Annotation of src/usr.bin/tcfs/tcfs_keymaint.c, Revision 1.6
1.1 provos 1: /*
2: * Transparent Cryptographic File System (TCFS) for NetBSD
3: * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it]
4: *
5: * references: http://tcfs.dia.unisa.it
6: * tcfs-bsd@tcfs.unisa.it
7: */
8:
9: /*
10: * Base utility set v0.1
11: */
12:
13: #include <sys/types.h>
14: #include <sys/param.h>
15: #include <sys/mount.h>
16: #include <sys/ucred.h>
1.3 provos 17: #include <blf.h>
1.6 ! fgsch 18: #include <ctype.h>
! 19: #include <pwd.h>
! 20: #include <string.h>
! 21: #include <unistd.h>
1.3 provos 22:
1.1 provos 23: #include <miscfs/tcfs/tcfs.h>
24: #include <miscfs/tcfs/tcfs_cmd.h>
25:
26: #include "tcfsdefines.h"
27: #include "uuencode.h"
28:
29: int
30: tcfs_verify_fs(char *fs)
31: {
32: int ret;
33: struct statfs buf;
34:
35: ret = statfs(fs, &buf);
36:
37: if (ret)
38: return 0;
39:
40: if (!strcmp("tcfs", buf.f_fstypename))
41: return (1);
42: else
43: return (0);
44: }
45:
46: int
47: tcfs_callfunction(char *filesystem, struct tcfs_args *arg)
48: {
49: int i;
50: if (tcfs_verify_fs(filesystem))
51: i = mount("tcfs",filesystem,MNT_UPDATE,(void*)arg);
52: else
53: i = -1;
54:
55: return (i);
56: }
57:
58: int
1.5 provos 59: tcfs_decrypt_key (char *pwd, u_char *t, u_char *tk, int tklen)
1.1 provos 60: {
1.6 ! fgsch 61: char pass[_PASSWORD_LEN];
1.3 provos 62: char tcfskey[2*KEYSIZE], iv[8];
63: blf_ctx ctx;
1.6 ! fgsch 64: int len;
1.1 provos 65:
66: if (!tk)
67: return 0;
68:
1.5 provos 69: strlcpy (pass, pwd, sizeof(pass));
1.1 provos 70:
1.5 provos 71: len = uudecode ((char *)t, tcfskey, sizeof(tcfskey));
72: if (len == -1) {
1.2 provos 73: fprintf(stderr, "tcfs_decrypt_key: uudecode failed\n");
1.1 provos 74: return 0;
1.5 provos 75: } else if (len != tklen) {
76: fprintf(stderr, "tcfs_decrypt_key: uudecode wrong length\n");
77: return 0;
1.2 provos 78: }
1.1 provos 79:
80: while (strlen (pass) < 8) {
81: char tmp[_PASSWORD_LEN];
82: strcpy (tmp, pass);
83: strcat (tmp, pass);
84: strcat (pass, tmp);
85: }
86:
1.3 provos 87: blf_key(&ctx, pass, strlen(pass));
88: memset(iv, 0, sizeof(iv));
1.5 provos 89: blf_cbc_decrypt(&ctx, iv, tcfskey, tklen);
1.1 provos 90:
91: memset (pass, 0, strlen (pass));
1.3 provos 92: memset (&ctx, 0, sizeof(ctx));
1.1 provos 93:
1.5 provos 94: memcpy (tk, tcfskey, tklen);
1.1 provos 95: return 1;
96: }
97:
98: int
1.5 provos 99: tcfs_encrypt_key (char *pw, u_char *key, int klen, u_char *ek, int eklen)
1.1 provos 100: {
1.3 provos 101: char pass[_PASSWORD_LEN], iv[8];
102: blf_ctx ctx;
1.2 provos 103: int res;
1.1 provos 104:
105: if (!ek)
106: return 0;
107:
1.5 provos 108: strlcpy (pass, pw, sizeof(pass));
1.1 provos 109:
110: while (strlen(pass) < 8) {
111: char tmp[_PASSWORD_LEN];
112:
113: strcpy (tmp, pass);
114: strcat (tmp, pass);
115: strcat (pass, tmp);
116: }
1.3 provos 117:
118: blf_key(&ctx, pass, strlen(pass));
1.4 provos 119: memset(iv, 0, sizeof(iv));
1.5 provos 120: blf_cbc_encrypt(&ctx, iv, key, klen);
1.1 provos 121:
1.3 provos 122: memset(&ctx, 0, sizeof(ctx));
1.1 provos 123:
1.5 provos 124: res = uuencode (key, klen, ek, eklen);
125: if (res != eklen - 1) {
1.2 provos 126: fprintf(stderr, "tcfs_encrypt_key: uuencode length wrong\n");
127: return (0);
128: }
1.1 provos 129:
130: return 1;
131: }
132:
1.2 provos 133: int
134: tcfs_user_enable(char *filesystem, uid_t user, u_char *key)
1.1 provos 135: {
136: struct tcfs_args a;
137: a.user = user;
138: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
139: a.cmd = TCFS_PUT_UIDKEY;
140: return tcfs_callfunction(filesystem,&a);
141: }
142:
1.2 provos 143: int
144: tcfs_user_disable(char *filesystem, uid_t user)
1.1 provos 145: {
146: struct tcfs_args a;
147: a.user = user;
148: a.cmd = TCFS_RM_UIDKEY;
149: return tcfs_callfunction(filesystem, &a);
150: }
151:
1.2 provos 152: int
153: tcfs_proc_enable(char *filesystem, uid_t user, pid_t pid, char *key)
1.1 provos 154: {
155: struct tcfs_args a;
156: a.user = user;
157: a.cmd = TCFS_PUT_PIDKEY;
158: a.proc = pid;
159: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
160: return tcfs_callfunction(filesystem, &a);
161: }
162:
1.2 provos 163: int
164: tcfs_proc_disable(char *filesystem, uid_t user, pid_t pid)
1.1 provos 165: {
166: struct tcfs_args a;
167: a.user = user;
168: a.cmd = TCFS_RM_PIDKEY;
169: a.proc = pid;
170: return tcfs_callfunction(filesystem, &a);
171: }
172:
1.2 provos 173: int
174: tcfs_group_enable(char *filesystem, uid_t uid, gid_t gid,
175: int tre, char *key)
1.1 provos 176: {
177: struct tcfs_args a;
178: a.cmd = TCFS_PUT_GIDKEY;
179: a.user = uid;
180: a.group = gid;
181: a.treshold = tre;
182: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
183: return tcfs_callfunction(filesystem,&a);
184: }
185:
186: int tcfs_group_disable(char *filesystem, uid_t uid, gid_t gid)
187: {
188: struct tcfs_args a;
189: a.cmd = TCFS_RM_GIDKEY;
190: a.user = uid;
191: a.group = gid;
192: return tcfs_callfunction(filesystem,&a);
193: }
194:
195: