Annotation of src/usr.bin/tcfs/tcfs_keymaint.c, Revision 1.5
1.1 provos 1: /*
2: * Transparent Cryptographic File System (TCFS) for NetBSD
3: * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it]
4: *
5: * references: http://tcfs.dia.unisa.it
6: * tcfs-bsd@tcfs.unisa.it
7: */
8:
9: /*
10: * Base utility set v0.1
11: */
12:
13: #include <ctype.h>
14: #include <pwd.h>
15: #include <unistd.h>
16: #include <sys/types.h>
17: #include <sys/param.h>
18: #include <sys/mount.h>
19: #include <sys/ucred.h>
1.3 provos 20: #include <blf.h>
21:
1.1 provos 22: #include <miscfs/tcfs/tcfs.h>
23: #include <miscfs/tcfs/tcfs_cmd.h>
24:
25: #include "tcfsdefines.h"
26: #include "uuencode.h"
27:
28: int
29: tcfs_verify_fs(char *fs)
30: {
31: int ret;
32: struct statfs buf;
33:
34: ret = statfs(fs, &buf);
35:
36: if (ret)
37: return 0;
38:
39: if (!strcmp("tcfs", buf.f_fstypename))
40: return (1);
41: else
42: return (0);
43: }
44:
45: int
46: tcfs_callfunction(char *filesystem, struct tcfs_args *arg)
47: {
48: int i;
49: if (tcfs_verify_fs(filesystem))
50: i = mount("tcfs",filesystem,MNT_UPDATE,(void*)arg);
51: else
52: i = -1;
53:
54: return (i);
55: }
56:
57: int
1.5 ! provos 58: tcfs_decrypt_key (char *pwd, u_char *t, u_char *tk, int tklen)
1.1 provos 59: {
1.5 ! provos 60: int i = 0, len;
1.1 provos 61: char pass[_PASSWORD_LEN], *cypher;
1.3 provos 62: char tcfskey[2*KEYSIZE], iv[8];
63: blf_ctx ctx;
1.1 provos 64:
65: if (!tk)
66: return 0;
67:
1.5 ! provos 68: strlcpy (pass, pwd, sizeof(pass));
1.1 provos 69:
1.5 ! provos 70: len = uudecode ((char *)t, tcfskey, sizeof(tcfskey));
! 71: if (len == -1) {
1.2 provos 72: fprintf(stderr, "tcfs_decrypt_key: uudecode failed\n");
1.1 provos 73: return 0;
1.5 ! provos 74: } else if (len != tklen) {
! 75: fprintf(stderr, "tcfs_decrypt_key: uudecode wrong length\n");
! 76: return 0;
1.2 provos 77: }
1.1 provos 78:
79: while (strlen (pass) < 8) {
80: char tmp[_PASSWORD_LEN];
81: strcpy (tmp, pass);
82: strcat (tmp, pass);
83: strcat (pass, tmp);
84: }
85:
1.3 provos 86: blf_key(&ctx, pass, strlen(pass));
87: memset(iv, 0, sizeof(iv));
1.5 ! provos 88: blf_cbc_decrypt(&ctx, iv, tcfskey, tklen);
1.1 provos 89:
90: memset (pass, 0, strlen (pass));
1.3 provos 91: memset (&ctx, 0, sizeof(ctx));
1.1 provos 92:
1.5 ! provos 93: memcpy (tk, tcfskey, tklen);
1.1 provos 94: return 1;
95: }
96:
97: int
1.5 ! provos 98: tcfs_encrypt_key (char *pw, u_char *key, int klen, u_char *ek, int eklen)
1.1 provos 99: {
100: int i = 0;
1.3 provos 101: char pass[_PASSWORD_LEN], iv[8];
102: blf_ctx ctx;
1.2 provos 103: int res;
1.1 provos 104:
105: if (!ek)
106: return 0;
107:
1.5 ! provos 108: strlcpy (pass, pw, sizeof(pass));
1.1 provos 109:
110: while (strlen(pass) < 8) {
111: char tmp[_PASSWORD_LEN];
112:
113: strcpy (tmp, pass);
114: strcat (tmp, pass);
115: strcat (pass, tmp);
116: }
1.3 provos 117:
118: blf_key(&ctx, pass, strlen(pass));
1.4 provos 119: memset(iv, 0, sizeof(iv));
1.5 ! provos 120: blf_cbc_encrypt(&ctx, iv, key, klen);
1.1 provos 121:
1.3 provos 122: memset(&ctx, 0, sizeof(ctx));
1.1 provos 123:
1.5 ! provos 124: res = uuencode (key, klen, ek, eklen);
! 125: if (res != eklen - 1) {
1.2 provos 126: fprintf(stderr, "tcfs_encrypt_key: uuencode length wrong\n");
127: return (0);
128: }
1.1 provos 129:
130: return 1;
131: }
132:
1.2 provos 133: int
134: tcfs_user_enable(char *filesystem, uid_t user, u_char *key)
1.1 provos 135: {
136: struct tcfs_args a;
137: a.user = user;
138: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
139: a.cmd = TCFS_PUT_UIDKEY;
140: return tcfs_callfunction(filesystem,&a);
141: }
142:
1.2 provos 143: int
144: tcfs_user_disable(char *filesystem, uid_t user)
1.1 provos 145: {
146: struct tcfs_args a;
147: a.user = user;
148: a.cmd = TCFS_RM_UIDKEY;
149: return tcfs_callfunction(filesystem, &a);
150: }
151:
1.2 provos 152: int
153: tcfs_proc_enable(char *filesystem, uid_t user, pid_t pid, char *key)
1.1 provos 154: {
155: struct tcfs_args a;
156: a.user = user;
157: a.cmd = TCFS_PUT_PIDKEY;
158: a.proc = pid;
159: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
160: return tcfs_callfunction(filesystem, &a);
161: }
162:
1.2 provos 163: int
164: tcfs_proc_disable(char *filesystem, uid_t user, pid_t pid)
1.1 provos 165: {
166: struct tcfs_args a;
167: a.user = user;
168: a.cmd = TCFS_RM_PIDKEY;
169: a.proc = pid;
170: return tcfs_callfunction(filesystem, &a);
171: }
172:
1.2 provos 173: int
174: tcfs_group_enable(char *filesystem, uid_t uid, gid_t gid,
175: int tre, char *key)
1.1 provos 176: {
177: struct tcfs_args a;
178: a.cmd = TCFS_PUT_GIDKEY;
179: a.user = uid;
180: a.group = gid;
181: a.treshold = tre;
182: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
183: return tcfs_callfunction(filesystem,&a);
184: }
185:
186: int tcfs_group_disable(char *filesystem, uid_t uid, gid_t gid)
187: {
188: struct tcfs_args a;
189: a.cmd = TCFS_RM_GIDKEY;
190: a.user = uid;
191: a.group = gid;
192: return tcfs_callfunction(filesystem,&a);
193: }
194:
195: