diff options
author | Miloslav Trmač <mitr@redhat.com> | 2010-08-16 14:30:45 +0200 |
---|---|---|
committer | Miloslav Trmač <mitr@redhat.com> | 2010-08-24 23:09:33 +0200 |
commit | af980a4453d1d36486c5d75c49d389b0cc7e2c79 (patch) | |
tree | a0fa05935094757d33c794cc3dcf8d59f63a10ab | |
parent | 827e65e77c32da30ce675e8e7c05de73d9aeab5a (diff) | |
download | cryptodev-linux-af980a4453d1d36486c5d75c49d389b0cc7e2c79.tar.gz cryptodev-linux-af980a4453d1d36486c5d75c49d389b0cc7e2c79.tar.xz cryptodev-linux-af980a4453d1d36486c5d75c49d389b0cc7e2c79.zip |
Convert *_KEY_IMPORT
-rw-r--r-- | examples/ncr.c | 395 | ||||
-rw-r--r-- | examples/pk.c | 44 | ||||
-rw-r--r-- | ncr-int.h | 3 | ||||
-rw-r--r-- | ncr-key.c | 51 | ||||
-rw-r--r-- | ncr.c | 21 | ||||
-rw-r--r-- | ncr.h | 19 | ||||
-rw-r--r-- | utils.c | 1 |
7 files changed, 365 insertions, 169 deletions
diff --git a/examples/ncr.c b/examples/ncr.c index 2c2ca7c..56a59ce 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -57,7 +57,17 @@ test_ncr_key(int cfd) } kinfo; struct nlattr *nla; ncr_key_t key; - struct ncr_key_data_st keydata; + struct __attribute__((packed)) { + struct ncr_key_import f; + struct nlattr id_head ALIGN_NL; + uint8_t id[2] ALIGN_NL; + struct nlattr type_head ALIGN_NL; + uint32_t type ALIGN_NL; + struct nlattr algo_head ALIGN_NL; + uint32_t algo ALIGN_NL; + struct nlattr flags_head ALIGN_NL; + uint32_t flags ALIGN_NL; + } kimport; struct ncr_key_export kexport; uint8_t data[KEY_DATA_SIZE]; uint8_t data_bak[KEY_DATA_SIZE]; @@ -82,18 +92,26 @@ test_ncr_key(int cfd) return 1; } - keydata.key_id[0] = 'a'; - keydata.key_id[2] = 'b'; - keydata.key_id_size = 2; - keydata.type = NCR_KEY_TYPE_SECRET; - keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE; - - keydata.key = key; - keydata.idata = data; - keydata.idata_size = sizeof(data); - - if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { + memset(&kimport.f, 0, sizeof(kimport.f)); + kimport.f.input_size = sizeof(kimport); + kimport.f.key = key; + kimport.f.data = data; + kimport.f.data_size = sizeof(data); + kimport.id_head.nla_len = NLA_HDRLEN + sizeof(kimport.id); + kimport.id_head.nla_type = NCR_ATTR_KEY_ID; + kimport.id[0] = 'a'; + kimport.id[1] = 'b'; + kimport.type_head.nla_len = NLA_HDRLEN + sizeof(kimport.type); + kimport.type_head.nla_type = NCR_ATTR_KEY_TYPE; + kimport.type = NCR_KEY_TYPE_SECRET; + kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); + kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kimport.algo = NCR_ALG_AES_CBC; + kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); + kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kimport.flags = NCR_KEY_FLAG_EXPORTABLE; + + if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; @@ -321,7 +339,17 @@ test_ncr_wrap_key(int cfd) { int i, ret; ncr_key_t key, key2; - struct ncr_key_data_st keydata; + struct __attribute__((packed)) { + struct ncr_key_import f; + struct nlattr id_head ALIGN_NL; + uint8_t id[2] ALIGN_NL; + struct nlattr type_head ALIGN_NL; + uint32_t type ALIGN_NL; + struct nlattr algo_head ALIGN_NL; + uint32_t algo ALIGN_NL; + struct nlattr flags_head ALIGN_NL; + uint32_t flags ALIGN_NL; + } kimport; struct ncr_key_wrap_st kwrap; uint8_t data[WRAPPED_KEY_DATA_SIZE]; int data_size; @@ -341,18 +369,26 @@ test_ncr_wrap_key(int cfd) return 1; } - keydata.key_id[0] = 'a'; - keydata.key_id[2] = 'b'; - keydata.key_id_size = 2; - keydata.type = NCR_KEY_TYPE_SECRET; - keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; - - keydata.key = key; - keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; - keydata.idata_size = 16; - - if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { + memset(&kimport.f, 0, sizeof(kimport.f)); + kimport.f.input_size = sizeof(kimport); + kimport.f.key = key; + kimport.f.data = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; + kimport.f.data_size = 16; + kimport.id_head.nla_len = NLA_HDRLEN + sizeof(kimport.id); + kimport.id_head.nla_type = NCR_ATTR_KEY_ID; + kimport.id[0] = 'a'; + kimport.id[1] = 'b'; + kimport.type_head.nla_len = NLA_HDRLEN + sizeof(kimport.type); + kimport.type_head.nla_type = NCR_ATTR_KEY_TYPE; + kimport.type = NCR_KEY_TYPE_SECRET; + kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); + kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kimport.algo = NCR_ALG_AES_CBC; + kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); + kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; + + if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; @@ -366,19 +402,27 @@ test_ncr_wrap_key(int cfd) return 1; } - keydata.key_id[0] = 'b'; - keydata.key_id[2] = 'a'; - keydata.key_id_size = 2; - keydata.type = NCR_KEY_TYPE_SECRET; - keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; - - keydata.key = key2; + memset(&kimport.f, 0, sizeof(kimport.f)); + kimport.f.input_size = sizeof(kimport); + kimport.f.key = key2; #define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" - keydata.idata = DKEY; - keydata.idata_size = 16; - - if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { + kimport.f.data = DKEY; + kimport.f.data_size = 16; + kimport.id_head.nla_len = NLA_HDRLEN + sizeof(kimport.id); + kimport.id_head.nla_type = NCR_ATTR_KEY_ID; + kimport.id[0] = 'b'; + kimport.id[1] = 'a'; + kimport.type_head.nla_len = NLA_HDRLEN + sizeof(kimport.type); + kimport.type_head.nla_type = NCR_ATTR_KEY_TYPE; + kimport.type = NCR_KEY_TYPE_SECRET; + kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); + kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kimport.algo = NCR_ALG_AES_CBC; + kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); + kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; + + if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; @@ -488,7 +532,17 @@ test_ncr_wrap_key2(int cfd) { int ret; ncr_key_t key, key2; - struct ncr_key_data_st keydata; + struct __attribute__((packed)) { + struct ncr_key_import f; + struct nlattr id_head ALIGN_NL; + uint8_t id[2] ALIGN_NL; + struct nlattr type_head ALIGN_NL; + uint32_t type ALIGN_NL; + struct nlattr algo_head ALIGN_NL; + uint32_t algo ALIGN_NL; + struct nlattr flags_head ALIGN_NL; + uint32_t flags ALIGN_NL; + } kimport; struct ncr_key_wrap_st kwrap; uint8_t data[WRAPPED_KEY_DATA_SIZE]; @@ -510,18 +564,26 @@ test_ncr_wrap_key2(int cfd) return 1; } - keydata.key_id[0] = 'a'; - keydata.key_id[2] = 'b'; - keydata.key_id_size = 2; - keydata.type = NCR_KEY_TYPE_SECRET; - keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; - - keydata.key = key; - keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; - keydata.idata_size = 16; - - if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { + memset(&kimport.f, 0, sizeof(kimport.f)); + kimport.f.input_size = sizeof(kimport); + kimport.f.key = key; + kimport.f.data = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; + kimport.f.data_size = 16; + kimport.id_head.nla_len = NLA_HDRLEN + sizeof(kimport.id); + kimport.id_head.nla_type = NCR_ATTR_KEY_ID; + kimport.id[0] = 'a'; + kimport.id[1] = 'b'; + kimport.type_head.nla_len = NLA_HDRLEN + sizeof(kimport.type); + kimport.type_head.nla_type = NCR_ATTR_KEY_TYPE; + kimport.type = NCR_KEY_TYPE_SECRET; + kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); + kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kimport.algo = NCR_ALG_AES_CBC; + kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); + kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; + + if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; @@ -534,18 +596,26 @@ test_ncr_wrap_key2(int cfd) return 1; } - keydata.key_id[0] = 'b'; - keydata.key_id[2] = 'a'; - keydata.key_id_size = 2; - keydata.type = NCR_KEY_TYPE_SECRET; - keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; - - keydata.key = key2; - keydata.idata = "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"; - keydata.idata_size = 32; - - if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { + memset(&kimport.f, 0, sizeof(kimport.f)); + kimport.f.input_size = sizeof(kimport); + kimport.f.key = key2; + kimport.f.data = "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"; + kimport.f.data_size = 32; + kimport.id_head.nla_len = NLA_HDRLEN + sizeof(kimport.id); + kimport.id_head.nla_type = NCR_ATTR_KEY_ID; + kimport.id[0] = 'b'; + kimport.id[1] = 'a'; + kimport.type_head.nla_len = NLA_HDRLEN + sizeof(kimport.type); + kimport.type_head.nla_type = NCR_ATTR_KEY_TYPE; + kimport.type = NCR_KEY_TYPE_SECRET; + kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); + kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kimport.algo = NCR_ALG_AES_CBC; + kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); + kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; + + if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; @@ -574,7 +644,17 @@ test_ncr_store_wrap_key(int cfd) { int i; ncr_key_t key2; - struct ncr_key_data_st keydata; + struct __attribute__((packed)) { + struct ncr_key_import f; + struct nlattr id_head ALIGN_NL; + uint8_t id[2] ALIGN_NL; + struct nlattr type_head ALIGN_NL; + uint32_t type ALIGN_NL; + struct nlattr algo_head ALIGN_NL; + uint32_t algo ALIGN_NL; + struct nlattr flags_head ALIGN_NL; + uint32_t flags ALIGN_NL; + } kimport; struct ncr_key_export kexport; struct ncr_key_storage_wrap_st kwrap; uint8_t data[DATA_SIZE]; @@ -595,19 +675,27 @@ test_ncr_store_wrap_key(int cfd) return 1; } - keydata.key_id[0] = 'b'; - keydata.key_id[2] = 'a'; - keydata.key_id_size = 2; - keydata.type = NCR_KEY_TYPE_SECRET; - keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; - - keydata.key = key2; + memset(&kimport.f, 0, sizeof(kimport.f)); + kimport.f.input_size = sizeof(kimport); + kimport.f.key = key2; #define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" - keydata.idata = DKEY; - keydata.idata_size = 16; - - if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { + kimport.f.data = DKEY; + kimport.f.data_size = 16; + kimport.id_head.nla_len = NLA_HDRLEN + sizeof(kimport.id); + kimport.id_head.nla_type = NCR_ATTR_KEY_ID; + kimport.id[0] = 'b'; + kimport.id[1] = 'a'; + kimport.type_head.nla_len = NLA_HDRLEN + sizeof(kimport.type); + kimport.type_head.nla_type = NCR_ATTR_KEY_TYPE; + kimport.type = NCR_KEY_TYPE_SECRET; + kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); + kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kimport.algo = NCR_ALG_AES_CBC; + kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); + kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; + + if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; @@ -717,7 +805,17 @@ static int test_ncr_aes(int cfd) { ncr_key_t key; - struct ncr_key_data_st keydata; + struct __attribute__((packed)) { + struct ncr_key_import f; + struct nlattr id_head ALIGN_NL; + uint8_t id[2] ALIGN_NL; + struct nlattr type_head ALIGN_NL; + uint32_t type ALIGN_NL; + struct nlattr algo_head ALIGN_NL; + uint32_t algo ALIGN_NL; + struct nlattr flags_head ALIGN_NL; + uint32_t flags ALIGN_NL; + } kimport; uint8_t data[KEY_DATA_SIZE]; int i, j; struct ncr_session_once_op_st nop; @@ -730,21 +828,28 @@ test_ncr_aes(int cfd) return 1; } - keydata.key_id[0] = 'a'; - keydata.key_id[2] = 'b'; - keydata.key_id_size = 2; - keydata.type = NCR_KEY_TYPE_SECRET; - keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE; - - fprintf(stdout, "Tests on AES Encryption\n"); for (i=0;i<sizeof(aes_vectors)/sizeof(aes_vectors[0]);i++) { - keydata.key = key; - keydata.idata = (void*)aes_vectors[i].key; - keydata.idata_size = 16; - if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { + memset(&kimport.f, 0, sizeof(kimport.f)); + kimport.f.input_size = sizeof(kimport); + kimport.f.key = key; + kimport.f.data = aes_vectors[i].key; + kimport.f.data_size = 16; + kimport.id_head.nla_len = NLA_HDRLEN + sizeof(kimport.id); + kimport.id_head.nla_type = NCR_ATTR_KEY_ID; + kimport.id[0] = 'a'; + kimport.id[1] = 'b'; + kimport.type_head.nla_len = NLA_HDRLEN + sizeof(kimport.type); + kimport.type_head.nla_type = NCR_ATTR_KEY_TYPE; + kimport.type = NCR_KEY_TYPE_SECRET; + kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); + kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kimport.algo = NCR_ALG_AES_CBC; + kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); + kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kimport.flags = NCR_KEY_FLAG_EXPORTABLE; + if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; @@ -789,10 +894,25 @@ test_ncr_aes(int cfd) fprintf(stdout, "Tests on AES Decryption\n"); for (i=0;i<sizeof(aes_vectors)/sizeof(aes_vectors[0]);i++) { - keydata.key = key; - keydata.idata = (void*)aes_vectors[i].key; - keydata.idata_size = 16; - if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { + memset(&kimport.f, 0, sizeof(kimport.f)); + kimport.f.input_size = sizeof(kimport); + kimport.f.key = key; + kimport.f.data = aes_vectors[i].key; + kimport.f.data_size = 16; + kimport.id_head.nla_len = NLA_HDRLEN + sizeof(kimport.id); + kimport.id_head.nla_type = NCR_ATTR_KEY_ID; + kimport.id[0] = 'a'; + kimport.id[1] = 'b'; + kimport.type_head.nla_len = NLA_HDRLEN + sizeof(kimport.type); + kimport.type_head.nla_type = NCR_ATTR_KEY_TYPE; + kimport.type = NCR_KEY_TYPE_SECRET; + kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); + kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kimport.algo = NCR_ALG_AES_CBC; + kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); + kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kimport.flags = NCR_KEY_FLAG_EXPORTABLE; + if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; @@ -927,7 +1047,17 @@ static int test_ncr_hash(int cfd) { ncr_key_t key; - struct ncr_key_data_st keydata; + struct __attribute__((packed)) { + struct ncr_key_import f; + struct nlattr id_head ALIGN_NL; + uint8_t id[2] ALIGN_NL; + struct nlattr type_head ALIGN_NL; + uint32_t type ALIGN_NL; + struct nlattr algo_head ALIGN_NL; + uint32_t algo ALIGN_NL; + struct nlattr flags_head ALIGN_NL; + uint32_t flags ALIGN_NL; + } kimport; uint8_t data[HASH_DATA_SIZE]; int i, j, data_size; struct ncr_session_once_op_st nop; @@ -939,14 +1069,6 @@ test_ncr_hash(int cfd) return 1; } - keydata.key_id[0] = 'a'; - keydata.key_id[2] = 'b'; - keydata.key_id_size = 2; - keydata.type = NCR_KEY_TYPE_SECRET; - keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE; - - fprintf(stdout, "Tests on Hashes\n"); for (i=0;i<sizeof(hash_vectors)/sizeof(hash_vectors[0]);i++) { @@ -954,10 +1076,29 @@ test_ncr_hash(int cfd) /* import key */ if (hash_vectors[i].key != NULL) { - keydata.key = key; - keydata.idata = (void*)hash_vectors[i].key; - keydata.idata_size = hash_vectors[i].key_size; - if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { + memset(&kimport.f, 0, sizeof(kimport.f)); + kimport.f.input_size = sizeof(kimport); + kimport.f.key = key; + kimport.f.data = hash_vectors[i].key; + kimport.f.data_size = hash_vectors[i].key_size; + kimport.id_head.nla_len + = NLA_HDRLEN + sizeof(kimport.id); + kimport.id_head.nla_type = NCR_ATTR_KEY_ID; + kimport.id[0] = 'a'; + kimport.id[1] = 'b'; + kimport.type_head.nla_len + = NLA_HDRLEN + sizeof(kimport.type); + kimport.type_head.nla_type = NCR_ATTR_KEY_TYPE; + kimport.type = NCR_KEY_TYPE_SECRET; + kimport.algo_head.nla_len + = NLA_HDRLEN + sizeof(kimport.algo); + kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kimport.algo = NCR_ALG_AES_CBC; + kimport.flags_head.nla_len + = NLA_HDRLEN + sizeof(kimport.flags); + kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kimport.flags = NCR_KEY_FLAG_EXPORTABLE; + if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; @@ -1012,7 +1153,17 @@ static int test_ncr_hash_key(int cfd) { ncr_key_t key; - struct ncr_key_data_st keydata; + struct __attribute__((packed)) { + struct ncr_key_import f; + struct nlattr id_head ALIGN_NL; + uint8_t id[2] ALIGN_NL; + struct nlattr type_head ALIGN_NL; + uint32_t type ALIGN_NL; + struct nlattr algo_head ALIGN_NL; + uint32_t algo ALIGN_NL; + struct nlattr flags_head ALIGN_NL; + uint32_t flags ALIGN_NL; + } kimport; uint8_t data[HASH_DATA_SIZE]; int j, data_size; struct ncr_session_op_st op; @@ -1026,21 +1177,29 @@ test_ncr_hash_key(int cfd) return 1; } - keydata.key_id[0] = 'a'; - keydata.key_id[2] = 'b'; - keydata.key_id_size = 2; - keydata.type = NCR_KEY_TYPE_SECRET; - keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE; - fprintf(stdout, "Tests on Hashes of Keys\n"); fprintf(stdout, "\t%s:\n", hash_vectors[0].name); /* import key */ - keydata.key = key; - keydata.idata = (void*)hash_vectors[0].plaintext; - keydata.idata_size = hash_vectors[0].plaintext_size; - if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { + memset(&kimport.f, 0, sizeof(kimport.f)); + kimport.f.input_size = sizeof(kimport); + kimport.f.key = key; + kimport.f.data = hash_vectors[0].plaintext; + kimport.f.data_size = hash_vectors[0].plaintext_size; + kimport.id_head.nla_len = NLA_HDRLEN + sizeof(kimport.id); + kimport.id_head.nla_type = NCR_ATTR_KEY_ID; + kimport.id[0] = 'a'; + kimport.id[1] = 'b'; + kimport.type_head.nla_len = NLA_HDRLEN + sizeof(kimport.type); + kimport.type_head.nla_type = NCR_ATTR_KEY_TYPE; + kimport.type = NCR_KEY_TYPE_SECRET; + kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); + kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kimport.algo = NCR_ALG_AES_CBC; + kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); + kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kimport.flags = NCR_KEY_FLAG_EXPORTABLE; + if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; diff --git a/examples/pk.c b/examples/pk.c index 862eb8c..fba53d5 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -597,7 +597,17 @@ test_ncr_wrap_key3(int cfd) int ret, i; ncr_key_t key; size_t data_size; - struct ncr_key_data_st keydata; + struct __attribute__((packed)) { + struct ncr_key_import f; + struct nlattr id_head ALIGN_NL; + uint8_t id[2] ALIGN_NL; + struct nlattr type_head ALIGN_NL; + uint32_t type ALIGN_NL; + struct