Annotation of src/usr.bin/tcfs/tcfs_keymaint.c, Revision 1.3
1.1 provos 1: /*
2: * Transparent Cryptographic File System (TCFS) for NetBSD
3: * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it]
4: *
5: * references: http://tcfs.dia.unisa.it
6: * tcfs-bsd@tcfs.unisa.it
7: */
8:
9: /*
10: * Base utility set v0.1
11: */
12:
13: #include <ctype.h>
14: #include <pwd.h>
15: #include <unistd.h>
16: #include <sys/types.h>
17: #include <sys/param.h>
18: #include <sys/mount.h>
19: #include <sys/ucred.h>
1.3 ! provos 20: #include <blf.h>
! 21:
1.1 provos 22: #include <miscfs/tcfs/tcfs.h>
23: #include <miscfs/tcfs/tcfs_cmd.h>
24:
25: #include "tcfsdefines.h"
26: #include "uuencode.h"
27:
28: int
29: tcfs_verify_fs(char *fs)
30: {
31: int ret;
32: struct statfs buf;
33:
34: ret = statfs(fs, &buf);
35:
36: if (ret)
37: return 0;
38:
39: if (!strcmp("tcfs", buf.f_fstypename))
40: return (1);
41: else
42: return (0);
43: }
44:
45: int
46: tcfs_callfunction(char *filesystem, struct tcfs_args *arg)
47: {
48: int i;
49: if (tcfs_verify_fs(filesystem))
50: i = mount("tcfs",filesystem,MNT_UPDATE,(void*)arg);
51: else
52: i = -1;
53:
54: return (i);
55: }
56:
57: int
58: tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk,
59: unsigned int flag)
60: {
61: int i = 0;
62: char pass[_PASSWORD_LEN], *cypher;
1.3 ! provos 63: char tcfskey[2*KEYSIZE], iv[8];
! 64: blf_ctx ctx;
! 65: int keysize = (flag == GROUPKEY) ? GKEYSIZE : KEYSIZE;
1.1 provos 66:
67: if (!tk)
68: return 0;
69:
70: strcpy (pass, pwd);
71:
1.2 provos 72: if (uudecode ((char *)t, tcfskey, sizeof(tcfskey)) == -1) {
73: fprintf(stderr, "tcfs_decrypt_key: uudecode failed\n");
1.1 provos 74: return 0;
1.2 provos 75: }
1.1 provos 76:
77: while (strlen (pass) < 8) {
78: char tmp[_PASSWORD_LEN];
79: strcpy (tmp, pass);
80: strcat (tmp, pass);
81: strcat (pass, tmp);
82: }
83:
1.3 ! provos 84: blf_key(&ctx, pass, strlen(pass));
! 85: memset(iv, 0, sizeof(iv));
! 86: blf_cbc_decrypt(&ctx, iv, tcfskey, keysize);
1.1 provos 87:
88: memset (pass, 0, strlen (pass));
1.3 ! provos 89: memset (&ctx, 0, sizeof(ctx));
1.1 provos 90:
91: memcpy (tk, tcfskey, keysize);
92: return 1;
93: }
94:
95: int
96: tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek,
97: unsigned int flag)
98: {
99: int i = 0;
1.3 ! provos 100: char pass[_PASSWORD_LEN], iv[8];
! 101: blf_ctx ctx;
! 102: int keysize = (flag == GROUPKEY) ? GKEYSIZE : KEYSIZE;
1.2 provos 103: int uulen = (flag == GROUPKEY) ? UUGKEYSIZE : UUKEYSIZE;
104: int res;
1.1 provos 105:
106: if (!ek)
107: return 0;
108:
109: strcpy (pass, pw);
110:
111: while (strlen(pass) < 8) {
112: char tmp[_PASSWORD_LEN];
113:
114: strcpy (tmp, pass);
115: strcat (tmp, pass);
116: strcat (pass, tmp);
117: }
1.3 ! provos 118:
! 119: blf_key(&ctx, pass, strlen(pass));
! 120: blf_cbc_encrypt(&ctx, iv, key, keysize);
1.1 provos 121:
1.3 ! provos 122: memset(&ctx, 0, sizeof(ctx));
1.1 provos 123:
1.2 provos 124: res = uuencode (key, keysize, ek, uulen + 1);
125: if (res != uulen) {
126: fprintf(stderr, "tcfs_encrypt_key: uuencode length wrong\n");
127: return (0);
128: }
1.1 provos 129:
130: return 1;
131: }
132:
1.2 provos 133: int
134: tcfs_user_enable(char *filesystem, uid_t user, u_char *key)
1.1 provos 135: {
136: struct tcfs_args a;
137: a.user = user;
138: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
139: a.cmd = TCFS_PUT_UIDKEY;
140: return tcfs_callfunction(filesystem,&a);
141: }
142:
1.2 provos 143: int
144: tcfs_user_disable(char *filesystem, uid_t user)
1.1 provos 145: {
146: struct tcfs_args a;
147: a.user = user;
148: a.cmd = TCFS_RM_UIDKEY;
149: return tcfs_callfunction(filesystem, &a);
150: }
151:
1.2 provos 152: int
153: tcfs_proc_enable(char *filesystem, uid_t user, pid_t pid, char *key)
1.1 provos 154: {
155: struct tcfs_args a;
156: a.user = user;
157: a.cmd = TCFS_PUT_PIDKEY;
158: a.proc = pid;
159: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
160: return tcfs_callfunction(filesystem, &a);
161: }
162:
1.2 provos 163: int
164: tcfs_proc_disable(char *filesystem, uid_t user, pid_t pid)
1.1 provos 165: {
166: struct tcfs_args a;
167: a.user = user;
168: a.cmd = TCFS_RM_PIDKEY;
169: a.proc = pid;
170: return tcfs_callfunction(filesystem, &a);
171: }
172:
1.2 provos 173: int
174: tcfs_group_enable(char *filesystem, uid_t uid, gid_t gid,
175: int tre, char *key)
1.1 provos 176: {
177: struct tcfs_args a;
178: a.cmd = TCFS_PUT_GIDKEY;
179: a.user = uid;
180: a.group = gid;
181: a.treshold = tre;
182: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
183: return tcfs_callfunction(filesystem,&a);
184: }
185:
186: int tcfs_group_disable(char *filesystem, uid_t uid, gid_t gid)
187: {
188: struct tcfs_args a;
189: a.cmd = TCFS_RM_GIDKEY;
190: a.user = uid;
191: a.group = gid;
192: return tcfs_callfunction(filesystem,&a);
193: }
194:
195: