Implement AUDIT_CRYPTO_KEY_VALUEncr-audit

3 files changed, 77 insertions, 0 deletions

diff --git a/crypto/userspace/ncr-key.c b/crypto/userspace/ncr-key.c
index e614f687075..e6f7f025848 100644
--- a/crypto/userspace/ncr-key.c
+++ b/crypto/userspace/ncr-key.c
@@ -415,6 +415,9 @@ void ncr_key_clear(struct key_item_st* item)
 			    NULL, ncr_algorithm_name(item->algorithm),
 			    item->desc, item->key_id, item->key_id_size, -1,
 			    NULL, 0);
+	if (item->type == NCR_KEY_TYPE_PRIVATE ||
+		item->type == NCR_KEY_TYPE_PUBLIC)
+		ncr_pk_audit_values(item);
 
 	/* clears any previously allocated parameters */
 	if (item->type == NCR_KEY_TYPE_PRIVATE ||
@@ -500,6 +503,9 @@ fail:
 	audit_log_crypto_op(AUDIT_CRYPTO_OP_KEY_GEN, lst->id, -1, NULL,
 			    ncr_algorithm_name(algo), item->desc, item->key_id,
 			    item->key_id_size, -1, NULL, 0);
+	if (item->type == NCR_KEY_TYPE_PUBLIC
+	    || item->type == NCR_KEY_TYPE_PRIVATE)
+		ncr_pk_audit_values(item);
 
 	if (ret < 0) item->type = NCR_KEY_TYPE_INVALID;
 	_ncr_key_item_put(item);
@@ -746,6 +752,8 @@ fail:
 			    public != NULL ? public->desc : -1,
 			    public != NULL ? public->key_id : NULL,
 			    public != NULL ? public->key_id_size : 0);
+	if (public != NULL && ret >= 0)
+		ncr_pk_audit_values(public);
 
 	if (public) {
 		if (ret < 0) public->type = NCR_KEY_TYPE_INVALID;
diff --git a/crypto/userspace/ncr-pk.c b/crypto/userspace/ncr-pk.c
index 3dc589a6a05..c858c2aeb18 100644
--- a/crypto/userspace/ncr-pk.c
+++ b/crypto/userspace/ncr-pk.c
@@ -22,6 +22,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  */
 
+#include <linux/audit.h>
 #include <linux/ioctl.h>
 #include <linux/mm.h>
 #include <linux/ncr.h>
@@ -338,6 +339,69 @@ fail:
 	return 0;
 }
 
+#ifdef CONFIG_AUDIT
+static int
+set_crypto_value(struct audit_crypto_value *dst, char name, mp_int *src)
+{
+	int cret;
+
+	dst->name = name;
+	dst->value_size = mp_unsigned_bin_size(src);
+	dst->value = kmalloc(dst->value_size, GFP_KERNEL);
+	cret = mp_to_unsigned_bin(src, dst->value);
+	if (cret != CRYPT_OK) {
+		kfree(dst->value);
+		return _ncr_tomerr(cret);
+	}
+	return 0;
+}
+
+void ncr_pk_audit_values(struct key_item_st *key)
+{
+	struct audit_crypto_value v[4];
+	size_t i;
+
+	i = 0;
+	switch (key->algorithm->algo) {
+#define VALUE(NAME, MPI)						\
+		do {							\
+			if (set_crypto_value(v + i, (NAME), (MPI)) != 0) \
+				goto free_it;				\
+			i++;						\
+		} while (0)
+
+	case NCR_ALG_RSA:
+		VALUE('n', &key->key.pk.rsa.N);
+		VALUE('e', &key->key.pk.rsa.e);
+		break;
+
+	case NCR_ALG_DSA:
+		VALUE('p', &key->key.pk.dsa.p);
+		VALUE('q', &key->key.pk.dsa.q);
+		VALUE('g', &key->key.pk.dsa.g);
+		VALUE('y', &key->key.pk.dsa.y);
+		break;
+
+	case NCR_ALG_DH:
+		VALUE('y', &key->key.pk.dh.y);
+		break;
+
+	default:
+		return;
+#undef VALUE
+	}
+	audit_log_crypto_values(v, i);
+	return;
+
+free_it:
+	while (i != 0) {
+		i--;
+		kfree(v[i].value);
+	}
+}
+#endif
+
+
 /* Encryption/Decryption
  */
 
diff --git a/crypto/userspace/ncr-pk.h b/crypto/userspace/ncr-pk.h
index fb9aba5b5ee..1d4b8067d36 100644
--- a/crypto/userspace/ncr-pk.h
+++ b/crypto/userspace/ncr-pk.h
@@ -25,6 +25,11 @@ int ncr_pk_generate(const struct algo_properties_st *algo, struct nlattr *tb[],
 	struct key_item_st* private, struct key_item_st* public);
 int ncr_pk_pack( const struct key_item_st * key, uint8_t * packed, uint32_t * packed_size);
 int ncr_pk_unpack( struct key_item_st * key, const void * packed, size_t packed_size);
+#ifdef CONFIG_AUDIT
+void ncr_pk_audit_values(struct key_item_st *key);
+#else
+#define ncr_pk_audit_values(key) ((void)0)
+#endif
 
 /* encryption/decryption */
 int ncr_pk_cipher_init(const struct algo_properties_st *algo,