← Back to branch summary

~ecryptfs/ecryptfs/trunk

« back to all changes in this revision

Viewing changes to src/key_mod/ecryptfs_key_mod_tspi.c

  • Committer: mhalcrow@us.ibm.com
  • Date: 2007-11-06 22:56:01 UTC
  • Revision ID: git-v1:f8357de9d554b274497b5cce9db4347254b7e7eb
Initial import of eCryptfs filesystem userspace utilities (mount helper, daemon component,
etc.)

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/key_mod/ecryptfs_key_mod_tspi.c
 
1
/**
 
2
 * Copyright (C) 2006-2007 International Business Machines Corp.
 
3
 * Author(s): Mike Halcrow <mhalcrow@us.ibm.com>
 
4
 *            Kent Yoder <kyoder@users.sf.net>
 
5
 *
 
6
 * This program is free software; you can redistribute it and/or
 
7
 * modify it under the terms of the GNU General Public License as
 
8
 * published by the Free Software Foundation; either version 2 of the
 
9
 * License, or (at your option) any later version.
 
10
 *
 
11
 * This program is distributed in the hope that it will be useful, but
 
12
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 
13
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 
14
 * General Public License for more details.
 
15
 *
 
16
 * You should have received a copy of the GNU General Public License
 
17
 * along with this program; if not, write to the Free Software
 
18
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 
19
 * 02111-1307, USA.
 
20
 */
 
21
 
 
22
#include <sys/types.h>
 
23
#include <sys/stat.h>
 
24
#include <fcntl.h>
 
25
#include <stdio.h>
 
26
#include <stdlib.h>
 
27
#include <string.h>
 
28
#include <errno.h>
 
29
#include <trousers/tss.h>
 
30
#include "config.h"
 
31
#include "../include/ecryptfs.h"
 
32
#include "../include/decision_graph.h"
 
33
 
 
34
#undef DEBUG
 
35
 
 
36
#ifdef DEBUG
 
37
#define DBGSYSLOG(x, ...)       syslog(LOG_DEBUG, x, ##__VA_ARGS__)
 
38
#define DBG_print_hex(a,b)      print_hex(a,b)
 
39
 
 
40
static void
 
41
print_hex(BYTE *buf, uint32_t len)
 
42
{
 
43
        uint32_t i = 0, j;
 
44
 
 
45
        while (i < len) {
 
46
                for (j=0; (j < 15) && (i < len); j++, i++)
 
47
                        syslog(LOG_INFO, "%02x\n", buf[i] & 0xff);
 
48
        }
 
49
}
 
50
 
 
51
#else
 
52
#define LOG()
 
53
#define DBGSYSLOG(x, ...)
 
54
#define DBG_print_hex(a,b)
 
55
#endif
 
56
 
 
57
static TSS_UUID ecryptfs_tspi_srk_uuid = TSS_UUID_SRK;
 
58
 
 
59
static struct key_mapper {
 
60
        TSS_UUID uuid;
 
61
        TSS_HKEY hKey;
 
62
        struct key_mapper *next;
 
63
} *mapper = NULL;
 
64
 
 
65
struct tspi_data {
 
66
        TSS_UUID uuid;
 
67
};
 
68
 
 
69
static void ecryptfs_tspi_to_hex(char *dst, char *src, int src_size)
 
70
{
 
71
        int x;
 
72
 
 
73
        for (x = 0; x < src_size; x++)
 
74
                sprintf(&dst[x * 2], "%.2x", (unsigned char)src[x]);
 
75
}
 
76
 
 
77
static int ecryptfs_tspi_generate_signature(char *sig, BYTE *n, uint32_t nbytes)
 
78
{
 
79
        int len, i;
 
80
        char hash[SHA1_DIGEST_LENGTH];
 
81
        char *data = NULL;
 
82
        BYTE e[] = { 1, 0, 1 }; /* The e for all TPM RSA keys */
 
83
        int rc = 0;
 
84
 
 
85
        len = 10 + nbytes + sizeof(e);
 
86
        if ((data = malloc(3 + len)) == NULL) {
 
87
                syslog(LOG_ERR, "Out of memory\n");
 
88
                rc = -ENOMEM;
 
89
                goto out;
 
90
        }
 
91
        i = 0;
 
92
        data[i++] = '\x99';
 
93
        data[i++] = (char)(len >> 8);
 
94
        data[i++] = (char)len;
 
95
        data[i++] = '\x04';
 
96
        data[i++] = '\00';
 
97
        data[i++] = '\00';
 
98
        data[i++] = '\00';
 
99
        data[i++] = '\00';
 
100
        data[i++] = '\02';
 
101
        data[i++] = (char)((nbytes * 8) >> 8);
 
102
        data[i++] = (char)(nbytes * 8);
 
103
        memcpy(&data[i], n, nbytes);
 
104
        i += nbytes;
 
105
        data[i++] = (char)((sizeof(e) * 8) >> 8);
 
106
        data[i++] = (char)(sizeof(e) * 8);
 
107
        memcpy(&data[i], e, sizeof(e));
 
108
        i += sizeof(e);
 
109
        SHA1(data, len + 3, hash);
 
110
        ecryptfs_tspi_to_hex(sig, hash, ECRYPTFS_SIG_SIZE);
 
111
        sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
 
112
out:
 
113
        free(data);
 
114
        return rc;
 
115
}
 
116
 
 
117
static int
 
118
ecryptfs_tspi_deserialize(struct tspi_data *tspi_data, unsigned char *blob)
 
119
{
 
120
        int rc = 0;
 
121
 
 
122
        memcpy(&tspi_data->uuid, blob, sizeof(TSS_UUID));
 
123
out:
 
124
        return rc;
 
125
}
 
126
 
 
127
static int ecryptfs_tspi_get_key_sig(unsigned char *sig, unsigned char *blob)
 
128
{
 
129
        struct tspi_data tspi_data;
 
130
        BYTE *n;
 
131
        uint32_t size_n;
 
132
        TSS_RESULT result;
 
133
        TSS_HCONTEXT h_ctx;
 
134
        TSS_HKEY hKey;
 
135
        int rc = 0;
 
136
 
 
137
        ecryptfs_tspi_deserialize(&tspi_data, blob);
 
138
        if ((result = Tspi_Context_Create(&h_ctx)) != TSS_SUCCESS) {
 
139
                syslog(LOG_ERR, "Tspi_Context_Create failed: [%s]\n",
 
140
                       Trspi_Error_String(result));
 
141
                rc = -EIO;
 
142
                goto out;
 
143
        }
 
144
        DBG_print_hex((BYTE *)&tspi_data.uuid, sizeof(TSS_UUID));
 
145
        if ((result = Tspi_Context_GetKeyByUUID(h_ctx, TSS_PS_TYPE_USER,
 
146
                                                tspi_data.uuid, &hKey))
 
147
            != TSS_SUCCESS) {
 
148
                syslog(LOG_ERR, "Tspi_Context_GetKeyByUUID failed: [%s]\n",
 
149
                       Trspi_Error_String(result));
 
150
                rc = -EIO;
 
151
                goto out;
 
152
        }
 
153
        if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO,
 
154
                                         TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
 
155
                                         &size_n, &n))
 
156
            != TSS_SUCCESS) {
 
157
                syslog(LOG_ERR, "Tspi_GetAttribUint32 failed: [%s]\n",
 
158
                       Trspi_Error_String(result));
 
159
                rc = -EIO;
 
160
                goto out;
 
161
        }
 
162
        rc = ecryptfs_tspi_generate_signature(sig, n, size_n);
 
163
out:
 
164
        return rc;
 
165
}
 
166
 
 
167
static pthread_mutex_t encrypt_lock = PTHREAD_MUTEX_INITIALIZER;
 
168
 
 
169
static int
 
170
ecryptfs_tspi_encrypt(char *to, size_t *to_size, char *from, size_t from_size,
 
171
                      unsigned char *blob, int blob_type)
 
172
{
 
173
        static TSS_HPOLICY h_srk_policy = 0;
 
174
        static TSS_HKEY h_srk = 0;
 
175
        TSS_RESULT result;
 
176
        TSS_HCONTEXT h_encrypt_ctx;
 
177
        TSS_HKEY hKey;
 
178
        TSS_HENCDATA h_encdata;
 
179
        uint32_t encdata_size;
 
180
        BYTE *encdata;
 
181
        struct tspi_data tspi_data;
 
182
        int rc = 0;
 
183
 
 
184
        pthread_mutex_lock(&encrypt_lock);
 
185
        (*to_size) = 0;
 
186
        ecryptfs_tspi_deserialize(&tspi_data, blob);
 
187
        DBG_print_hex((BYTE *)&tspi_data.uuid, sizeof(TSS_UUID));
 
188
        if ((result = Tspi_Context_Create(&h_encrypt_ctx)) != TSS_SUCCESS) {
 
189
                syslog(LOG_ERR, "Tspi_Context_Create failed: [%s]\n",
 
190
                       Trspi_Error_String(result));
 
191
                rc = -EIO;
 
192
                goto out;
 
193
        }
 
194
        if ((result = Tspi_Context_Connect(h_encrypt_ctx, NULL))
 
195
            != TSS_SUCCESS) {
 
196
                syslog(LOG_ERR, "Tspi_Context_Connect failed: [%s]\n",
 
197
                       Trspi_Error_String(result));
 
198
                rc = -EIO;
 
199
                goto out;
 
200
        }
 
201
        if ((result = Tspi_Context_LoadKeyByUUID(h_encrypt_ctx,
 
202
                                                 TSS_PS_TYPE_SYSTEM,
 
203
                                                 ecryptfs_tspi_srk_uuid,
 
204
                                                 &h_srk)) != TSS_SUCCESS) {
 
205
                syslog(LOG_ERR, "Tspi_Context_LoadKeyByUUID failed: [%s]\n",
 
206
                       Trspi_Error_String(result));
 
207
                rc = -EIO;
 
208
                goto out;
 
209
        }
 
210
        if ((result = Tspi_GetPolicyObject(h_srk, TSS_POLICY_USAGE,
 
211
                                           &h_srk_policy))
 
212
            != TSS_SUCCESS) {
 
213
                syslog(LOG_ERR, "Tspi_GetPolicyObject failed: [%s]\n",
 
214
                       Trspi_Error_String(result));
 
215
                rc = -EIO;
 
216
                goto out;
 
217
        }
 
218
        if ((result = Tspi_Policy_SetSecret(h_srk_policy, TSS_SECRET_MODE_PLAIN,
 
219
                                            0, NULL))
 
220
            != TSS_SUCCESS) {
 
221
                syslog(LOG_ERR, "Tspi_Policy_SetSecret failed: [%s]\n",
 
222
                       Trspi_Error_String(result));
 
223
                rc = -EIO;
 
224
                goto out;
 
225
        }
 
226
        if ((result = Tspi_Context_CreateObject(h_encrypt_ctx,
 
227
                                                TSS_OBJECT_TYPE_ENCDATA,
 
228
                                                TSS_ENCDATA_SEAL, &h_encdata))
 
229
            != TSS_SUCCESS) {
 
230
                syslog(LOG_ERR, "Tspi_Context_CreateObject failed: [%s]\n",
 
231
                       Trspi_Error_String(result));
 
232
                rc = -EIO;
 
233
                goto out;
 
234
        }
 
235
        if ((result = Tspi_Context_LoadKeyByUUID(h_encrypt_ctx,
 
236
                                                 TSS_PS_TYPE_USER,
 
237
                                                 tspi_data.uuid, &hKey))
 
238
            != TSS_SUCCESS) {
 
239
                syslog(LOG_ERR, "Tspi_Context_LoadKeyByUUID failed: [%s]\n",
 
240
                       Trspi_Error_String(result));
 
241
                rc = -EIO;
 
242
                goto out;
 
243
        }
 
244
        if ((result = Tspi_Data_Seal(h_encdata, hKey, from_size, from, 0))
 
245
            != TSS_SUCCESS) {
 
246
                syslog(LOG_ERR, "Tspi_Data_Seal failed: [%s]\n",
 
247
                       Trspi_Error_String(result));
 
248
                rc = -EIO;
 
249
                goto out;
 
250
        }
 
251
        if ((result = Tspi_GetAttribData(h_encdata, TSS_TSPATTRIB_ENCDATA_BLOB,
 
252
                                         TSS_TSPATTRIB_ENCDATABLOB_BLOB,
 
253
                                         &encdata_size, &encdata))
 
254
            != TSS_SUCCESS) {
 
255
                syslog(LOG_ERR, "Tspi_GetAttribData failed: [%s]\n",
 
256
                       Trspi_Error_String(result));
 
257
                rc = -EIO;
 
258
                goto out;
 
259
        }
 
260
        (*to_size) = encdata_size;
 
261
        Tspi_Context_FreeMemory(h_encrypt_ctx, encdata);
 
262
out:
 
263
        pthread_mutex_unlock(&encrypt_lock);
 
264
        return rc;
 
265
}
 
266
 
 
267
static pthread_mutex_t decrypt_lock = PTHREAD_MUTEX_INITIALIZER;
 
268
 
 
269
static int
 
270
ecryptfs_tspi_decrypt(char *to, size_t *to_size, char *from, size_t from_size,
 
271
                      unsigned char *blob, int blob_type)
 
272
{
 
273
        static TSS_HCONTEXT h_decrypt_context = 0;
 
274
        static TSS_HPOLICY h_srk_policy = 0;
 
275
        static TSS_HKEY h_srk = 0;
 
276
        static TSS_HENCDATA h_encdata;
 
277
        uint32_t encdata_bytes;
 
278
        BYTE *encdata;
 
279
        struct tspi_data tspi_data;
 
280
        struct key_mapper *walker, *new_mapper;
 
281
        TSS_RESULT result;
 
282
        int rc = 0;
 
283
 
 
284
        pthread_mutex_lock(&decrypt_lock);
 
285
        ecryptfs_tspi_deserialize(&tspi_data, blob);
 
286
        if (h_decrypt_context == 0) {
 
287
                if ((result = Tspi_Context_Create(&h_decrypt_context))
 
288
                    != TSS_SUCCESS) {
 
289
                        syslog(LOG_ERR, "Tspi_Context_Create failed: [%s]\n",
 
290
                                        Trspi_Error_String(result));
 
291
                        rc = -EINVAL;
 
292
                        goto out_uninit;
 
293
                }
 
294
                DBGSYSLOG("New TSP context: 0x%x", h_decrypt_context);
 
295
                if ((result = Tspi_Context_Connect(h_decrypt_context, NULL))
 
296
                                != TSS_SUCCESS) {
 
297
                        syslog(LOG_ERR, "Tspi_Context_Connect failed: [%s]\n",
 
298
                                        Trspi_Error_String(result));
 
299
                        rc = -EINVAL;
 
300
                        goto out_uninit;
 
301
                }
 
302
                if ((result = Tspi_Context_LoadKeyByUUID(h_decrypt_context,
 
303
                                                TSS_PS_TYPE_SYSTEM,
 
304
                                                ecryptfs_tspi_srk_uuid,
 
305
                                                &h_srk)) != TSS_SUCCESS) {
 
306
                        syslog(LOG_ERR,
 
307
                               "Tspi_Context_LoadKeyByUUID failed: [%s]\n",
 
308
                               Trspi_Error_String(result));
 
309
                        rc = -EIO;
 
310
                        goto out_uninit;
 
311
                }
 
312
                if ((result = Tspi_GetPolicyObject(h_srk, TSS_POLICY_USAGE,
 
313
                                                &h_srk_policy))
 
314
                                != TSS_SUCCESS) {
 
315
                        syslog(LOG_ERR, "Tspi_GetPolicyObject failed: [%s]\n",
 
316
                                        Trspi_Error_String(result));
 
317
                        rc = -EIO;
 
318
                        goto out_uninit;
 
319
                }
 
320
                if ((result = Tspi_Policy_SetSecret(h_srk_policy,
 
321
                                                TSS_SECRET_MODE_PLAIN, 0, NULL))
 
322
                                != TSS_SUCCESS) {
 
323
                        syslog(LOG_ERR, "Tspi_Policy_SetSecret failed: [%s]\n",
 
324
                                        Trspi_Error_String(result));
 
325
                        rc = -EIO;
 
326
                        goto out_uninit;
 
327
                }
 
328
                if ((result = Tspi_Context_CreateObject(h_decrypt_context,
 
329
                                                TSS_OBJECT_TYPE_ENCDATA,
 
330
                                                TSS_ENCDATA_SEAL, &h_encdata))
 
331
                                != TSS_SUCCESS) {
 
332
                        syslog(LOG_ERR,
 
333
                               "Tspi_Context_CreateObject failed: [%s]\n",
 
334
                               Trspi_Error_String(result));
 
335
                        rc = -EIO;
 
336
                        goto out_uninit;
 
337
                }
 
338
        }
 
339
        for (walker = mapper; walker; walker = walker->next)
 
340
                if (!memcmp(&walker->uuid, &tspi_data.uuid, sizeof(TSS_UUID)))
 
341
                        break;
 
342
        if (!walker) {
 
343
                if ((new_mapper = calloc(1, sizeof(struct key_mapper)))
 
344
                    == NULL) {
 
345
                        syslog(LOG_ERR, "calloc failed: [%s]\n",
 
346
                               strerror(errno));
 
347
                        rc = -EIO;
 
348
                        goto out;
 
349
                }
 
350
                if ((result = Tspi_Context_LoadKeyByUUID(h_decrypt_context,
 
351
                                                         TSS_PS_TYPE_USER,
 
352
                                                         tspi_data.uuid,
 
353
                                                         &new_mapper->hKey))
 
354
                    != TSS_SUCCESS) {
 
355
                        syslog(LOG_ERR,
 
356
                               "Tspi_Context_LoadKeyByUUID failed: [%s]\n",
 
357
                               Trspi_Error_String(result));
 
358
                        rc = -EIO;
 
359
                        goto out;
 
360
                }
 
361
                DBGSYSLOG("New key object: [0x%x]\n", new_mapper->hKey);
 
362
                memcpy(&new_mapper->uuid, &tspi_data.uuid, sizeof(TSS_UUID));
 
363
                new_mapper->next = mapper;
 
364
                walker = mapper = new_mapper;
 
365
        }
 
366
        if ((result = Tspi_SetAttribData(h_encdata, TSS_TSPATTRIB_ENCDATA_BLOB,
 
367
                                         TSS_TSPATTRIB_ENCDATABLOB_BLOB,
 
368
                                         from_size, (BYTE *)from))
 
369
            != TSS_SUCCESS) {
 
370
                syslog(LOG_ERR, "Tspi_SetAttribData failed: [%s]\n",
 
371
                       Trspi_Error_String(result));
 
372
                rc = -EIO;
 
373
                goto out;
 
374
        }
 
375
        if ((result = Tspi_Data_Unseal(h_encdata, walker->hKey,
 
376
                                       &encdata_bytes, &encdata))
 
377
            != TSS_SUCCESS) {
 
378
                syslog(LOG_ERR, "Tspi_Data_Unseal failed: [%s]\n",
 
379
                       Trspi_Error_String(result));
 
380
                rc = -EIO;
 
381
                goto out;
 
382
        }
 
383
        (*to_size) = encdata_bytes;
 
384
        if (to)
 
385
                memcpy(to, encdata, encdata_bytes);
 
386
        Tspi_Context_FreeMemory(h_decrypt_context, encdata);
 
387
        rc = 0;
 
388
        goto out;
 
389
out_uninit:
 
390
        Tspi_Context_Close(h_decrypt_context);
 
391
        h_decrypt_context = 0;
 
392
        h_srk_policy = 0;
 
393
        h_srk = 0;
 
394
out:
 
395
        pthread_mutex_unlock(&decrypt_lock);
 
396
        return rc;
 
397
}
 
398
 
 
399
#define ECRYPTFS_KEY_MOD_PARAM_TSPI_UUID 1
 
400
static struct key_mod_param tspi_params[] = {
 
401
        {.id = ECRYPTFS_KEY_MOD_PARAM_TSPI_UUID,
 
402
         .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT,
 
403
         .option = "uuid",
 
404
         .description = "uuid",
 
405
         .suggested_val = NULL,
 
406
         .default_val = NULL,
 
407
         .val = NULL},
 
408
        {.id = 0,
 
409
         .flags = 0,
 
410
         .option = NULL,
 
411
         .description = NULL,
 
412
         .suggested_val = NULL,
 
413
         .default_val = NULL,
 
414
         .val = NULL}
 
415
};
 
416
 
 
417
static uint32_t tspi_num_params = 1;
 
418
 
 
419
/**
 
420
 * Convert user input string into TSS_UUID data type
 
421
 */
 
422
static void string_to_uuid(TSS_UUID *uuid, char *str)
 
423
{
 
424
        BYTE tmp[(sizeof(unsigned long) * 2 + 1)];
 
425
        unsigned long l;
 
426
        uint32_t i;
 
427
 
 
428
        tmp[sizeof(unsigned long) * 2] = '\0';
 
429
        for (i = 0; i < (sizeof(TSS_UUID) * 2);
 
430
             i += (sizeof(unsigned long) * 2)) {
 
431
                memcpy(tmp, &str[i], sizeof(unsigned long) * 2);
 
432
                l = strtoul(tmp, NULL, 16);
 
433
                l = htonl(l);
 
434
                memcpy(&((BYTE *)uuid)[i/2], &l, sizeof(unsigned long));
 
435
        }
 
436
}
 
437
 
 
438
static int ecryptfs_tspi_init(char **alias)
 
439
{
 
440
        int rc = 0;
 
441
 
 
442
        if (asprintf(alias, "tspi") == -1) {
 
443
                syslog(LOG_ERR, "Out of memory\n");
 
444
                rc = -ENOMEM;
 
445
                goto out;
 
446
        }
 
447
out:
 
448
        return rc;
 
449
}
 
450
 
 
451
static int
 
452
ecryptfs_tspi_get_params(struct key_mod_param **params, uint32_t *num_params)
 
453
{
 
454
        (*params) = tspi_params;
 
455
        (*num_params) = tspi_num_params;
 
456
        return 0;
 
457
}
 
458
 
 
459
static int ecryptfs_tspi_serialize(unsigned char *blob, size_t *blob_size,
 
460
                                   struct tspi_data *tspi_data)
 
461
{
 
462
        int rc = 0;
 
463
 
 
464
        (*blob_size) = sizeof(TSS_UUID);
 
465
        if (blob == NULL)
 
466
                goto out;
 
467
        memcpy(blob, &tspi_data->uuid, sizeof(TSS_UUID));
 
468
out:
 
469
        return rc;
 
470
}
 
471
 
 
472
static int
 
473
ecryptfs_tspi_init_from_param_vals(struct tspi_data *tspi_data,
 
474
                                   struct key_mod_param_val *param_vals,
 
475
                                   uint32_t num_param_vals)
 
476
{
 
477
        int uuid_set = 0;
 
478
        int i;
 
479
        int rc = 0;
 
480
 
 
481
        if (num_param_vals != tspi_num_params) {
 
482
                rc = -EINVAL;
 
483
                syslog(LOG_ERR, "Require [%d] param vals; got [%d]\n",
 
484
                       tspi_num_params, num_param_vals);
 
485
                goto out;
 
486
        }
 
487
        for (i = 0; i < num_param_vals; i++)
 
488
                tspi_params[i].val = &param_vals[i];
 
489
        memset(tspi_data, 0, sizeof(struct tspi_data));
 
490
        for (i = 0; i < num_param_vals; i++)
 
491
                if (strcmp(tspi_params[i].option, "uuid") == 0) {
 
492
                        string_to_uuid(&tspi_data->uuid,
 
493
                                       tspi_params[i].val->val);
 
494
                        uuid_set = 1;
 
495
                }
 
496
        if (!uuid_set) {
 
497
                rc = -EINVAL;
 
498
                syslog(LOG_ERR, "uuid parameter must be set\n");
 
499
                goto out;
 
500
        }
 
501
out:
 
502
        return rc;
 
503
}
 
504
 
 
505
static int ecryptfs_tspi_get_blob(unsigned char *blob, size_t *blob_size,
 
506
                                  struct key_mod_param_val *param_vals,
 
507
                                  uint32_t num_param_vals)
 
508
{
 
509
        struct tspi_data tspi_data;
 
510
        int rc = 0;
 
511
 
 
512
        if ((rc = ecryptfs_tspi_init_from_param_vals(&tspi_data, param_vals,
 
513
                                                     num_param_vals))) {
 
514
                syslog(LOG_ERR, "Error parsing parameter values; rc = [%d]\n",
 
515
                       rc);
 
516
                goto out;
 
517
        }
 
518
        if (blob == NULL) {
 
519
                if ((rc = ecryptfs_tspi_serialize(NULL, blob_size,
 
520
                                                  &tspi_data))) {
 
521
                        syslog(LOG_ERR, "Error serializing tspi; rc = [%d]\n",
 
522
                               rc);
 
523
                        goto out;
 
524
                }
 
525
                goto out;
 
526
        }
 
527
        if ((rc = ecryptfs_tspi_serialize(blob, blob_size, &tspi_data))) {
 
528
                syslog(LOG_ERR, "Error serializing tspi; rc = [%d]\n", rc);
 
529
                goto out;
 
530
        }
 
531
out:
 
532
        return rc;
 
533
}
 
534
 
 
535
static int ecryptfs_tspi_destroy(unsigned char *blob)
 
536
{
 
537
        return 0;
 
538
}
 
539
 
 
540
static int ecryptfs_tspi_finalize(void)
 
541
{
 
542
        return 0;
 
543
}
 
544
 
 
545
static struct ecryptfs_key_mod_ops ecryptfs_tspi_ops = {
 
546
        &ecryptfs_tspi_init,
 
547
        NULL,
 
548
        NULL,
 
549
        &ecryptfs_tspi_get_params,
 
550
        NULL,
 
551
        &ecryptfs_tspi_get_blob,
 
552
        NULL,
 
553
        &ecryptfs_tspi_get_key_sig,
 
554
        NULL,
 
555
        &ecryptfs_tspi_encrypt,
 
556
        &ecryptfs_tspi_decrypt,
 
557
        &ecryptfs_tspi_destroy,
 
558
        &ecryptfs_tspi_finalize
 
559
};
 
560
 
 
561
struct ecryptfs_key_mod_ops *get_key_mod_ops(void)
 
562
{
 
563
        return &ecryptfs_tspi_ops;
 
564
}