[SECIOTSW-455] Refactor ecryptfs structures to C++ style

Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I5864cde1f2d7fbe89f91fff537f7ff0cba2e2ee9

diff --git a/server/engine/encryption/ecryptfs-engine.cpp b/server/engine/encryption/ecryptfs-engine.cpp
index 539f055..02d620e 100644 (file)
--- a/server/engine/encryption/ecryptfs-engine.cpp
+++ b/server/engine/encryption/ecryptfs-engine.cpp
@@ -44,60 +44,80 @@
 #define ECRYPTFS_VERSION_MINOR 0x04
 #define ECRYPTFS_VERSION ((ECRYPTFS_VERSION_MAJOR << 8) | ECRYPTFS_VERSION_MINOR)
 
-#define ECRYPTFS_MAX_KEY_BYTES 64
-#define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512
-#define ECRYPTFS_SIG_SIZE 8
-#define ECRYPTFS_SIG_SIZE_HEX (ECRYPTFS_SIG_SIZE*2)
-#define ECRYPTFS_PASSWORD_SIG_SIZE ECRYPTFS_SIG_SIZE_HEX
 #define ECRYPTFS_SALT_SIZE 8
-#define ECRYPTFS_MAX_KEY_MOD_NAME_BYTES 16
-
-struct ecryptfs_session_key {
-#define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT 0x00000001
-#define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT 0x00000002
-#define ECRYPTFS_CONTAINS_DECRYPTED_KEY 0x00000004
-#define ECRYPTFS_CONTAINS_ENCRYPTED_KEY 0x00000008
-    int32_t flags;
-    int32_t encrypted_key_size;
-    int32_t decrypted_key_size;
-    uint8_t encrypted_key[ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES];
-    uint8_t decrypted_key[ECRYPTFS_MAX_KEY_BYTES];
-};
+#define ECRYPTFS_SIGNATURE_SIZE 16
+#define ECRYPTFS_MAX_KEY_SIZE 64
+#define ECRYPTFS_MAX_KEY_MOD_NAME_SIZE 16
+#define ECRYPTFS_MAX_ENCRYPTED_KEY_SIZE 512
+
+struct EcryptfsPassword {
+       enum Flag {
+               PersistentPassword                      = 0x01,
+               SessionKeyEncryptionKeySet      = 0x02
+       };
 
-struct ecryptfs_password {
-    int32_t password_bytes;
-    int32_t hash_algo;
-    int32_t hash_iterations;
-    int32_t session_key_encryption_key_bytes;
-#define ECRYPTFS_PERSISTENT_PASSWORD             0x01
-#define ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET  0x02
+    int32_t passwordSize;
+    int32_t hashAlgorithm;
+    int32_t hashIterations;
+    int32_t sessionKeyEncryptionKeySize;
     uint32_t flags;
-    uint8_t session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
-    uint8_t signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
+    uint8_t sessionKeyEncryptionKey[ECRYPTFS_MAX_KEY_SIZE];
+    uint8_t signature[ECRYPTFS_SIGNATURE_SIZE + 1];
     uint8_t salt[ECRYPTFS_SALT_SIZE];
 };
 
-struct ecryptfs_private_key {
-    uint32_t key_size;
-    uint32_t data_len;
-    uint8_t signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
-    char key_mod_alias[ECRYPTFS_MAX_KEY_MOD_NAME_BYTES + 1];
+struct EcryptfsPrivateKey {
+    uint32_t keySize;
+    uint32_t dataSize;
+    uint8_t signature[ECRYPTFS_SIGNATURE_SIZE + 1];
+    char keyModAlias[ECRYPTFS_MAX_KEY_MOD_NAME_SIZE + 1];
     uint8_t data[];
 };
 
-enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY};
+struct EcryptfsSessionKey {
+       enum Flag {
+               UserspaceShouldTryToDecrypt =   0x00000001,
+               UserspaceShouldTryToEncrypt =   0x00000002,
+               ContainsDecryptedKey =                  0x00000004,
+               ContainsEncryptedKey =                  0x00000008
+       };
+
+    int32_t flags;
+    int32_t encryptedKeySize;
+    int32_t decryptedKeySize;
+    uint8_t encryptedKey[ECRYPTFS_MAX_ENCRYPTED_KEY_SIZE];
+    uint8_t decryptedKey[ECRYPTFS_MAX_KEY_SIZE];
+
+       EcryptfsSessionKey()
+               : flags(0), encryptedKeySize(0), decryptedKeySize(0),
+                       encryptedKey{0, }, decryptedKey{0, }
+       {};
+} __attribute__((packed));
+
+struct EcryptfsPayload {
+       enum Type {
+               PasswordToken,
+               PrivateKeyToken
+       };
+       enum Flag {
+               EncryptOnly
+       };
 
