to auto-load\n" "your filesystem kernel module on mount.\n\n"); printf("Enabling passphrase-mode only for now.\n\n"); version = ECRYPTFS_VERSIONING_PASSPHRASE; } ecryptfs_ctx.get_string = &get_string_stdin; if ((rc = ecryptfs_process_key_gen_decision_graph(&ecryptfs_ctx, version))) { printf("Error processing key generation decision graph;" " rc = [%d]\n", rc); goto out; } if ((rc = ecryptfs_free_key_mod_list(&ecryptfs_ctx))) { printf("\nUnable to free key modules\n"); } printf("Returning to main menu\n"); goto selection; case MME_ABORT: quit = 1; goto out_wipe; default: fprintf(stderr, "Unknown option, aborting\n"); quit = 1; rc = -1; goto out_wipe; } out_wipe: memset(passphrase, 0, ECRYPTFS_MAX_PASSWORD_LENGTH); memset(salt, 0, ECRYPTFS_SALT_SIZE); if (!quit) goto selection; out: if (selection == MME_MOUNT_PUBKEY || selection == MME_GEN_PUBKEY) rc = ecryptfs_free_key_mod_list(&ecryptfs_ctx); return rc; }