diff options
author | Miloslav Trmač <mitr@redhat.com> | 2010-08-24 22:08:17 +0200 |
---|---|---|
committer | Miloslav Trmač <mitr@redhat.com> | 2010-08-24 22:08:17 +0200 |
commit | 99887dbcfffe481d19991a50811046ead8d12572 (patch) | |
tree | 616d303a915f22deeeed5d91dc71963f01c22c04 | |
parent | 8f102ec49dce4065f5f05a7deb1b47d770aca92b (diff) | |
parent | 1ba66cab0563708d551e3462c249f1da21695882 (diff) | |
download | cryptodev-linux-99887dbcfffe481d19991a50811046ead8d12572.tar.gz cryptodev-linux-99887dbcfffe481d19991a50811046ead8d12572.tar.xz cryptodev-linux-99887dbcfffe481d19991a50811046ead8d12572.zip |
Merge branch 'bugfixes' into userspace
-rw-r--r-- | cryptodev_main.c | 11 | ||||
-rw-r--r-- | examples/ncr.c | 22 | ||||
-rw-r--r-- | examples/pk.c | 1 | ||||
-rw-r--r-- | ncr-int.h | 5 | ||||
-rw-r--r-- | ncr-key-wrap.c | 33 | ||||
-rw-r--r-- | ncr-key.c | 41 | ||||
-rw-r--r-- | ncr.c | 7 | ||||
-rw-r--r-- | ncr.h | 1 |
8 files changed, 78 insertions, 43 deletions
diff --git a/cryptodev_main.c b/cryptodev_main.c index a056b44..541f177 100644 --- a/cryptodev_main.c +++ b/cryptodev_main.c @@ -768,9 +768,8 @@ clonefd(struct file *filp) return ret; } -static int -cryptodev_ioctl(struct inode *inode, struct file *filp, - unsigned int cmd, unsigned long arg_) +static long +cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) { void __user *arg = (void __user *)arg_; int __user *p = arg; @@ -828,7 +827,7 @@ cryptodev_ioctl(struct inode *inode, struct file *filp, return 0; default: - return ncr_ioctl(pcr->ncr, filp, cmd, arg_); + return ncr_ioctl(pcr->ncr, cmd, arg_); } } @@ -907,7 +906,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) case CIOCASYMFEAT: case CRIOGET: case CIOCFSESSION: - return cryptodev_ioctl(NULL, file, cmd, arg_); + return cryptodev_ioctl(file, cmd, arg_); case COMPAT_CIOCGSESSION: if (unlikely(copy_from_user(&compat_sop, arg, @@ -955,7 +954,7 @@ static const struct file_operations cryptodev_fops = { .owner = THIS_MODULE, .open = cryptodev_open, .release = cryptodev_release, - .ioctl = cryptodev_ioctl, + .unlocked_ioctl = cryptodev_ioctl, #ifdef CONFIG_COMPAT .compat_ioctl = cryptodev_compat_ioctl, #endif /* CONFIG_COMPAT */ diff --git a/examples/ncr.c b/examples/ncr.c index 5169a14..a02f750 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -240,12 +240,18 @@ test_ncr_wrap_key(int cfd) keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; keydata.idata_size = 16; - if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { + ret = ioctl(cfd, NCRIO_KEY_IMPORT, &keydata); + if (geteuid() == 0 && ret) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } + if (geteuid() != 0) { + /* cannot test further */ + fprintf(stdout, "\t(Wrapping test not completed. Run as root)\n"); + return 0; + } /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &key2)) { @@ -279,19 +285,11 @@ test_ncr_wrap_key(int cfd) kwrap.io = data; kwrap.io_size = sizeof(data); - ret = ioctl(cfd, NCRIO_KEY_WRAP, &kwrap); - - if (geteuid() == 0 && ret) { + if (ioctl(cfd, NCRIO_KEY_WRAP, &kwrap)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_WRAP)"); return 1; } - - if (geteuid() != 0) { - /* cannot test further */ - fprintf(stdout, "\t(Wrapping test not completed. Run as root)\n"); - return 0; - } data_size = kwrap.io_size; @@ -323,6 +321,10 @@ test_ncr_wrap_key(int cfd) memset(&kwrap, 0, sizeof(kwrap)); kwrap.algorithm = NCR_WALG_AES_RFC3394; kwrap.keytowrap = key2; + kwrap.wrapped_key_algorithm = NCR_ALG_AES_CBC; + kwrap.wrapped_key_type = NCR_KEY_TYPE_SECRET; + kwrap.wrapped_key_flags + = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; kwrap.key = key; kwrap.io = data; kwrap.io_size = data_size; diff --git a/examples/pk.c b/examples/pk.c index 032ae98..7199d53 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -647,6 +647,7 @@ test_ncr_wrap_key3(int cfd) memset(&kwrap, 0, sizeof(kwrap)); kwrap.algorithm = NCR_WALG_AES_RFC5649; kwrap.wrapped_key_algorithm = NCR_ALG_RSA; + kwrap.wrapped_key_type = NCR_KEY_TYPE_PRIVATE; kwrap.keytowrap = privkey; kwrap.key = key; kwrap.io = data; @@ -104,14 +104,13 @@ struct ncr_lists { void* ncr_init_lists(void); void ncr_deinit_lists(struct ncr_lists *lst); -int ncr_ioctl(struct ncr_lists*, struct file *filp, - unsigned int cmd, unsigned long arg); +long ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg); /* key derivation */ int ncr_key_derive(struct ncr_lists *lst, void __user* arg); void ncr_key_clear(struct key_item_st* item); -void ncr_key_assign_flags(struct key_item_st* item, unsigned int flags); +int ncr_key_assign_flags(struct key_item_st *item, unsigned int flags); /* key handling */ int ncr_key_init(struct ncr_lists *lst, void __user* arg); diff --git a/ncr-key-wrap.c b/ncr-key-wrap.c index 93103b5..0f9f0fe 100644 --- a/ncr-key-wrap.c +++ b/ncr-key-wrap.c @@ -39,8 +39,10 @@ typedef uint8_t val64_t[8]; static const val64_t initA = "\xA6\xA6\xA6\xA6\xA6\xA6\xA6\xA6"; static int key_to_packed_data( uint8_t** sdata, size_t * sdata_size, const struct key_item_st *key); -static int key_from_packed_data(ncr_algorithm_t algorithm, unsigned int flags, - struct key_item_st* key, const void* data, size_t data_size); +static int key_from_packed_data(ncr_algorithm_t algorithm, + ncr_key_type_t key_type, unsigned int flags, + struct key_item_st* key, const void* data, + size_t data_size); static void val64_xor( val64_t val, uint32_t x) @@ -303,8 +305,10 @@ size_t sdata_size = KEY_DATA_MAX_SIZE; goto fail; } - ret = key_from_packed_data(wrap_st->wrapped_key_algorithm, wrap_st->wrapped_key_flags, - output, sdata, sdata_size); + ret = key_from_packed_data(wrap_st->wrapped_key_algorithm, + wrap_st->wrapped_key_type, + wrap_st->wrapped_key_flags, output, sdata, + sdata_size); if (ret < 0) { err(); goto fail; @@ -455,12 +459,17 @@ const uint8_t * iv = wrap_st->params.params.cipher.iv; goto cleanup; } + ret = ncr_key_assign_flags(output, wrap_st->wrapped_key_flags); + if (ret != 0) { + err(); + goto cleanup; + } + memset(&output->key, 0, sizeof(output->key)); for (i=0;i<n;i++) { memcpy(&output->key.secret.data[i*8], R[i], sizeof(R[i])); } output->key.secret.size = n*8; - ncr_key_assign_flags(output, wrap_st->wrapped_key_flags); output->type = NCR_KEY_TYPE_SECRET; ret = 0; @@ -847,8 +856,10 @@ fail: return ret; } -static int key_from_packed_data(ncr_algorithm_t algorithm, unsigned int flags, - struct key_item_st* key, const void* data, size_t data_size) +static int key_from_packed_data(ncr_algorithm_t algorithm, + ncr_key_type_t key_type, unsigned int flags, + struct key_item_st* key, const void* data, + size_t data_size) { int ret; @@ -863,8 +874,12 @@ static int key_from_packed_data(ncr_algorithm_t algorithm, unsigned int flags, return -EINVAL; } - key->type = key->algorithm->key_type; - ncr_key_assign_flags(key, flags); + key->type = key_type; + ret = ncr_key_assign_flags(key, flags); + if (ret != 0) { + err(); + return ret; + } if (key->type == NCR_KEY_TYPE_SECRET) { if (data_size > NCR_CIPHER_MAX_KEY_LEN) { @@ -309,13 +309,12 @@ fail: } -void ncr_key_assign_flags(struct key_item_st* item, unsigned int flags) +int ncr_key_assign_flags(struct key_item_st* item, unsigned int flags) { - if (current_euid()==0) { - item->flags = flags; - } else { - item->flags = flags & (~(NCR_KEY_FLAG_WRAPPING)); - } + if (!capable(CAP_SYS_ADMIN) && (flags & NCR_KEY_FLAG_WRAPPING) != 0) + return -EPERM; + item->flags = flags; + return 0; } /* "imports" a key from a data item. If the key is not exportable @@ -363,7 +362,11 @@ size_t tmp_size; ret = -EINVAL; goto fail; } - ncr_key_assign_flags(item, data.flags); + ret = ncr_key_assign_flags(item, data.flags); + if (ret < 0) { + err(); + goto fail; + } if (data.key_id_size > MAX_KEY_ID_SIZE) { err(); @@ -451,7 +454,11 @@ size_t size; ncr_key_clear(item); /* we generate only secret keys */ - ncr_key_assign_flags(item, gen.params.keyflags); + ret = ncr_key_assign_flags(item, gen.params.keyflags); + if (ret < 0) { + err(); + goto fail; + } algo = _ncr_algo_to_properties(gen.params.algorithm); if (algo == NULL) { @@ -669,8 +676,16 @@ int ret; } public->type = public->algorithm->key_type; private->type = NCR_KEY_TYPE_PRIVATE; - ncr_key_assign_flags(private, gen.params.keyflags); - ncr_key_assign_flags(public, gen.params.keyflags); + ret = ncr_key_assign_flags(private, gen.params.keyflags); + if (ret < 0) { + err(); + goto fail; + } + ret = ncr_key_assign_flags(public, gen.params.keyflags); + if (ret < 0) { + err(); + goto fail; + } public->flags |= (NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE); @@ -736,7 +751,11 @@ struct key_item_st* newkey = NULL; ncr_key_clear(newkey); - ncr_key_assign_flags(newkey, data.keyflags); + ret = ncr_key_assign_flags(newkey, data.keyflags); + if (ret < 0) { + err(); + goto fail; + } switch (key->type) { case NCR_KEY_TYPE_PUBLIC: @@ -79,7 +79,7 @@ static int ncr_master_key_set(void __user *arg) { struct ncr_master_key_st st; - if (current_euid() != 0 && !capable(CAP_SYS_ADMIN)) { + if (!capable(CAP_SYS_ADMIN)) { err(); return -EPERM; } @@ -116,9 +116,8 @@ struct ncr_master_key_st st; return 0; } -int -ncr_ioctl(struct ncr_lists* lst, struct file *filp, - unsigned int cmd, unsigned long arg_) +long +ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) { void __user *arg = (void __user *)arg_; @@ -216,6 +216,7 @@ struct ncr_key_wrap_st { * For symmetric ciphers AES would do. */ ncr_algorithm_t wrapped_key_algorithm; + ncr_key_type_t wrapped_key_type; unsigned int wrapped_key_flags; /* flags for the newly unwrapped key */ ncr_key_t keytowrap; |