diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-07-07 19:33:33 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-07-07 19:33:33 +0200 |
commit | b673efed4a10dc31567b1c29b140b7910daeaf95 (patch) | |
tree | 9dbd383a19543719bf6f3e25b7c3259aa1f461f6 | |
parent | 4334f22638344873c4361f663be9d3dcad2b6bc4 (diff) | |
download | cryptodev-linux-b673efed4a10dc31567b1c29b140b7910daeaf95.tar.gz cryptodev-linux-b673efed4a10dc31567b1c29b140b7910daeaf95.tar.xz cryptodev-linux-b673efed4a10dc31567b1c29b140b7910daeaf95.zip |
Public and private keys are being generated in a new workqueue. Some other fixes and optimizations.
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | cryptodev_main.c | 10 | ||||
-rw-r--r-- | examples/Makefile | 29 | ||||
-rw-r--r-- | examples/cipher.c | 24 | ||||
-rw-r--r-- | examples/ncr.c (renamed from examples/new.c) | 0 | ||||
-rw-r--r-- | libtomcrypt/headers/tomcrypt_math.h | 8 | ||||
-rw-r--r-- | libtomcrypt/pk/rsa/rsa_make_key.c | 20 | ||||
-rw-r--r-- | ncr-key.c | 1 | ||||
-rw-r--r-- | ncr-pk.c | 99 | ||||
-rw-r--r-- | ncr.c | 3 | ||||
-rw-r--r-- | ncr_int.h | 3 |
11 files changed, 144 insertions, 57 deletions
@@ -1,7 +1,7 @@ KERNEL_DIR = /lib/modules/$(shell uname -r)/build -VERSION = 0.3 +VERSION = 0.99 -EXTRA_CFLAGS += -I$(SUBDIRS)/libtommath -I$(SUBDIRS)/libtomcrypt/headers -I$(SUBDIRS)/ -DLTC_SOURCE +EXTRA_CFLAGS += -I$(SUBDIRS)/libtommath -I$(SUBDIRS)/libtomcrypt/headers -I$(SUBDIRS)/ -DLTC_SOURCE -Wall TOMMATH_OBJECTS = libtommath/bncore.o libtommath/bn_mp_init.o libtommath/bn_mp_clear.o libtommath/bn_mp_exch.o libtommath/bn_mp_grow.o libtommath/bn_mp_shrink.o \ libtommath/bn_mp_clamp.o libtommath/bn_mp_zero.o libtommath/bn_mp_set.o libtommath/bn_mp_set_int.o libtommath/bn_mp_init_size.o libtommath/bn_mp_copy.o \ diff --git a/cryptodev_main.c b/cryptodev_main.c index f99c71a..4cdb90d 100644 --- a/cryptodev_main.c +++ b/cryptodev_main.c @@ -780,10 +780,18 @@ cryptodev_register(void) ncr_limits_init(); ncr_master_key_reset(); + + rc = ncr_pk_queue_init(); + if (unlikely(rc)) { + ncr_limits_deinit(); + printk(KERN_ERR PFX "initialization of PK workqueue failed\n"); + return rc; + } rc = misc_register (&cryptodev); if (unlikely(rc)) { ncr_limits_deinit(); + ncr_pk_queue_deinit(); printk(KERN_ERR PFX "registration of /dev/crypto failed\n"); return rc; } @@ -796,10 +804,10 @@ cryptodev_deregister(void) { misc_deregister(&cryptodev); ncr_limits_deinit(); + ncr_pk_queue_deinit(); } /* ====== Module init/exit ====== */ - int __init init_cryptodev(void) { int rc; diff --git a/examples/Makefile b/examples/Makefile index 3190c4a..9dce9b7 100644 --- a/examples/Makefile +++ b/examples/Makefile @@ -1,14 +1,27 @@ -KERNEL_DIR ?= /lib/modules/$(shell uname -r)/build +CC = gcc +CFLAGS = -Wall -g -O2 -hostprogs := cipher hmac new -example-cipher-objs := cipher.o -example-hmac-objs := hmac.o -new-objs := new.o +progs := cipher hmac ncr pk -check: $(hostprogs) - ./new +all: $(progs) + +cipher: cipher.c + $(CC) $(CFLAGS) $< -o $@ + +hmac: hmac.c + $(CC) $(CFLAGS) $< -o $@ + +ncr: ncr.c + $(CC) $(CFLAGS) $< -o $@ + +pk: pk.c + $(CC) $(CFLAGS) $< -o $@ -L/usr/local/lib -lgnutls + +check: $(progs) + ./ncr + ./pk ./cipher ./hmac clean: - rm -f *.o *~ hmac cipher new + rm -f *.o *~ hmac cipher ncr pk diff --git a/examples/cipher.c b/examples/cipher.c index c7ce2c2..1334f02 100644 --- a/examples/cipher.c +++ b/examples/cipher.c @@ -19,10 +19,10 @@ static int test_crypto(int cfd) { - char plaintext[DATA_SIZE]; - char ciphertext[DATA_SIZE]; - char iv[BLOCK_SIZE]; - char key[KEY_SIZE]; + uint8_t plaintext[DATA_SIZE]; + uint8_t ciphertext[DATA_SIZE]; + uint8_t iv[BLOCK_SIZE]; + uint8_t key[KEY_SIZE]; struct session_op sess; struct crypt_op cryp; @@ -91,14 +91,14 @@ test_crypto(int cfd) static int test_aes(int cfd) { - char plaintext1[BLOCK_SIZE]; - char ciphertext1[BLOCK_SIZE] = { 0xdf, 0x55, 0x6a, 0x33, 0x43, 0x8d, 0xb8, 0x7b, 0xc4, 0x1b, 0x17, 0x52, 0xc5, 0x5e, 0x5e, 0x49 }; - char iv1[BLOCK_SIZE]; - char key1[KEY_SIZE] = { 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - char plaintext2[BLOCK_SIZE] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00 }; - char ciphertext2[BLOCK_SIZE] = { 0xb7, 0x97, 0x2b, 0x39, 0x41, 0xc4, 0x4b, 0x90, 0xaf, 0xa7, 0xb2, 0x64, 0xbf, 0xba, 0x73, 0x87 }; - char iv2[BLOCK_SIZE]; - char key2[KEY_SIZE]; + uint8_t plaintext1[BLOCK_SIZE]; + uint8_t ciphertext1[BLOCK_SIZE] = { 0xdf, 0x55, 0x6a, 0x33, 0x43, 0x8d, 0xb8, 0x7b, 0xc4, 0x1b, 0x17, 0x52, 0xc5, 0x5e, 0x5e, 0x49 }; + uint8_t iv1[BLOCK_SIZE]; + uint8_t key1[KEY_SIZE] = { 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + uint8_t plaintext2[BLOCK_SIZE] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00 }; + uint8_t ciphertext2[BLOCK_SIZE] = { 0xb7, 0x97, 0x2b, 0x39, 0x41, 0xc4, 0x4b, 0x90, 0xaf, 0xa7, 0xb2, 0x64, 0xbf, 0xba, 0x73, 0x87 }; + uint8_t iv2[BLOCK_SIZE]; + uint8_t key2[KEY_SIZE]; struct session_op sess; struct crypt_op cryp; diff --git a/examples/new.c b/examples/ncr.c index 3cfc206..3cfc206 100644 --- a/examples/new.c +++ b/examples/ncr.c diff --git a/libtomcrypt/headers/tomcrypt_math.h b/libtomcrypt/headers/tomcrypt_math.h index 3ee9523..6c0e6c5 100644 --- a/libtomcrypt/headers/tomcrypt_math.h +++ b/libtomcrypt/headers/tomcrypt_math.h @@ -7,14 +7,6 @@ #define LTC_MP_NO 0 #define LTC_MP_YES 1 -#ifndef LTC_MECC - typedef void ecc_point; -#endif - -#ifndef LTC_MRSA - typedef void rsa_key; -#endif - #include <tommath.h> typedef mp_int* mp_int_t; diff --git a/libtomcrypt/pk/rsa/rsa_make_key.c b/libtomcrypt/pk/rsa/rsa_make_key.c index 915c832..6718f09 100644 --- a/libtomcrypt/pk/rsa/rsa_make_key.c +++ b/libtomcrypt/pk/rsa/rsa_make_key.c @@ -44,30 +44,30 @@ int rsa_make_key(int size, long e, rsa_key *key) } /* make primes p and q (optimization provided by Wayne Scott) */ - if ((err = mp_set_int(&tmp3, e)) != CRYPT_OK) { goto errkey; } /* tmp3 = e */ + if ((err = mp_set_int(&tmp3, e)) != CRYPT_OK) { goto cleanup; } /* tmp3 = e */ /* make prime "p" */ do { - if ((err = rand_prime( &p, size/2)) != CRYPT_OK) { goto errkey; } - if ((err = mp_sub_d( &p, 1, &tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = p-1 */ - if ((err = mp_gcd( &tmp1, &tmp3, &tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = gcd(p-1, e) */ + if ((err = rand_prime( &p, size/2)) != CRYPT_OK) { goto cleanup; } + if ((err = mp_sub_d( &p, 1, &tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = p-1 */ + if ((err = mp_gcd( &tmp1, &tmp3, &tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = gcd(p-1, e) */ } while (mp_cmp_d( &tmp2, 1) != 0); /* while e divides p-1 */ /* make prime "q" */ do { - if ((err = rand_prime( &q, size/2)) != CRYPT_OK) { goto errkey; } - if ((err = mp_sub_d( &q, 1, &tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = q-1 */ - if ((err = mp_gcd( &tmp1, &tmp3, &tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = gcd(q-1, e) */ + if ((err = rand_prime( &q, size/2)) != CRYPT_OK) { goto cleanup; } + if ((err = mp_sub_d( &q, 1, &tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = q-1 */ + if ((err = mp_gcd( &tmp1, &tmp3, &tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = gcd(q-1, e) */ } while (mp_cmp_d( &tmp2, 1) != 0); /* while e divides q-1 */ /* tmp1 = lcm(p-1, q-1) */ - if ((err = mp_sub_d( &p, 1, &tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = p-1 */ + if ((err = mp_sub_d( &p, 1, &tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = p-1 */ /* tmp1 = q-1 (previous do/while loop) */ - if ((err = mp_lcm( &tmp1, &tmp2, &tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = lcm(p-1, q-1) */ + if ((err = mp_lcm( &tmp1, &tmp2, &tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = lcm(p-1, q-1) */ /* make key */ if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { - goto errkey; + goto cleanup; } if ((err = mp_set_int( &key->e, e)) != CRYPT_OK) { goto errkey; } /* key->e = e */ @@ -398,7 +398,6 @@ int ret; return 0; } -/* FIXME those require public key subsystem */ int ncr_key_generate_pair(struct list_sem_st* lst, void __user* arg) { struct ncr_key_generate_st gen; @@ -29,6 +29,8 @@ #include "ncr_int.h" #include <tomcrypt.h> +static struct workqueue_struct * pk_wq = NULL; + static int tomerr(int err) { switch (err) { @@ -153,39 +155,89 @@ int ncr_pk_pack( const struct key_item_st * key, uint8_t * packed, uint32_t * pa return 0; } -int ncr_pk_generate(ncr_algorithm_t algo, - struct ncr_key_generate_params_st * params, - struct key_item_st* private, struct key_item_st* public) +struct keygen_st { + struct work_struct pk_gen; + struct completion completed; + int ret; + ncr_algorithm_t algo; + struct key_item_st* private; + struct key_item_st* public; + struct ncr_key_generate_params_st * params; +}; + +static void keygen_handler(struct work_struct *instance) { -int cret, ret; -unsigned long e; - private->algorithm = public->algorithm = algo; + unsigned long e; + int cret; + struct keygen_st *st = + container_of(instance, struct keygen_st, pk_gen); - switch(algo) { + switch(st->algo) { case NCR_ALG_RSA: - e = params->params.rsa.e; + e = st->params->params.rsa.e; if (e == 0) e = 65537; - cret = rsa_make_key(params->params.rsa.bits, e, &private->key.pk.rsa); + cret = rsa_make_key(st->params->params.rsa.bits/8, e, &st->private->key.pk.rsa); if (cret != CRYPT_OK) { + printk("ret: %d/%d\n", cret, st->params->params.rsa.bits); err(); - return tomerr(cret); + st->ret = tomerr(cret); } + st->ret = 0; break; case NCR_ALG_DSA: - cret = dsa_make_key(params->params.dsa.q_bits, params->params.dsa.p_bits, &private->key.pk.dsa); + cret = dsa_make_key(st->params->params.dsa.q_bits/8, + st->params->params.dsa.p_bits/8, &st->private->key.pk.dsa); if (cret != CRYPT_OK) { err(); - return tomerr(cret); + st->ret = tomerr(cret); } + + st->ret = 0; break; default: - return -EINVAL; + err(); + st->ret = -EINVAL; + } + + complete(&st->completed); +} + + +int ncr_pk_generate(ncr_algorithm_t algo, + struct ncr_key_generate_params_st * params, + struct key_item_st* private, struct key_item_st* public) +{ +int ret; +struct keygen_st st; + + private->algorithm = public->algorithm = algo; + + st.algo = algo; + st.private = private; + st.public = public; + st.params = params; + st.ret = 0; + + init_completion(&st.completed); + INIT_WORK(&st.pk_gen, keygen_handler); + + ret = queue_work(pk_wq, &st.pk_gen); + if (ret < 0) { + err(); + return ret; } - ret = ncr_pk_make_public_and_id(private, public); + wait_for_completion(&st.completed); + + if (st.ret < 0) { + err(); + return ret; + } + +// ret = ncr_pk_make_public_and_id(private, public); if (ret < 0) { err(); return ret; @@ -193,3 +245,22 @@ unsigned long e; return 0; } + + +int ncr_pk_queue_init(void) +{ + pk_wq = + create_singlethread_workqueue("ncr-pk"); + if (pk_wq == NULL) { + err(); + return -ENOMEM; + } + + return 0; +} + +void ncr_pk_queue_deinit(void) +{ + flush_workqueue(pk_wq); + destroy_workqueue(pk_wq); +} @@ -31,6 +31,7 @@ #include <linux/capability.h> #include "ncr.h" #include "ncr_int.h" +#include <linux/workqueue.h> /* This is the master wrapping key for storage of keys */ @@ -163,9 +164,9 @@ ncr_ioctl(struct ncr_lists* lst, struct file *filp, return ncr_session_once(lst, (void*)arg); case NCRIO_MASTER_KEY_SET: return ncr_master_key_set((void*)arg); -#if 0 case NCRIO_KEY_GENERATE_PAIR: return ncr_key_generate_pair(&lst->key, (void*)arg); +#if 0 case NCRIO_KEY_DERIVE: return ncr_key_derive(&lst->key, (void*)arg); case NCRIO_KEY_GET_PUBLIC: @@ -189,4 +189,7 @@ int ncr_pk_generate(ncr_algorithm_t algo, int ncr_pk_pack( const struct key_item_st * key, uint8_t * packed, uint32_t * packed_size); +int ncr_pk_queue_init(void); +void ncr_pk_queue_deinit(void); + #endif |