Annotation of src/usr.bin/tcfs/tcfs_keymaint.c, Revision 1.1.1.1
1.1 provos 1: /*
2: * Transparent Cryptographic File System (TCFS) for NetBSD
3: * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it]
4: *
5: * references: http://tcfs.dia.unisa.it
6: * tcfs-bsd@tcfs.unisa.it
7: */
8:
9: /*
10: * Base utility set v0.1
11: */
12:
13: #include <ctype.h>
14: #include <pwd.h>
15: #include <unistd.h>
16: #include <sys/types.h>
17: #include <sys/param.h>
18: #include <sys/mount.h>
19: #include <sys/ucred.h>
20: #include <des.h>
21: #include <miscfs/tcfs/tcfs.h>
22: #include <miscfs/tcfs/tcfs_cmd.h>
23:
24: #include "tcfsdefines.h"
25: #include "uuencode.h"
26:
27: int
28: tcfs_verify_fs(char *fs)
29: {
30: int ret;
31: struct statfs buf;
32:
33: ret = statfs(fs, &buf);
34:
35: if (ret)
36: return 0;
37:
38: if (!strcmp("tcfs", buf.f_fstypename))
39: return (1);
40: else
41: return (0);
42: }
43:
44: int
45: tcfs_callfunction(char *filesystem, struct tcfs_args *arg)
46: {
47: int i;
48: if (tcfs_verify_fs(filesystem))
49: i = mount("tcfs",filesystem,MNT_UPDATE,(void*)arg);
50: else
51: i = -1;
52:
53: return (i);
54: }
55:
56: int
57: tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk,
58: unsigned int flag)
59: {
60: int i = 0;
61: char pass[_PASSWORD_LEN], *cypher;
62: char tcfskey[KEYSIZE + 2];
63: des_key_schedule ks;
64: int keysize = (flag == GROUPKEY) ? KEYSIZE + KEYSIZE/8 : KEYSIZE;
65:
66: if (!tk)
67: return 0;
68:
69: strcpy (pass, pwd);
70:
71: if (uudecode ((char *)t, tcfskey, sizeof(tcfskey)) == -1)
72: return 0;
73:
74: while (strlen (pass) < 8) {
75: char tmp[_PASSWORD_LEN];
76: strcpy (tmp, pass);
77: strcat (tmp, pass);
78: strcat (pass, tmp);
79: }
80:
81: while ((i*8) < keysize) {
82: des_set_key ((des_cblock *) pass, ks);
83:
84: des_ecb_encrypt ((des_cblock *) (tcfskey+i*8),
85: (des_cblock *) (tcfskey+i*8), ks, DES_DECRYPT);
86: i++;
87: }
88: memset (pass, 0, strlen (pass));
89:
90: memcpy (tk, tcfskey, keysize);
91: return 1;
92: }
93:
94: int
95: tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek,
96: unsigned int flag)
97: {
98: int i = 0;
99: char pass[_PASSWORD_LEN];
100: des_key_schedule ks;
101: int keysize = (flag == GROUPKEY) ? KEYSIZE + KEYSIZE/8 : KEYSIZE;
102:
103: if (!ek)
104: return 0;
105:
106: strcpy (pass, pw);
107:
108: while (strlen(pass) < 8) {
109: char tmp[_PASSWORD_LEN];
110:
111: strcpy (tmp, pass);
112: strcat (tmp, pass);
113: strcat (pass, tmp);
114: }
115:
116: while ((i*8) < keysize) {
117: des_set_key((des_cblock *) pass, ks);
118: des_ecb_encrypt((des_cblock *) (key + i * 8),
119: (des_cblock *) (key + i * 8), ks, DES_ENCRYPT);
120: i++;
121: }
122:
123: uuencode (key, keysize, ek, UUKEYSIZE);
124:
125: return 1;
126: }
127:
128: int tcfs_user_enable(char *filesystem, uid_t user, u_char *key)
129: {
130: struct tcfs_args a;
131: a.user = user;
132: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
133: a.cmd = TCFS_PUT_UIDKEY;
134: return tcfs_callfunction(filesystem,&a);
135: }
136:
137: int tcfs_user_disable(char *filesystem, uid_t user)
138: {
139: struct tcfs_args a;
140: a.user = user;
141: a.cmd = TCFS_RM_UIDKEY;
142: return tcfs_callfunction(filesystem, &a);
143: }
144:
145: int tcfs_proc_enable(char *filesystem, uid_t user, pid_t pid, char *key)
146: {
147: struct tcfs_args a;
148: a.user = user;
149: a.cmd = TCFS_PUT_PIDKEY;
150: a.proc = pid;
151: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
152: return tcfs_callfunction(filesystem, &a);
153: }
154:
155: int tcfs_proc_disable(char *filesystem, uid_t user, pid_t pid)
156: {
157: struct tcfs_args a;
158: a.user = user;
159: a.cmd = TCFS_RM_PIDKEY;
160: a.proc = pid;
161: return tcfs_callfunction(filesystem, &a);
162: }
163:
164: int tcfs_group_enable(char *filesystem, uid_t uid, gid_t gid,
165: int tre, char *key)
166: {
167: struct tcfs_args a;
168: a.cmd = TCFS_PUT_GIDKEY;
169: a.user = uid;
170: a.group = gid;
171: a.treshold = tre;
172: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
173: return tcfs_callfunction(filesystem,&a);
174: }
175:
176: int tcfs_group_disable(char *filesystem, uid_t uid, gid_t gid)
177: {
178: struct tcfs_args a;
179: a.cmd = TCFS_RM_GIDKEY;
180: a.user = uid;
181: a.group = gid;
182: return tcfs_callfunction(filesystem,&a);
183: }
184:
185: