diff options
| author | Miloslav Trmač <mitr@redhat.com> | 2010-08-18 05:31:14 +0200 |
|---|---|---|
| committer | Miloslav Trmač <mitr@redhat.com> | 2010-08-24 23:59:40 +0200 |
| commit | eef7de54be0cd38abb689de7b0a749154b04c694 (patch) | |
| tree | b7d62626d057fc65f7fef202d357fc5b357e7847 | |
| parent | 650b6caa69d41753d6ad61f20dc6d46bc24b96ea (diff) | |
| download | cryptodev-linux-eef7de54be0cd38abb689de7b0a749154b04c694.tar.gz cryptodev-linux-eef7de54be0cd38abb689de7b0a749154b04c694.tar.xz cryptodev-linux-eef7de54be0cd38abb689de7b0a749154b04c694.zip | |
Replace ncr_algorithm_t by NLA_NUL_STRING
| -rw-r--r-- | examples/ncr.c | 145 | ||||
| -rw-r--r-- | examples/pk.c | 77 | ||||
| -rw-r--r-- | examples/speed.c | 25 | ||||
| -rw-r--r-- | ncr-int.h | 24 | ||||
| -rw-r--r-- | ncr-key-storage.c | 6 | ||||
| -rw-r--r-- | ncr-key.c | 4 | ||||
| -rw-r--r-- | ncr-pk.c | 3 | ||||
| -rw-r--r-- | ncr-sessions.c | 96 | ||||
| -rw-r--r-- | ncr.h | 40 | ||||
| -rw-r--r-- | utils.c | 6 |
10 files changed, 227 insertions, 199 deletions
diff --git a/examples/ncr.c b/examples/ncr.c index facecd8..a9b0cea 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -22,6 +22,9 @@ #define ALIGN_NL __attribute__((aligned(NLA_ALIGNTO))) +#define ALG_AES_CBC "cbc(aes)" +#define ALG_AES_ECB "ecb(aes)" + static void randomize_data(uint8_t * data, size_t data_size) { int i; @@ -40,7 +43,7 @@ test_ncr_key(int cfd) struct __attribute__((packed)) { struct ncr_key_generate f; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_AES_CBC)] ALIGN_NL; struct nlattr flags_head ALIGN_NL; uint32_t flags ALIGN_NL; struct nlattr bits_head ALIGN_NL; @@ -64,7 +67,7 @@ test_ncr_key(int cfd) struct nlattr type_head ALIGN_NL; uint32_t type ALIGN_NL; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_AES_CBC)] ALIGN_NL; struct nlattr flags_head ALIGN_NL; uint32_t flags ALIGN_NL; } kimport; @@ -106,7 +109,7 @@ test_ncr_key(int cfd) kimport.type = NCR_KEY_TYPE_SECRET; kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kimport.algo = NCR_ALG_AES_CBC; + strcpy(kimport.algo, ALG_AES_CBC); kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kimport.flags = NCR_KEY_FLAG_EXPORTABLE; @@ -162,7 +165,7 @@ test_ncr_key(int cfd) kgen.f.key = key; kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kgen.algo = NCR_ALG_AES_CBC; + strcpy(kgen.algo, ALG_AES_CBC); kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kgen.flags = NCR_KEY_FLAG_EXPORTABLE; @@ -227,10 +230,6 @@ test_ncr_key(int cfd) for (;;) { void *data; - if (nla->nla_len < NLA_HDRLEN + sizeof(uint32_t)) { - fprintf(stderr, "Attribute too small\n"); - return 1; - } if (nla->nla_len > kinfo.f.output_size - ((char *)nla - (char *)&kinfo)) { fprintf(stderr, "Attributes overflow\n"); @@ -239,13 +238,26 @@ test_ncr_key(int cfd) data = (char *)nla + NLA_HDRLEN; switch (nla->nla_type) { case NCR_ATTR_ALGORITHM: - if (*(uint32_t *)data != NCR_ALG_AES_CBC) { + if (nla->nla_len < NLA_HDRLEN + 1) { + fprintf(stderr, "Attribute too small\n"); + return 1; + } + if (((char *)data)[nla->nla_len - NLA_HDRLEN - 1] + != 0) { + fprintf(stderr, "NUL missing\n"); + return 1; + } + if (strcmp(data, ALG_AES_CBC) != 0) { fprintf(stderr, "Unexpected algorithm\n"); return 1; } got_algo++; break; case NCR_ATTR_KEY_FLAGS: + if (nla->nla_len < NLA_HDRLEN + sizeof(uint32_t)) { + fprintf(stderr, "Attribute too small\n"); + return 1; + } if (*(uint32_t *)data != NCR_KEY_FLAG_EXPORTABLE) { fprintf(stderr, "Unexpected key flags\n"); return 1; @@ -253,6 +265,10 @@ test_ncr_key(int cfd) got_flags++; break; case NCR_ATTR_KEY_TYPE: + if (nla->nla_len < NLA_HDRLEN + sizeof(uint32_t)) { + fprintf(stderr, "Attribute too small\n"); + return 1; + } if (*(uint32_t *)data != NCR_KEY_TYPE_SECRET) { fprintf(stderr, "Unexpected key type\n"); return 1; @@ -294,7 +310,7 @@ test_ncr_key(int cfd) kgen.f.key = key; kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kgen.algo = NCR_ALG_AES_CBC; + strcpy(kgen.algo, ALG_AES_CBC); kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kgen.flags = 0; @@ -346,7 +362,7 @@ test_ncr_wrap_key(int cfd) struct nlattr type_head ALIGN_NL; uint32_t type ALIGN_NL; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_AES_CBC)] ALIGN_NL; struct nlattr flags_head ALIGN_NL; uint32_t flags ALIGN_NL; } kimport; @@ -360,7 +376,7 @@ test_ncr_wrap_key(int cfd) struct nlattr wrap_algo_head ALIGN_NL; uint32_t wrap_algo ALIGN_NL; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_AES_CBC)] ALIGN_NL; } kunwrap; uint8_t data[WRAPPED_KEY_DATA_SIZE]; int data_size; @@ -394,7 +410,7 @@ test_ncr_wrap_key(int cfd) kimport.type = NCR_KEY_TYPE_SECRET; kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kimport.algo = NCR_ALG_AES_CBC; + strcpy(kimport.algo, ALG_AES_CBC); kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; @@ -428,7 +444,7 @@ test_ncr_wrap_key(int cfd) kimport.type = NCR_KEY_TYPE_SECRET; kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kimport.algo = NCR_ALG_AES_CBC; + strcpy(kimport.algo, ALG_AES_CBC); kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; @@ -500,7 +516,7 @@ test_ncr_wrap_key(int cfd) kunwrap.wrap_algo = NCR_WALG_AES_RFC3394; kunwrap.algo_head.nla_len = NLA_HDRLEN + sizeof(kunwrap.algo); kunwrap.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kunwrap.algo = NCR_ALG_AES_CBC; + strcpy(kunwrap.algo, ALG_AES_CBC); if (ioctl(cfd, NCRIO_KEY_UNWRAP, &kunwrap)) { perror("ioctl(NCRIO_KEY_UNWRAP)"); @@ -556,7 +572,7 @@ test_ncr_wrap_key2(int cfd) struct nlattr type_head ALIGN_NL; uint32_t type ALIGN_NL; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_AES_CBC)] ALIGN_NL; struct nlattr flags_head ALIGN_NL; uint32_t flags ALIGN_NL; } kimport; @@ -599,7 +615,7 @@ test_ncr_wrap_key2(int cfd) kimport.type = NCR_KEY_TYPE_SECRET; kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kimport.algo = NCR_ALG_AES_CBC; + strcpy(kimport.algo, ALG_AES_CBC); kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; @@ -631,7 +647,7 @@ test_ncr_wrap_key2(int cfd) kimport.type = NCR_KEY_TYPE_SECRET; kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kimport.algo = NCR_ALG_AES_CBC; + strcpy(kimport.algo, ALG_AES_CBC); kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; @@ -675,7 +691,7 @@ test_ncr_store_wrap_key(int cfd) struct nlattr type_head ALIGN_NL; uint32_t type ALIGN_NL; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_AES_CBC)] ALIGN_NL; struct nlattr flags_head ALIGN_NL; uint32_t flags ALIGN_NL; } kimport; @@ -715,7 +731,7 @@ test_ncr_store_wrap_key(int cfd) kimport.type = NCR_KEY_TYPE_SECRET; kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kimport.algo = NCR_ALG_AES_CBC; + strcpy(kimport.algo, ALG_AES_CBC); kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; @@ -837,7 +853,7 @@ test_ncr_aes(int cfd) struct nlattr type_head ALIGN_NL; uint32_t type ALIGN_NL; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_AES_ECB)] ALIGN_NL; struct nlattr flags_head ALIGN_NL; uint32_t flags ALIGN_NL; } kimport; @@ -846,7 +862,7 @@ test_ncr_aes(int cfd) struct __attribute__((packed)) { struct ncr_session_once f; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_AES_ECB)] ALIGN_NL; struct nlattr key_head ALIGN_NL; uint32_t key ALIGN_NL; struct nlattr input_head ALIGN_NL; @@ -880,7 +896,7 @@ test_ncr_aes(int cfd) kimport.type = NCR_KEY_TYPE_SECRET; kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kimport.algo = NCR_ALG_AES_CBC; + strcpy(kimport.algo, ALG_AES_ECB); kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kimport.flags = NCR_KEY_FLAG_EXPORTABLE; @@ -896,7 +912,7 @@ test_ncr_aes(int cfd) op.f.op = NCR_OP_ENCRYPT; op.algo_head.nla_len = NLA_HDRLEN + sizeof(op.algo); op.algo_head.nla_type = NCR_ATTR_ALGORITHM; - op.algo = NCR_ALG_AES_ECB; + strcpy(op.algo, ALG_AES_ECB); op.key_head.nla_len = NLA_HDRLEN + sizeof(op.key); op.key_head.nla_type = NCR_ATTR_KEY; op.key = key; @@ -950,7 +966,7 @@ test_ncr_aes(int cfd) kimport.type = NCR_KEY_TYPE_SECRET; kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kimport.algo = NCR_ALG_AES_CBC; + strcpy(kimport.algo, ALG_AES_CBC); kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kimport.flags = NCR_KEY_FLAG_EXPORTABLE; @@ -966,7 +982,7 @@ test_ncr_aes(int cfd) op.f.op = NCR_OP_DECRYPT; op.algo_head.nla_len = NLA_HDRLEN + sizeof(op.algo); op.algo_head.nla_type = NCR_ATTR_ALGORITHM; - op.algo = NCR_ALG_AES_ECB; + strcpy(op.algo, ALG_AES_ECB); op.key_head.nla_len = NLA_HDRLEN + sizeof(op.key); op.key_head.nla_type = NCR_ATTR_KEY; op.key = key; @@ -1010,8 +1026,7 @@ test_ncr_aes(int cfd) } struct hash_vectors_st { - const char* name; - ncr_algorithm_t algorithm; + const char* algorithm; const uint8_t* key; /* if hmac */ int key_size; const uint8_t* plaintext; @@ -1021,8 +1036,7 @@ struct hash_vectors_st { ncr_crypto_op_t op; } hash_vectors[] = { { - .name = "SHA1", - .algorithm = NCR_ALG_SHA1, + .algorithm = "sha1", .key = NULL, .plaintext = (uint8_t*)"what do ya want for nothing?", .plaintext_size = sizeof("what do ya want for nothing?")-1, @@ -1031,8 +1045,7 @@ struct hash_vectors_st { .op = NCR_OP_SIGN, }, { - .name = "HMAC-MD5", - .algorithm = NCR_ALG_HMAC_MD5, + .algorithm = "hmac(md5)", .key = (uint8_t*)"Jefe", .key_size = 4, .plaintext = (uint8_t*)"what do ya want for nothing?", @@ -1043,8 +1056,7 @@ struct hash_vectors_st { }, /* from rfc4231 */ { - .name = "HMAC-SHA224", - .algorithm = NCR_ALG_HMAC_SHA2_224, + .algorithm = "hmac(sha224)", .key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", .key_size = 20, .plaintext = (uint8_t*)"Hi There", @@ -1054,8 +1066,7 @@ struct hash_vectors_st { .op = NCR_OP_SIGN, }, { - .name = "HMAC-SHA256", - .algorithm = NCR_ALG_HMAC_SHA2_256, + .algorithm = "hmac(sha256)", .key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", .key_size = 20, .plaintext = (uint8_t*)"Hi There", @@ -1065,8 +1076,7 @@ struct hash_vectors_st { .op = NCR_OP_SIGN, }, { - .name = "HMAC-SHA384", - .algorithm = NCR_ALG_HMAC_SHA2_384, + .algorithm = "hmac(sha384)", .key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", .key_size = 20, .plaintext = (uint8_t*)"Hi There", @@ -1076,8 +1086,7 @@ struct hash_vectors_st { .op = NCR_OP_SIGN, }, { - .name = "HMAC-SHA512", - .algorithm = NCR_ALG_HMAC_SHA2_512, + .algorithm = "hmac(sha512)", .key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", .key_size = 20, .plaintext = (uint8_t*)"Hi There", @@ -1101,24 +1110,24 @@ test_ncr_hash(int cfd) uint8_t id[2] ALIGN_NL; struct nlattr type_head ALIGN_NL; uint32_t type ALIGN_NL; - struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; struct nlattr flags_head ALIGN_NL; uint32_t flags ALIGN_NL; + struct nlattr algo_head ALIGN_NL; + char algo[128] ALIGN_NL; } kimport; uint8_t data[HASH_DATA_SIZE]; int i, j; size_t data_size; struct __attribute__((packed)) { struct ncr_session_once f; - struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; struct nlattr key_head ALIGN_NL; uint32_t key ALIGN_NL; struct nlattr input_head ALIGN_NL; struct ncr_session_input_data input ALIGN_NL; struct nlattr output_head ALIGN_NL; struct ncr_session_output_buffer output ALIGN_NL; + struct nlattr algo_head ALIGN_NL; + char algo[128] ALIGN_NL; } op; /* convert it to key */ @@ -1130,13 +1139,14 @@ test_ncr_hash(int cfd) fprintf(stdout, "Tests on Hashes\n"); for (i=0;i<sizeof(hash_vectors)/sizeof(hash_vectors[0]);i++) { + size_t algo_size; - fprintf(stdout, "\t%s:\n", hash_vectors[i].name); + algo_size = strlen(hash_vectors[i].algorithm) + 1; + fprintf(stdout, "\t%s:\n", hash_vectors[i].algorithm); /* import key */ if (hash_vectors[i].key != NULL) { memset(&kimport.f, 0, sizeof(kimport.f)); - kimport.f.input_size = sizeof(kimport); kimport.f.key = key; kimport.f.data = hash_vectors[i].key; kimport.f.data_size = hash_vectors[i].key_size; @@ -1149,14 +1159,16 @@ test_ncr_hash(int cfd) = NLA_HDRLEN + sizeof(kimport.type); kimport.type_head.nla_type = NCR_ATTR_KEY_TYPE; kimport.type = NCR_KEY_TYPE_SECRET; - kimport.algo_head.nla_len - = NLA_HDRLEN + sizeof(kimport.algo); - kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kimport.algo = NCR_ALG_AES_CBC; kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kimport.flags = NCR_KEY_FLAG_EXPORTABLE; + kimport.algo_head.nla_len = NLA_HDRLEN + algo_size; + kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; + memcpy(kimport.algo, hash_vectors[i].algorithm, + algo_size); + kimport.f.input_size + = kimport.algo + algo_size - (char *)&kimport; if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); @@ -1165,11 +1177,7 @@ test_ncr_hash(int cfd) } memset(&op.f, 0, sizeof(op.f)); - op.f.input_size = sizeof(op); op.f.op = hash_vectors[i].op; - op.algo_head.nla_len = NLA_HDRLEN + sizeof(op.algo); - op.algo_head.nla_type = NCR_ATTR_ALGORITHM; - op.algo = hash_vectors[i].algorithm; op.key_head.nla_len = NLA_HDRLEN + sizeof(op.key); op.key_head.nla_type = NCR_ATTR_KEY; op.key = hash_vectors[i].key != NULL ? key : NCR_KEY_INVALID; @@ -1182,6 +1190,10 @@ test_ncr_hash(int cfd) op.output.buffer = data; op.output.buffer_size = sizeof(data); op.output.result_size_ptr = &data_size; + op.algo_head.nla_len = NLA_HDRLEN + algo_size; + op.algo_head.nla_type = NCR_ATTR_ALGORITHM; + memcpy(op.algo, hash_vectors[i].algorithm, algo_size); + op.f.input_size = op.algo + algo_size - (char *)&op; if (ioctl(cfd, NCRIO_SESSION_ONCE, &op)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -1223,18 +1235,18 @@ test_ncr_hash_key(int cfd) uint8_t id[2] ALIGN_NL; struct nlattr type_head ALIGN_NL; uint32_t type ALIGN_NL; - struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; struct nlattr flags_head ALIGN_NL; uint32_t flags ALIGN_NL; + struct nlattr algo_head ALIGN_NL; + char algo[128] ALIGN_NL; } kimport; uint8_t data[HASH_DATA_SIZE]; int j; - size_t data_size; + size_t data_size, algo_size; struct __attribute__((packed)) { struct ncr_session_init f; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[128] ALIGN_NL; } op_init; struct __attribute__((packed)) { struct ncr_session_update f; @@ -1262,10 +1274,10 @@ test_ncr_hash_key(int cfd) fprintf(stdout, "Tests on Hashes of Keys\n"); - fprintf(stdout, "\t%s:\n", hash_vectors[0].name); + fprintf(stdout, "\t%s:\n", hash_vectors[0].algorithm); + algo_size = strlen(hash_vectors[0].algorithm) + 1; /* import key */ memset(&kimport.f, 0, sizeof(kimport.f)); - kimport.f.input_size = sizeof(kimport); kimport.f.key = key; kimport.f.data = hash_vectors[0].plaintext; kimport.f.data_size = hash_vectors[0].plaintext_size; @@ -1276,12 +1288,13 @@ test_ncr_hash_key(int cfd) kimport.type_head.nla_len = NLA_HDRLEN + sizeof(kimport.type); kimport.type_head.nla_type = NCR_ATTR_KEY_TYPE; kimport.type = NCR_KEY_TYPE_SECRET; - kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); - kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kimport.algo = NCR_ALG_AES_CBC; kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kimport.flags = NCR_KEY_FLAG_EXPORTABLE; + kimport.algo_head.nla_len = NLA_HDRLEN + algo_size; + kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; + memcpy(kimport.algo, hash_vectors[0].algorithm, algo_size); + kimport.f.input_size = kimport.algo + algo_size - (char *)&kimport; if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); @@ -1289,11 +1302,11 @@ test_ncr_hash_key(int cfd) } memset(&op_init.f, 0, sizeof(op_init.f)); - op_init.f.input_size = sizeof(op_init); op_init.f.op = hash_vectors[0].op; - op_init.algo_head.nla_len = NLA_HDRLEN + sizeof(op_init.algo); + op_init.algo_head.nla_len = NLA_HDRLEN + algo_size; op_init.algo_head.nla_type = NCR_ATTR_ALGORITHM; - op_init.algo = hash_vectors[0].algorithm; + memcpy(op_init.algo, hash_vectors[0].algorithm, algo_size); + op_init.f.input_size = op_init.algo + algo_size - (char *)&op_init; ses = ioctl(cfd, NCRIO_SESSION_INIT, &op_init); if (ses < 0) { diff --git a/examples/pk.c b/examples/pk.c index 8645fd4..2503275 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -28,6 +28,13 @@ #define ALIGN_NL __attribute__((aligned(NLA_ALIGNTO))) +#define SIGNATURE_HASH "sha1" + +#define ALG_AES_CBC "cbc(aes)" +#define ALG_DH "dh" +#define ALG_DSA "dsa" +#define ALG_RSA "rsa" + static void print_hex_datum (gnutls_datum_t * dat) { @@ -315,7 +322,7 @@ static int test_ncr_dh(int cfd) struct __attribute__((packed)) { struct ncr_key_generate_pair f; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_DH)] ALIGN_NL; struct nlattr flags_head ALIGN_NL; uint32_t flags ALIGN_NL; unsigned char buffer[DATA_SIZE] ALIGN_NL; @@ -386,7 +393,7 @@ struct __attribute__((packed)) { kgen.f.public_key = public1; kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kgen.algo = NCR_ALG_DH; + strcpy(kgen.algo, ALG_DH); kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kgen.flags = NCR_KEY_FLAG_EXPORTABLE; @@ -428,7 +435,7 @@ struct __attribute__((packed)) { kgen.f.public_key = public2; kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kgen.algo = NCR_ALG_DH; + strcpy(kgen.algo, ALG_DH); kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kgen.flags = NCR_KEY_FLAG_EXPORTABLE; @@ -604,7 +611,7 @@ test_ncr_wrap_key3(int cfd) struct nlattr type_head ALIGN_NL; uint32_t type ALIGN_NL; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_AES_CBC)] ALIGN_NL; struct nlattr flags_head ALIGN_NL; uint32_t flags ALIGN_NL; } kimport; @@ -618,12 +625,12 @@ test_ncr_wrap_key3(int cfd) struct nlattr wrap_algo_head ALIGN_NL; uint32_t wrap_algo ALIGN_NL; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_RSA)] ALIGN_NL; } kunwrap; struct __attribute__((packed)) { struct ncr_key_generate_pair f; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_RSA)] ALIGN_NL; struct nlattr flags_head ALIGN_NL; uint32_t flags ALIGN_NL; struct nlattr bits_head ALIGN_NL; @@ -679,7 +686,7 @@ test_ncr_wrap_key3(int cfd) kimport.type = NCR_KEY_TYPE_SECRET; kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo); kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kimport.algo = NCR_ALG_AES_CBC; + strcpy(kimport.algo, ALG_AES_CBC); kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; @@ -701,7 +708,7 @@ test_ncr_wrap_key3(int cfd) kgen.f.public_key = pubkey; kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kgen.algo = NCR_ALG_RSA; + strcpy(kgen.algo, ALG_RSA); kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; @@ -773,7 +780,7 @@ test_ncr_wrap_key3(int cfd) kunwrap.algo_head.nla_len = NLA_HDRLEN + sizeof(kunwrap.algo); kunwrap.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kunwrap.algo = NCR_ALG_RSA; + strcpy(kunwrap.algo, ALG_RSA); ret = ioctl(cfd, NCRIO_KEY_UNWRAP, &kunwrap); if (ret) { @@ -797,13 +804,13 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae struct __attribute__((packed)) { struct ncr_session_once f; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_RSA)] ALIGN_NL; struct nlattr key_head ALIGN_NL; uint32_t key ALIGN_NL; struct nlattr rsa_head ALIGN_NL; uint32_t rsa ALIGN_NL; struct nlattr oaep_hash_head ALIGN_NL; - uint32_t oaep_hash ALIGN_NL; + char oaep_hash[sizeof(SIGNATURE_HASH)] ALIGN_NL; struct nlattr input_head ALIGN_NL; struct ncr_session_input_data input ALIGN_NL; struct nlattr output_head ALIGN_NL; @@ -825,7 +832,7 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae op.f.op = NCR_OP_ENCRYPT; op.algo_head.nla_len = NLA_HDRLEN + sizeof(op.algo); op.algo_head.nla_type = NCR_ATTR_ALGORITHM; - op.algo = NCR_ALG_RSA; + strcpy(op.algo, ALG_RSA); op.key_head.nla_len = NLA_HDRLEN + sizeof(op.key); op.key_head.nla_type = NCR_ATTR_KEY; op.key = pubkey; @@ -838,7 +845,7 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae } op.oaep_hash_head.nla_len = NLA_HDRLEN + sizeof(op.oaep_hash); op.oaep_hash_head.nla_type = NCR_ATTR_RSA_OAEP_HASH_ALGORITHM; - op.oaep_hash = NCR_ALG_SHA1; /* Ignored if not using OAEP */ + strcpy(op.oaep_hash, SIGNATURE_HASH); /* Ignored if not using OAEP */ op.input_head.nla_len = NLA_HDRLEN + sizeof(op.input); op.input_head.nla_type = NCR_ATTR_UPDATE_INPUT_DATA; op.input.data = data; @@ -861,7 +868,7 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae op.f.op = NCR_OP_DECRYPT; op.algo_head.nla_len = NLA_HDRLEN + sizeof(op.algo); op.algo_head.nla_type = NCR_ATTR_ALGORITHM; - op.algo = NCR_ALG_RSA; + strcpy(op.algo, ALG_RSA); op.key_head.nla_len = NLA_HDRLEN + sizeof(op.key); op.key_head.nla_type = NCR_ATTR_KEY; op.key = privkey; @@ -874,7 +881,7 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae } op.oaep_hash_head.nla_len = NLA_HDRLEN + sizeof(op.oaep_hash); op.oaep_hash_head.nla_type = NCR_ATTR_RSA_OAEP_HASH_ALGORITHM; - op.oaep_hash = NCR_ALG_SHA1; /* Ignored if not using OAEP */ + strcpy(op.oaep_hash, SIGNATURE_HASH); /* Ignored if not using OAEP */ op.input_head.nla_len = NLA_HDRLEN + sizeof(op.input); op.input_head.nla_type = NCR_ATTR_UPDATE_INPUT_DATA; op.input.data = data; @@ -911,13 +918,13 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int struct __attribute__((packed)) { struct ncr_session_once f; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_RSA)] ALIGN_NL; struct nlattr key_head ALIGN_NL; uint32_t key ALIGN_NL; struct nlattr rsa_head ALIGN_NL; uint32_t rsa ALIGN_NL; struct nlattr sign_hash_head ALIGN_NL; - uint32_t sign_hash ALIGN_NL; + char sign_hash[sizeof(SIGNATURE_HASH)] ALIGN_NL; struct nlattr input_head ALIGN_NL; struct ncr_session_input_data input ALIGN_NL; struct nlattr signature_head ALIGN_NL; @@ -926,13 +933,13 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int struct __attribute__((packed)) { struct ncr_session_once f; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_RSA)] ALIGN_NL; struct nlattr key_head ALIGN_NL; uint32_t key ALIGN_NL; struct nlattr rsa_head ALIGN_NL; uint32_t rsa ALIGN_NL; struct nlattr sign_hash_head ALIGN_NL; - uint32_t sign_hash ALIGN_NL; + char sign_hash[sizeof(SIGNATURE_HASH)] ALIGN_NL; struct nlattr input_head ALIGN_NL; struct ncr_session_input_data input ALIGN_NL; struct nlattr signature_head ALIGN_NL; @@ -954,7 +961,7 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int ksign.f.op = NCR_OP_SIGN; ksign.algo_head.nla_len = NLA_HDRLEN + sizeof(ksign.algo); ksign.algo_head.nla_type = NCR_ATTR_ALGORITHM; - ksign.algo = NCR_ALG_RSA; + strcpy(ksign.algo, ALG_RSA); ksign.key_head.nla_len = NLA_HDRLEN + sizeof(ksign.key); ksign.key_head.nla_type = NCR_ATTR_KEY; ksign.key = privkey; @@ -963,7 +970,7 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int ksign.rsa = (pss != 0) ? RSA_PKCS1_PSS : RSA_PKCS1_V1_5; ksign.sign_hash_head.nla_len = NLA_HDRLEN + sizeof(ksign.sign_hash); ksign.sign_hash_head.nla_type = NCR_ATTR_SIGNATURE_HASH_ALGORITHM; - ksign.sign_hash = NCR_ALG_SHA1; + strcpy(ksign.sign_hash, SIGNATURE_HASH); ksign.input_head.nla_len = NLA_HDRLEN + sizeof(ksign.input); ksign.input_head.nla_type = NCR_ATTR_UPDATE_INPUT_DATA; ksign.input.data = data; @@ -988,7 +995,7 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int kverify.f.op = NCR_OP_VERIFY; kverify.algo_head.nla_len = NLA_HDRLEN + sizeof(kverify.algo); kverify.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kverify.algo = NCR_ALG_RSA; + strcpy(kverify.algo, ALG_RSA); kverify.key_head.nla_len = NLA_HDRLEN + sizeof(kverify.key); kverify.key_head.nla_type = NCR_ATTR_KEY; kverify.key = pubkey; @@ -997,7 +1004,7 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int kverify.rsa = (pss != 0) ? RSA_PKCS1_PSS : RSA_PKCS1_V1_5; kverify.sign_hash_head.nla_len = NLA_HDRLEN + sizeof(kverify.sign_hash); kverify.sign_hash_head.nla_type = NCR_ATTR_SIGNATURE_HASH_ALGORITHM; - kverify.sign_hash = NCR_ALG_SHA1; + strcpy(kverify.sign_hash, SIGNATURE_HASH); kverify.input_head.nla_len = NLA_HDRLEN + sizeof(kverify.input); kverify.input_head.nla_type = NCR_ATTR_UPDATE_INPUT_DATA; kverify.input.data = data; @@ -1030,11 +1037,11 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) struct __attribute__((packed)) { struct ncr_session_once f; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_DSA)] ALIGN_NL; struct nlattr key_head ALIGN_NL; uint32_t key ALIGN_NL; struct nlattr sign_hash_head ALIGN_NL; - uint32_t sign_hash ALIGN_NL; + char sign_hash[sizeof(SIGNATURE_HASH)] ALIGN_NL; struct nlattr input_head ALIGN_NL; struct ncr_session_input_data input ALIGN_NL; struct nlattr signature_head ALIGN_NL; @@ -1043,11 +1050,11 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) struct __attribute__((packed)) { struct ncr_session_once f; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_DSA)] ALIGN_NL; struct nlattr key_head ALIGN_NL; uint32_t key ALIGN_NL; struct nlattr sign_hash_head ALIGN_NL; - uint32_t sign_hash ALIGN_NL; + char sign_hash[sizeof(SIGNATURE_HASH)] ALIGN_NL; struct nlattr input_head ALIGN_NL; struct ncr_session_input_data input ALIGN_NL; struct nlattr signature_head ALIGN_NL; @@ -1069,13 +1076,13 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) ksign.f.op = NCR_OP_SIGN; ksign.algo_head.nla_len = NLA_HDRLEN + sizeof(ksign.algo); ksign.algo_head.nla_type = NCR_ATTR_ALGORITHM; - ksign.algo = NCR_ALG_DSA; + strcpy(ksign.algo, ALG_DSA); ksign.key_head.nla_len = NLA_HDRLEN + sizeof(ksign.key); ksign.key_head.nla_type = NCR_ATTR_KEY; ksign.key = privkey; ksign.sign_hash_head.nla_len = NLA_HDRLEN + sizeof(ksign.sign_hash); ksign.sign_hash_head.nla_type = NCR_ATTR_SIGNATURE_HASH_ALGORITHM; - ksign.sign_hash = NCR_ALG_SHA1; + strcpy(ksign.sign_hash, SIGNATURE_HASH); ksign.input_head.nla_len = NLA_HDRLEN + sizeof(ksign.input); ksign.input_head.nla_type = NCR_ATTR_UPDATE_INPUT_DATA; ksign.input.data = data; @@ -1098,13 +1105,13 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) kverify.f.op = NCR_OP_VERIFY; kverify.algo_head.nla_len = NLA_HDRLEN + sizeof(kverify.algo); kverify.