int main(int argc, char *argv[])
{
char *passphrase;
char auth_tok_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
char salt[ECRYPTFS_SALT_SIZE];
char salt_hex[ECRYPTFS_SALT_SIZE_HEX];
int rc = 0;
int fnek = 0;
uint32_t version;
if (argc == 1) {
/* interactive mode */
passphrase = ecryptfs_get_passphrase("Passphrase");
} else if (argc == 2 &&
strlen(argv[1]) == 6 && strncmp(argv[1], "--fnek", 6) == 0) {
/* interactive mode, plus fnek */
passphrase = ecryptfs_get_passphrase("Passphrase");
fnek = 1;
} else if (argc == 2 &&
strlen(argv[1]) == 1 && strncmp(argv[1], "-", 1) == 0) {
/* stdin mode */
passphrase = ecryptfs_get_passphrase(NULL);
} else if (argc == 3 &&
/* stdin mode, plus fnek */
(strlen(argv[1])==6 && strncmp(argv[1], "--fnek", 6)==0) &&
(strlen(argv[2])==1 && strncmp(argv[2], "-", 1)==0)) {
passphrase = ecryptfs_get_passphrase(NULL);
fnek = 1;
} else {
usage();
goto out;
}
if (passphrase == NULL ||
strlen(passphrase) > ECRYPTFS_MAX_PASSWORD_LENGTH) {
usage();
rc = 1;
goto out;
}
if (fnek == 1) {
rc = ecryptfs_get_version(&version);
if (rc!=0 || !ecryptfs_supports_filename_encryption(version)) {
fprintf(stderr, "%s\n", ECRYPTFS_ERROR_FNEK_SUPPORT);
rc = 1;
goto out;
}
}
rc = ecryptfs_read_salt_hex_from_rc(salt_hex);
if (rc) {
from_hex(salt, ECRYPTFS_DEFAULT_SALT_HEX, ECRYPTFS_SALT_SIZE);
} else
from_hex(salt, salt_hex, ECRYPTFS_SALT_SIZE);
if ((rc = ecryptfs_add_passphrase_key_to_keyring(auth_tok_sig_hex,
passphrase,
salt)) < 0) {
fprintf(stderr, "%s [%d]\n", ECRYPTFS_ERROR_INSERT_KEY, rc);
fprintf(stderr, "%s\n", ECRYPTFS_INFO_CHECK_LOG);
rc = 1;
goto out;
} else
rc = 0;
auth_tok_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
printf("Inserted auth tok with sig [%s] into the user session "
"keyring\n", auth_tok_sig_hex);
if (fnek == 0) {
goto out;
}
/* If we make it here, filename encryption is enabled, and it has
* been requested that we add the fnek to the keyring too
*/
if ((rc = ecryptfs_add_passphrase_key_to_keyring(auth_tok_sig_hex,
passphrase,
ECRYPTFS_DEFAULT_SALT_FNEK_HEX)) < 0) {
fprintf(stderr, "%s [%d]\n", ECRYPTFS_ERROR_INSERT_KEY, rc);
fprintf(stderr, "%s\n", ECRYPTFS_INFO_CHECK_LOG);
rc = 1;
goto out;
} else
rc = 0;
auth_tok_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
printf("Inserted auth tok with sig [%s] into the user session "
"keyring\n", auth_tok_sig_hex);
out:
return rc;
}
int main(int argc, char **argv)
{
int quit, rc, selection;
uint32_t version;
char passphrase[ECRYPTFS_MAX_PASSWORD_LENGTH];
char salt[ECRYPTFS_SALT_SIZE];
struct ecryptfs_ctx ecryptfs_ctx;
struct val_node *dummy_mnt_params;
char auth_tok_sig[ECRYPTFS_SIG_SIZE_HEX+1];
if ((rc = ecryptfs_validate_keyring())) {
printf("Error attempting to validate keyring integrity; "
"rc = [%d]\n", rc);
return 1;
}
memset(passphrase, 0, ECRYPTFS_MAX_PASSWORD_LENGTH);
memset(salt, 0, ECRYPTFS_SALT_SIZE);
selection:
quit = 0;
selection = manager_menu();
switch (selection) {
case MME_MOUNT_PASSPHRASE:
if ((rc = read_passphrase_salt(passphrase, salt)))
goto out_wipe;
if (!(*salt))
memcpy(salt, common_salt, ECRYPTFS_SALT_SIZE);
rc = ecryptfs_add_passphrase_key_to_keyring(auth_tok_sig,
passphrase, salt);
if (rc == 1) {
rc = 0;
printf("\nThat key was already in the keyring.\n\n");
} else if (!rc)
printf("\nAdded key to keyring with signature [%s]."
"\n\n", auth_tok_sig);
memset(passphrase, 0, ECRYPTFS_MAX_PASSWORD_LENGTH);
memset(salt, 0, ECRYPTFS_SALT_SIZE);
break;
case MME_MOUNT_PUBKEY:
if ((rc = ecryptfs_get_version(&version))) {
printf("\nUnable to get the version number of the kernel\n");
printf("module. Please make sure that you have the eCryptfs\n");
printf("kernel module loaded, you have sysfs mounted, and\n");
printf("the sysfs mount point is in /etc/mtab. This is\n");
printf("necessary so that the mount helper knows which \n");
printf("kernel options are supported.\n\n");
printf("Make sure that your system is set up to auto-load\n"
"your filesystem kernel module on mount.\n\n");
printf("Enabling passphrase-mode only for now.\n\n");
version = ECRYPTFS_VERSIONING_PASSPHRASE;
}
ecryptfs_ctx.get_string = &get_string_stdin;
if ((dummy_mnt_params = malloc(sizeof(struct val_node)))
== NULL) {
rc = -ENOMEM;
goto out;
}
if ((rc = ecryptfs_process_decision_graph(
&ecryptfs_ctx, &dummy_mnt_params, version, "",
ECRYPTFS_KEY_MODULE_ONLY))) {
printf("Error processing key generation decision graph;"
" rc = [%d]\n", rc);
goto out;
}
if ((rc = ecryptfs_free_key_mod_list(&ecryptfs_ctx))) {
printf("\nUnable to free key modules\n");
}
printf("Returning to main menu\n");
break;
case MME_GEN_PUBKEY:
memset(&ecryptfs_ctx, 0, sizeof(struct ecryptfs_ctx));
if ((rc = ecryptfs_get_version(&version))) {
printf("\nUnable to get the version number of the kernel\n");
printf("module. Please make sure that you have the eCryptfs\n");
printf("kernel module loaded, you have sysfs mounted, and\n");
printf("the sysfs mount point is in /etc/mtab. This is\n");
printf("necessary so that the mount helper knows which \n");
printf("kernel options are supported.\n\n");
printf("Make sure that your system is set up to auto-load\n"
"your filesystem kernel module on mount.\n\n");
printf("Enabling passphrase-mode only for now.\n\n");
version = ECRYPTFS_VERSIONING_PASSPHRASE;
}
ecryptfs_ctx.get_string = &get_string_stdin;
if ((rc = ecryptfs_process_key_gen_decision_graph(&ecryptfs_ctx,
version))) {
printf("Error processing key generation decision graph;"
" rc = [%d]\n", rc);
goto out;
}
if ((rc = ecryptfs_free_key_mod_list(&ecryptfs_ctx))) {
printf("\nUnable to free key modules\n");
}
printf("Returning to main menu\n");
goto selection;
case MME_ABORT:
quit = 1;
goto out_wipe;
default:
fprintf(stderr, "Unknown option, aborting\n");
quit = 1;
rc = -1;
goto out_wipe;
}
out_wipe:
memset(passphrase, 0, ECRYPTFS_MAX_PASSWORD_LENGTH);
memset(salt, 0, ECRYPTFS_SALT_SIZE);
if (!quit)
goto selection;
out:
if (selection == MME_MOUNT_PUBKEY || selection == MME_GEN_PUBKEY)
rc = ecryptfs_free_key_mod_list(&ecryptfs_ctx);
return rc;
}
