diff options
| author | Miloslav Trmač <mitr@redhat.com> | 2010-08-13 19:17:16 +0200 |
|---|---|---|
| committer | Miloslav Trmač <mitr@redhat.com> | 2010-08-24 22:59:22 +0200 |
| commit | 827e65e77c32da30ce675e8e7c05de73d9aeab5a (patch) | |
| tree | fd0eeb20b7eecb859756abdc4941fab3cb0ca4ae | |
| parent | 7c70b1f992d02daa3c5d435355ac7875a6b1b95b (diff) | |
| download | cryptodev-linux-827e65e77c32da30ce675e8e7c05de73d9aeab5a.tar.gz cryptodev-linux-827e65e77c32da30ce675e8e7c05de73d9aeab5a.tar.xz cryptodev-linux-827e65e77c32da30ce675e8e7c05de73d9aeab5a.zip | |
Convert *_KEY_EXPORT
| -rw-r--r-- | examples/ncr.c | 61 | ||||
| -rw-r--r-- | examples/pk.c | 113 | ||||
| -rw-r--r-- | ncr-int.h | 3 | ||||
| -rw-r--r-- | ncr-key.c | 34 | ||||
| -rw-r--r-- | ncr-pk.c | 2 | ||||
| -rw-r--r-- | ncr.c | 45 | ||||
| -rw-r--r-- | ncr.h | 10 |
7 files changed, 149 insertions, 119 deletions
diff --git a/examples/ncr.c b/examples/ncr.c index b999003..2c2ca7c 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -58,6 +58,7 @@ test_ncr_key(int cfd) struct nlattr *nla; ncr_key_t key; struct ncr_key_data_st keydata; + struct ncr_key_export kexport; uint8_t data[KEY_DATA_SIZE]; uint8_t data_bak[KEY_DATA_SIZE]; uint16_t *attr_p; @@ -101,20 +102,14 @@ test_ncr_key(int cfd) /* now try to read it */ fprintf(stdout, "\tKey export...\n"); - memset(&keydata, 0, sizeof(keydata)); - keydata.key = key; - keydata.idata = data; - keydata.idata_size = sizeof(data); + memset(&kexport, 0, sizeof(kexport)); + kexport.key = key; + kexport.buffer = data; + kexport.buffer_size = sizeof(data); - if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_IMPORT)"); - return 1; - } - - if (keydata.idata_size != sizeof(data)) { + if (ioctl(cfd, NCRIO_KEY_EXPORT, &kexport) != sizeof(data)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - fprintf(stderr, "data returned but differ!\n"); + perror("ioctl(NCRIO_KEY_EXPORT)"); return 1; } @@ -165,18 +160,18 @@ test_ncr_key(int cfd) memset(data, 0, sizeof(data)); - memset(&keydata, 0, sizeof(keydata)); - keydata.key = key; - keydata.idata = data; - keydata.idata_size = sizeof(data); + memset(&kexport, 0, sizeof(kexport)); + kexport.key = key; + kexport.buffer = data; + kexport.buffer_size = sizeof(data); - if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { + if (ioctl(cfd, NCRIO_KEY_EXPORT, &kexport) != sizeof(data)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_IMPORT)"); + perror("ioctl(NCRIO_KEY_EXPORT)"); return 1; } - if (keydata.idata_size == 0 || (data[0] == 0 && data[1] == 0 && data[2] == 0 && data[4] == 0)) { + if (data[0] == 0 && data[1] == 0 && data[2] == 0 && data[4] == 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); fprintf(stderr, "Generated key: %.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x." "%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x\n", data[0], data[1], @@ -296,14 +291,14 @@ test_ncr_key(int cfd) memset(data, 0, sizeof(data)); - memset(&keydata, 0, sizeof(keydata)); - keydata.key = key; - keydata.idata = data; - keydata.idata_size = sizeof(data); + memset(&kexport, 0, sizeof(kexport)); + kexport.key = key; + kexport.buffer = data; + kexport.buffer_size = sizeof(data); /* try to get the output data - should fail */ - if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)==0) { + if (ioctl(cfd, NCRIO_KEY_EXPORT, &kexport) >= 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); fprintf(stderr, "Data were exported, but shouldn't be!\n"); return 1; @@ -580,6 +575,7 @@ test_ncr_store_wrap_key(int cfd) int i; ncr_key_t key2; struct ncr_key_data_st keydata; + struct ncr_key_export kexport; struct ncr_key_storage_wrap_st kwrap; uint8_t data[DATA_SIZE]; int data_size; @@ -659,20 +655,19 @@ test_ncr_store_wrap_key(int cfd) } /* now export the unwrapped */ - memset(&keydata, 0, sizeof(keydata)); - keydata.key = key2; - keydata.idata = data; - keydata.idata_size = sizeof(data); + memset(&kexport, 0, sizeof(kexport)); + kexport.key = key2; + kexport.buffer = data; + kexport.buffer_size = sizeof(data); - if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { + data_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); + if (data_size != 16) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_IMPORT)"); + perror("ioctl(NCRIO_KEY_EXPORT)"); return 1; } - - data_size = keydata.idata_size; - if (data_size != 16 || memcmp(data, DKEY, 16) != 0) { + if (memcmp(data, DKEY, 16) != 0) { fprintf(stderr, "Unwrapped data do not match.\n"); fprintf(stderr, "Data[%d]: ", (int) data_size); for(i=0;i<data_size;i++) diff --git a/examples/pk.c b/examples/pk.c index 8437322..862eb8c 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -327,8 +327,8 @@ int ret; gnutls_datum g, p, params; gnutls_dh_params_t dhp; unsigned char y1[1024], y2[1024]; -size_t y1_size, y2_size; -struct ncr_key_data_st keydata; +ssize_t y1_size, y2_size; +struct ncr_key_export kexport; struct __attribute__((packed)) { struct ncr_key_derive f; struct nlattr algo_head ALIGN_NL; @@ -451,33 +451,31 @@ struct __attribute__((packed)) { } /* export y1=g^x1 */ - memset(&keydata, 0, sizeof(keydata)); - keydata.key = public1; - keydata.idata = y1; - keydata.idata_size = sizeof(y1); + memset(&kexport, 0, sizeof(kexport)); + kexport.key = public1; + kexport.buffer = y1; + kexport.buffer_size = sizeof(y1); - if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { + y1_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); + if (y1_size < 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_EXPORT)"); return 1; } - - y1_size = keydata.idata_size; /* export y2=g^x2 */ - memset(&keydata, 0, sizeof(keydata)); - keydata.key = public2; - keydata.idata = y2; - keydata.idata_size = sizeof(y2); + memset(&kexport, 0, sizeof(kexport)); + kexport.key = public2; + kexport.buffer = y2; + kexport.buffer_size = sizeof(y2); - if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { + y2_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); + if (y2_size < 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_EXPORT)"); return 1; } - y2_size = keydata.idata_size; - /* z1=y1^x2 */ z1 = ioctl(cfd, NCRIO_KEY_INIT); if (z1 == -1) { @@ -541,29 +539,29 @@ struct __attribute__((packed)) { } /* z1==z2 */ - memset(&keydata, 0, sizeof(keydata)); - keydata.key = z1; - keydata.idata = y1; - keydata.idata_size = sizeof(y1); + memset(&kexport, 0, sizeof(kexport)); + kexport.key = z1; + kexport.buffer = y1; + kexport.buffer_size = sizeof(y1); - if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { + y1_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); + if (y1_size < 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_EXPORT)"); return 1; } - y1_size = keydata.idata_size; - memset(&keydata, 0, sizeof(keydata)); - keydata.key = z2; - keydata.idata = y2; - keydata.idata_size = sizeof(y2); + memset(&kexport, 0, sizeof(kexport)); + kexport.key = z2; + kexport.buffer = y2; + kexport.buffer_size = sizeof(y2); - if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { + y2_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); + if (y2_size < 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_EXPORT)"); return 1; } - y2_size = keydata.idata_size; if (y1_size == 0 || y1_size != y2_size || memcmp(y1, y2, y1_size) != 0) { int i; @@ -971,7 +969,7 @@ static int test_ncr_rsa(int cfd) uint32_t bits ALIGN_NL; } kgen; ncr_key_t pubkey, privkey; - struct ncr_key_data_st keydata; + struct ncr_key_export kexport; uint8_t data[DATA_SIZE]; int data_size; @@ -1015,18 +1013,17 @@ static int test_ncr_rsa(int cfd) /* export the private key */ memset(data, 0, sizeof(data)); - memset(&keydata, 0, sizeof(keydata)); - keydata.key = privkey; - keydata.idata = data; - keydata.idata_size = sizeof(data); + memset(&kexport, 0, sizeof(kexport)); + kexport.key = privkey; + kexport.buffer = data; + kexport.buffer_size = sizeof(data); - if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { + data_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); + if (data_size < 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_EXPORT)"); return 1; } - - data_size = keydata.idata_size; ret = privkey_info(data, data_size, 0); if (ret != 0) { @@ -1037,18 +1034,17 @@ static int test_ncr_rsa(int cfd) /* export the public key */ memset(data, 0, sizeof(data)); - memset(&keydata, 0, sizeof(keydata)); - keydata.key = pubkey; - keydata.idata = data; - keydata.idata_size = sizeof(data); + memset(&kexport, 0, sizeof(kexport)); + kexport.key = pubkey; + kexport.buffer = data; + kexport.buffer_size = sizeof(data); - if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { + data_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); + if (data_size < 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_IMPORT)"); + perror("ioctl(NCRIO_KEY_EXPORT)"); return 1; } - - data_size = keydata.idata_size; ret = pubkey_info(data, data_size, 0); if (ret != 0) { @@ -1101,7 +1097,7 @@ static int test_ncr_dsa(int cfd) uint32_t p_bits ALIGN_NL; } kgen; ncr_key_t pubkey, privkey; - struct ncr_key_data_st keydata; + struct ncr_key_export kexport; uint8_t data[DATA_SIZE]; int data_size; @@ -1146,18 +1142,18 @@ static int test_ncr_dsa(int cfd) return 1; } - memset(&keydata, 0, sizeof(keydata)); memset(data, 0, sizeof(data)); - keydata.key = privkey; - keydata.idata = data; - keydata.idata_size = sizeof(data); + memset(&kexport, 0, sizeof(kexport)); + kexport.key = privkey; + kexport.buffer = data; + kexport.buffer_size = sizeof(data); - if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { + data_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); + if (data_size < 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_EXPORT)"); return 1; } - data_size = keydata.idata_size; ret = privkey_info(data, data_size, 0); if (ret != 0) { @@ -1168,18 +1164,17 @@ static int test_ncr_dsa(int cfd) /* export the public key */ memset(data, 0, sizeof(data)); - memset(&keydata, 0, sizeof(keydata)); - keydata.key = pubkey; - keydata.idata = data; - keydata.idata_size = sizeof(data); + memset(&kexport, 0, sizeof(kexport)); + kexport.key = pubkey; + kexport.buffer = data; + kexport.buffer_size = sizeof(data); - if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { + data_size = ioctl(cfd, NCRIO_KEY_EXPORT, &kexport); + if (data_size < 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_IMPORT)"); + perror("ioctl(NCRIO_KEY_EXPORT)"); return 1; } - - data_size = keydata.idata_size; ret = pubkey_info(data, data_size, 0); if (ret != 0) { @@ -121,7 +121,8 @@ void ncr_key_assign_flags(struct key_item_st* item, unsigned int flags); /* key handling */ int ncr_key_init(struct ncr_lists *lst); int ncr_key_deinit(struct ncr_lists *lst, void __user* arg); -int ncr_key_export(struct ncr_lists *lst, void __user* arg); +int ncr_key_export(struct ncr_lists *lst, const struct ncr_key_export *data, + struct nlattr *tb[]); int ncr_key_import(struct ncr_lists *lst, void __user* arg); void ncr_key_list_deinit(struct ncr_lists *lst); int ncr_key_generate(struct ncr_lists *lst, const struct ncr_key_generate *gen, @@ -210,23 +210,20 @@ int ncr_key_deinit(struct ncr_lists *lst, void __user* arg) return 0; } -/* "exports" a key to a data item. If the key is not exportable - * to userspace then the data item will also not be. - */ -int ncr_key_export(struct ncr_lists *lst, void __user* arg) +int ncr_key_export(struct ncr_lists *lst, const struct ncr_key_export *data, + struct nlattr *tb[]) { -struct ncr_key_data_st data; struct key_item_st* item = NULL; void* tmp = NULL; uint32_t tmp_size; int ret; - if (unlikely(copy_from_user(&data, arg, sizeof(data)))) { + if (data->buffer_size < 0) { err(); - return -EFAULT; + return -EINVAL; } - ret = ncr_key_item_get_read( &item, lst, data.key); + ret = ncr_key_item_get_read(&item, lst, data->key); if (ret < 0) { err(); return ret; @@ -240,15 +237,15 @@ int ret; switch (item->type) { case NCR_KEY_TYPE_SECRET: - if (item->key.secret.size > data.idata_size) { + if (item->key.secret.size > data->buffer_size) { err(); - ret = -EINVAL; + ret = -ERANGE; goto fail; } /* found */ if (item->key.secret.size > 0) { - ret = copy_to_user(data.idata, item->key.secret.data, item->key.secret.size); + ret = copy_to_user(data->buffer, item->key.secret.data, item->key.secret.size); if (unlikely(ret)) { err(); ret = -EFAULT; @@ -256,11 +253,11 @@ int ret; } } - data.idata_size = item->key.secret.size; + ret = item->key.secret.size; break; case NCR_KEY_TYPE_PUBLIC: case NCR_KEY_TYPE_PRIVATE: - tmp_size = data.idata_size; + tmp_size = data->buffer_size; tmp = kmalloc(tmp_size, GFP_KERNEL); if (tmp == NULL) { @@ -270,20 +267,19 @@ int ret; } ret = ncr_pk_pack(item, tmp, &tmp_size); - data.idata_size = tmp_size; - if (ret < 0) { err(); goto fail; } - ret = copy_to_user(data.idata, tmp, tmp_size); + ret = copy_to_user(data->buffer, tmp, tmp_size); if (unlikely(ret)) { err(); ret = -EFAULT; goto fail; } + ret = tmp_size; break; default: err(); @@ -291,12 +287,6 @@ int ret; goto fail; } - if (unlikely(copy_to_user(arg, &data, sizeof(data)))) { - err(); - ret = -EFAULT; - } else - ret = 0; - fail: kfree(tmp); if (item) @@ -37,7 +37,7 @@ int _ncr_tomerr(int err) { switch (err) { case CRYPT_BUFFER_OVERFLOW: - return -EOVERFLOW; + return -ERANGE; case CRYPT_MEM: return -ENOMEM; default: @@ -166,10 +166,9 @@ ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) ncr_out_free(&out); break; } + CASE_NO_OUTPUT(NCRIO_KEY_EXPORT, ncr_key_export, ncr_key_export); case NCRIO_KEY_DEINIT: return ncr_key_deinit(lst, arg); - case NCRIO_KEY_EXPORT: - return ncr_key_export(lst, arg); case NCRIO_KEY_IMPORT: return ncr_key_import(lst, arg); case NCRIO_KEY_WRAP: @@ -200,9 +199,31 @@ ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) } #ifdef CONFIG_COMPAT +struct compat_ncr_key_export { + __u32 input_size, output_size; + ncr_key_t key; + compat_uptr_t buffer; + compat_int_t buffer_size; + __NL_ATTRIBUTES; +}; +#define COMPAT_NCRIO_KEY_EXPORT _IOWR('c', 209, struct compat_ncr_key_export) + +static void convert_ncr_key_export(struct ncr_key_export *new, + const struct compat_ncr_key_export *old) +{ + new->key = old->key; + new->buffer = compat_ptr(old->buffer); + new->buffer_size = old->buffer_size; +} + long ncr_compat_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) { + void __user *arg = (void __user *)arg_; + struct nlattr *tb[NCR_ATTR_MAX + 1]; + void *attr_buf; + int ret; + if (unlikely(!lst)) BUG(); @@ -213,8 +234,28 @@ ncr_compat_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) case NCRIO_KEY_DERIVE: case NCRIO_KEY_GET_INFO: return ncr_ioctl(lst, cmd, arg_); + +#define CASE_NO_OUTPUT(LABEL, STRUCT, FUNCTION) \ + case (LABEL): { \ + struct compat_##STRUCT old; \ + struct STRUCT new; \ + \ + attr_buf = NCR_GET_INPUT_ARGS_NO_OUTPUT(&old, tb, arg); \ + if (IS_ERR(attr_buf)) { \ + err(); \ + return PTR_ERR(attr_buf); \ + } \ + convert_##STRUCT(&new, &old); \ + ret = (FUNCTION)(lst, &new, tb); \ + break; \ + } + + CASE_NO_OUTPUT(COMPAT_NCRIO_KEY_EXPORT, ncr_key_export, ncr_key_export); default: return -EINVAL; +#undef CASE_NO_OUTPUT } + kfree(attr_buf); + return ret; } #endif @@ -196,6 +196,14 @@ struct ncr_key_data_st { ncr_algorithm_t algorithm; /* valid for public/private keys */ }; +struct ncr_key_export { + __u32 input_size, output_size; + ncr_key_t key; + void __user *buffer; + int buffer_size; + __NL_ATTRIBUTES; +}; + #define NCRIO_KEY_INIT _IO('c', 204) /* generate a secret key */ #define NCRIO_KEY_GENERATE _IOWR('c', 205, struct ncr_key_generate) @@ -207,7 +215,7 @@ struct ncr_key_data_st { #define NCRIO_KEY_GET_INFO _IOWR('c', 208, struct ncr_key_get_info) /* export a secret key */ -#define NCRIO_KEY_EXPORT _IOWR('c', 209, struct ncr_key_data_st) +#define NCRIO_KEY_EXPORT _IOWR('c', 209, struct ncr_key_export) /* import a secret key */ #define NCRIO_KEY_IMPORT _IOWR('c', 210, struct ncr_key_data_st) |