5 files changed, 42 insertions, 27 deletions

diff --git a/examples/ncr.c b/examples/ncr.c
index 52cc9ed..49f5e38 100644
--- a/examples/ncr.c
+++ b/examples/ncr.c
@@ -681,7 +681,7 @@ test_ncr_store_wrap_key(int cfd)
 	} kimport;
 	struct ncr_key_export kexport;
 	struct ncr_key_storage_wrap kwrap;
-	struct ncr_key_storage_wrap_st kunwrap;
+	struct ncr_key_storage_unwrap kunwrap;
 	uint8_t data[DATA_SIZE];
 	int data_size;
 
@@ -757,9 +757,9 @@ test_ncr_store_wrap_key(int cfd)
 	}
 
 	memset(&kunwrap, 0, sizeof(kunwrap));
-	kunwrap.keytowrap = key2;
-	kunwrap.io = data;
-	kunwrap.io_size = data_size;
+	kunwrap.key = key2;
+	kunwrap.data = data;
+	kunwrap.data_size = data_size;
 
 	if (ioctl(cfd, NCRIO_KEY_STORAGE_UNWRAP, &kunwrap)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
diff --git a/ncr-int.h b/ncr-int.h
index 419b9e6..b8f1250 100644
--- a/ncr-int.h
+++ b/ncr-int.h
@@ -160,7 +160,9 @@ int ncr_key_unwrap(struct ncr_lists *lst, const struct ncr_key_unwrap *wrap,
 int ncr_key_storage_wrap(struct ncr_lists *lst,
 			 const struct ncr_key_storage_wrap *wrap,
 			 struct nlattr *tb[]);
-int ncr_key_storage_unwrap(struct ncr_lists *lst, void __user* arg);
+int ncr_key_storage_unwrap(struct ncr_lists *lst,
+			   const struct ncr_key_storage_unwrap *wrap,
+			   struct nlattr *tb[]);
 
 /* sessions */
 struct session_item_st* ncr_session_new(struct ncr_lists *lst);
diff --git a/ncr-key-wrap.c b/ncr-key-wrap.c
index 1da90f5..de4bcdd 100644
--- a/ncr-key-wrap.c
+++ b/ncr-key-wrap.c
@@ -763,12 +763,10 @@ fail:
 	return ret;
 }
 
-/* Unwraps keys. All keys unwrapped are not accessible by 
- * userspace.
- */
-int ncr_key_storage_unwrap(struct ncr_lists *lst, void __user* arg)
+int ncr_key_storage_unwrap(struct ncr_lists *lst,
+			   const struct ncr_key_storage_unwrap *wrap,
+			   struct nlattr *tb[])
 {
-struct ncr_key_storage_wrap_st wrap;
 struct key_item_st* wkey = NULL;
 void* data = NULL;
 uint8_t * sdata = NULL;
@@ -780,18 +778,13 @@ int ret;
 		return -ENOKEY;
 	}
 
-	if (unlikely(copy_from_user(&wrap, arg, sizeof(wrap)))) {
-		err();
-		return -EFAULT;
-	}
-
-	ret = ncr_key_item_get_write( &wkey, lst, wrap.keytowrap);
+	ret = ncr_key_item_get_write(&wkey, lst, wrap->key);
 	if (ret < 0) {
 		err();
 		return ret;
 	}
 
-	data_size = wrap.io_size;
+	data_size = wrap->data_size;
 	data = kmalloc(data_size, GFP_KERNEL);
 	if (data == NULL) {
 		err();
@@ -799,7 +792,7 @@ int ret;
 		goto fail;
 	}
 
-	if (unlikely(copy_from_user(data, wrap.io, data_size))) {
+	if (unlikely(copy_from_user(data, wrap->data, data_size))) {
 		err();
 		ret = -EFAULT;
 		goto fail;
diff --git a/ncr.c b/ncr.c
index 76c1971..1bee991 100644
--- a/ncr.c
+++ b/ncr.c
@@ -182,8 +182,8 @@ ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_)
 	CASE_NO_OUTPUT(NCRIO_KEY_UNWRAP, ncr_key_unwrap, ncr_key_unwrap);
 	CASE_NO_OUTPUT(NCRIO_KEY_STORAGE_WRAP, ncr_key_storage_wrap,
 		       ncr_key_storage_wrap);
-		case NCRIO_KEY_STORAGE_UNWRAP:
-			return ncr_key_storage_unwrap(lst, arg);
+	CASE_NO_OUTPUT(NCRIO_KEY_STORAGE_UNWRAP, ncr_key_storage_unwrap,
+		       ncr_key_storage_unwrap);
 		case NCRIO_SESSION_INIT:
 			return ncr_session_init(lst, arg);
 		case NCRIO_SESSION_UPDATE:
@@ -294,6 +294,24 @@ static void convert_ncr_key_storage_wrap(struct ncr_key_storage_wrap *new,
 	new->buffer_size = old->buffer_size;
 }
 
+struct compat_ncr_key_storage_unwrap {
+	__u32 input_size, output_size;
+	ncr_key_t key;
+	compat_uptr_t data;
+	__u32 data_size;
+	__NL_ATTRIBUTES;
+};
+#define COMPAT_NCRIO_KEY_STORAGE_UNWRAP				\
+	_IOWR('c', 262, struct compat_ncr_key_storage_wrap)
+
+static void convert_ncr_key_storage_unwrap(struct ncr_key_storage_unwrap *new,
+					   const struct compat_ncr_key_storage_unwrap *old)
+{
+	new->key = old->key;
+	new->data = compat_ptr(old->data);
+	new->data_size = old->data_size;
+}
+
 long
 ncr_compat_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_)
 {
@@ -335,6 +353,8 @@ ncr_compat_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_)
 	CASE_NO_OUTPUT(COMPAT_NCRIO_KEY_UNWRAP, ncr_key_unwrap, ncr_key_unwrap);
 	CASE_NO_OUTPUT(COMPAT_NCRIO_KEY_STORAGE_WRAP, ncr_key_storage_wrap,
 		       ncr_key_storage_wrap);
+	CASE_NO_OUTPUT(COMPAT_NCRIO_KEY_STORAGE_UNWRAP, ncr_key_storage_unwrap,
+		       ncr_key_storage_unwrap);
 	default:
 		return -EINVAL;
 #undef CASE_NO_OUTPUT
diff --git a/ncr.h b/ncr.h
index 10d1f71..46cf8cb 100644
--- a/ncr.h
+++ b/ncr.h
@@ -259,16 +259,16 @@ struct ncr_key_storage_wrap {
 	__NL_ATTRIBUTES;
 };
 
-struct ncr_key_storage_wrap_st {
-	ncr_key_t keytowrap;
-
-	void __user * io; /* encrypted keytowrap */
-	/* this will be updated by the actual size on wrap */
-	__kernel_size_t io_size;
+struct ncr_key_storage_unwrap {
+	__u32 input_size, output_size;
+	ncr_key_t key;
+	const void __user *data;
+	__u32 data_size;
+	__NL_ATTRIBUTES;
 };
 
 #define NCRIO_KEY_STORAGE_WRAP        _IOWR('c', 261, struct ncr_key_storage_wrap)
-#define NCRIO_KEY_STORAGE_UNWRAP        _IOR ('c', 262, struct ncr_key_storage_wrap_st)
+#define NCRIO_KEY_STORAGE_UNWRAP        _IOWR('c', 262, struct ncr_key_storage_wrap)
 
 /* Crypto Operations ioctls
  */