From 014124ef6c43f2eadbf07318c03691c5305b6183 Mon Sep 17 00:00:00 2001 From: Miloslav Trmač Date: Tue, 17 Aug 2010 20:11:44 +0200 Subject: Drop unnecessary "file *" argument to ncr_ioctl() --- cryptodev_main.c | 2 +- ncr-int.h | 3 +-- ncr.c | 3 +-- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/cryptodev_main.c b/cryptodev_main.c index a056b44..da75672 100644 --- a/cryptodev_main.c +++ b/cryptodev_main.c @@ -828,7 +828,7 @@ cryptodev_ioctl(struct inode *inode, struct file *filp, return 0; default: - return ncr_ioctl(pcr->ncr, filp, cmd, arg_); + return ncr_ioctl(pcr->ncr, cmd, arg_); } } diff --git a/ncr-int.h b/ncr-int.h index 4694cda..53df9df 100644 --- a/ncr-int.h +++ b/ncr-int.h @@ -104,8 +104,7 @@ struct ncr_lists { void* ncr_init_lists(void); void ncr_deinit_lists(struct ncr_lists *lst); -int ncr_ioctl(struct ncr_lists*, struct file *filp, - unsigned int cmd, unsigned long arg); +int ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg); /* key derivation */ int ncr_key_derive(struct ncr_lists *lst, void __user* arg); diff --git a/ncr.c b/ncr.c index 86c8c7a..81e3fa3 100644 --- a/ncr.c +++ b/ncr.c @@ -117,8 +117,7 @@ struct ncr_master_key_st st; } int -ncr_ioctl(struct ncr_lists* lst, struct file *filp, - unsigned int cmd, unsigned long arg_) +ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) { void __user *arg = (void __user *)arg_; -- cgit From 5c340eee0020717c793fd9d7e74e5f065225a8f3 Mon Sep 17 00:00:00 2001 From: Miloslav Trmač Date: Tue, 24 Aug 2010 20:17:51 +0200 Subject: Provide file_operations::unlocked_ioctl. file_operations::ioctl is no longer supported in recent kernels. compat_ioctl is not running under the BKL, so the code has to do its own locking anyway (although not everything currently does). --- cryptodev_main.c | 9 ++++----- ncr-int.h | 2 +- ncr.c | 2 +- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/cryptodev_main.c b/cryptodev_main.c index da75672..541f177 100644 --- a/cryptodev_main.c +++ b/cryptodev_main.c @@ -768,9 +768,8 @@ clonefd(struct file *filp) return ret; } -static int -cryptodev_ioctl(struct inode *inode, struct file *filp, - unsigned int cmd, unsigned long arg_) +static long +cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) { void __user *arg = (void __user *)arg_; int __user *p = arg; @@ -907,7 +906,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) case CIOCASYMFEAT: case CRIOGET: case CIOCFSESSION: - return cryptodev_ioctl(NULL, file, cmd, arg_); + return cryptodev_ioctl(file, cmd, arg_); case COMPAT_CIOCGSESSION: if (unlikely(copy_from_user(&compat_sop, arg, @@ -955,7 +954,7 @@ static const struct file_operations cryptodev_fops = { .owner = THIS_MODULE, .open = cryptodev_open, .release = cryptodev_release, - .ioctl = cryptodev_ioctl, + .unlocked_ioctl = cryptodev_ioctl, #ifdef CONFIG_COMPAT .compat_ioctl = cryptodev_compat_ioctl, #endif /* CONFIG_COMPAT */ diff --git a/ncr-int.h b/ncr-int.h index 53df9df..6277619 100644 --- a/ncr-int.h +++ b/ncr-int.h @@ -104,7 +104,7 @@ struct ncr_lists { void* ncr_init_lists(void); void ncr_deinit_lists(struct ncr_lists *lst); -int ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg); +long ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg); /* key derivation */ int ncr_key_derive(struct ncr_lists *lst, void __user* arg); diff --git a/ncr.c b/ncr.c index 81e3fa3..615b29d 100644 --- a/ncr.c +++ b/ncr.c @@ -116,7 +116,7 @@ struct ncr_master_key_st st; return 0; } -int +long ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) { void __user *arg = (void __user *)arg_; -- cgit From 51a92d357aebc84b45cf8c90061319d22b170bb5 Mon Sep 17 00:00:00 2001 From: Miloslav Trmač Date: Tue, 24 Aug 2010 20:43:13 +0200 Subject: Reject prohibited key flags immediately Silently ignoring user's requests is unexpected. --- examples/ncr.c | 18 ++++++++---------- ncr-int.h | 2 +- ncr-key-wrap.c | 13 +++++++++++-- ncr-key.c | 41 ++++++++++++++++++++++++++++++----------- 4 files changed, 50 insertions(+), 24 deletions(-) diff --git a/examples/ncr.c b/examples/ncr.c index 5169a14..7de67ee 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -240,12 +240,18 @@ test_ncr_wrap_key(int cfd) keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; keydata.idata_size = 16; - if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { + ret = ioctl(cfd, NCRIO_KEY_IMPORT, &keydata); + if (geteuid() == 0 && ret) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } + if (geteuid() != 0) { + /* cannot test further */ + fprintf(stdout, "\t(Wrapping test not completed. Run as root)\n"); + return 0; + } /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &key2)) { @@ -279,19 +285,11 @@ test_ncr_wrap_key(int cfd) kwrap.io = data; kwrap.io_size = sizeof(data); - ret = ioctl(cfd, NCRIO_KEY_WRAP, &kwrap); - - if (geteuid() == 0 && ret) { + if (ioctl(cfd, NCRIO_KEY_WRAP, &kwrap)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_WRAP)"); return 1; } - - if (geteuid() != 0) { - /* cannot test further */ - fprintf(stdout, "\t(Wrapping test not completed. Run as root)\n"); - return 0; - } data_size = kwrap.io_size; diff --git a/ncr-int.h b/ncr-int.h index 6277619..03ad298 100644 --- a/ncr-int.h +++ b/ncr-int.h @@ -110,7 +110,7 @@ long ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg); int ncr_key_derive(struct ncr_lists *lst, void __user* arg); void ncr_key_clear(struct key_item_st* item); -void ncr_key_assign_flags(struct key_item_st* item, unsigned int flags); +int ncr_key_assign_flags(struct key_item_st *item, unsigned int flags); /* key handling */ int ncr_key_init(struct ncr_lists *lst, void __user* arg); diff --git a/ncr-key-wrap.c b/ncr-key-wrap.c index 93103b5..eea252e 100644 --- a/ncr-key-wrap.c +++ b/ncr-key-wrap.c @@ -455,12 +455,17 @@ const uint8_t * iv = wrap_st->params.params.cipher.iv; goto cleanup; } + ret = ncr_key_assign_flags(output, wrap_st->wrapped_key_flags); + if (ret != 0) { + err(); + goto cleanup; + } + memset(&output->key, 0, sizeof(output->key)); for (i=0;ikey.secret.data[i*8], R[i], sizeof(R[i])); } output->key.secret.size = n*8; - ncr_key_assign_flags(output, wrap_st->wrapped_key_flags); output->type = NCR_KEY_TYPE_SECRET; ret = 0; @@ -864,7 +869,11 @@ static int key_from_packed_data(ncr_algorithm_t algorithm, unsigned int flags, } key->type = key->algorithm->key_type; - ncr_key_assign_flags(key, flags); + ret = ncr_key_assign_flags(key, flags); + if (ret != 0) { + err(); + return ret; + } if (key->type == NCR_KEY_TYPE_SECRET) { if (data_size > NCR_CIPHER_MAX_KEY_LEN) { diff --git a/ncr-key.c b/ncr-key.c index 8f74ade..3860f7f 100644 --- a/ncr-key.c +++ b/ncr-key.c @@ -309,13 +309,12 @@ fail: } -void ncr_key_assign_flags(struct key_item_st* item, unsigned int flags) +int ncr_key_assign_flags(struct key_item_st* item, unsigned int flags) { - if (current_euid()==0) { - item->flags = flags; - } else { - item->flags = flags & (~(NCR_KEY_FLAG_WRAPPING)); - } + if (current_euid() != 0 && (flags & NCR_KEY_FLAG_WRAPPING) != 0) + return -EPERM; + item->flags = flags; + return 0; } /* "imports" a key from a data item. If the key is not exportable @@ -363,7 +362,11 @@ size_t tmp_size; ret = -EINVAL; goto fail; } - ncr_key_assign_flags(item, data.flags); + ret = ncr_key_assign_flags(item, data.flags); + if (ret < 0) { + err(); + goto fail; + } if (data.key_id_size > MAX_KEY_ID_SIZE) { err(); @@ -451,7 +454,11 @@ size_t size; ncr_key_clear(item); /* we generate only secret keys */ - ncr_key_assign_flags(item, gen.params.keyflags); + ret = ncr_key_assign_flags(item, gen.params.keyflags); + if (ret < 0) { + err(); + goto fail; + } algo = _ncr_algo_to_properties(gen.params.algorithm); if (algo == NULL) { @@ -669,8 +676,16 @@ int ret; } public->type = public->algorithm->key_type; private->type = NCR_KEY_TYPE_PRIVATE; - ncr_key_assign_flags(private, gen.params.keyflags); - ncr_key_assign_flags(public, gen.params.keyflags); + ret = ncr_key_assign_flags(private, gen.params.keyflags); + if (ret < 0) { + err(); + goto fail; + } + ret = ncr_key_assign_flags(public, gen.params.keyflags); + if (ret < 0) { + err(); + goto fail; + } public->flags |= (NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE); @@ -736,7 +751,11 @@ struct key_item_st* newkey = NULL; ncr_key_clear(newkey); - ncr_key_assign_flags(newkey, data.keyflags); + ret = ncr_key_assign_flags(newkey, data.keyflags); + if (ret < 0) { + err(); + goto fail; + } switch (key->type) { case NCR_KEY_TYPE_PUBLIC: -- cgit From f9b9503e757b5fc69ab93bc1e4f7e80de85f0831 Mon Sep 17 00:00:00 2001 From: Miloslav Trmač Date: Tue, 24 Aug 2010 20:43:59 +0200 Subject: Base access decisions only on capable(), not euid --- ncr-key.c | 2 +- ncr.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ncr-key.c b/ncr-key.c index 3860f7f..a7019f5 100644 --- a/ncr-key.c +++ b/ncr-key.c @@ -311,7 +311,7 @@ fail: int ncr_key_assign_flags(struct key_item_st* item, unsigned int flags) { - if (current_euid() != 0 && (flags & NCR_KEY_FLAG_WRAPPING) != 0) + if (!capable(CAP_SYS_ADMIN) && (flags & NCR_KEY_FLAG_WRAPPING) != 0) return -EPERM; item->flags = flags; return 0; diff --git a/ncr.c b/ncr.c index 615b29d..f9f6026 100644 --- a/ncr.c +++ b/ncr.c @@ -79,7 +79,7 @@ static int ncr_master_key_set(void __user *arg) { struct ncr_master_key_st st; - if (current_euid() != 0 && !capable(CAP_SYS_ADMIN)) { + if (!capable(CAP_SYS_ADMIN)) { err(); return -EPERM; } -- cgit From 1ba66cab0563708d551e3462c249f1da21695882 Mon Sep 17 00:00:00 2001 From: Miloslav Trmač