diff options
| author | Miloslav Trmač <mitr@redhat.com> | 2010-08-02 18:11:53 +0200 |
|---|---|---|
| committer | Miloslav Trmač <mitr@redhat.com> | 2010-09-07 00:02:04 +0200 |
| commit | 71cf9b0659c55ad0e695e98190c742ae39bcee23 (patch) | |
| tree | 25032bec598a4c1dfba8312fe44f103d7533d1ac /crypto/userspace/ncr-key-wrap.c | |
| parent | f4ab2ffed62bc7b4a536ba111e5a4aa38157ea29 (diff) | |
| download | kernel-crypto-71cf9b0659c55ad0e695e98190c742ae39bcee23.tar.gz kernel-crypto-71cf9b0659c55ad0e695e98190c742ae39bcee23.tar.xz kernel-crypto-71cf9b0659c55ad0e695e98190c742ae39bcee23.zip | |
Implement AUDIT_CRYPTO_USERSPACE_OP
Diffstat (limited to 'crypto/userspace/ncr-key-wrap.c')
| -rw-r--r-- | crypto/userspace/ncr-key-wrap.c | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/crypto/userspace/ncr-key-wrap.c b/crypto/userspace/ncr-key-wrap.c index c30fa243941..ce061312dc0 100644 --- a/crypto/userspace/ncr-key-wrap.c +++ b/crypto/userspace/ncr-key-wrap.c @@ -22,6 +22,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ +#include <linux/audit.h> #include <linux/ioctl.h> #include <linux/mm.h> #include <linux/ncr.h> @@ -532,6 +533,26 @@ int kek_level, wkey_level; return 0; } +static const char *ncr_wrap_name(struct nlattr *tb[]) +{ + static const char *const known_algorithms[] = { + NCR_WALG_AES_RFC3394, NCR_WALG_AES_RFC5649 + }; + + size_t i; + const struct nlattr *nla; + + /* Only allow known algorithms to prevent log injection. Return the + static string, not nla_data(), which will go away before the ioctl() + handler returns. */ + nla = tb[NCR_ATTR_WRAPPING_ALGORITHM]; + for (i = 0; i < ARRAY_SIZE(known_algorithms); i++) { + if (nla_strcmp(nla, known_algorithms[i]) == 0) + return known_algorithms[i]; + } + return "unknown"; +} + int ncr_key_wrap(struct ncr_lists *lst, const struct ncr_key_wrap *wrap, struct nlattr *tb[]) { @@ -633,6 +654,14 @@ int ret; ret = data_size; fail: + audit_log_crypto_op(AUDIT_CRYPTO_OP_KEY_WRAP, lst->id, -1, NULL, + ncr_wrap_name(tb), wrap->wrapping_key, + key != NULL ? key->key_id : NULL, + key != NULL ? key->key_id_size : 0, + wrap->source_key, + wkey != NULL ? wkey->key_id : NULL, + wkey != NULL ? wkey->key_id_size : 0); + if (wkey != NULL) _ncr_key_item_put(wkey); if (key != NULL) _ncr_key_item_put(key); kfree(data); @@ -710,6 +739,13 @@ int ret; } fail: + audit_log_crypto_op(AUDIT_CRYPTO_OP_KEY_UNWRAP, lst->id, -1, NULL, + ncr_wrap_name(tb), wrap->wrapping_key, + key != NULL ? key->key_id : NULL, + key != NULL ? key->key_id_size : 0, wrap->dest_key, + wkey != NULL ? wkey->key_id : NULL, + wkey != NULL ? wkey->key_id_size : 0); + if (wkey != NULL) _ncr_key_item_put(wkey); if (key != NULL) _ncr_key_item_put(key); if (data != NULL) kfree(data); @@ -773,6 +809,11 @@ int ret; ret = data_size; fail: + audit_log_crypto_op(AUDIT_CRYPTO_OP_KEY_WRAP, lst->id, -1, NULL, NULL, + -1, NULL, 0, wrap->key, + wkey != NULL ? wkey->key_id : NULL, + wkey != NULL ? wkey->key_id_size : 0); + if (wkey != NULL) _ncr_key_item_put(wkey); if (data != NULL) kfree(data); if (sdata != NULL) kfree(sdata); @@ -839,6 +880,11 @@ int ret; fail: + audit_log_crypto_op(AUDIT_CRYPTO_OP_KEY_UNWRAP, lst->id, -1, NULL, NULL, + -1, NULL, 0, wrap->key, + wkey != NULL ? wkey->key_id : NULL, + wkey != NULL ? wkey->key_id_size : 0); + if (wkey != NULL) _ncr_key_item_put(wkey); if (data != NULL) kfree(data); if (sdata != NULL) kfree(sdata); |