-struct ecryptfs_auth_tok {
     uint16_t version;
-    uint16_t token_type;
-#define ECRYPTFS_ENCRYPT_ONLY 0x00000001
+    uint16_t type;
     uint32_t flags;
-    struct ecryptfs_session_key session_key;
+       EcryptfsSessionKey sessionKey;
     uint8_t reserved[32];
     union {
-        struct ecryptfs_password password;
-        struct ecryptfs_private_key private_key;
+        EcryptfsPassword password;
+        EcryptfsPrivateKey privateKey;
     } token;
+
+       EcryptfsPayload(Type type)
+               : version(ECRYPTFS_VERSION), type(type), flags(0), reserved{0, }
+       {
+               ::memset(&token, 0, sizeof(token));
+       };
 } __attribute__((packed));
 
 #if 0
@@ -248,30 +268,27 @@ void copyInPlace(const std::string& source, const std::string& destination,
 
 void ecryptfsMount(const std::string &source, const std::string &destination, const std::vector<unsigned char> &key, unsigned int options)
 {
-       ecryptfs_auth_tok payload;
+       EcryptfsPayload payload(EcryptfsPayload::Type::PasswordToken);
        std::string mountOption;
 
-       ::memset(&(payload), 0, sizeof(ecryptfs_auth_tok));
-
-       payload.version = ECRYPTFS_VERSION;
-       payload.token_type = ECRYPTFS_PASSWORD;
-       payload.token.password.flags = ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET;
-       payload.token.password.session_key_encryption_key_bytes =
-               (ECRYPTFS_MAX_KEY_BYTES > key.size())? key.size() :
-                                                                                               ECRYPTFS_MAX_KEY_BYTES;
-       ::memcpy(payload.token.password.session_key_encryption_key, key.data(),
-                               payload.token.password.session_key_encryption_key_bytes);
+       payload.token.password.flags = EcryptfsPassword::Flag::
+                                                                       SessionKeyEncryptionKeySet;
+       payload.token.password.sessionKeyEncryptionKeySize =
+                               (ECRYPTFS_MAX_KEY_SIZE > key.size())? key.size() :
+                                                                                                               ECRYPTFS_MAX_KEY_SIZE;
+       ::memcpy(payload.token.password.sessionKeyEncryptionKey, key.data(),
+                               payload.token.password.sessionKeyEncryptionKeySize);
 
     std::stringstream signature;
     signature<< std::hex << std::setfill('0') << std::setw(2);
     for (unsigned int byte : key) {
         signature << byte;
     }
-       for (int i = key.size(); i < ECRYPTFS_SIG_SIZE; i++) {
+       for (int i = key.size(); i < ECRYPTFS_SIGNATURE_SIZE / 2; i++) {
                signature << (unsigned int) 0;
        }
        ::memcpy((char *)payload.token.password.signature,
-                               signature.str().c_str(), ECRYPTFS_PASSWORD_SIG_SIZE);
+                               signature.str().c_str(), ECRYPTFS_SIGNATURE_SIZE);
 
        if (KernelKeyRing::search(KEY_SPEC_USER_KEYRING, ECRYPTFS_AUTH_TOKEN_TYPE,
                                        (char *)payload.token.password.signature, 0) < 0) {
@@ -286,7 +303,7 @@ void ecryptfsMount(const std::string &source, const std::string &destination, co
        mountOption = "ecryptfs_passthrough"
                ",ecryptfs_cipher=" CIPHER_MODE
                ",ecryptfs_sig=" + std::string((char *)payload.token.password.signature) +
-               ",ecryptfs_key_bytes=" + std::to_string(payload.token.password.session_key_encryption_key_bytes);
+               ",ecryptfs_key_bytes=" + std::to_string(payload.token.password.sessionKeyEncryptionKeySize);
 
        if (options & OPTION_EXCEPT_FOR_MEDIA_FILE) {
                mountOption += ",ecryptfs_enable_filtering=" MEDIA_EXCLUSION_LIST;