nlattr algo_head ALIGN_NL; + uint32_t algo ALIGN_NL; + struct nlattr flags_head ALIGN_NL; + uint32_t flags ALIGN_NL; + } kimport; struct ncr_key_wrap_st kwrap; struct __attribute__((packed)) { struct ncr_key_generate_pair f; @@ -644,18 +654,26 @@ test_ncr_wrap_key3(int cfd) return 1; } - keydata.key_id[0] = 'a'; - keydata.key_id[2] = 'b'; - keydata.key_id_size = 2; - keydata.type = NCR_KEY_TYPE_SECRET; - keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; - - keydata.key = key; - keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; - keydata.idata_size = 16; - - if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { + memset(&kimport.f, 0, sizeof(kimport.f)); + kimport.f.input_size = sizeof(kimport); + kimport.f.key = key; + kimport.f.data = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; + kimport.f.data_size = 16; + kimport.id_head.nla_len = NLA_HDRLEN + sizeof(kimport.id); + kimport.id_head.nla_type = NCR_ATTR_KEY_ID; + kimport.id[0] = 'a'; + kimport.id[1] = 'b'; + kimport.type_head.nla_len = NLA_HDRLEN + sizeof(kimport.type); + kimport.type_head.nla_type = NCR_ATTR_KEY_TYPE; + kimport.type = NCR_KEY_TYPE_SECRET; + kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); + kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kimport.algo = NCR_ALG_AES_CBC; + kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); + kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; + + if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; @@ -123,7 +123,8 @@ int ncr_key_init(struct ncr_lists *lst); int ncr_key_deinit(struct ncr_lists *lst, void __user* arg); int ncr_key_export(struct ncr_lists *lst, const struct ncr_key_export *data, struct nlattr *tb[]); -int ncr_key_import(struct ncr_lists *lst, void __user* arg); +int ncr_key_import(struct ncr_lists *lst, const struct ncr_key_import *data, + struct nlattr *tb[]); void ncr_key_list_deinit(struct ncr_lists *lst); int ncr_key_generate(struct ncr_lists *lst, const struct ncr_key_generate *gen, struct nlattr *tb[]); @@ -304,23 +304,16 @@ void ncr_key_assign_flags(struct key_item_st* item, unsigned int flags) } } -/* "imports" a key from a data item. If the key is not exportable - * to userspace then the key item will also not be. - */ -int ncr_key_import(struct ncr_lists *lst, void __user* arg) +int ncr_key_import(struct ncr_lists *lst, const struct ncr_key_import *data, + struct nlattr *tb[]) { -struct ncr_key_data_st data; +const struct nlattr *nla; struct key_item_st* item = NULL; int ret; void* tmp = NULL; size_t tmp_size; - if (unlikely(copy_from_user(&data, arg, sizeof(data)))) { - err(); - return -EFAULT; - } - - ret = ncr_key_item_get_write( &item, lst, data.key); + ret = ncr_key_item_get_write( &item, lst, data->key); if (ret < 0) { err(); return ret; @@ -328,38 +321,50 @@ size_t tmp_size; ncr_key_clear(item); - tmp = kmalloc(data.idata_size, GFP_KERNEL); + tmp = kmalloc(data->data_size, GFP_KERNEL); if (tmp == NULL) { err(); ret = -ENOMEM; goto fail; } - if (unlikely(copy_from_user(tmp, data.idata, data.idata_size))) { + if (unlikely(copy_from_user(tmp, data->data, data->data_size))) { err(); ret = -EFAULT; goto fail; } - tmp_size = data.idata_size; - - item->type = data.type; - item->algorithm = _ncr_algo_to_properties(data.algorithm); - if (item->algorithm == NULL) { + tmp_size = data->data_size; + + nla = tb[NCR_ATTR_KEY_TYPE]; + if (tb == NULL) { err(); ret = -EINVAL; goto fail; } - ncr_key_assign_flags(item, data.flags); + item->type = nla_get_u32(nla); - if (data.key_id_size > MAX_KEY_ID_SIZE) { + item->algorithm = _ncr_nla_to_properties(tb[NCR_ATTR_ALGORITHM]); + if (item->algorithm == NULL) { err(); ret = -EINVAL; goto fail; } - item->key_id_size = data.key_id_size; - if (data.key_id_size > 0) - memcpy(item->key_id, data.key_id, data.key_id_size); + nla = tb[NCR_ATTR_KEY_FLAGS]; + if (nla != NULL) + ncr_key_assign_flags(item, nla_get_u32(nla)); + + nla = tb[NCR_ATTR_KEY_ID]; + if (nla != NULL) { + if (nla_len(nla) > MAX_KEY_ID_SIZE) { + err(); + ret = -EOVERFLOW; + goto fail; + } + + item->key_id_size = nla_len(nla); + memcpy(item->key_id, nla_data(nla), item->key_id_size); + } switch(item->type) { case NCR_KEY_TYPE_SECRET: @@ -167,10 +167,9 @@ ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) break; } CASE_NO_OUTPUT(NCRIO_KEY_EXPORT, ncr_key_export, ncr_key_export); + CASE_NO_OUTPUT(NCRIO_KEY_IMPORT, ncr_key_import, ncr_key_import); case NCRIO_KEY_DEINIT: return ncr_key_deinit(lst, arg); - case NCRIO_KEY_IMPORT: - return ncr_key_import(lst, arg); case NCRIO_KEY_WRAP: return ncr_key_wrap(lst, arg); case NCRIO_KEY_UNWRAP: @@ -216,6 +215,23 @@ static void convert_ncr_key_export(struct ncr_key_export *new, new->buffer_size = old->buffer_size; } +struct compat_ncr_key_import { + __u32 input_size, output_size; + ncr_key_t key; + compat_uptr_t data; + __u32 data_size; + __NL_ATTRIBUTES; +}; +#define COMPAT_NCRIO_KEY_IMPORT _IOWR('c', 210, struct compat_ncr_key_import) + +static void convert_ncr_key_import(struct ncr_key_import *new, + const struct compat_ncr_key_import *old) +{ + new->key = old->key; + new->data = compat_ptr(old->data); + new->data_size = old->data_size; +} + long ncr_compat_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) { @@ -251,6 +267,7 @@ ncr_compat_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) } CASE_NO_OUTPUT(COMPAT_NCRIO_KEY_EXPORT, ncr_key_export, ncr_key_export); + CASE_NO_OUTPUT(COMPAT_NCRIO_KEY_IMPORT, ncr_key_import, ncr_key_import); default: return -EINVAL; #undef CASE_NO_OUTPUT @@ -34,6 +34,7 @@ enum { NCR_ATTR_ALGORITHM, /* NLA_U32 - ncr_algorithm_t */ NCR_ATTR_DERIVATION_ALGORITHM, /* NLA_U32 - ncr_algorithm_t */ NCR_ATTR_KEY_FLAGS, /* NLA_U32 - NCR_KEY_FLAG_* */ + NCR_ATTR_KEY_ID, /* NLA_BINARY */ NCR_ATTR_KEY_TYPE, /* NLA_U32 - ncr_key_type_t */ NCR_ATTR_SECRET_KEY_BITS, /* NLA_U32 */ NCR_ATTR_RSA_MODULUS_BITS, /* NLA_U32 */ @@ -182,18 +183,12 @@ struct ncr_key_get_info { __NL_ATTRIBUTES; }; -struct ncr_key_data_st { +struct ncr_key_import { + __u32 input_size, output_size; ncr_key_t key; - - void __user *idata; - __kernel_size_t idata_size; /* rw in get */ - - /* in case of import this will be used as key id */ - __u8 key_id[MAX_KEY_ID_SIZE]; - __kernel_size_t key_id_size; - ncr_key_type_t type; - unsigned int flags; - ncr_algorithm_t algorithm; /* valid for public/private keys */ + const void __user *data; + __u32 data_size; + __NL_ATTRIBUTES; }; struct ncr_key_export { @@ -217,7 +212,7 @@ struct ncr_key_export { /* export a secret key */ #define NCRIO_KEY_EXPORT _IOWR('c', 209, struct ncr_key_export) /* import a secret key */ -#define NCRIO_KEY_IMPORT _IOWR('c', 210, struct ncr_key_data_st) +#define NCRIO_KEY_IMPORT _IOWR('c', 210, struct ncr_key_import) #define NCRIO_KEY_DEINIT _IOR ('c', 215, ncr_key_t) @@ -32,6 +32,7 @@ static const struct nla_policy ncr_attr_policy[NCR_ATTR_MAX + 1] = { [NCR_ATTR_ALGORITHM] = { NLA_U32, 0 }, [NCR_ATTR_DERIVATION_ALGORITHM] = { NLA_U32, 0 }, [NCR_ATTR_KEY_FLAGS] = { NLA_U32, 0 }, + [NCR_ATTR_KEY_ID] = { NLA_BINARY, 0 }, [NCR_ATTR_KEY_TYPE] = { NLA_U32, 0 }, [NCR_ATTR_SECRET_KEY_BITS] = { NLA_U32, 0 }, [NCR_ATTR_RSA_MODULUS_BITS] = { NLA_U32, 0 }, |