diff options
Diffstat (limited to 'crypto/userspace/ncr-key.c')
-rw-r--r-- | crypto/userspace/ncr-key.c | 64 |
1 files changed, 53 insertions, 11 deletions
diff --git a/crypto/userspace/ncr-key.c b/crypto/userspace/ncr-key.c index e293a1b14ba..e6f7f025848 100644 --- a/crypto/userspace/ncr-key.c +++ b/crypto/userspace/ncr-key.c @@ -22,6 +22,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ +#include <linux/audit.h> #include <linux/ioctl.h> #include <linux/mm.h> #include <linux/ncr.h> @@ -175,6 +176,7 @@ int ncr_key_init(struct ncr_lists *lst) atomic_set(&key->writer, 0); key->uid = current_euid(); key->pid = task_pid_nr(current); + key->context_id = lst->id; mutex_lock(&lst->key_idr_mutex); /* idr_pre_get() should preallocate enough, and, due to key_idr_mutex, @@ -280,9 +282,12 @@ int ret; } fail: + audit_log_crypto_op(AUDIT_CRYPTO_OP_KEY_EXPORT, lst->id, -1, NULL, + ncr_algorithm_name(item->algorithm), item->desc, + item->key_id, item->key_id_size, -1, NULL, 0); + kfree(tmp); - if (item) - _ncr_key_item_put(item); + _ncr_key_item_put(item); return ret; } @@ -394,8 +399,11 @@ size_t tmp_size; ret = 0; fail: - if (item) - _ncr_key_item_put(item); + audit_log_crypto_op(AUDIT_CRYPTO_OP_KEY_IMPORT, lst->id, -1, NULL, + ncr_algorithm_name(item->algorithm), item->desc, + item->key_id, item->key_id_size, -1, NULL, 0); + + _ncr_key_item_put(item); kfree(tmp); return ret; @@ -403,6 +411,14 @@ fail: void ncr_key_clear(struct key_item_st* item) { + audit_log_crypto_op(AUDIT_CRYPTO_OP_KEY_ZEROIZE, item->context_id, -1, + NULL, ncr_algorithm_name(item->algorithm), + item->desc, item->key_id, item->key_id_size, -1, + NULL, 0); + if (item->type == NCR_KEY_TYPE_PRIVATE || + item->type == NCR_KEY_TYPE_PUBLIC) + ncr_pk_audit_values(item); + /* clears any previously allocated parameters */ if (item->type == NCR_KEY_TYPE_PRIVATE || item->type == NCR_KEY_TYPE_PUBLIC) { @@ -424,7 +440,7 @@ int ncr_key_generate(struct ncr_lists *lst, const struct ncr_key_generate *gen, { const struct nlattr *nla; struct key_item_st* item = NULL; -const struct algo_properties_st *algo; +const struct algo_properties_st *algo = NULL; int ret; size_t size; @@ -484,10 +500,15 @@ size_t size; ret = 0; fail: - if (item) { - if (ret < 0) item->type = NCR_KEY_TYPE_INVALID; - _ncr_key_item_put(item); - } + audit_log_crypto_op(AUDIT_CRYPTO_OP_KEY_GEN, lst->id, -1, NULL, + ncr_algorithm_name(algo), item->desc, item->key_id, + item->key_id_size, -1, NULL, 0); + if (item->type == NCR_KEY_TYPE_PUBLIC + || item->type == NCR_KEY_TYPE_PRIVATE) + ncr_pk_audit_values(item); + + if (ret < 0) item->type = NCR_KEY_TYPE_INVALID; + _ncr_key_item_put(item); return ret; } @@ -653,6 +674,10 @@ int ret; } fail: + audit_log_crypto_op(AUDIT_CRYPTO_OP_KEY_GET_INFO, lst->id, -1, NULL, + ncr_algorithm_name(item->algorithm), item->desc, + item->key_id, item->key_id_size, -1, NULL, 0); + _ncr_key_item_put( item); return ret; @@ -718,6 +743,18 @@ int ret; ret = 0; fail: + audit_log_crypto_op(AUDIT_CRYPTO_OP_KEY_GEN, lst->id, -1, NULL, + ncr_algorithm_name(private != NULL + ? private->algorithm : NULL), + private != NULL ? private->desc : -1, + private != NULL ? private->key_id : NULL, + private != NULL ? private->key_id_size : 0, + public != NULL ? public->desc : -1, + public != NULL ? public->key_id : NULL, + public != NULL ? public->key_id_size : 0); + if (public != NULL && ret >= 0) + ncr_pk_audit_values(public); + if (public) { if (ret < 0) public->type = NCR_KEY_TYPE_INVALID; _ncr_key_item_put(public); @@ -780,8 +817,13 @@ struct key_item_st* newkey = NULL; } fail: - if (key) - _ncr_key_item_put(key); + audit_log_crypto_op(AUDIT_CRYPTO_OP_KEY_DERIVE, lst->id, -1, NULL, + ncr_algorithm_name(key->algorithm), key->desc, + key->key_id, key->key_id_size, data->input_key, + newkey != NULL ? newkey->key_id : NULL, + newkey != NULL ? newkey->key_id_size : 0); + + _ncr_key_item_put(key); if (newkey) _ncr_key_item_put(newkey); return ret; |