diff options
| -rw-r--r-- | examples/ncr.c | 23 | ||||
| -rw-r--r-- | ncr-int.h | 4 | ||||
| -rw-r--r-- | ncr-key-wrap.c | 22 | ||||
| -rw-r--r-- | ncr.c | 24 | ||||
| -rw-r--r-- | ncr.h | 10 |
5 files changed, 55 insertions, 28 deletions
diff --git a/examples/ncr.c b/examples/ncr.c index d4af05d..52cc9ed 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -680,7 +680,8 @@ test_ncr_store_wrap_key(int cfd) uint32_t flags ALIGN_NL; } kimport; struct ncr_key_export kexport; - struct ncr_key_storage_wrap_st kwrap; + struct ncr_key_storage_wrap kwrap; + struct ncr_key_storage_wrap_st kunwrap; uint8_t data[DATA_SIZE]; int data_size; @@ -727,18 +728,18 @@ test_ncr_store_wrap_key(int cfd) /* now try wrapping key2 using key */ memset(&kwrap, 0, sizeof(kwrap)); - kwrap.keytowrap = key2; - kwrap.io = data; - kwrap.io_size = sizeof(data); + kwrap.key = key2; + kwrap.buffer = data; + kwrap.buffer_size = sizeof(data); - if (ioctl(cfd, NCRIO_KEY_STORAGE_WRAP, &kwrap)) { + data_size = ioctl(cfd, NCRIO_KEY_STORAGE_WRAP, &kwrap); + if (data_size < 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_STORAGE_WRAP)"); return 1; } /* test unwrapping */ - data_size = kwrap.io_size; fprintf(stdout, "\tKey Storage Unwrap test...\n"); /* reset key2 */ @@ -755,12 +756,12 @@ test_ncr_store_wrap_key(int cfd) return 1; } - memset(&kwrap, 0, sizeof(kwrap)); - kwrap.keytowrap = key2; - kwrap.io = data; - kwrap.io_size = data_size; + memset(&kunwrap, 0, sizeof(kunwrap)); + kunwrap.keytowrap = key2; + kunwrap.io = data; + kunwrap.io_size = data_size; - if (ioctl(cfd, NCRIO_KEY_STORAGE_UNWRAP, &kwrap)) { + if (ioctl(cfd, NCRIO_KEY_STORAGE_UNWRAP, &kunwrap)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_STORAGE_UNWRAP)"); return 1; @@ -157,7 +157,9 @@ int ncr_key_wrap(struct ncr_lists *lst, const struct ncr_key_wrap *wrap, struct nlattr *tb[]); int ncr_key_unwrap(struct ncr_lists *lst, const struct ncr_key_unwrap *wrap, struct nlattr *tb[]); -int ncr_key_storage_wrap(struct ncr_lists *lst, void __user* arg); +int ncr_key_storage_wrap(struct ncr_lists *lst, + const struct ncr_key_storage_wrap *wrap, + struct nlattr *tb[]); int ncr_key_storage_unwrap(struct ncr_lists *lst, void __user* arg); /* sessions */ diff --git a/ncr-key-wrap.c b/ncr-key-wrap.c index 725b594..1da90f5 100644 --- a/ncr-key-wrap.c +++ b/ncr-key-wrap.c @@ -700,9 +700,10 @@ fail: return ret; } -int ncr_key_storage_wrap(struct ncr_lists *lst, void __user* arg) +int ncr_key_storage_wrap(struct ncr_lists *lst, + const struct ncr_key_storage_wrap *wrap, + struct nlattr *tb[]) { -struct ncr_key_storage_wrap_st wrap; struct key_item_st* wkey = NULL; void* data = NULL; size_t data_size; @@ -715,18 +716,18 @@ int ret; return -ENOKEY; } - if (unlikely(copy_from_user(&wrap, arg, sizeof(wrap)))) { + if (wrap->buffer_size < 0) { err(); - return -EFAULT; + return -EINVAL; } - ret = ncr_key_item_get_read( &wkey, lst, wrap.keytowrap); + ret = ncr_key_item_get_read(&wkey, lst, wrap->key); if (ret < 0) { err(); return ret; } - data_size = wrap.io_size; + data_size = wrap->buffer_size; data = kmalloc(data_size, GFP_KERNEL); if (data == NULL) { err(); @@ -746,18 +747,13 @@ int ret; goto fail; } - ret = copy_to_user(wrap.io, data, data_size); + ret = copy_to_user(wrap->buffer, data, data_size); if (unlikely(ret)) { ret = -EFAULT; goto fail; } - wrap.io_size = data_size; - - ret = copy_to_user(arg, &wrap, sizeof(wrap)); - if (unlikely(ret)) { - ret = -EFAULT; - } + ret = data_size; fail: if (wkey != NULL) _ncr_key_item_put(wkey); @@ -180,8 +180,8 @@ ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) } CASE_NO_OUTPUT(NCRIO_KEY_WRAP, ncr_key_wrap, ncr_key_wrap); CASE_NO_OUTPUT(NCRIO_KEY_UNWRAP, ncr_key_unwrap, ncr_key_unwrap); - case NCRIO_KEY_STORAGE_WRAP: - return ncr_key_storage_wrap(lst, arg); + CASE_NO_OUTPUT(NCRIO_KEY_STORAGE_WRAP, ncr_key_storage_wrap, + ncr_key_storage_wrap); case NCRIO_KEY_STORAGE_UNWRAP: return ncr_key_storage_unwrap(lst, arg); case NCRIO_SESSION_INIT: @@ -276,6 +276,24 @@ static void convert_ncr_key_unwrap(struct ncr_key_unwrap *new, new->data_size = old->data_size; } +struct compat_ncr_key_storage_wrap { + __u32 input_size, output_size; + ncr_key_t key; + compat_uptr_t buffer; + compat_int_t buffer_size; + __NL_ATTRIBUTES; +}; +#define COMPAT_NCRIO_KEY_STORAGE_WRAP \ + _IOWR('c', 261, struct compat_ncr_key_storage_wrap) + +static void convert_ncr_key_storage_wrap(struct ncr_key_storage_wrap *new, + const struct compat_ncr_key_storage_wrap *old) +{ + new->key = old->key; + new->buffer = compat_ptr(old->buffer); + new->buffer_size = old->buffer_size; +} + long ncr_compat_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) { @@ -315,6 +333,8 @@ ncr_compat_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) CASE_NO_OUTPUT(COMPAT_NCRIO_KEY_IMPORT, ncr_key_import, ncr_key_import); CASE_NO_OUTPUT(COMPAT_NCRIO_KEY_WRAP, ncr_key_wrap, ncr_key_wrap); CASE_NO_OUTPUT(COMPAT_NCRIO_KEY_UNWRAP, ncr_key_unwrap, ncr_key_unwrap); + CASE_NO_OUTPUT(COMPAT_NCRIO_KEY_STORAGE_WRAP, ncr_key_storage_wrap, + ncr_key_storage_wrap); default: return -EINVAL; #undef CASE_NO_OUTPUT @@ -251,6 +251,14 @@ struct ncr_master_key_st { /* These are similar to key_wrap and unwrap except that will store some extra * fields to be able to recover a key */ +struct ncr_key_storage_wrap { + __u32 input_size, output_size; + ncr_key_t key; + void __user *buffer; + int buffer_size; + __NL_ATTRIBUTES; +}; + struct ncr_key_storage_wrap_st { ncr_key_t keytowrap; @@ -259,7 +267,7 @@ struct ncr_key_storage_wrap_st { __kernel_size_t io_size; }; -#define NCRIO_KEY_STORAGE_WRAP _IOWR ('c', 261, struct ncr_key_storage_wrap_st) +#define NCRIO_KEY_STORAGE_WRAP _IOWR('c', 261, struct ncr_key_storage_wrap) #define NCRIO_KEY_STORAGE_UNWRAP _IOR ('c', 262, struct ncr_key_storage_wrap_st) /* Crypto Operations ioctls |