static long dek_do_ioctl_req(unsigned int minor, unsigned int cmd, unsigned long arg) { long ret = 0; void __user *ubuf = (void __user *)arg; switch (cmd) { /* * Request to generate DEK. * Generate DEK and return to the user */ case DEK_GENERATE_DEK: { dek_arg_generate_dek req; printk("dek: DEK_GENERATE_DEK\n"); if(copy_from_user(&req, ubuf, sizeof(req))) { printk("dek: can't copy from user\n"); ret = -EFAULT; goto err; } dek_generate_dek(req.persona_id, &req.dek); if(copy_to_user(ubuf, &req, sizeof(req))) { printk("dek: can't copy to user\n"); ret = -EFAULT; goto err; } break; } /* * Request to encrypt given DEK. * * encrypt dek and return to the user */ case DEK_ENCRYPT_DEK: { dek_arg_encrypt_dek req; printk("dek: DEK_ENCRYPT_DEK\n"); if(copy_from_user(&req, ubuf, sizeof(req))) { printk("dek: can't copy from user\n"); ret = -EFAULT; goto err; } ret = dek_encrypt_dek(req.persona_id, &req.plain_dek, &req.enc_dek); if (ret < 0) { goto err; } req.enc_type = ret; ret = 0; if(copy_to_user(ubuf, &req, sizeof(req))) { printk("dek: can't copy to user\n"); ret = -EFAULT; goto err; } break; } /* * Request to decrypt given DEK. * * Decrypt dek and return to the user. * When device is locked, private key is not available, so * the driver must return EPERM or some kind of error. */ case DEK_DECRYPT_DEK: { dek_arg_decrypt_dek req; printk("dek: DEK_DECRYPT_DEK\n"); if(copy_from_user(&req, ubuf, sizeof(req))) { printk("dek: can't copy from user\n"); ret = -EFAULT; goto err; } ret = dek_decrypt_dek(req.persona_id, &req.enc_dek, &req.plain_dek, req.enc_type); if (ret < 0) { goto err; } if(copy_to_user(ubuf, &req, sizeof(req))) { printk("dek: can't copy to user\n"); ret = -EFAULT; goto err; } break; } default: printk("dek: case default\n"); ret = -EINVAL; break; } return ret; err: return ret; }
static long dek_do_ioctl_req(unsigned int minor, unsigned int cmd, unsigned long arg) { long ret = 0; void __user *ubuf = (void __user *)arg; switch (cmd) { case DEK_IS_KEK_AVAIL: { dek_arg_is_kek_avail req; DEK_LOGD("DEK_IS_KEK_AVAIL\n"); memset(&req, 0, sizeof(dek_arg_is_kek_avail)); if(copy_from_user(&req, ubuf, sizeof(req))) { DEK_LOGE("can't copy from user\n"); ret = -EFAULT; goto err; } req.ret = is_kek_available(req.userid, req.kek_type); if(req.ret < 0) { DEK_LOGE("is_kek_available(id:%d, kek:%d) error\n", req.userid, req.kek_type); ret = -ENOENT; goto err; } if(copy_to_user(ubuf, &req, sizeof(req))) { DEK_LOGE("can't copy to user req\n"); zero_out((char *)&req, sizeof(dek_arg_is_kek_avail)); ret = -EFAULT; goto err; } ret = 0; } break; /* * Request to generate DEK. * Generate DEK and return to the user */ case DEK_GENERATE_DEK: { dek_arg_generate_dek req; DEK_LOGD("DEK_GENERATE_DEK\n"); memset(&req, 0, sizeof(dek_arg_generate_dek)); if(copy_from_user(&req, ubuf, sizeof(req))) { DEK_LOGE("can't copy from user req\n"); ret = -EFAULT; goto err; } dek_generate_dek(req.userid, &req.dek); if(copy_to_user(ubuf, &req, sizeof(req))) { DEK_LOGE("can't copy to user req\n"); zero_out((char *)&req, sizeof(dek_arg_generate_dek)); ret = -EFAULT; goto err; } zero_out((char *)&req, sizeof(dek_arg_generate_dek)); break; } /* * Request to encrypt given DEK. * * encrypt dek and return to the user */ case DEK_ENCRYPT_DEK: { dek_arg_encrypt_dek req; DEK_LOGD("DEK_ENCRYPT_DEK\n"); memset(&req, 0, sizeof(dek_arg_encrypt_dek)); if(copy_from_user(&req, ubuf, sizeof(req))) { DEK_LOGE("can't copy from user req\n"); zero_out((char *)&req, sizeof(dek_arg_encrypt_dek)); ret = -EFAULT; goto err; } ret = dek_encrypt_dek(req.userid, &req.plain_dek, &req.enc_dek); if (ret < 0) { zero_out((char *)&req, sizeof(dek_arg_encrypt_dek)); goto err; } if(copy_to_user(ubuf, &req, sizeof(req))) { DEK_LOGE("can't copy to user req\n"); zero_out((char *)&req, sizeof(dek_arg_encrypt_dek)); ret = -EFAULT; goto err; } zero_out((char *)&req, sizeof(dek_arg_encrypt_dek)); break; } /* * Request to decrypt given DEK. * * Decrypt dek and return to the user. * When device is locked, private key is not available, so * the driver must return EPERM or some kind of error. */ case DEK_DECRYPT_DEK: { dek_arg_decrypt_dek req; DEK_LOGD("DEK_DECRYPT_DEK\n"); memset(&req, 0, sizeof(dek_arg_decrypt_dek)); if(copy_from_user(&req, ubuf, sizeof(req))) { DEK_LOGE("can't copy from user req\n"); zero_out((char *)&req, sizeof(dek_arg_decrypt_dek)); ret = -EFAULT; goto err; } ret = dek_decrypt_dek(req.userid, &req.enc_dek, &req.plain_dek); if (ret < 0) { zero_out((char *)&req, sizeof(dek_arg_decrypt_dek)); goto err; } if(copy_to_user(ubuf, &req, sizeof(req))) { DEK_LOGE("can't copy to user req\n"); zero_out((char *)&req, sizeof(dek_arg_decrypt_dek)); ret = -EFAULT; goto err; } zero_out((char *)&req, sizeof(dek_arg_decrypt_dek)); break; } default: DEK_LOGE("%s case default\n", __func__); ret = -EINVAL; break; } return ret; err: return ret; }
int dek_decrypt_dek_efs(int persona_id, dek *encDek, dek *plainDek, int type) { return dek_decrypt_dek(persona_id, encDek, plainDek, type); }
int dek_decrypt_dek_efs(int userid, dek_t *encDek, dek_t *plainDek) { return dek_decrypt_dek(userid, encDek, plainDek); }