void deInit_Managers(void)
{
SEC_FREE(getting_TrackInfo);
SEC_FREE(notifying_TrackInfo);
SEC_FREE(notified_TrackInfo);
SEC_FREE(rejected_TrackInfo);
SEC_FREE(exceptionURL);
}
void free_tcp_TrackInfo(tcp_TrackInfo *node)
{
if (node != NULL)
{
SEC_FREE(node->host)
SEC_FREE(node->referer);
SEC_FREE(node->url);
kfree(node);
}
}
// sec_filter driver write function
ssize_t sec_url_filter_write( struct file *filp, const char *buf, size_t count, loff_t *f_pos)
{
int result = -EIO;
if ((buf != NULL) && (count >4))
{
short version = *(short *)buf;
int cmd = *(int *)(buf+sizeof(short));
char *data = (char *)(buf+sizeof(short)+sizeof(int));
{
if (version == 0)
{
switch(cmd)
{
case SET_FILTER_MODE: // Turn On and Off filtering.
{
filterMode = *(int *)data;
result = count;
if (filterMode == FILTER_MODE_OFF)
{
wake_up_interruptible(&user_noti_Q);
clean_tcp_TrackInfos(getting_TrackInfo);
clean_tcp_TrackInfos(rejected_TrackInfo);
clean_tcp_TrackInfos(notifying_TrackInfo);
clean_tcp_TrackInfos(notified_TrackInfo);
SEC_FREE(exceptionURL);
SEC_FREE(errorMsg);
}
printk(KERN_INFO "SEC URL Filter Mode : %d\n", filterMode);
}
break;
case SET_USER_SELECT: //version 2, id 4, choice 2
{
tcp_TrackInfo *selectInfo = NULL;
int id = *((int *)(data));
int choice = *((int *)(data+sizeof(unsigned int)));
unsigned int verdict = NF_DROP;
struct nf_queue_entry *entry= NULL;
selectInfo = find_tcp_TrackInfo_withID(notified_TrackInfo, id, 1);
if (selectInfo != NULL)
{
result = count;
entry = (struct nf_queue_entry *)selectInfo->q_entry;
selectInfo->q_entry = NULL;
selectInfo->status = choice;
if (choice == ALLOW || ((filterMode == FILTER_MODE_ON_RESPONSE)||(filterMode == FILTER_MODE_ON_RESPONSE_REFER)))
{
verdict = NF_ACCEPT; //Response case should send packet
}
if (choice == BLOCK)
{
add_tcp_TrackInfo(rejected_TrackInfo, selectInfo); // Add this node to Rejected List.
}
else
{
free_tcp_TrackInfo(selectInfo);
}
nf_reinject(entry, verdict); // Reinject packet with the verdict
}
else
{
printk("SEC_FILTER_URL : NO SUCH ID\n");
}
}
break;
case SET_EXCEPTION_URL:
{
int urlLen = *((int *)(data));
SEC_FREE(exceptionURL);
exceptionURL = SEC_MALLOC(urlLen+1);
if (exceptionURL != NULL)
{
memcpy(exceptionURL, (data+sizeof(int)), urlLen);
result = count;
}
}
break;
case SET_ERROR_MSG:
{
int msgLen = *((int *)(data));
SEC_FREE(errorMsg);
errMsgSize = 0;
errorMsg = SEC_MALLOC(msgLen+1);
if (errorMsg != NULL)
{
memcpy(errorMsg, (data+sizeof(int)), msgLen);
errMsgSize = msgLen;
result = count;
}
}
break;
}
}
}
}
return result;
}
Sec_Result SecStore_RetrieveData(Sec_ProcessorHandle *proc, SEC_BOOL require_mac,
void *user_header, SEC_SIZE user_header_len,
void *data, SEC_SIZE data_len, void *store, SEC_SIZE storeLen)
{
Sec_Result res = SEC_RESULT_FAILURE;
SEC_BYTE mac_key[32];
SEC_BYTE mac[32];
unsigned int mac_len;
void *copy = NULL;
SEC_BYTE pad[SEC_AES_BLOCK_SIZE];
if (store == NULL)
{
SEC_LOG_ERROR("Null store");
goto done;
}
if (storeLen < sizeof(SecStore_Header))
{
SEC_LOG_ERROR("Invalid store length: %d", storeLen);
goto done;
}
if (memcmp(SEC_STORE_MAGIC, SecStore_GetHeader(store)->store_magic, strlen(SEC_STORE_MAGIC)) != 0)
{
SEC_LOG_ERROR("Invalid store magic value");
goto done;
}
if (storeLen < SecStore_GetStoreLen(store))
{
SEC_LOG_ERROR("Invalid store length: %d", storeLen);
goto done;
}
/* create a copy of the store that will be decrypted */
copy = malloc(SecStore_GetStoreLen(store));
if (NULL == copy)
{
SEC_LOG_ERROR("malloc failed");
goto done;
}
memcpy(copy, store, SecStore_GetStoreLen(store));
/* decrypt container */
if (SecStore_GetHeader(copy)->flags & SEC_STORE_FLAG_IS_ENCRYPTED)
{
if (SEC_RESULT_SUCCESS != SecStore_Decrypt(proc, copy, SecStore_GetStoreLen(copy)))
{
SEC_LOG_ERROR("SecStore_Decrypt failed");
goto done;
}
}
/* check padding */
memset(pad, SecStore_GetPaddedDataLen(copy) - SecStore_GetDataLen(copy), sizeof(pad));
if (Sec_Memcmp(pad, SecStore_GetData(copy) + SecStore_GetDataLen(copy), pad[0]) != 0)
{
SEC_LOG_ERROR( "Invalid pad value encountered");
/*
SEC_PRINT("pad: "); Sec_PrintHex(SecStore_GetData(copy) + SecStore_GetDataLen(copy), pad[0]); SEC_PRINT("\n");
*/
goto done;
}
/* mac value */
if (!(SecStore_GetHeader(copy)->flags & SEC_STORE_FLAG_IS_MACED))
{
if (require_mac)
{
SEC_LOG_ERROR("Key container does not have a mac value");
goto done;
}
}
else
{
if (SEC_RESULT_SUCCESS != SecStore_ComputeMacKey(proc, SEC_STORE_MAC_KEY_INPUT, mac_key, sizeof(mac_key)))
{
SEC_LOG_ERROR("SecStore_ComputeMacKey failed");
goto done;
}
if (NULL == HMAC(EVP_sha256(), mac_key, sizeof(mac_key),
copy, SecStore_GetStoreLen(copy) - SEC_STORE_MAC_LEN - SEC_STORE_IV_LEN,
mac, &mac_len))
{
SEC_LOG_ERROR("HMAC failed");
goto done;
}
if (mac_len != SEC_STORE_MAC_LEN || Sec_Memcmp(mac, SecStore_GetMac(copy), SEC_STORE_MAC_LEN) != 0)
{
SEC_LOG_ERROR("Mac does not match");
goto done;
}
}
/* get user_header */
if (user_header != NULL)
{
if (user_header_len < SecStore_GetUserHeaderLen(copy))
{
SEC_LOG_ERROR("output buffer not large enough to hold user_header");
goto done;
}
memcpy(user_header, SecStore_GetUserHeader(copy), SecStore_GetUserHeaderLen(copy));
}
/* get data */
if (data != NULL)
{
if (data_len < SecStore_GetDataLen(copy))
{
SEC_LOG_ERROR("output buffer not large enough to hold data");
goto done;
}
memcpy(data, SecStore_GetData(copy), SecStore_GetDataLen(copy));
}
res = SEC_RESULT_SUCCESS;
done:
Sec_Memset(mac_key, 0, sizeof(mac_key));
if (NULL != copy)
{
Sec_Memset(copy, 0, SecStore_GetStoreLen(store));
SEC_FREE(copy);
}
return res;
}
