diff options
author | Miloslav Trmač <mitr@redhat.com> | 2010-09-06 20:40:43 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-09-06 23:15:24 +0200 |
commit | 95496890180536231adfb983dc67c629f26f0caf (patch) | |
tree | d0cdb577dac177d42d2e048fe75544679c8a2d20 | |
parent | a92443718f19ffc36fbe55d85a4785130a4b33c7 (diff) | |
download | cryptodev-linux-95496890180536231adfb983dc67c629f26f0caf.tar.gz cryptodev-linux-95496890180536231adfb983dc67c629f26f0caf.tar.xz cryptodev-linux-95496890180536231adfb983dc67c629f26f0caf.zip |
Rename CONFIG_AS*YM*METRIC, push into headers
-rw-r--r-- | Makefile | 6 | ||||
-rw-r--r-- | ncr-int.h | 24 | ||||
-rw-r--r-- | ncr-key-storage.c | 4 | ||||
-rw-r--r-- | ncr-key-wrap.c | 17 | ||||
-rw-r--r-- | ncr-key.c | 23 | ||||
-rw-r--r-- | ncr-pk.c | 4 | ||||
-rw-r--r-- | ncr-pk.h | 16 | ||||
-rw-r--r-- | ncr-sessions.c | 28 |
8 files changed, 58 insertions, 64 deletions
@@ -1,7 +1,7 @@ KERNEL_DIR = /lib/modules/$(shell uname -r)/build VERSION = 0.99 -CONFIG_ASYMMETRIC=y -EXTRA_CFLAGS += -DCONFIG_ASSYMETRIC +CONFIG_CRYPTO_USERSPACE_ASYMMETRIC=y +EXTRA_CFLAGS += -DCONFIG_CRYPTO_USERSPACE_ASYMMETRIC EXTRA_CFLAGS += -I$(SUBDIRS)/libtommath -I$(SUBDIRS)/libtomcrypt/headers -I$(SUBDIRS)/ -DLTC_SOURCE -Wall @@ -73,7 +73,7 @@ cryptodev-objs = cryptodev_main.o cryptodev_cipher.o ncr.o \ obj-m += cryptodev.o -cryptodev-$(CONFIG_ASYMMETRIC) += $(TOMMATH_OBJECTS) \ +cryptodev-$(CONFIG_CRYPTO_USERSPACE_ASYMMETRIC) += $(TOMMATH_OBJECTS) \ $(TOMCRYPT_OBJECTS) ncr-dh.o ncr-pk.o build: @@ -143,9 +143,18 @@ int ncr_key_generate(struct ncr_lists *lst, const struct ncr_key_generate *gen, int ncr_key_get_info(struct ncr_lists *lst, struct ncr_out *out, const struct ncr_key_get_info *info, struct nlattr *tb[]); +#ifdef CONFIG_CRYPTO_USERSPACE_ASYMMETRIC int ncr_key_generate_pair(struct ncr_lists *lst, const struct ncr_key_generate_pair *gen, struct nlattr *tb[]); +#else +static inline int ncr_key_generate_pair(struct ncr_lists *lst, + const struct ncr_key_generate_pair *gen, + struct nlattr *tb[]) +{ + return -EOPNOTSUPP; +} +#endif int ncr_key_get_public(struct ncr_lists *lst, void __user * arg); int ncr_key_item_get_read(struct key_item_st **st, struct ncr_lists *lst, @@ -165,10 +174,25 @@ int ncr_limits_add_and_check(uid_t uid, pid_t pid, limits_type_t type); void ncr_limits_init(void); void ncr_limits_deinit(void); +#ifdef CONFIG_CRYPTO_USERSPACE_ASYMMETRIC int ncr_key_wrap(struct ncr_lists *lst, const struct ncr_key_wrap *wrap, struct nlattr *tb[]); int ncr_key_unwrap(struct ncr_lists *lst, const struct ncr_key_unwrap *wrap, struct nlattr *tb[]); +#else +static inline int ncr_key_wrap(struct ncr_lists *lst, + const struct ncr_key_wrap *wrap, + struct nlattr *tb[]) +{ + return -EOPNOTSUPP; +} +static inline int ncr_key_unwrap(struct ncr_lists *lst, + const struct ncr_key_unwrap *wrap, + struct nlattr *tb[]) +{ + return -EOPNOTSUPP; +} +#endif int ncr_key_storage_wrap(struct ncr_lists *lst, const struct ncr_key_storage_wrap *wrap, struct nlattr *tb[]); diff --git a/ncr-key-storage.c b/ncr-key-storage.c index 59ed915..08c3264 100644 --- a/ncr-key-storage.c +++ b/ncr-key-storage.c @@ -69,7 +69,6 @@ int key_to_storage_data(uint8_t ** sdata, size_t * sdata_size, if (key->type == NCR_KEY_TYPE_SECRET) { pkey->raw_size = key->key.secret.size; memcpy(pkey->raw, key->key.secret.data, pkey->raw_size); -#ifdef CONFIG_ASSYMETRIC } else if (key->type == NCR_KEY_TYPE_PRIVATE || key->type == NCR_KEY_TYPE_PUBLIC) { pkey->raw_size = sizeof(pkey->raw); @@ -78,7 +77,6 @@ int key_to_storage_data(uint8_t ** sdata, size_t * sdata_size, err(); goto fail; } -#endif } else { err(); ret = -EINVAL; @@ -124,7 +122,6 @@ int key_from_storage_data(struct key_item_st *key, const void *data, } key->key.secret.size = pkey->raw_size; memcpy(key->key.secret.data, pkey->raw, pkey->raw_size); -#ifdef CONFIG_ASSYMETRIC } else if (key->type == NCR_KEY_TYPE_PUBLIC || key->type == NCR_KEY_TYPE_PRIVATE) { int ret; @@ -134,7 +131,6 @@ int key_from_storage_data(struct key_item_st *key, const void *data, err(); return ret; } -#endif } else { err(); return -EINVAL; diff --git a/ncr-key-wrap.c b/ncr-key-wrap.c index de0be7e..de7b1cb 100644 --- a/ncr-key-wrap.c +++ b/ncr-key-wrap.c @@ -46,10 +46,12 @@ typedef uint8_t val64_t[8]; static const val64_t initA = "\xA6\xA6\xA6\xA6\xA6\xA6\xA6\xA6"; +#ifdef CONFIG_CRYPTO_USERSPACE_ASYMMETRIC static int key_to_packed_data(uint8_t ** sdata, size_t * sdata_size, const struct key_item_st *key); static int key_from_packed_data(struct nlattr *tb[], struct key_item_st *key, const void *data, size_t data_size); +#endif static void val64_xor(val64_t val, uint32_t x) { @@ -277,6 +279,7 @@ cleanup: return ret; } +#ifdef CONFIG_CRYPTO_USERSPACE_ASYMMETRIC static int wrap_aes_rfc5649(struct key_item_st *tobewrapped, struct key_item_st *kek, void *output, size_t * output_size, const void *iv, @@ -551,7 +554,6 @@ static int check_key_level(struct key_item_st *kek, struct key_item_st *wkey) int ncr_key_wrap(struct ncr_lists *lst, const struct ncr_key_wrap *wrap, struct nlattr *tb[]) { -#ifdef CONFIG_ASSYMETRIC const struct nlattr *nla; struct key_item_st *wkey = NULL; struct key_item_st *key = NULL; @@ -657,9 +659,6 @@ fail: kfree(data); return ret; -#else - return -EOPNOTSUPP; -#endif } /* Unwraps keys. All keys unwrapped are not accessible by @@ -668,7 +667,6 @@ fail: int ncr_key_unwrap(struct ncr_lists *lst, const struct ncr_key_unwrap *wrap, struct nlattr *tb[]) { -#ifdef CONFIG_ASSYMETRIC const struct nlattr *nla; struct key_item_st *wkey = NULL; struct key_item_st *key = NULL; @@ -741,10 +739,8 @@ fail: kfree(data); return ret; -#else - return -EOPNOTSUPP; -#endif } +#endif /* CONFIG_CRYPTO_USERSPACE_ASYMMETRIC */ int ncr_key_storage_wrap(struct ncr_lists *lst, const struct ncr_key_storage_wrap *wrap, @@ -884,6 +880,8 @@ fail: return ret; } +#ifdef CONFIG_CRYPTO_USERSPACE_ASYMMETRIC + #define DER_KEY_MAX_SIZE (KEY_DATA_MAX_SIZE+16) /* Packed data are DER encoded: @@ -1090,7 +1088,6 @@ static int key_from_packed_data(struct nlattr *tb[], struct key_item_st *key, } key->key.secret.size = pkey_size; memcpy(key->key.secret.data, pkey, pkey_size); -#ifdef CONFIG_ASSYMETRIC } else if (key->type == NCR_KEY_TYPE_PUBLIC || key->type == NCR_KEY_TYPE_PRIVATE) { @@ -1099,7 +1096,6 @@ static int key_from_packed_data(struct nlattr *tb[], struct key_item_st *key, err(); return ret; } -#endif } else { err(); return -EINVAL; @@ -1112,3 +1108,4 @@ fail: return ret; } +#endif /* CONFIG_CRYPTO_USERSPACE_ASYMMETRIC */ @@ -251,7 +251,6 @@ int ncr_key_export(struct ncr_lists *lst, const struct ncr_key_export *data, ret = item->key.secret.size; break; -#ifdef CONFIG_ASSYMETRIC case NCR_KEY_TYPE_PUBLIC: case NCR_KEY_TYPE_PRIVATE: tmp_size = data->buffer_size; @@ -278,7 +277,6 @@ int ncr_key_export(struct ncr_lists *lst, const struct ncr_key_export *data, ret = tmp_size; break; -#endif default: err(); ret = -EINVAL; @@ -382,7 +380,6 @@ int ncr_key_import(struct ncr_lists *lst, const struct ncr_key_import *data, memcpy(item->key.secret.data, tmp, tmp_size); item->key.secret.size = tmp_size; break; -#ifdef CONFIG_ASSYMETRIC case NCR_KEY_TYPE_PRIVATE: case NCR_KEY_TYPE_PUBLIC: ret = ncr_pk_unpack(item, tmp, tmp_size); @@ -391,7 +388,6 @@ int ncr_key_import(struct ncr_lists *lst, const struct ncr_key_import *data, goto fail; } break; -#endif default: err(); ret = -EINVAL; @@ -411,13 +407,10 @@ fail: void ncr_key_clear(struct key_item_st *item) { /* clears any previously allocated parameters */ -#ifdef CONFIG_ASSYMETRIC if (item->type == NCR_KEY_TYPE_PRIVATE || item->type == NCR_KEY_TYPE_PUBLIC) { - ncr_pk_clear(item); } -#endif memset(&item->key, 0, sizeof(item->key)); memset(item->key_id, 0, sizeof(item->key_id)); item->key_id_size = 0; @@ -501,7 +494,7 @@ fail: return ret; } -#ifdef CONFIG_ASSYMETRIC +#ifdef CONFIG_CRYPTO_USERSPACE_ASYMMETRIC /* Those values are derived from "ECRYPT II Yearly Report on Algorithms and * Keysizes (2009-2010)". It maps the strength of public key algorithms to @@ -561,7 +554,7 @@ static unsigned int dlog_to_bits(unsigned int dlog_bits) return ecrypt_vals[i - 1].bits; } -#endif +#endif /* CONFIG_CRYPTO_USERSPACE_ASYMMETRIC */ /* returns the security level of the key in bits. Private/Public keys * are mapped to symmetric key bits using the ECRYPT II 2010 recommendation. @@ -576,7 +569,7 @@ int _ncr_key_get_sec_level(struct key_item_st *item) return 112; return item->key.secret.size * 8; -#ifdef CONFIG_ASSYMETRIC +#ifdef CONFIG_CRYPTO_USERSPACE_ASYMMETRIC } else if (item->type == NCR_KEY_TYPE_PRIVATE) { int bits; @@ -608,7 +601,7 @@ int _ncr_key_get_sec_level(struct key_item_st *item) default: return -EINVAL; } -#endif +#endif /* CONFIG_CRYPTO_USERSPACE_ASYMMETRIC */ } else { return -EINVAL; } @@ -676,11 +669,11 @@ fail: return ret; } +#ifdef CONFIG_CRYPTO_USERSPACE_ASYMMETRIC int ncr_key_generate_pair(struct ncr_lists *lst, const struct ncr_key_generate_pair *gen, struct nlattr *tb[]) { -#ifdef CONFIG_ASSYMETRIC struct key_item_st *private = NULL; struct key_item_st *public = NULL; int ret; @@ -748,10 +741,8 @@ fail: _ncr_key_item_put(private); } return ret; -#else - return -EOPNOTSUPP; -#endif } +#endif /* CONFIG_CRYPTO_USERSPACE_ASYMMETRIC */ int ncr_key_derive(struct ncr_lists *lst, const struct ncr_key_derive *data, struct nlattr *tb[]) @@ -790,7 +781,6 @@ int ncr_key_derive(struct ncr_lists *lst, const struct ncr_key_derive *data, } switch (key->type) { -#ifdef CONFIG_ASSYMETRIC case NCR_KEY_TYPE_PUBLIC: case NCR_KEY_TYPE_PRIVATE: ret = ncr_pk_derive(newkey, key, tb); @@ -799,7 +789,6 @@ int ncr_key_derive(struct ncr_lists *lst, const struct ncr_key_derive *data, goto fail; } break; -#endif default: err(); ret = -EINVAL; @@ -33,7 +33,7 @@ #include "ncr-int.h" #include <tomcrypt.h> -#ifdef CONFIG_ASSYMETRIC +#ifdef CONFIG_CRYPTO_USERSPACE_ASYMMETRIC int _ncr_tomerr(int err) { @@ -709,4 +709,4 @@ int ncr_pk_get_dsa_size(dsa_key * key) return ret; } -#endif /* CONFIG_ASSYMETRIC */ +#endif /* CONFIG_CRYPTO_USERSPACE_ASYMMETRIC */ @@ -4,7 +4,9 @@ #include <tomcrypt.h> struct nlattr; +struct key_item_st; +#ifdef CONFIG_CRYPTO_USERSPACE_ASYMMETRIC struct ncr_pk_ctx { const struct algo_properties_st *algorithm; /* algorithm */ @@ -59,4 +61,18 @@ int ncr_pk_derive(struct key_item_st *newkey, struct key_item_st *oldkey, int ncr_pk_get_rsa_size(rsa_key * key); int ncr_pk_get_dsa_size(dsa_key * key); +#else /* !CONFIG_CRYPTO_USERSPACE_ASYMMETRIC */ +struct ncr_pk_ctx {}; +#define ncr_pk_clear(key) ((void)0) +#define ncr_pk_pack(key, packed, packed_size) (-EOPNOTSUPP) +#define ncr_pk_unpack(key, packed, packed_size) (-EOPNOTSUPP) +#define ncr_pk_cipher_init(algo, ctx, tb, key, sign_hash) (-EOPNOTSUPP) +#define ncr_pk_cipher_deinit(ctx) ((void)0) +#define ncr_pk_cipher_encrypt(ctx, i, icnt, isize, o, ocnt, osize) (-EOPNOTSUPP) +#define ncr_pk_cipher_decrypt(ctx, i, icnt, isize, o, ocnt, osize) (-EOPNOTSUPP) +#define ncr_pk_cipher_sign(ctx, hash, hash_size, sig, sig_size) (-EOPNOTSUPP) +#define ncr_pk_cipher_verify(ctx, sig, sig_size, hash, hash_size) (-EOPNOTSUPP) +#define ncr_pk_derive(newkey, oldkey, tb) (-EOPNOTSUPP) +#endif /* !CONFIG_CRYPTO_USERSPACE_ASYMMETRIC */ + #endif diff --git a/ncr-sessions.c b/ncr-sessions.c index 1b45564..f1a21d1 100644 --- a/ncr-sessions.c +++ b/ncr-sessions.c @@ -47,9 +47,7 @@ struct session_item_st { * in a union. */ struct cipher_data cipher; -#ifdef CONFIG_ASSYMETRIC struct ncr_pk_ctx pk; -#endif struct hash_data hash; /* This is a hack, ideally we'd have a hash algorithm that simply outputs its input as a digest. We'd still need to distinguish @@ -170,9 +168,7 @@ static void _ncr_sessions_item_put(struct session_item_st *item) { if (atomic_dec_and_test(&item->refcnt)) { cryptodev_cipher_deinit(&item->cipher); -#ifdef CONFIG_ASSYMETRIC ncr_pk_cipher_deinit(&item->pk); -#endif cryptodev_hash_deinit(&item->hash); kfree(item->transparent_hash); if (item->key) @@ -649,7 +645,6 @@ static struct session_item_st *_ncr_session_init(struct ncr_lists *lists, nla_data(nla), nla_len(nla)); } -#ifdef CONFIG_ASSYMETRIC } else if (ns->key->type == NCR_KEY_TYPE_PRIVATE || ns->key->type == NCR_KEY_TYPE_PUBLIC) { ret = @@ -659,7 +654,6 @@ static struct session_item_st *_ncr_session_init(struct ncr_lists *lists, err(); goto fail; } -#endif } else { err(); ret = -EINVAL; @@ -739,7 +733,6 @@ static struct session_item_st *_ncr_session_init(struct ncr_lists *lists, err(); goto fail; } -#ifdef CONFIG_ASSYMETRIC } else if (ns->algorithm->is_pk && (ns->key->type == NCR_KEY_TYPE_PRIVATE || ns->key->type == @@ -811,7 +804,6 @@ static struct session_item_st *_ncr_session_init(struct ncr_lists *lists, goto fail; } } -#endif } else { err(); ret = -EINVAL; @@ -884,7 +876,6 @@ static int _ncr_session_encrypt(struct session_item_st *sess, /* FIXME: handle ciphers that do not require that */ *output_size = input_size; } else { /* public key */ -#ifdef CONFIG_ASSYMETRIC ret = ncr_pk_cipher_encrypt(&sess->pk, input, input_cnt, input_size, output, output_cnt, @@ -894,10 +885,6 @@ static int _ncr_session_encrypt(struct session_item_st *sess, err(); return ret; } -#else - return -EOPNOTSUPP; -#endif - } return 0; @@ -923,7 +910,6 @@ static int _ncr_session_decrypt(struct session_item_st *sess, /* FIXME: handle ciphers that do not require equality */ *output_size = input_size; } else { /* public key */ -#ifdef CONFIG_ASSYMETRIC ret = ncr_pk_cipher_decrypt(&sess->pk, input, input_cnt, input_size, output, output_cnt, @@ -933,10 +919,6 @@ static int _ncr_session_decrypt(struct session_item_st *sess, err(); return ret; } -#else - return -EOPNOTSUPP; -#endif - } return 0; @@ -1282,7 +1264,6 @@ static int _ncr_session_final(struct ncr_lists *lists, && memcmp(buffer, digest, digest_size) == 0); else { -#ifdef CONFIG_ASSYMETRIC ret = ncr_pk_cipher_verify(&sess->pk, buffer, src.data_size, digest, digest_size); @@ -1290,10 +1271,6 @@ static int _ncr_session_final(struct ncr_lists *lists, err(); goto fail; } -#else - ret = -EOPNOTSUPP; - goto fail; -#endif } break; } @@ -1345,7 +1322,6 @@ static int _ncr_session_final(struct ncr_lists *lists, } output_size = digest_size; } else { -#ifdef CONFIG_ASSYMETRIC output_size = dst.buffer_size; buffer = kmalloc(output_size, GFP_KERNEL); if (buffer == NULL) { @@ -1367,10 +1343,6 @@ static int _ncr_session_final(struct ncr_lists *lists, ret = -EFAULT; goto fail; } -#else - ret = -EOPNOTSUPP; - goto fail; -#endif } ret = |