static long dek_do_ioctl_req(unsigned int minor, unsigned int cmd,
unsigned long arg) {
long ret = 0;
void __user *ubuf = (void __user *)arg;
switch (cmd) {
/*
* Request to generate DEK.
* Generate DEK and return to the user
*/
case DEK_GENERATE_DEK: {
dek_arg_generate_dek req;
printk("dek: DEK_GENERATE_DEK\n");
if(copy_from_user(&req, ubuf, sizeof(req))) {
printk("dek: can't copy from user\n");
ret = -EFAULT;
goto err;
}
dek_generate_dek(req.persona_id, &req.dek);
if(copy_to_user(ubuf, &req, sizeof(req))) {
printk("dek: can't copy to user\n");
ret = -EFAULT;
goto err;
}
break;
}
/*
* Request to encrypt given DEK.
*
* encrypt dek and return to the user
*/
case DEK_ENCRYPT_DEK: {
dek_arg_encrypt_dek req;
printk("dek: DEK_ENCRYPT_DEK\n");
if(copy_from_user(&req, ubuf, sizeof(req))) {
printk("dek: can't copy from user\n");
ret = -EFAULT;
goto err;
}
ret = dek_encrypt_dek(req.persona_id,
&req.plain_dek, &req.enc_dek);
if (ret < 0) {
goto err;
}
req.enc_type = ret;
ret = 0;
if(copy_to_user(ubuf, &req, sizeof(req))) {
printk("dek: can't copy to user\n");
ret = -EFAULT;
goto err;
}
break;
}
/*
* Request to decrypt given DEK.
*
* Decrypt dek and return to the user.
* When device is locked, private key is not available, so
* the driver must return EPERM or some kind of error.
*/
case DEK_DECRYPT_DEK: {
dek_arg_decrypt_dek req;
printk("dek: DEK_DECRYPT_DEK\n");
if(copy_from_user(&req, ubuf, sizeof(req))) {
printk("dek: can't copy from user\n");
ret = -EFAULT;
goto err;
}
ret = dek_decrypt_dek(req.persona_id,
&req.enc_dek, &req.plain_dek, req.enc_type);
if (ret < 0) {
goto err;
}
if(copy_to_user(ubuf, &req, sizeof(req))) {
printk("dek: can't copy to user\n");
ret = -EFAULT;
goto err;
}
break;
}
default:
printk("dek: case default\n");
ret = -EINVAL;
break;
}
return ret;
err:
return ret;
}
static long dek_do_ioctl_req(unsigned int minor, unsigned int cmd,
unsigned long arg) {
long ret = 0;
void __user *ubuf = (void __user *)arg;
switch (cmd) {
case DEK_IS_KEK_AVAIL: {
dek_arg_is_kek_avail req;
DEK_LOGD("DEK_IS_KEK_AVAIL\n");
memset(&req, 0, sizeof(dek_arg_is_kek_avail));
if(copy_from_user(&req, ubuf, sizeof(req))) {
DEK_LOGE("can't copy from user\n");
ret = -EFAULT;
goto err;
}
req.ret = is_kek_available(req.userid, req.kek_type);
if(req.ret < 0) {
DEK_LOGE("is_kek_available(id:%d, kek:%d) error\n",
req.userid, req.kek_type);
ret = -ENOENT;
goto err;
}
if(copy_to_user(ubuf, &req, sizeof(req))) {
DEK_LOGE("can't copy to user req\n");
zero_out((char *)&req, sizeof(dek_arg_is_kek_avail));
ret = -EFAULT;
goto err;
}
ret = 0;
}
break;
/*
* Request to generate DEK.
* Generate DEK and return to the user
*/
case DEK_GENERATE_DEK: {
dek_arg_generate_dek req;
DEK_LOGD("DEK_GENERATE_DEK\n");
memset(&req, 0, sizeof(dek_arg_generate_dek));
if(copy_from_user(&req, ubuf, sizeof(req))) {
DEK_LOGE("can't copy from user req\n");
ret = -EFAULT;
goto err;
}
dek_generate_dek(req.userid, &req.dek);
if(copy_to_user(ubuf, &req, sizeof(req))) {
DEK_LOGE("can't copy to user req\n");
zero_out((char *)&req, sizeof(dek_arg_generate_dek));
ret = -EFAULT;
goto err;
}
zero_out((char *)&req, sizeof(dek_arg_generate_dek));
break;
}
/*
* Request to encrypt given DEK.
*
* encrypt dek and return to the user
*/
case DEK_ENCRYPT_DEK: {
dek_arg_encrypt_dek req;
DEK_LOGD("DEK_ENCRYPT_DEK\n");
memset(&req, 0, sizeof(dek_arg_encrypt_dek));
if(copy_from_user(&req, ubuf, sizeof(req))) {
DEK_LOGE("can't copy from user req\n");
zero_out((char *)&req, sizeof(dek_arg_encrypt_dek));
ret = -EFAULT;
goto err;
}
ret = dek_encrypt_dek(req.userid,
&req.plain_dek, &req.enc_dek);
if (ret < 0) {
zero_out((char *)&req, sizeof(dek_arg_encrypt_dek));
goto err;
}
if(copy_to_user(ubuf, &req, sizeof(req))) {
DEK_LOGE("can't copy to user req\n");
zero_out((char *)&req, sizeof(dek_arg_encrypt_dek));
ret = -EFAULT;
goto err;
}
zero_out((char *)&req, sizeof(dek_arg_encrypt_dek));
break;
}
/*
* Request to decrypt given DEK.
*
* Decrypt dek and return to the user.
* When device is locked, private key is not available, so
* the driver must return EPERM or some kind of error.
*/
case DEK_DECRYPT_DEK: {
dek_arg_decrypt_dek req;
DEK_LOGD("DEK_DECRYPT_DEK\n");
memset(&req, 0, sizeof(dek_arg_decrypt_dek));
if(copy_from_user(&req, ubuf, sizeof(req))) {
DEK_LOGE("can't copy from user req\n");
zero_out((char *)&req, sizeof(dek_arg_decrypt_dek));
ret = -EFAULT;
goto err;
}
ret = dek_decrypt_dek(req.userid,
&req.enc_dek, &req.plain_dek);
if (ret < 0) {
zero_out((char *)&req, sizeof(dek_arg_decrypt_dek));
goto err;
}
if(copy_to_user(ubuf, &req, sizeof(req))) {
DEK_LOGE("can't copy to user req\n");
zero_out((char *)&req, sizeof(dek_arg_decrypt_dek));
ret = -EFAULT;
goto err;
}
zero_out((char *)&req, sizeof(dek_arg_decrypt_dek));
break;
}
default:
DEK_LOGE("%s case default\n", __func__);
ret = -EINVAL;
break;
}
return ret;
err:
return ret;
}
int dek_decrypt_dek_efs(int persona_id, dek *encDek, dek *plainDek, int type) {
return dek_decrypt_dek(persona_id, encDek, plainDek, type);
}
int dek_decrypt_dek_efs(int userid, dek_t *encDek, dek_t *plainDek) {
return dek_decrypt_dek(userid, encDek, plainDek);
}