diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-06-14 10:43:30 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-06-17 20:47:39 +0200 |
| commit | 0b2ab77de147d60ca44de978a36e90e1138a5551 (patch) | |
| tree | f6e3cbbc6302a34940bce7dd5770b2216580ae01 | |
| parent | c8f69207e6d5fb654814833676f5f786084a8576 (diff) | |
| download | cryptodev-linux-0b2ab77de147d60ca44de978a36e90e1138a5551.tar.gz cryptodev-linux-0b2ab77de147d60ca44de978a36e90e1138a5551.tar.xz cryptodev-linux-0b2ab77de147d60ca44de978a36e90e1138a5551.zip | |
Storage ioctls removed. Concentrating on wrap/unwrap functionality.
| -rw-r--r-- | Makefile | 3 | ||||
| -rw-r--r-- | ncr-storage-low.c | 670 | ||||
| -rw-r--r-- | ncr-storage-low.h | 76 | ||||
| -rw-r--r-- | ncr-storage.c | 192 | ||||
| -rw-r--r-- | ncr-storage.h | 25 | ||||
| -rw-r--r-- | ncr.c | 22 | ||||
| -rw-r--r-- | ncr.h | 80 | ||||
| -rw-r--r-- | ncr_int.h | 1 |
8 files changed, 17 insertions, 1052 deletions
@@ -2,8 +2,7 @@ KERNEL_DIR ?= /lib/modules/$(shell uname -r)/build VERSION = 0.1 cryptodev-objs = cryptodev_main.o cryptodev_cipher.o ncr.o \ - ncr-data.o ncr-key.o ncr-limits.o ncr-storage.o \ - ncr-storage-low.o + ncr-data.o ncr-key.o ncr-limits.o obj-m += cryptodev.o diff --git a/ncr-storage-low.c b/ncr-storage-low.c deleted file mode 100644 index 489aa2e..0000000 --- a/ncr-storage-low.c +++ /dev/null @@ -1,670 +0,0 @@ -/* - * New driver for /dev/crypto device (aka CryptoDev) - - * Copyright (c) 2010 Nikos Mavrogiannopoulos <nmav@gnutls.org> - * - * This file is part of linux cryptodev. - * - * cryptodev is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * cryptodev is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -#include <linux/mm.h> -#include <linux/highmem.h> -#include "cryptodev.h" -#include <asm/uaccess.h> -#include <net/genetlink.h> -#include <linux/kernel.h> -#include <linux/completion.h> -#include "ncr.h" -#include "ncr_int.h" -#include "ncr-storage.h" -#include "ncr-storage-low.h" - -/* The idea here is to have communication via netlink to userspace - * send our commands, put an id in the list and wait for completion of the - * request. The server should compute our request and reply with the id. - */ - -struct event_item_st { - struct list_head list; - struct completion completed; - void* reply; - size_t reply_size; - uint32_t ireply; - uint32_t id; -}; - - -static struct list_sem_st event_list; - -static int event_add(uint32_t id) -{ -struct event_item_st* item; - - item = kmalloc( sizeof(*item), GFP_KERNEL); - if (item == NULL) { - err(); - return -ENOMEM; - } - item->id = id; - item->reply = NULL; - item->reply_size = 0; - item->ireply = -1; - init_completion(&item->completed); - - down(&event_list.sem); - list_add(&item->list, &event_list.list); - up(&event_list.sem); - - return 0; -} - -static int event_wait(uint32_t id) -{ -struct event_item_st* item; -struct completion* completed = NULL; - - down(&event_list.sem); - list_for_each_entry(item, &event_list.list, list) { - if (id == item->id) { - completed = &item->completed; - break; - } - } - up(&event_list.sem); - - if (completed) { - return wait_for_completion_interruptible(completed); - } else { - err(); - return -EIO; - } -} - - -static void event_complete(uint32_t id) -{ -struct event_item_st* item; - - down(&event_list.sem); - - list_for_each_entry(item, &event_list.list, list) { - if (id == item->id) { - complete(&item->completed); - break; - } - } - up(&event_list.sem); -} - -static void event_set_data(uint32_t id, void* data, size_t data_size) -{ -struct event_item_st* item; - - down(&event_list.sem); - - list_for_each_entry(item, &event_list.list, list) { - if (id == item->id) { - item->reply = data; - item->reply_size = data_size; - break; - } - } - up(&event_list.sem); - - return; -} - -static void event_set_idata(uint32_t id, uint32_t data) -{ -struct event_item_st* item; - - down(&event_list.sem); - - list_for_each_entry(item, &event_list.list, list) { - if (id == item->id) { - item->ireply = data; - break; - } - } - up(&event_list.sem); - - return; -} - -static void* event_get_data(uint32_t id, size_t *reply_size) -{ -struct event_item_st* item; -void* reply = NULL; - - down(&event_list.sem); - - list_for_each_entry(item, &event_list.list, list) { - if (id == item->id) { - reply = &item->reply; - *reply_size = item->reply_size; - break; - } - } - up(&event_list.sem); - - return reply; -} - -static uint32_t event_get_idata(uint32_t id) -{ -struct event_item_st* item; -uint32_t reply = -1; - - down(&event_list.sem); - - list_for_each_entry(item, &event_list.list, list) { - if (id == item->id) { - reply = item->ireply; - break; - } - } - up(&event_list.sem); - - return reply; -} - -static void event_remove(uint32_t id) -{ -struct event_item_st* item, *tmp; - - down(&event_list.sem); - - list_for_each_entry_safe(item, tmp, &event_list.list, list) { - if (id == item->id) { - list_del(&item->list); - if (item->reply) - kfree(item->reply); - kfree(item); - break; - } - } - up(&event_list.sem); -} - - -/* attribute policy: defines which attribute has which type (e.g int, char * etc) - * possible values defined in net/netlink.h - */ -static struct nla_policy ncr_genl_policy[ATTR_MAX + 1] = { - [ATTR_STRUCT_LOAD] = { .type = NLA_BINARY }, - [ATTR_STRUCT_LOADED] = { .type = NLA_BINARY }, - [ATTR_STORE_U8] = { .type = NLA_BINARY }, - [ATTR_STRUCT_STORE] = { .type = NLA_BINARY }, -}; - -static atomic_t ncr_event_sr; -static uint32_t listener_pid = -1; - -/* family definition */ -static struct genl_family ncr_gnl_family = { - .id = GENL_ID_GENERATE, //genetlink should generate an id - .hdrsize = 0, - .name = NCR_NL_STORAGE_NAME, //the name of this family, used by userspace application - .version = NCR_NL_STORAGE_VERSION, //version number - .maxattr = ATTR_MAX, -}; - -/* an echo command, receives a message, prints it and sends another message back */ -static void _ncr_nl_close(void) -{ - struct sk_buff *skb; - int ret; - void *msg_head; - uint32_t id; - - if (listener_pid == -1) { - err(); - return; - } - - skb = genlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); - if (skb == NULL) { - ret = -ENOMEM; - goto out; - } - - id = atomic_add_return(1, &ncr_event_sr); - msg_head = genlmsg_put(skb, 0, id, &ncr_gnl_family, 0, CMD_CLOSE); - if (msg_head == NULL) { - err(); - ret = -ENOMEM; - goto out; - } - - ret = nla_put_u8(skb, ATTR_STORE_U8, 1); - if (ret != 0) { - err(); - goto out; - } - - /* finalize the message */ - genlmsg_end(skb, msg_head); - - /* send the message back */ - ret = genlmsg_unicast(skb, listener_pid); - if (ret != 0) { - err(); - goto out; - } - - return; - -out: - nlmsg_free(skb); - printk("an error occured in ncr_gnl_store\n"); - - return; -} - -/* an echo command, receives a message, prints it and sends another message back */ -int _ncr_store(const struct storage_item_st * tostore) -{ - struct sk_buff *skb; - int ret; - uint32_t reply; - size_t size; - struct nlattr *attr; - void* msg, *msg_head; - uint32_t id; - - if (listener_pid == -1) { - err(); - return -EIO; - } - - /* send a message back*/ - /* allocate some memory, since the size is not yet known use NLMSG_GOODSIZE*/ - size = nla_total_size(sizeof(struct storage_item_st)) + - nla_total_size(0); - - skb = genlmsg_new(size, GFP_KERNEL); - if (skb == NULL) { - ret = -ENOMEM; - goto out; - } - - id = atomic_add_return(1, &ncr_event_sr); - msg_head = genlmsg_put(skb, 0, id, - &ncr_gnl_family, 0, CMD_STORE); - if (msg_head == NULL) { - err(); - ret = -ENOMEM; - goto out; - } - - /* fill the data */ - attr = nla_reserve(skb, ATTR_STRUCT_STORE, - sizeof(struct storage_item_st)); - if (!attr) { - err(); - ret = -EINVAL; - goto out; - } - - msg = nla_data(attr); - if (!msg) { - err(); - ret = -EINVAL; - goto out; - } - - memcpy(msg, tostore, sizeof(*tostore)); - - /* finalize the message */ - genlmsg_end(skb, msg_head); - - ret = event_add(id); - if (ret < 0) { - err(); - goto out; - } - - /* send the message back */ - ret = genlmsg_unicast(skb, listener_pid); - if (ret != 0) - goto out; - - /* wait for an acknowledgment */ - ret = event_wait(id); - if (ret) { - err(); - printk(KERN_DEBUG"Error waiting for id %u\n", id); - event_remove(id); - return ret; - } - - reply = event_get_idata(id); - if (reply == (uint32_t)-1) - BUG(); - - if (reply != 0) { - /* write failed */ - ret = -EIO; - } else { - ret = 0; - } - - event_remove(id); - return ret; - -out: - nlmsg_free(skb); - printk("an error occured in ncr_gnl_store\n"); - - return ret; -} - - -/* an echo command, receives a message, prints it and sends another message back */ -int _ncr_load(struct storage_item_st * toload) -{ - struct sk_buff *skb; - int ret; - void *msg_head; - size_t reply_size=0, size; - struct nlattr *attr; - void* msg, *reply; - struct ncr_gnl_load_cmd_st cmd; - uint32_t id; - - if (listener_pid == -1) { - err(); - return -EIO; - } - - /* send a message back*/ - /* allocate some memory, since the size is not yet known use NLMSG_GOODSIZE*/ - size = nla_total_size(sizeof(struct ncr_gnl_load_cmd_st)) + - nla_total_size(0); - - skb = genlmsg_new(size, GFP_KERNEL); - if (skb == NULL) { - ret = -ENOMEM; - goto out; - } - - id = atomic_add_return(1, &ncr_event_sr); - msg_head = genlmsg_put(skb, 0, id, - &ncr_gnl_family, 0, CMD_LOAD); - if (msg_head == NULL) { - ret = -ENOMEM; - goto out; - } - - /* fill the data */ - attr = nla_reserve(skb, ATTR_STRUCT_LOAD, - sizeof(struct ncr_gnl_load_cmd_st)); - if (!attr) { - err(); - ret = -EINVAL; - goto out; - } - - msg = nla_data(attr); - if (!msg) { - err(); - ret = -EINVAL; - goto out; - } - - cmd.owner = toload->owner; - cmd.group = toload->group; - strcpy(cmd.label, toload->label); - - memcpy(msg, &cmd, sizeof(cmd)); - - /* finalize the message */ - genlmsg_end(skb, msg_head); - - ret = event_add(id); - if (ret < 0) { - err(); - goto out; - } - - /* send the message */ - ret = genlmsg_unicast(skb, listener_pid); - if (ret != 0) - goto out; - - /* wait for an answer */ - ret = event_wait(id); - if (ret) { - err(); - printk(KERN_DEBUG"Error waiting for id %u\n", id); - event_remove(id); - return ret; - } - - reply = event_get_data(id, &reply_size); - if (reply_size != sizeof(struct storage_item_st)) - BUG(); - - memcpy(toload, reply, reply_size); - - event_remove(id); - - return 0; - -out: - nlmsg_free(skb); - printk("an error occured in ncr_gnl_store\n"); - - return ret; -} - -/* with this command the userspace server registers */ -int ncr_gnl_listen(struct sk_buff *skb, struct genl_info *info) -{ - if (info == NULL) - return -EIO; - - listener_pid = info->snd_pid; - atomic_set(&ncr_event_sr, info->snd_seq+1); - printk(KERN_DEBUG"Setting listener pid to %d!\n", (int)listener_pid); - - return 0; -} - - -/* with this command the userspace server registers */ -int ncr_gnl_store_ack(struct sk_buff *skb, struct genl_info *info) -{ - uint8_t * data; - size_t len; - struct ncr_gnl_store_ack_st *reply; - struct nlattr *na; - - if (info == NULL) - return -EIO; - - printk("Received store ack!\n"); - /*for each attribute there is an index in info->attrs which points to a nlattr structure - *in this structure the data is given - */ - na = info->attrs[ATTR_STORE_U8]; - if (na) { - len = nla_len(na); - data = (void *)nla_data(na); - if (data == NULL || len != sizeof(struct ncr_gnl_store_ack_st)) - printk(KERN_DEBUG"error while receiving data\n"); - else { - reply = (void*)data; - event_set_idata(reply->id, (uint32_t)reply->reply); - - event_complete(reply->id); - } - } else - printk(KERN_DEBUG"no info->attrs %i\n", ATTR_STORE_U8); - - return 0; -} - -/* an echo command, receives a message, prints it and sends another message back */ -int ncr_gnl_loaded_data(struct sk_buff *skb, struct genl_info *info) -{ - uint8_t * data, *event_reply; - size_t len; - struct ncr_gnl_loaded_st *reply; - struct nlattr *na; - - if (info == NULL) - return -EIO; - - /*for each attribute there is an index in info->attrs which points to a nlattr structure - *in this structure the data is given - */ - na = info->attrs[ATTR_STRUCT_LOADED]; - if (na) { - len = nla_len(na); - data = (void *)nla_data(na); - if (data == NULL || len != sizeof(struct ncr_gnl_loaded_st)) - printk(KERN_DEBUG"error while receiving data\n"); - else { - reply = (void*)data; - event_reply = kmalloc(sizeof(reply->storage), GFP_KERNEL); - if (event_reply != NULL) { - memcpy(event_reply, &reply->storage, sizeof(reply->storage)); - event_set_data(reply->id, event_reply, sizeof(reply->storage)); - } - event_complete(reply->id); - } - } else - printk(KERN_DEBUG"no info->attrs %i\n", ATTR_STRUCT_LOADED); - - return 0; -} - - -/* commands: mapping between the command enumeration and the actual function*/ -struct genl_ops ncr_gnl_ops_listen = { - .cmd = CMD_LISTENING, - .flags = 0, - .policy = ncr_genl_policy, - .doit = ncr_gnl_listen, - .dumpit = NULL, -}; - -struct genl_ops ncr_gnl_ops_load = { - .cmd = CMD_LOADED_DATA, - .flags = 0, - .policy = ncr_genl_policy, - .doit = ncr_gnl_loaded_data, - .dumpit = NULL, -}; - -struct genl_ops ncr_gnl_ops_store_ack = { - .cmd = CMD_STORE_ACK, - .flags = 0, - .policy = ncr_genl_policy, - .doit = ncr_gnl_store_ack, - .dumpit = NULL, -}; - - - -int ncr_gnl_init(void) -{ - int rc; - - printk(KERN_NOTICE"cryptodev: Initializing netlink subsystem.\n"); - - init_MUTEX(&event_list.sem); - INIT_LIST_HEAD(&event_list.list); - atomic_set(&ncr_event_sr, 1); - - /*register new family*/ - rc = genl_register_family(&ncr_gnl_family); - if (rc != 0) { - err(); - goto failure; - } - /*register functions (commands) of the new family*/ - - rc = genl_register_ops(&ncr_gnl_family, &ncr_gnl_ops_listen); - if (rc != 0) { - err(); - genl_unregister_family(&ncr_gnl_family); - goto failure; - } - - rc = genl_register_ops(&ncr_gnl_family, &ncr_gnl_ops_store_ack); - if (rc != 0) { - err(); - genl_unregister_family(&ncr_gnl_family); - goto failure; - } - - rc = genl_register_ops(&ncr_gnl_family, &ncr_gnl_ops_load); - if (rc != 0) { - err(); - genl_unregister_family(&ncr_gnl_family); - goto failure; - } - - return 0; - - failure: - printk(KERN_ERR"an error occured while loading the cryptodev netlink subsystem\n"); - return rc; -} - -void ncr_gnl_deinit(void) -{ - int ret; - struct event_item_st *item, *tmp; - - _ncr_nl_close(); - - ret = genl_unregister_ops(&ncr_gnl_family, &ncr_gnl_ops_store_ack); - if(ret != 0) { - printk("unregister ops: %i\n",ret); - return; - } - - ret = genl_unregister_ops(&ncr_gnl_family, &ncr_gnl_ops_load); - if(ret != 0) { - printk("unregister ops: %i\n",ret); - return; - } - - ret = genl_unregister_ops(&ncr_gnl_family, &ncr_gnl_ops_listen); - if(ret != 0) { - printk("unregister ops: %i\n",ret); - return; - } - - /*unregister the family*/ - ret = genl_unregister_family(&ncr_gnl_family); - if(ret !=0) { - printk("unregister family %i\n",ret); - } - - /* deinitialize the event list */ - down(&event_list.sem); - list_for_each_entry_safe(item, tmp, &event_list.list, list) { - list_del(&item->list); - if (item->reply) - kfree(item->reply); - kfree(item); - } - up(&event_list.sem); - -} diff --git a/ncr-storage-low.h b/ncr-storage-low.h deleted file mode 100644 index 080a161..0000000 --- a/ncr-storage-low.h +++ /dev/null @@ -1,76 +0,0 @@ -#ifndef _STORAGE_LOW -#define _STORAGE_LOW - -#include "ncr.h" - -#define NCR_NL_STORAGE_NAME "KEY_STORAGE" - -#define NCR_NL_STORAGE_VERSION 1 - -/* commands: enumeration of all commands (functions), - * used by userspace application to identify command to be ececuted - */ -enum { - CMD_LISTENING, /* sent by server */ - CMD_STORE, /* sent by kernel */ - CMD_LOAD, /* sent by kernel */ - CMD_STORE_ACK, /* sent by server */ - CMD_LOADED_DATA, /* sent by server */ - CMD_CLOSE, /* sent by kernel */ - __CMD_MAX, -}; -#define CMD_MAX (__CMD_MAX - 1) - -/* attributes (variables): the index in this enum is used as a reference for the type, - * userspace application has to indicate the corresponding type - * the policy is used for security considerations - */ -enum { - ATTR_UNSPEC, - ATTR_STRUCT_LOAD, - ATTR_STRUCT_LOADED, - ATTR_STRUCT_STORE, - ATTR_STORE_U8, /* u8*/ - __ATTR_MAX, -}; -#define ATTR_MAX (__ATTR_MAX - 1) - -#define MAX_DATA_SIZE 10*1024 -#define MAX_RAW_KEY_SIZE 4096 - -struct storage_item_st { - /* metadata */ - uint8_t label[MAX_LABEL_SIZE]; - uint32_t owner; - uint32_t group; - mode_t mode; - - uint16_t algorithm; - uint8_t type; - uint32_t flags; - - uint8_t key_id[MAX_KEY_ID_SIZE]; - uint8_t key_id_size; - - /* data */ - uint8_t raw_key[MAX_RAW_KEY_SIZE]; - uint16_t raw_key_size; -} __attribute__ ((__packed__)); - -struct ncr_gnl_load_cmd_st { - uint8_t label[MAX_LABEL_SIZE]; - uint32_t owner; - uint32_t group; -} __attribute__ ((__packed__)); - -struct ncr_gnl_store_ack_st { - uint32_t id; - uint8_t reply; -} __attribute__ ((__packed__)); - -struct ncr_gnl_loaded_st { - uint32_t id; - struct storage_item_st storage; -} __attribute__ ((__packed__)); - -#endif diff --git a/ncr-storage.c b/ncr-storage.c deleted file mode 100644 index d19a44f..0000000 --- a/ncr-storage.c +++ /dev/null @@ -1,192 +0,0 @@ -/* - * New driver for /dev/crypto device (aka CryptoDev) - - * Copyright (c) 2010 Nikos Mavrogiannopoulos <nmav@gnutls.org> - * - * This file is part of linux cryptodev. - * - * cryptodev is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * cryptodev is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -#include <linux/mm.h> -#include <linux/highmem.h> -#include "cryptodev.h" -#include <asm/uaccess.h> -#include <asm/ioctl.h> -#include <linux/scatterlist.h> -#include <linux/file.h> -#include <linux/cred.h> -#include <linux/version.h> -#include "ncr.h" -#include "ncr_int.h" -#include "ncr-storage.h" - -/* Convert a ncr key to a raw one ready for storage. - */ -int _ncr_key_to_store(const struct key_item_st *key, const char* label, - mode_t mode, struct storage_item_st* output) -{ -#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,27) - uid_t uid = key->filp->f_uid; - gid_t gid = key->filp->f_gid; -#else - uid_t uid = key->filp->f_cred->fsuid; - gid_t gid = key->filp->f_cred->fsgid; -#endif - /* copy metadata first */ - memcpy(output->key_id, key->key_id, sizeof(output->key_id)); - output->key_id_size = key->key_id_size; - output->flags = key->flags; - - output->algorithm = key->algorithm; - output->type = key->type; - output->owner = uid; - output->group = gid; - - strlcpy(output->label, label, sizeof(output->label)); - output->mode = mode; - - /* format is type (uint8_t) + ... */ - switch(key->type) { - case NCR_KEY_TYPE_SECRET: - /* uint16_t size + raw key */ - if (sizeof(output->raw_key) < key->key.secret.size + 2) - BUG(); - - output->raw_key[0] = (key->key.secret.size >> 8) & 0xff; - output->raw_key[1] = (key->key.secret.size) & 0xff; - memcpy(&output->raw_key[2], key->key.secret.data, key->key.secret.size); - - return 0; - default: - return -EINVAL; - } -} - -int _ncr_store_to_key(const struct storage_item_st* raw, struct key_item_st *key) -{ - /* copy metadata first */ - memcpy(key->key_id, raw->key_id, sizeof(key->key_id)); - key->key_id_size = raw->key_id_size; - - key->algorithm = raw->algorithm; - key->type = raw->type; - key->flags = raw->flags; - - switch(key->type) { - case NCR_KEY_TYPE_SECRET: - /* uint16_t size + raw key */ - key->key.secret.size = (raw->raw_key[0] << 8) | raw->raw_key[1]; - if (key->key.secret.size > MAX_KEY_SIZE) { - err(); - return -EFAULT; - } - memcpy(key->key.secret.data, &raw->raw_key[2], key->key.secret.size); - - return 0; - default: - return -EINVAL; - } - -} - -int ncr_storage_store(struct list_sem_st* key_lst, void __user* arg) -{ - struct ncr_storage_st sinfo; - struct key_item_st * key; - struct storage_item_st tostore; - int ret; - - copy_from_user( &sinfo, arg, sizeof(sinfo)); - - key = ncr_key_item_get( key_lst, sinfo.key); - if (key == NULL) { - err(); - return -EINVAL; - } - - ret = _ncr_key_to_store(key, sinfo.label, sinfo.mode, &tostore); - if (ret < 0) { - err(); - goto fail; - } - - ret = _ncr_store(&tostore); - if (ret < 0) { - printk("cryptodev: Cannot store. Is ncr-server running?\n"); - err(); - goto fail; - } - - ret = 0; - -fail: - _ncr_key_item_put(key); - - return ret; -} - - -int ncr_storage_load(struct list_sem_st* key_lst, void __user* arg) -{ - gid_t gid; - uid_t uid; - struct ncr_storage_st sinfo; - struct key_item_st * key; - struct storage_item_st loaded; - int ret; - - copy_from_user( &sinfo, arg, sizeof(sinfo)); - - key = ncr_key_item_get( key_lst, sinfo.key); - if (key == NULL) { - err(); - return -EINVAL; - } - -#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,27) - uid = key->filp->f_uid; - gid = key->filp->f_gid; -#else - uid = key->filp->f_cred->fsuid; - gid = key->filp->f_cred->fsgid; -#endif - - /* we set the current user uid and gid - * to allow permission checking - */ - loaded.owner = uid; - loaded.group = gid; - - ret = _ncr_load(&loaded); - if (ret < 0) { - err(); - goto fail; - } - - ret = _ncr_store_to_key(&loaded, key); - if (ret < 0) { - err(); - goto fail; - } - - ret = 0; - -fail: - _ncr_key_item_put(key); - - return ret; -} - - diff --git a/ncr-storage.h b/ncr-storage.h deleted file mode 100644 index 0f15f72..0000000 --- a/ncr-storage.h +++ /dev/null @@ -1,25 +0,0 @@ -#ifndef NCR_STORAGE_H -# define NCR_STORAGE_H - -#include "ncr-storage-low.h" /* for struct storage_item_st */ - -int ncr_storage_store(struct list_sem_st* key_lst, void __user* arg); -int ncr_storage_load(struct list_sem_st* key_lst, void __user* arg); - -int ncr_storage_mkstemp(struct list_sem_st* key_lst, void __user* arg); -int ncr_storage_chmod(void __user* arg); -int ncr_storage_chown(void __user* arg); -int ncr_storage_remove(void __user* arg); -int ncr_storage_metadata_load(void __user* arg); -int ncr_storage_traverse_init(struct list_sem_st* tr_lst, void __user* arg); -int ncr_storage_traverse_next(struct list_sem_st* tr_lst, void __user* arg); -int ncr_storage_traverse_deinit(struct list_sem_st* tr_lst, void __user* arg); - -int _ncr_store(const struct storage_item_st * tostore); -int _ncr_load(struct storage_item_st * loaded); - -/* Netlink subsystem; */ -void ncr_gnl_deinit(void); -int ncr_gnl_init(void); - -#endif /* NCR_STORAGE_H */ @@ -104,28 +104,6 @@ ncr_ioctl(struct ncr_lists* lst, struct file *filp, case NCRIO_KEY_SET_PRIVATE: return ncr_key_set_private(&lst->key, (void*)arg); #endif - case NCRIO_STORAGE_STORE: - return ncr_storage_store(&lst->key, (void*)arg); - case NCRIO_STORAGE_LOAD: - return ncr_storage_load(&lst->key, (void*)arg); -#if 0 - case NCRIO_STORAGE_MKSTEMP: - return ncr_storage_mkstemp(&lst->key, (void*)arg); - case NCRIO_STORAGE_CHMOD: - return ncr_storage_chmod((void*)arg); - case NCRIO_STORAGE_CHOWN: - return ncr_storage_chown((void*)arg); - case NCRIO_STORAGE_REMOVE: - return ncr_storage_remove((void*)arg); - case NCRIO_STORAGE_LOAD_METADATA: - return ncr_storage_metadata_load((void*)arg); - case NCRIO_STORAGE_TRAVERSE_INIT: - return ncr_storage_traverse_init(&lst->traverse, (void*)arg); - case NCRIO_STORAGE_TRAVERSE_NEXT: - return ncr_storage_traverse_next(&lst->traverse, (void*)arg); - case NCRIO_STORAGE_TRAVERSE_DEINIT: - return ncr_storage_traverse_deinit(&lst->traverse, (void*)arg); -#endif default: return -EINVAL; } @@ -116,10 +116,7 @@ struct ncr_key_generate_st { /* used in derivation/encryption */ struct ncr_key_params_st { - ncr_key_t oldkey; - ncr_key_t newkey; - - unsigned int keyflags; /* for new key */ + ncr_key_t key; union { struct { @@ -133,6 +130,13 @@ struct ncr_key_params_st { } params; }; +struct ncr_key_derivation_params_st { + ncr_key_t newkey; + unsigned int keyflags; /* for new key */ + + struct ncr_key_params_st key; +}; + #define MAX_KEY_ID_SIZE 20 struct ncr_key_info_st { @@ -239,7 +243,7 @@ struct ncr_private_key_params_st /* generate a public key pair */ #define NCRIO_KEY_GENERATE_PAIR _IOR ('c', 206, struct ncr_key_generate_st) /* derive a new key from an old one */ -#define NCRIO_KEY_DERIVE _IOR ('c', 207, struct ncr_key_params_st) +#define NCRIO_KEY_DERIVE _IOR ('c', 207, struct ncr_key_derivation_params_st) /* return information on a key */ #define NCRIO_KEY_GET_INFO _IOWR('c', 208, struct ncr_key_info_st) /* export a secret key */ @@ -254,68 +258,17 @@ struct ncr_private_key_params_st #define NCRIO_KEY_DEINIT _IOR ('c', 215, ncr_key_t) - -/* Storage ioctls +/* FIXME key wrap ioctls */ -#define MAX_LABEL_SIZE 128 - -struct ncr_storage_st { - ncr_key_t key; - char label[MAX_LABEL_SIZE]; /* or template */ - mode_t mode; -}; - -struct ncr_storage_metadata_st { - char label[MAX_LABEL_SIZE]; - uid_t uid; - gid_t gid; - mode_t mode; - +struct ncr_key_wrap_st { ncr_algorithm_t algorithm; - ncr_key_type_t type; - - uint8_t key_id[MAX_KEY_ID_SIZE]; - size_t key_id_size; -}; - -struct ncr_storage_chown_st { - char label[MAX_LABEL_SIZE]; - uid_t uid; - gid_t gid; -}; - -struct ncr_storage_chmod_st { - char label[MAX_LABEL_SIZE]; - mode_t mode; -}; - -struct ncr_storage_remove_st { - char label[MAX_LABEL_SIZE]; -}; - - -#define NCRIO_STORAGE_STORE _IOW ('c', 230, struct ncr_storage_st) -#define NCRIO_STORAGE_MKSTEMP _IOR ('c', 231, struct ncr_storage_st) -#define NCRIO_STORAGE_LOAD _IOR ('c', 232, struct ncr_storage_st) -#define NCRIO_STORAGE_CHMOD _IOR ('c', 233, struct ncr_storage_chmod_st) -#define NCRIO_STORAGE_CHOWN _IOR ('c', 234, struct ncr_storage_chown_st) -#define NCRIO_STORAGE_REMOVE _IOR('c', 235, struct ncr_storage_remove_st) -#define NCRIO_STORAGE_LOAD_METADATA _IOWR ('c', 236, struct ncr_storage_metadata_st) - -struct ncr_storage_traverse_st { - int traverse_id; - struct ncr_storage_metadata_st metadata; + ncr_key_t keytowrap; + struct ncr_key_params_st key; + ncr_data_t data; /* encrypted keytowrap */ }; - -#define NCRIO_STORAGE_TRAVERSE_INIT _IOW('c', 237, int) -#define NCRIO_STORAGE_TRAVERSE_NEXT _IOWR('c', 238, struct ncr_storage_traverse_st) -#define NCRIO_STORAGE_TRAVERSE_DEINIT _IOWR('c', 239, int) - - -/* FIXME key wrap ioctls - */ - +#define NCRIO_KEY_WRAP _IOR ('c', 250, struct ncr_key_wrap_st) +#define NCRIO_KEY_UNWRAP _IOR ('c', 251, struct ncr_key_wrap_st) /* Crypto Operations ioctls */ @@ -337,7 +290,6 @@ struct ncr_session_st { /* input */ ncr_algorithm_t algorithm; struct ncr_key_params_st params; - ncr_key_t key; ncr_crypto_op_t op; /* output */ @@ -105,6 +105,5 @@ void ncr_limits_deinit(void); ncr_key_type_t ncr_algorithm_to_key_type(ncr_algorithm_t algo); -#include "ncr-storage.h" #endif |