static long dek_do_ioctl_req(unsigned int minor, unsigned int cmd,
		unsigned long arg) {
	long ret = 0;
	void __user *ubuf = (void __user *)arg;

	switch (cmd) {
	/*
	 * Request to generate DEK.
	 * Generate DEK and return to the user
	 */
	case DEK_GENERATE_DEK: {
		dek_arg_generate_dek req;

		printk("dek: DEK_GENERATE_DEK\n");

		if(copy_from_user(&req, ubuf, sizeof(req))) {
			printk("dek: can't copy from user\n");
			ret = -EFAULT;
			goto err;
		}
		dek_generate_dek(req.persona_id, &req.dek);
		if(copy_to_user(ubuf, &req, sizeof(req))) {
			printk("dek: can't copy to user\n");
			ret = -EFAULT;
			goto err;
		}
		break;
	}
	/*
	 * Request to encrypt given DEK.
	 *
	 * encrypt dek and return to the user
	 */
	case DEK_ENCRYPT_DEK: {
		dek_arg_encrypt_dek req;

		printk("dek: DEK_ENCRYPT_DEK\n");

		if(copy_from_user(&req, ubuf, sizeof(req))) {
			printk("dek: can't copy from user\n");
			ret = -EFAULT;
			goto err;
		}
		ret = dek_encrypt_dek(req.persona_id,
				&req.plain_dek, &req.enc_dek);
		if (ret < 0) {
			goto err;
		}
		req.enc_type = ret;
		ret = 0;
		if(copy_to_user(ubuf, &req, sizeof(req))) {
			printk("dek: can't copy to user\n");
			ret = -EFAULT;
			goto err;
		}
		break;
	}
	/*
	 * Request to decrypt given DEK.
	 *
	 * Decrypt dek and return to the user.
	 * When device is locked, private key is not available, so
	 * the driver must return EPERM or some kind of error.
	 */
	case DEK_DECRYPT_DEK: {
		dek_arg_decrypt_dek req;

		printk("dek: DEK_DECRYPT_DEK\n");

		if(copy_from_user(&req, ubuf, sizeof(req))) {
			printk("dek: can't copy from user\n");
			ret = -EFAULT;
			goto err;
		}
		ret = dek_decrypt_dek(req.persona_id,
				&req.enc_dek, &req.plain_dek, req.enc_type);
		if (ret < 0) {
			goto err;
		}
		if(copy_to_user(ubuf, &req, sizeof(req))) {
			printk("dek: can't copy to user\n");
			ret = -EFAULT;
			goto err;
		}
		break;
	}

	default:
		printk("dek: case default\n");
		ret = -EINVAL;
		break;
	}

	return ret;
err:
	return ret;
}
Exemple #2
0
static long dek_do_ioctl_req(unsigned int minor, unsigned int cmd,
		unsigned long arg) {
	long ret = 0;
	void __user *ubuf = (void __user *)arg;

	switch (cmd) {
    case DEK_IS_KEK_AVAIL: {
        dek_arg_is_kek_avail req;

        DEK_LOGD("DEK_IS_KEK_AVAIL\n");

        memset(&req, 0, sizeof(dek_arg_is_kek_avail));
        if(copy_from_user(&req, ubuf, sizeof(req))) {
            DEK_LOGE("can't copy from user\n");
            ret = -EFAULT;
            goto err;
        }

        req.ret = is_kek_available(req.userid, req.kek_type);
        if(req.ret < 0) {
            DEK_LOGE("is_kek_available(id:%d, kek:%d) error\n",
                    req.userid, req.kek_type);
            ret = -ENOENT;
            goto err;
        }

        if(copy_to_user(ubuf, &req, sizeof(req))) {
            DEK_LOGE("can't copy to user req\n");
            zero_out((char *)&req, sizeof(dek_arg_is_kek_avail));
            ret = -EFAULT;
            goto err;
        }

        ret = 0;
    }
    break;
	/*
	 * Request to generate DEK.
	 * Generate DEK and return to the user
	 */
	case DEK_GENERATE_DEK: {
		dek_arg_generate_dek req;

		DEK_LOGD("DEK_GENERATE_DEK\n");

		memset(&req, 0, sizeof(dek_arg_generate_dek));
		if(copy_from_user(&req, ubuf, sizeof(req))) {
			DEK_LOGE("can't copy from user req\n");
			ret = -EFAULT;
			goto err;
		}
		dek_generate_dek(req.userid, &req.dek);
		if(copy_to_user(ubuf, &req, sizeof(req))) {
			DEK_LOGE("can't copy to user req\n");
			zero_out((char *)&req, sizeof(dek_arg_generate_dek));
			ret = -EFAULT;
			goto err;
		}
		zero_out((char *)&req, sizeof(dek_arg_generate_dek));
		break;
	}
	/*
	 * Request to encrypt given DEK.
	 *
	 * encrypt dek and return to the user
	 */
	case DEK_ENCRYPT_DEK: {
		dek_arg_encrypt_dek req;

		DEK_LOGD("DEK_ENCRYPT_DEK\n");

		memset(&req, 0, sizeof(dek_arg_encrypt_dek));
		if(copy_from_user(&req, ubuf, sizeof(req))) {
			DEK_LOGE("can't copy from user req\n");
			zero_out((char *)&req, sizeof(dek_arg_encrypt_dek));
			ret = -EFAULT;
			goto err;
		}
		ret = dek_encrypt_dek(req.userid,
				&req.plain_dek, &req.enc_dek);
		if (ret < 0) {
			zero_out((char *)&req, sizeof(dek_arg_encrypt_dek));
			goto err;
		}
		if(copy_to_user(ubuf, &req, sizeof(req))) {
			DEK_LOGE("can't copy to user req\n");
			zero_out((char *)&req, sizeof(dek_arg_encrypt_dek));
			ret = -EFAULT;
			goto err;
		}
		zero_out((char *)&req, sizeof(dek_arg_encrypt_dek));
		break;
	}
	/*
	 * Request to decrypt given DEK.
	 *
	 * Decrypt dek and return to the user.
	 * When device is locked, private key is not available, so
	 * the driver must return EPERM or some kind of error.
	 */
	case DEK_DECRYPT_DEK: {
		dek_arg_decrypt_dek req;

		DEK_LOGD("DEK_DECRYPT_DEK\n");

		memset(&req, 0, sizeof(dek_arg_decrypt_dek));
		if(copy_from_user(&req, ubuf, sizeof(req))) {
			DEK_LOGE("can't copy from user req\n");
			zero_out((char *)&req, sizeof(dek_arg_decrypt_dek));
			ret = -EFAULT;
			goto err;
		}
		ret = dek_decrypt_dek(req.userid,
				&req.enc_dek, &req.plain_dek);
		if (ret < 0) {
			zero_out((char *)&req, sizeof(dek_arg_decrypt_dek));
			goto err;
		}
		if(copy_to_user(ubuf, &req, sizeof(req))) {
			DEK_LOGE("can't copy to user req\n");
			zero_out((char *)&req, sizeof(dek_arg_decrypt_dek));
			ret = -EFAULT;
			goto err;
		}
		zero_out((char *)&req, sizeof(dek_arg_decrypt_dek));
		break;
	}

	default:
		DEK_LOGE("%s case default\n", __func__);
		ret = -EINVAL;
		break;
	}

	return ret;
err:
	return ret;
}
int dek_decrypt_dek_efs(int persona_id, dek *encDek, dek *plainDek, int type) {
	return dek_decrypt_dek(persona_id, encDek, plainDek, type);
}
Exemple #4
0
int dek_decrypt_dek_efs(int userid, dek_t *encDek, dek_t *plainDek) {
	return dek_decrypt_dek(userid, encDek, plainDek);
}