Annotation of src/usr.bin/tcfs/tcfs_keymaint.c, Revision 1.4
1.1 provos 1: /*
2: * Transparent Cryptographic File System (TCFS) for NetBSD
3: * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it]
4: *
5: * references: http://tcfs.dia.unisa.it
6: * tcfs-bsd@tcfs.unisa.it
7: */
8:
9: /*
10: * Base utility set v0.1
11: */
12:
13: #include <ctype.h>
14: #include <pwd.h>
15: #include <unistd.h>
16: #include <sys/types.h>
17: #include <sys/param.h>
18: #include <sys/mount.h>
19: #include <sys/ucred.h>
1.3 provos 20: #include <blf.h>
21:
1.1 provos 22: #include <miscfs/tcfs/tcfs.h>
23: #include <miscfs/tcfs/tcfs_cmd.h>
24:
25: #include "tcfsdefines.h"
26: #include "uuencode.h"
27:
28: int
29: tcfs_verify_fs(char *fs)
30: {
31: int ret;
32: struct statfs buf;
33:
34: ret = statfs(fs, &buf);
35:
36: if (ret)
37: return 0;
38:
39: if (!strcmp("tcfs", buf.f_fstypename))
40: return (1);
41: else
42: return (0);
43: }
44:
45: int
46: tcfs_callfunction(char *filesystem, struct tcfs_args *arg)
47: {
48: int i;
49: if (tcfs_verify_fs(filesystem))
50: i = mount("tcfs",filesystem,MNT_UPDATE,(void*)arg);
51: else
52: i = -1;
53:
54: return (i);
55: }
56:
57: int
58: tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk,
59: unsigned int flag)
60: {
61: int i = 0;
62: char pass[_PASSWORD_LEN], *cypher;
1.3 provos 63: char tcfskey[2*KEYSIZE], iv[8];
64: blf_ctx ctx;
65: int keysize = (flag == GROUPKEY) ? GKEYSIZE : KEYSIZE;
1.1 provos 66:
67: if (!tk)
68: return 0;
69:
70: strcpy (pass, pwd);
71:
1.2 provos 72: if (uudecode ((char *)t, tcfskey, sizeof(tcfskey)) == -1) {
73: fprintf(stderr, "tcfs_decrypt_key: uudecode failed\n");
1.1 provos 74: return 0;
1.2 provos 75: }
1.1 provos 76:
77: while (strlen (pass) < 8) {
78: char tmp[_PASSWORD_LEN];
79: strcpy (tmp, pass);
80: strcat (tmp, pass);
81: strcat (pass, tmp);
82: }
83:
1.3 provos 84: blf_key(&ctx, pass, strlen(pass));
85: memset(iv, 0, sizeof(iv));
86: blf_cbc_decrypt(&ctx, iv, tcfskey, keysize);
1.1 provos 87:
88: memset (pass, 0, strlen (pass));
1.3 provos 89: memset (&ctx, 0, sizeof(ctx));
1.1 provos 90:
91: memcpy (tk, tcfskey, keysize);
92: return 1;
93: }
94:
95: int
96: tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek,
97: unsigned int flag)
98: {
99: int i = 0;
1.3 provos 100: char pass[_PASSWORD_LEN], iv[8];
101: blf_ctx ctx;
102: int keysize = (flag == GROUPKEY) ? GKEYSIZE : KEYSIZE;
1.2 provos 103: int uulen = (flag == GROUPKEY) ? UUGKEYSIZE : UUKEYSIZE;
104: int res;
1.1 provos 105:
106: if (!ek)
107: return 0;
108:
109: strcpy (pass, pw);
110:
111: while (strlen(pass) < 8) {
112: char tmp[_PASSWORD_LEN];
113:
114: strcpy (tmp, pass);
115: strcat (tmp, pass);
116: strcat (pass, tmp);
117: }
1.3 provos 118:
119: blf_key(&ctx, pass, strlen(pass));
1.4 ! provos 120: memset(iv, 0, sizeof(iv));
1.3 provos 121: blf_cbc_encrypt(&ctx, iv, key, keysize);
1.1 provos 122:
1.3 provos 123: memset(&ctx, 0, sizeof(ctx));
1.1 provos 124:
1.2 provos 125: res = uuencode (key, keysize, ek, uulen + 1);
126: if (res != uulen) {
127: fprintf(stderr, "tcfs_encrypt_key: uuencode length wrong\n");
128: return (0);
129: }
1.1 provos 130:
131: return 1;
132: }
133:
1.2 provos 134: int
135: tcfs_user_enable(char *filesystem, uid_t user, u_char *key)
1.1 provos 136: {
137: struct tcfs_args a;
138: a.user = user;
139: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
140: a.cmd = TCFS_PUT_UIDKEY;
141: return tcfs_callfunction(filesystem,&a);
142: }
143:
1.2 provos 144: int
145: tcfs_user_disable(char *filesystem, uid_t user)
1.1 provos 146: {
147: struct tcfs_args a;
148: a.user = user;
149: a.cmd = TCFS_RM_UIDKEY;
150: return tcfs_callfunction(filesystem, &a);
151: }
152:
1.2 provos 153: int
154: tcfs_proc_enable(char *filesystem, uid_t user, pid_t pid, char *key)
1.1 provos 155: {
156: struct tcfs_args a;
157: a.user = user;
158: a.cmd = TCFS_PUT_PIDKEY;
159: a.proc = pid;
160: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
161: return tcfs_callfunction(filesystem, &a);
162: }
163:
1.2 provos 164: int
165: tcfs_proc_disable(char *filesystem, uid_t user, pid_t pid)
1.1 provos 166: {
167: struct tcfs_args a;
168: a.user = user;
169: a.cmd = TCFS_RM_PIDKEY;
170: a.proc = pid;
171: return tcfs_callfunction(filesystem, &a);
172: }
173:
1.2 provos 174: int
175: tcfs_group_enable(char *filesystem, uid_t uid, gid_t gid,
176: int tre, char *key)
1.1 provos 177: {
178: struct tcfs_args a;
179: a.cmd = TCFS_PUT_GIDKEY;
180: a.user = uid;
181: a.group = gid;
182: a.treshold = tre;
183: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
184: return tcfs_callfunction(filesystem,&a);
185: }
186:
187: int tcfs_group_disable(char *filesystem, uid_t uid, gid_t gid)
188: {
189: struct tcfs_args a;
190: a.cmd = TCFS_RM_GIDKEY;
191: a.user = uid;
192: a.group = gid;
193: return tcfs_callfunction(filesystem,&a);
194: }
195:
196: