diff options
| author | Miloslav Trmač <mitr@redhat.com> | 2010-08-25 00:28:25 +0200 |
|---|---|---|
| committer | Miloslav Trmač <mitr@redhat.com> | 2010-08-25 00:28:25 +0200 |
| commit | d9c91873ac6dee10aeb7e165dee3aefc5f79bba8 (patch) | |
| tree | 55cd455c5b6b8cc3a532a36bcd21b135425afda5 | |
| parent | cc60983067194a6e7bdc12c7771aeaff6762a253 (diff) | |
| parent | 1ba66cab0563708d551e3462c249f1da21695882 (diff) | |
| download | cryptodev-linux-d9c91873ac6dee10aeb7e165dee3aefc5f79bba8.tar.gz cryptodev-linux-d9c91873ac6dee10aeb7e165dee3aefc5f79bba8.tar.xz cryptodev-linux-d9c91873ac6dee10aeb7e165dee3aefc5f79bba8.zip | |
Merge branch 'bugfixes' into nlattr
Conflicts:
cryptodev_main.c
examples/ncr.c
examples/pk.c
ncr-int.h
ncr-key-wrap.c
ncr-key.c
ncr.c
ncr.h
| -rw-r--r-- | crypto.4 | 2 | ||||
| -rw-r--r-- | cryptodev_main.c | 7 | ||||
| -rw-r--r-- | examples/ncr.c | 28 | ||||
| -rw-r--r-- | examples/pk.c | 6 | ||||
| -rw-r--r-- | ncr-int.h | 4 | ||||
| -rw-r--r-- | ncr-key-wrap.c | 29 | ||||
| -rw-r--r-- | ncr-key.c | 50 | ||||
| -rw-r--r-- | ncr.c | 4 |
8 files changed, 93 insertions, 37 deletions
@@ -437,6 +437,8 @@ Mandatory. Optional, an empty IV is used if not present. .IP \fBNCR_ATTR_KEY_FLAGS\fP Optional, flags are unchanged if not present. +.IP \fBNCR_ATTR_KEY_TYPE\fP +Mandatory. .IP \fBNCR_ATTR_WRAPPING_ALGORITHM\fP Mandatory. .RE diff --git a/cryptodev_main.c b/cryptodev_main.c index 9c484f5..2a11fdb 100644 --- a/cryptodev_main.c +++ b/cryptodev_main.c @@ -127,9 +127,8 @@ cryptodev_release(struct inode *inode, struct file *filp) return 0; } -static int -cryptodev_ioctl(struct inode *inode, struct file *filp, - unsigned int cmd, unsigned long arg) +static long +cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) { void *ncr = filp->private_data; @@ -159,7 +158,7 @@ static const struct file_operations cryptodev_fops = { .owner = THIS_MODULE, .open = cryptodev_open, .release = cryptodev_release, - .ioctl = cryptodev_ioctl, + .unlocked_ioctl = cryptodev_ioctl, #ifdef CONFIG_COMPAT .compat_ioctl = cryptodev_compat_ioctl, #endif /* CONFIG_COMPAT */ diff --git a/examples/ncr.c b/examples/ncr.c index 343208e..9112873 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -353,7 +353,7 @@ test_ncr_key(int cfd) static int test_ncr_wrap_key(int cfd) { - int i; + int i, ret; ncr_key_t key, key2; struct __attribute__((packed)) { struct ncr_key_import f; @@ -377,6 +377,10 @@ test_ncr_wrap_key(int cfd) char wrap_algo[sizeof(NCR_WALG_AES_RFC3394)] ALIGN_NL; struct nlattr algo_head ALIGN_NL; char algo[sizeof(ALG_AES_CBC)] ALIGN_NL; + struct nlattr type_head ALIGN_NL; + uint32_t type ALIGN_NL; + struct nlattr flags_head ALIGN_NL; + uint32_t flags ALIGN_NL; } kunwrap; uint8_t data[WRAPPED_KEY_DATA_SIZE]; int data_size; @@ -415,12 +419,18 @@ test_ncr_wrap_key(int cfd) kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; - if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) { + ret = ioctl(cfd, NCRIO_KEY_IMPORT, &kimport); + if (geteuid() == 0 && ret) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } + if (geteuid() != 0) { + /* cannot test further */ + fprintf(stdout, "\t(Wrapping test not completed. Run as root)\n"); + return 0; + } /* convert it to key */ key2 = ioctl(cfd, NCRIO_KEY_INIT); @@ -467,17 +477,11 @@ test_ncr_wrap_key(int cfd) strcpy(kwrap.algo, NCR_WALG_AES_RFC3394); data_size = ioctl(cfd, NCRIO_KEY_WRAP, &kwrap); - if (geteuid() == 0 && data_size < 0) { + if (data_size < 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_WRAP)"); return 1; } - - if (geteuid() != 0) { - /* cannot test further */ - fprintf(stdout, "\t(Wrapping test not completed. Run as root)\n"); - return 0; - } if (data_size != 24 || memcmp(data, "\x1F\xA6\x8B\x0A\x81\x12\xB4\x47\xAE\xF3\x4B\xD8\xFB\x5A\x7B\x82\x9D\x3E\x86\x23\x71\xD2\xCF\xE5", 24) != 0) { @@ -517,6 +521,12 @@ test_ncr_wrap_key(int cfd) kunwrap.algo_head.nla_len = NLA_HDRLEN + sizeof(kunwrap.algo); kunwrap.algo_head.nla_type = NCR_ATTR_ALGORITHM; strcpy(kunwrap.algo, ALG_AES_CBC); + kunwrap.type_head.nla_len = NLA_HDRLEN + sizeof(kunwrap.type); + kunwrap.type_head.nla_type = NCR_ATTR_KEY_TYPE; + kunwrap.type = NCR_KEY_TYPE_SECRET; + kunwrap.flags_head.nla_len = NLA_HDRLEN + sizeof(kunwrap.flags); + kunwrap.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kunwrap.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; if (ioctl(cfd, NCRIO_KEY_UNWRAP, &kunwrap)) { perror("ioctl(NCRIO_KEY_UNWRAP)"); diff --git a/examples/pk.c b/examples/pk.c index 1db7aaf..1ad5873 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -626,6 +626,8 @@ test_ncr_wrap_key3(int cfd) char wrap_algo[sizeof(NCR_WALG_AES_RFC5649)] ALIGN_NL; struct nlattr algo_head ALIGN_NL; char algo[sizeof(ALG_RSA)] ALIGN_NL; + struct nlattr type_head ALIGN_NL; + uint32_t type ALIGN_NL; } kunwrap; struct __attribute__((packed)) { struct ncr_key_generate_pair f; @@ -781,6 +783,10 @@ test_ncr_wrap_key3(int cfd) = NLA_HDRLEN + sizeof(kunwrap.algo); kunwrap.algo_head.nla_type = NCR_ATTR_ALGORITHM; strcpy(kunwrap.algo, ALG_RSA); + kunwrap.type_head.nla_len + = NLA_HDRLEN + sizeof(kunwrap.type); + kunwrap.type_head.nla_type = NCR_ATTR_KEY_TYPE; + kunwrap.type = NCR_KEY_TYPE_PRIVATE; ret = ioctl(cfd, NCRIO_KEY_UNWRAP, &kunwrap); if (ret) { @@ -128,7 +128,7 @@ struct ncr_lists { void* ncr_init_lists(void); void ncr_deinit_lists(struct ncr_lists *lst); -int ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg); +long ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg); long ncr_compat_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg); @@ -137,7 +137,7 @@ int ncr_key_derive(struct ncr_lists *lst, const struct ncr_key_derive *data, struct nlattr *tb[]); void ncr_key_clear(struct key_item_st* item); -void ncr_key_assign_flags(struct key_item_st* item, unsigned int flags); +int ncr_key_assign_flags(struct key_item_st *item, unsigned int flags); /* key handling */ int ncr_key_init(struct ncr_lists *lst); diff --git a/ncr-key-wrap.c b/ncr-key-wrap.c index 4111ab1..c409bb9 100644 --- a/ncr-key-wrap.c +++ b/ncr-key-wrap.c @@ -471,14 +471,20 @@ const uint8_t *iv; goto cleanup; } + nla = tb[NCR_ATTR_KEY_FLAGS]; + if (nla != NULL) { + ret = ncr_key_assign_flags(output, nla_get_u32(nla)); + if (ret != 0) { + err(); + goto cleanup; + } + } + memset(&output->key, 0, sizeof(output->key)); for (i=0;i<n;i++) { memcpy(&output->key.secret.data[i*8], R[i], sizeof(R[i])); } output->key.secret.size = n*8; - nla = tb[NCR_ATTR_KEY_FLAGS]; - if (nla != NULL) - ncr_key_assign_flags(output, nla_get_u32(nla)); output->type = NCR_KEY_TYPE_SECRET; ret = 0; @@ -876,10 +882,21 @@ static int key_from_packed_data(struct nlattr *tb[], struct key_item_st *key, return -EINVAL; } - key->type = key->algorithm->key_type; + nla = tb[NCR_ATTR_KEY_TYPE]; + if (tb == NULL) { + err(); + return -EINVAL; + } + key->type = nla_get_u32(nla); + nla = tb[NCR_ATTR_KEY_FLAGS]; - if (nla != NULL) - ncr_key_assign_flags(key, nla_get_u32(nla)); + if (nla != NULL) { + ret = ncr_key_assign_flags(key, nla_get_u32(nla)); + if (ret != 0) { + err(); + return ret; + } + } if (key->type == NCR_KEY_TYPE_SECRET) { if (data_size > NCR_CIPHER_MAX_KEY_LEN) { @@ -287,13 +287,12 @@ fail: } -void ncr_key_assign_flags(struct key_item_st* item, unsigned int flags) +int ncr_key_assign_flags(struct key_item_st* item, unsigned int flags) { - if (current_euid()==0) { - item->flags = flags; - } else { - item->flags = flags & (~(NCR_KEY_FLAG_WRAPPING)); - } + if (!capable(CAP_SYS_ADMIN) && (flags & NCR_KEY_FLAG_WRAPPING) != 0) + return -EPERM; + item->flags = flags; + return 0; } int ncr_key_import(struct ncr_lists *lst, const struct ncr_key_import *data, @@ -343,8 +342,13 @@ size_t tmp_size; } nla = tb[NCR_ATTR_KEY_FLAGS]; - if (nla != NULL) - ncr_key_assign_flags(item, nla_get_u32(nla)); + if (nla != NULL) { + ret = ncr_key_assign_flags(item, nla_get_u32(nla)); + if (ret < 0) { + err(); + goto fail; + } + } nla = tb[NCR_ATTR_KEY_ID]; if (nla != NULL) { @@ -431,8 +435,13 @@ size_t size; /* we generate only secret keys */ nla = tb[NCR_ATTR_KEY_FLAGS]; - if (nla != NULL) - ncr_key_assign_flags(item, nla_get_u32(nla)); + if (nla != NULL) { + ret = ncr_key_assign_flags(item, nla_get_u32(nla)); + if (ret < 0) { + err(); + goto fail; + } + } algo = _ncr_nla_to_properties(tb[NCR_ATTR_ALGORITHM]); if (algo == NULL) { @@ -685,8 +694,16 @@ int ret; private->type = NCR_KEY_TYPE_PRIVATE; nla = tb[NCR_ATTR_KEY_FLAGS]; if (nla != NULL) { - ncr_key_assign_flags(private, nla_get_u32(nla)); - ncr_key_assign_flags(public, nla_get_u32(nla)); + ret = ncr_key_assign_flags(private, nla_get_u32(nla)); + if (ret < 0) { + err(); + goto fail; + } + ret = ncr_key_assign_flags(public, nla_get_u32(nla)); + if (ret < 0) { + err(); + goto fail; + } } public->flags |= (NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE); @@ -747,8 +764,13 @@ struct key_item_st* newkey = NULL; ncr_key_clear(newkey); nla = tb[NCR_ATTR_KEY_FLAGS]; - if (nla != NULL) - ncr_key_assign_flags(newkey, nla_get_u32(nla)); + if (nla != NULL) { + ret = ncr_key_assign_flags(newkey, nla_get_u32(nla)); + if (ret < 0) { + err(); + goto fail; + } + } switch (key->type) { case NCR_KEY_TYPE_PUBLIC: @@ -80,7 +80,7 @@ void ncr_master_key_reset(void) static int ncr_master_key_set(const struct ncr_master_key_set *st, struct nlattr *tb[]) { - if (current_euid() != 0 && !capable(CAP_SYS_ADMIN)) { + if (!capable(CAP_SYS_ADMIN)) { err(); return -EPERM; } @@ -113,7 +113,7 @@ static int ncr_master_key_set(const struct ncr_master_key_set *st, return 0; } -int +long ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) { void __user *arg = (void __user *)arg_; |