Date: Tue, 24 Aug 2010 20:56:09 +0200 Subject: Make it possible to import private keys --- examples/ncr.c | 4 ++++ examples/pk.c | 1 + ncr-key-wrap.c | 20 +++++++++++++------- ncr.h | 1 + 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/examples/ncr.c b/examples/ncr.c index 7de67ee..a02f750 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -321,6 +321,10 @@ test_ncr_wrap_key(int cfd) memset(&kwrap, 0, sizeof(kwrap)); kwrap.algorithm = NCR_WALG_AES_RFC3394; kwrap.keytowrap = key2; + kwrap.wrapped_key_algorithm = NCR_ALG_AES_CBC; + kwrap.wrapped_key_type = NCR_KEY_TYPE_SECRET; + kwrap.wrapped_key_flags + = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; kwrap.key = key; kwrap.io = data; kwrap.io_size = data_size; diff --git a/examples/pk.c b/examples/pk.c index 032ae98..7199d53 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -647,6 +647,7 @@ test_ncr_wrap_key3(int cfd) memset(&kwrap, 0, sizeof(kwrap)); kwrap.algorithm = NCR_WALG_AES_RFC5649; kwrap.wrapped_key_algorithm = NCR_ALG_RSA; + kwrap.wrapped_key_type = NCR_KEY_TYPE_PRIVATE; kwrap.keytowrap = privkey; kwrap.key = key; kwrap.io = data; diff --git a/ncr-key-wrap.c b/ncr-key-wrap.c index eea252e..0f9f0fe 100644 --- a/ncr-key-wrap.c +++ b/ncr-key-wrap.c @@ -39,8 +39,10 @@ typedef uint8_t val64_t[8]; static const val64_t initA = "\xA6\xA6\xA6\xA6\xA6\xA6\xA6\xA6"; static int key_to_packed_data( uint8_t** sdata, size_t * sdata_size, const struct key_item_st *key); -static int key_from_packed_data(ncr_algorithm_t algorithm, unsigned int flags, - struct key_item_st* key, const void* data, size_t data_size); +static int key_from_packed_data(ncr_algorithm_t algorithm, + ncr_key_type_t key_type, unsigned int flags, + struct key_item_st* key, const void* data, + size_t data_size); static void val64_xor( val64_t val, uint32_t x) @@ -303,8 +305,10 @@ size_t sdata_size = KEY_DATA_MAX_SIZE; goto fail; } - ret = key_from_packed_data(wrap_st->wrapped_key_algorithm, wrap_st->wrapped_key_flags, - output, sdata, sdata_size); + ret = key_from_packed_data(wrap_st->wrapped_key_algorithm, + wrap_st->wrapped_key_type, + wrap_st->wrapped_key_flags, output, sdata, + sdata_size); if (ret < 0) { err(); goto fail; @@ -852,8 +856,10 @@ fail: return ret; } -static int key_from_packed_data(ncr_algorithm_t algorithm, unsigned int flags, - struct key_item_st* key, const void* data, size_t data_size) +static int key_from_packed_data(ncr_algorithm_t algorithm, + ncr_key_type_t key_type, unsigned int flags, + struct key_item_st* key, const void* data, + size_t data_size) { int ret; @@ -868,7 +874,7 @@ static int key_from_packed_data(ncr_algorithm_t algorithm, unsigned int flags, return -EINVAL; } - key->type = key->algorithm->key_type; + key->type = key_type; ret = ncr_key_assign_flags(key, flags); if (ret != 0) { err(); diff --git a/ncr.h b/ncr.h index af4c279..94d1433 100644 --- a/ncr.h +++ b/ncr.h @@ -216,6 +216,7 @@ struct ncr_key_wrap_st { * For symmetric ciphers AES would do. */ ncr_algorithm_t wrapped_key_algorithm; + ncr_key_type_t wrapped_key_type; unsigned int wrapped_key_flags; /* flags for the newly unwrapped key */ ncr_key_t keytowrap; -- cgit