Annotation of src/usr.bin/tcfs/tcfs_keymaint.c, Revision 1.7
1.7 ! fgsch 1: /* $OpenBSD$ */
! 2:
1.1 provos 3: /*
4: * Transparent Cryptographic File System (TCFS) for NetBSD
5: * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it]
6: *
7: * references: http://tcfs.dia.unisa.it
8: * tcfs-bsd@tcfs.unisa.it
9: */
10:
11: /*
12: * Base utility set v0.1
13: */
14:
15: #include <sys/types.h>
16: #include <sys/param.h>
17: #include <sys/mount.h>
18: #include <sys/ucred.h>
1.3 provos 19: #include <blf.h>
1.6 fgsch 20: #include <ctype.h>
21: #include <pwd.h>
22: #include <string.h>
23: #include <unistd.h>
1.3 provos 24:
1.1 provos 25: #include <miscfs/tcfs/tcfs.h>
26: #include <miscfs/tcfs/tcfs_cmd.h>
27:
28: #include "tcfsdefines.h"
29: #include "uuencode.h"
30:
31: int
32: tcfs_verify_fs(char *fs)
33: {
34: int ret;
35: struct statfs buf;
36:
37: ret = statfs(fs, &buf);
38:
39: if (ret)
40: return 0;
41:
42: if (!strcmp("tcfs", buf.f_fstypename))
43: return (1);
44: else
45: return (0);
46: }
47:
48: int
49: tcfs_callfunction(char *filesystem, struct tcfs_args *arg)
50: {
51: int i;
52: if (tcfs_verify_fs(filesystem))
53: i = mount("tcfs",filesystem,MNT_UPDATE,(void*)arg);
54: else
55: i = -1;
56:
57: return (i);
58: }
59:
60: int
1.5 provos 61: tcfs_decrypt_key (char *pwd, u_char *t, u_char *tk, int tklen)
1.1 provos 62: {
1.6 fgsch 63: char pass[_PASSWORD_LEN];
1.3 provos 64: char tcfskey[2*KEYSIZE], iv[8];
65: blf_ctx ctx;
1.6 fgsch 66: int len;
1.1 provos 67:
68: if (!tk)
69: return 0;
70:
1.5 provos 71: strlcpy (pass, pwd, sizeof(pass));
1.1 provos 72:
1.5 provos 73: len = uudecode ((char *)t, tcfskey, sizeof(tcfskey));
74: if (len == -1) {
1.2 provos 75: fprintf(stderr, "tcfs_decrypt_key: uudecode failed\n");
1.1 provos 76: return 0;
1.5 provos 77: } else if (len != tklen) {
78: fprintf(stderr, "tcfs_decrypt_key: uudecode wrong length\n");
79: return 0;
1.2 provos 80: }
1.1 provos 81:
82: while (strlen (pass) < 8) {
83: char tmp[_PASSWORD_LEN];
84: strcpy (tmp, pass);
85: strcat (tmp, pass);
86: strcat (pass, tmp);
87: }
88:
1.3 provos 89: blf_key(&ctx, pass, strlen(pass));
90: memset(iv, 0, sizeof(iv));
1.5 provos 91: blf_cbc_decrypt(&ctx, iv, tcfskey, tklen);
1.1 provos 92:
93: memset (pass, 0, strlen (pass));
1.3 provos 94: memset (&ctx, 0, sizeof(ctx));
1.1 provos 95:
1.5 provos 96: memcpy (tk, tcfskey, tklen);
1.1 provos 97: return 1;
98: }
99:
100: int
1.5 provos 101: tcfs_encrypt_key (char *pw, u_char *key, int klen, u_char *ek, int eklen)
1.1 provos 102: {
1.3 provos 103: char pass[_PASSWORD_LEN], iv[8];
104: blf_ctx ctx;
1.2 provos 105: int res;
1.1 provos 106:
107: if (!ek)
108: return 0;
109:
1.5 provos 110: strlcpy (pass, pw, sizeof(pass));
1.1 provos 111:
112: while (strlen(pass) < 8) {
113: char tmp[_PASSWORD_LEN];
114:
115: strcpy (tmp, pass);
116: strcat (tmp, pass);
117: strcat (pass, tmp);
118: }
1.3 provos 119:
120: blf_key(&ctx, pass, strlen(pass));
1.4 provos 121: memset(iv, 0, sizeof(iv));
1.5 provos 122: blf_cbc_encrypt(&ctx, iv, key, klen);
1.1 provos 123:
1.3 provos 124: memset(&ctx, 0, sizeof(ctx));
1.1 provos 125:
1.5 provos 126: res = uuencode (key, klen, ek, eklen);
127: if (res != eklen - 1) {
1.2 provos 128: fprintf(stderr, "tcfs_encrypt_key: uuencode length wrong\n");
129: return (0);
130: }
1.1 provos 131:
132: return 1;
133: }
134:
1.2 provos 135: int
136: tcfs_user_enable(char *filesystem, uid_t user, u_char *key)
1.1 provos 137: {
138: struct tcfs_args a;
139: a.user = user;
140: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
141: a.cmd = TCFS_PUT_UIDKEY;
142: return tcfs_callfunction(filesystem,&a);
143: }
144:
1.2 provos 145: int
146: tcfs_user_disable(char *filesystem, uid_t user)
1.1 provos 147: {
148: struct tcfs_args a;
149: a.user = user;
150: a.cmd = TCFS_RM_UIDKEY;
151: return tcfs_callfunction(filesystem, &a);
152: }
153:
1.2 provos 154: int
155: tcfs_proc_enable(char *filesystem, uid_t user, pid_t pid, char *key)
1.1 provos 156: {
157: struct tcfs_args a;
158: a.user = user;
159: a.cmd = TCFS_PUT_PIDKEY;
160: a.proc = pid;
161: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
162: return tcfs_callfunction(filesystem, &a);
163: }
164:
1.2 provos 165: int
166: tcfs_proc_disable(char *filesystem, uid_t user, pid_t pid)
1.1 provos 167: {
168: struct tcfs_args a;
169: a.user = user;
170: a.cmd = TCFS_RM_PIDKEY;
171: a.proc = pid;
172: return tcfs_callfunction(filesystem, &a);
173: }
174:
1.2 provos 175: int
176: tcfs_group_enable(char *filesystem, uid_t uid, gid_t gid,
177: int tre, char *key)
1.1 provos 178: {
179: struct tcfs_args a;
180: a.cmd = TCFS_PUT_GIDKEY;
181: a.user = uid;
182: a.group = gid;
183: a.treshold = tre;
184: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
185: return tcfs_callfunction(filesystem,&a);
186: }
187:
188: int tcfs_group_disable(char *filesystem, uid_t uid, gid_t gid)
189: {
190: struct tcfs_args a;
191: a.cmd = TCFS_RM_GIDKEY;
192: a.user = uid;
193: a.group = gid;
194: return tcfs_callfunction(filesystem,&a);
195: }
196:
197: