diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-07-23 09:10:28 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-07-23 09:10:28 +0200 |
| commit | 6fbb3400ff70070dc12460c5336b201cfa275ab4 (patch) | |
| tree | 6ffd48aec7a4b511555186b0a7c781a6b7d637d6 | |
| parent | f58e82a071a25531f7e7f83cc4ed8982131dea5c (diff) | |
| download | cryptodev-linux-6fbb3400ff70070dc12460c5336b201cfa275ab4.tar.gz cryptodev-linux-6fbb3400ff70070dc12460c5336b201cfa275ab4.tar.xz cryptodev-linux-6fbb3400ff70070dc12460c5336b201cfa275ab4.zip | |
Splitted key from key_params structure. Also separated dsa from rsa structure in params.
| -rw-r--r-- | examples/ncr.c | 10 | ||||
| -rw-r--r-- | examples/pk.c | 36 | ||||
| -rw-r--r-- | examples/speed.c | 2 | ||||
| -rw-r--r-- | ncr-key-wrap.c | 12 | ||||
| -rw-r--r-- | ncr-pk.c | 31 | ||||
| -rw-r--r-- | ncr-sessions.c | 16 | ||||
| -rw-r--r-- | ncr.h | 23 | ||||
| -rw-r--r-- | ncr_int.h | 3 |
8 files changed, 86 insertions, 47 deletions
diff --git a/examples/ncr.c b/examples/ncr.c index 22efc83..234e8bd 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -464,7 +464,7 @@ test_ncr_wrap_key(int cfd) memset(&kwrap, 0, sizeof(kwrap)); kwrap.algorithm = NCR_WALG_AES_RFC3394; kwrap.keytowrap = key2; - kwrap.key.key = key; + kwrap.key = key; kwrap.data = kdata.desc; if (ioctl(cfd, NCRIO_KEY_WRAP, &kwrap)) { @@ -513,7 +513,7 @@ test_ncr_wrap_key(int cfd) memset(&kwrap, 0, sizeof(kwrap)); kwrap.algorithm = NCR_WALG_AES_RFC3394; kwrap.keytowrap = key2; - kwrap.key.key = key; + kwrap.key = key; kwrap.data = kdata.desc; if (ioctl(cfd, NCRIO_KEY_UNWRAP, &kwrap)) { @@ -807,7 +807,7 @@ test_ncr_aes(int cfd) /* encrypt */ memset(&nop, 0, sizeof(nop)); nop.init.algorithm = NCR_ALG_AES_ECB; - nop.init.params.key = key; + nop.init.key = key; nop.init.op = NCR_OP_ENCRYPT; nop.op.data.cipher.plaintext = dd; nop.op.data.cipher.ciphertext = dd2; @@ -882,7 +882,7 @@ test_ncr_aes(int cfd) /* decrypt */ memset(&nop, 0, sizeof(nop)); nop.init.algorithm = NCR_ALG_AES_ECB; - nop.init.params.key = key; + nop.init.key = key; nop.init.op = NCR_OP_DECRYPT; nop.op.data.cipher.ciphertext = dd; nop.op.data.cipher.plaintext = dd2; @@ -1096,7 +1096,7 @@ test_ncr_hash(int cfd) memset(&nop, 0, sizeof(nop)); nop.init.algorithm = hash_vectors[i].algorithm; if (hash_vectors[i].key != NULL) - nop.init.params.key = key; + nop.init.key = key; nop.init.op = hash_vectors[i].op; nop.op.data.sign.text = dd; nop.op.data.sign.output = dd2; diff --git a/examples/pk.c b/examples/pk.c index 1f3d3c1..fef695c 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -363,12 +363,12 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae /* do encryption */ memset(&nop, 0, sizeof(nop)); nop.init.algorithm = NCR_ALG_RSA; - nop.init.params.key = pubkey; + nop.init.key = pubkey; if (oaep) { - nop.init.params.params.pk.type = RSA_PKCS1_OAEP; - nop.init.params.params.pk.oaep_hash = NCR_ALG_SHA1; + nop.init.params.params.rsa.type = RSA_PKCS1_OAEP; + nop.init.params.params.rsa.oaep_hash = NCR_ALG_SHA1; } else { - nop.init.params.params.pk.type = RSA_PKCS1_V1_5; + nop.init.params.params.rsa.type = RSA_PKCS1_V1_5; } nop.init.op = NCR_OP_ENCRYPT; nop.op.data.cipher.plaintext = datad; @@ -383,13 +383,13 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae /* decrypt data */ memset(&nop, 0, sizeof(nop)); nop.init.algorithm = NCR_ALG_RSA; - nop.init.params.key = privkey; + nop.init.key = privkey; nop.init.op = NCR_OP_DECRYPT; if (oaep) { - nop.init.params.params.pk.type = RSA_PKCS1_OAEP; - nop.init.params.params.pk.oaep_hash = NCR_ALG_SHA1; + nop.init.params.params.rsa.type = RSA_PKCS1_OAEP; + nop.init.params.params.rsa.oaep_hash = NCR_ALG_SHA1; } else { - nop.init.params.params.pk.type = RSA_PKCS1_V1_5; + nop.init.params.params.rsa.type = RSA_PKCS1_V1_5; } nop.op.data.cipher.plaintext = encd; nop.op.data.cipher.ciphertext = encd; @@ -461,9 +461,9 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int /* sign datad */ memset(&nop, 0, sizeof(nop)); nop.init.algorithm = NCR_ALG_RSA; - nop.init.params.key = privkey; - nop.init.params.params.pk.type = (pss!=0)?RSA_PKCS1_PSS:RSA_PKCS1_V1_5; - nop.init.params.params.pk.sign_hash = NCR_ALG_SHA1; + nop.init.key = privkey; + nop.init.params.params.rsa.type = (pss!=0)?RSA_PKCS1_PSS:RSA_PKCS1_V1_5; + nop.init.params.params.rsa.sign_hash = NCR_ALG_SHA1; nop.init.op = NCR_OP_SIGN; nop.op.data.sign.text = datad; @@ -478,9 +478,9 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int /* verify signature */ memset(&nop, 0, sizeof(nop)); nop.init.algorithm = NCR_ALG_RSA; - nop.init.params.key = pubkey; - nop.init.params.params.pk.type = (pss!=0)?RSA_PKCS1_PSS:RSA_PKCS1_V1_5; - nop.init.params.params.pk.sign_hash = NCR_ALG_SHA1; + nop.init.key = pubkey; + nop.init.params.params.rsa.type = (pss!=0)?RSA_PKCS1_PSS:RSA_PKCS1_V1_5; + nop.init.params.params.rsa.sign_hash = NCR_ALG_SHA1; nop.init.op = NCR_OP_VERIFY; nop.op.data.verify.text = datad; @@ -541,8 +541,8 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) /* sign datad */ memset(&nop, 0, sizeof(nop)); nop.init.algorithm = NCR_ALG_DSA; - nop.init.params.key = privkey; - nop.init.params.params.pk.sign_hash = NCR_ALG_SHA1; + nop.init.key = privkey; + nop.init.params.params.dsa.sign_hash = NCR_ALG_SHA1; nop.init.op = NCR_OP_SIGN; nop.op.data.sign.text = datad; @@ -557,8 +557,8 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) /* verify signature */ memset(&nop, 0, sizeof(nop)); nop.init.algorithm = NCR_ALG_DSA; - nop.init.params.key = pubkey; - nop.init.params.params.pk.sign_hash = NCR_ALG_SHA1; + nop.init.key = pubkey; + nop.init.params.params.dsa.sign_hash = NCR_ALG_SHA1; nop.init.op = NCR_OP_VERIFY; nop.op.data.verify.text = datad; diff --git a/examples/speed.c b/examples/speed.c index f4119c8..1c76eb6 100644 --- a/examples/speed.c +++ b/examples/speed.c @@ -187,7 +187,7 @@ int encrypt_data_ncr(int cfd, int algo, int chunksize) memset(&nop, 0, sizeof(nop)); nop.init.algorithm = algo; - nop.init.params.key = key; + nop.init.key = key; nop.init.op = NCR_OP_ENCRYPT; nop.op.data.cipher.plaintext = dd; nop.op.data.cipher.ciphertext = dd; diff --git a/ncr-key-wrap.c b/ncr-key-wrap.c index f9c019d..939c136 100644 --- a/ncr-key-wrap.c +++ b/ncr-key-wrap.c @@ -456,7 +456,7 @@ int ret; goto fail; } - ret = ncr_key_item_get_read( &key, key_lst, wrap.key.key); + ret = ncr_key_item_get_read( &key, key_lst, wrap.key); if (ret < 0) { err(); goto fail; @@ -473,10 +473,10 @@ int ret; switch(wrap.algorithm) { case NCR_WALG_AES_RFC3394: - ret = wrap_aes(wkey, key, data, wrap.key.params.cipher.iv, wrap.key.params.cipher.iv_size); + ret = wrap_aes(wkey, key, data, wrap.params.params.cipher.iv, wrap.params.params.cipher.iv_size); break; case NCR_WALG_AES_RFC5649: - ret = wrap_aes_rfc5649(wkey, key, data, wrap.key.params.cipher.iv, wrap.key.params.cipher.iv_size); + ret = wrap_aes_rfc5649(wkey, key, data, wrap.params.params.cipher.iv, wrap.params.params.cipher.iv_size); break; default: err(); @@ -513,7 +513,7 @@ int ret; return ret; } - ret = ncr_key_item_get_read( &key, key_lst, wrap.key.key); + ret = ncr_key_item_get_read( &key, key_lst, wrap.key); if (ret < 0) { err(); goto fail; @@ -530,10 +530,10 @@ int ret; switch(wrap.algorithm) { case NCR_WALG_AES_RFC3394: - ret = unwrap_aes(wkey, key, data, wrap.key.params.cipher.iv, wrap.key.params.cipher.iv_size); + ret = unwrap_aes(wkey, key, data, wrap.params.params.cipher.iv, wrap.params.params.cipher.iv_size); break; case NCR_WALG_AES_RFC5649: - ret = unwrap_aes_rfc5649(wkey, key, data, wrap.key.params.cipher.iv, wrap.key.params.cipher.iv_size); + ret = unwrap_aes_rfc5649(wkey, key, data, wrap.params.params.cipher.iv, wrap.params.params.cipher.iv_size); break; default: err(); @@ -303,6 +303,18 @@ void ncr_pk_queue_deinit(void) destroy_workqueue(pk_wq); } +int ncr_key_params_get_sign_hash(ncr_algorithm_t algo, struct ncr_key_params_st * params) +{ + switch(algo) { + case NCR_ALG_RSA: + return params->params.rsa.sign_hash; + case NCR_ALG_DSA: + return params->params.dsa.sign_hash; + default: + return -EINVAL; + } +} + /* Encryption/Decryption */ @@ -318,6 +330,8 @@ int ncr_pk_cipher_init(ncr_algorithm_t algo, struct ncr_pk_ctx* ctx, struct ncr_key_params_st* params, struct key_item_st *key) { +int ret; + memset(ctx, 0, sizeof(*ctx)); if (key->algorithm != algo) { @@ -327,19 +341,24 @@ int ncr_pk_cipher_init(ncr_algorithm_t algo, ctx->algorithm = algo; ctx->key = key; - ctx->sign_hash = params->params.pk.sign_hash; + ret = ncr_key_params_get_sign_hash(algo, params); + if (ret < 0) { + err(); + return ret; + } + ctx->sign_hash = ret; switch(algo) { case NCR_ALG_RSA: - if (params->params.pk.type == RSA_PKCS1_V1_5) + if (params->params.rsa.type == RSA_PKCS1_V1_5) ctx->type = LTC_LTC_PKCS_1_V1_5; - else if (params->params.pk.type == RSA_PKCS1_OAEP) + else if (params->params.rsa.type == RSA_PKCS1_OAEP) ctx->type = LTC_LTC_PKCS_1_OAEP; - else if (params->params.pk.type == RSA_PKCS1_PSS) + else if (params->params.rsa.type == RSA_PKCS1_PSS) ctx->type = LTC_LTC_PKCS_1_PSS; - ctx->oaep_hash = params->params.pk.oaep_hash; - ctx->salt_len = params->params.pk.pss_salt; + ctx->oaep_hash = params->params.rsa.oaep_hash; + ctx->salt_len = params->params.rsa.pss_salt; break; case NCR_ALG_DSA: break; diff --git a/ncr-sessions.c b/ncr-sessions.c index d8a9b4f..6856310 100644 --- a/ncr-sessions.c +++ b/ncr-sessions.c @@ -290,6 +290,7 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses { struct session_item_st* ns = NULL; int ret; + ncr_algorithm_t sign_hash; const char* str = NULL; ns = ncr_session_new(&lists->sessions); @@ -310,7 +311,7 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses } /* read key */ - ret = ncr_key_item_get_read( &ns->key, &lists->key, session->params.key); + ret = ncr_key_item_get_read( &ns->key, &lists->key, session->key); if (ret < 0) { err(); goto fail; @@ -365,7 +366,7 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses } /* read key */ - ret = ncr_key_item_get_read( &ns->key, &lists->key, session->params.key); + ret = ncr_key_item_get_read( &ns->key, &lists->key, session->key); if (ret < 0) { err(); goto fail; @@ -386,12 +387,19 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses } } else if (ns->key->type == NCR_KEY_TYPE_PRIVATE || ns->key->type == NCR_KEY_TYPE_PUBLIC) { - if (algo_can_digest(session->params.params.pk.sign_hash) == 0) { + ret = ncr_key_params_get_sign_hash(ns->key->algorithm, &session->params); + if (ret < 0) { + err(); + return ret; + } + sign_hash = ret; + + if (algo_can_digest(sign_hash) == 0) { err(); ret = -EINVAL; goto fail; } - str = _ncr_algo_to_str(session->params.params.pk.sign_hash); + str = _ncr_algo_to_str(sign_hash); if (str == NULL) { err(); ret = -EINVAL; @@ -137,11 +137,16 @@ typedef enum { RSA_PKCS1_PSS, /* for signatures only */ } ncr_rsa_type_t; +typedef enum { + NCR_KEY_PARAMS_CIPHER, + NCR_KEY_PARAMS_DH, + NCR_KEY_PARAMS_RSA +} ncr_key_params_type_t; + /* used in derivation/encryption */ struct ncr_key_params_st { - ncr_key_t key; - + ncr_key_params_type_t type; union { struct { uint8_t iv[NCR_CIPHER_MAX_BLOCK_LEN]; @@ -156,7 +161,10 @@ struct ncr_key_params_st { ncr_algorithm_t oaep_hash; /* for OAEP */ ncr_algorithm_t sign_hash; /* for signatures */ unsigned int pss_salt; /* PSS signatures */ - } pk; + } rsa; + struct { + ncr_algorithm_t sign_hash; /* for signatures */ + } dsa; } params; }; @@ -164,7 +172,8 @@ struct ncr_key_derivation_params_st { ncr_key_t newkey; unsigned int keyflags; /* for new key */ - struct ncr_key_params_st key; + ncr_key_t key; + struct ncr_key_params_st params; }; #define MAX_KEY_ID_SIZE 20 @@ -212,7 +221,9 @@ struct ncr_key_data_st { struct ncr_key_wrap_st { ncr_wrap_algorithm_t algorithm; ncr_key_t keytowrap; - struct ncr_key_params_st key; + + ncr_key_t key; + struct ncr_key_params_st params; ncr_data_t data; /* encrypted keytowrap */ }; @@ -255,6 +266,8 @@ typedef int ncr_session_t; struct ncr_session_st { /* input */ ncr_algorithm_t algorithm; + + ncr_key_t key; struct ncr_key_params_st params; ncr_crypto_op_t op; @@ -193,7 +193,6 @@ inline static unsigned int data_flags_to_key(unsigned int data_flags) const char* _ncr_algo_to_str(ncr_algorithm_t algo); int _ncr_algo_digest_size(ncr_algorithm_t algo); - - +int ncr_key_params_get_sign_hash(ncr_algorithm_t algo, struct ncr_key_params_st * params); #endif |