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kverify.algo = NCR_ALG_DSA; + strcpy(kverify.algo, ALG_DSA); kverify.key_head.nla_len = NLA_HDRLEN + sizeof(kverify.key); kverify.key_head.nla_type = NCR_ATTR_KEY; kverify.key = pubkey; kverify.sign_hash_head.nla_len = NLA_HDRLEN + sizeof(kverify.sign_hash); kverify.sign_hash_head.nla_type = NCR_ATTR_SIGNATURE_HASH_ALGORITHM; - kverify.sign_hash = NCR_ALG_SHA1; + strcpy(kverify.sign_hash, SIGNATURE_HASH); kverify.input_head.nla_len = NLA_HDRLEN + sizeof(kverify.input); kverify.input_head.nla_type = NCR_ATTR_UPDATE_INPUT_DATA; kverify.input.data = data; @@ -1139,7 +1146,7 @@ static int test_ncr_rsa(int cfd) struct __attribute__((packed)) { struct ncr_key_generate_pair f; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_RSA)] ALIGN_NL; struct nlattr flags_head ALIGN_NL; uint32_t flags ALIGN_NL; struct nlattr bits_head ALIGN_NL; @@ -1174,7 +1181,7 @@ static int test_ncr_rsa(int cfd) kgen.f.public_key = pubkey; kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kgen.algo = NCR_ALG_RSA; + strcpy(kgen.algo, ALG_RSA); kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; @@ -1265,7 +1272,7 @@ static int test_ncr_dsa(int cfd) struct __attribute__((packed)) { struct ncr_key_generate_pair f; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_DSA)] ALIGN_NL; struct nlattr flags_head ALIGN_NL; uint32_t flags ALIGN_NL; struct nlattr q_bits_head ALIGN_NL; @@ -1302,7 +1309,7 @@ static int test_ncr_dsa(int cfd) kgen.f.public_key = pubkey; kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kgen.algo = NCR_ALG_DSA; + strcpy(kgen.algo, ALG_DSA); kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; diff --git a/examples/speed.c b/examples/speed.c index a75009e..70a2ed8 100644 --- a/examples/speed.c +++ b/examples/speed.c @@ -32,6 +32,7 @@ #include "../ncr.h" #define ALIGN_NL __attribute__((aligned(NLA_ALIGNTO))) +#define ALG_AES_CBC "cbc(aes)" static double udifftimeval(struct timeval start, struct timeval end) { @@ -72,7 +73,7 @@ static void value2human(double bytes, double time, double* data, double* speed,c } -int encrypt_data_ncr_direct(int cfd, int algo, int chunksize) +int encrypt_data_ncr_direct(int cfd, const char *algo, int chunksize) { char *buffer, iv[32]; static int val = 23; @@ -84,14 +85,12 @@ int encrypt_data_ncr_direct(int cfd, int algo, int chunksize) struct __attribute__((packed)) { struct ncr_key_generate f; struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; + char algo[sizeof(ALG_AES_CBC)] ALIGN_NL; struct nlattr bits_head ALIGN_NL; uint32_t bits ALIGN_NL; } kgen; struct __attribute__((packed)) { struct ncr_session_once f; - struct nlattr algo_head ALIGN_NL; - uint32_t algo ALIGN_NL; struct nlattr key_head ALIGN_NL; uint32_t key ALIGN_NL; struct nlattr input_head ALIGN_NL; @@ -99,8 +98,12 @@ int encrypt_data_ncr_direct(int cfd, int algo, int chunksize) struct nlattr output_head ALIGN_NL; struct ncr_session_output_buffer output ALIGN_NL; struct nlattr iv_head ALIGN_NL; + struct nlattr algo_head ALIGN_NL; + char algo[128] ALIGN_NL; } op; + size_t algo_size; + algo_size = strlen(algo) + 1; key = ioctl(cfd, NCRIO_KEY_INIT); if (key == -1) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -113,7 +116,7 @@ int encrypt_data_ncr_direct(int cfd, int algo, int chunksize) kgen.f.key = key; kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; - kgen.algo = NCR_ALG_AES_CBC; + strcpy(kgen.algo, ALG_AES_CBC); kgen.bits_head.nla_len = NLA_HDRLEN + sizeof(kgen.bits); kgen.bits_head.nla_type = NCR_ATTR_SECRET_KEY_BITS; kgen.bits = 128; /* 16 bytes */ @@ -141,11 +144,7 @@ int encrypt_data_ncr_direct(int cfd, int algo, int chunksize) size_t output_size; memset(&op.f, 0, sizeof(op.f)); - op.f.input_size = sizeof(op); op.f.op = NCR_OP_ENCRYPT; - op.algo_head.nla_len = NLA_HDRLEN + sizeof(op.algo); - op.algo_head.nla_type = NCR_ATTR_ALGORITHM; - op.algo = algo; op.key_head.nla_len = NLA_HDRLEN + sizeof(op.key); op.key_head.nla_type = NCR_ATTR_KEY; op.key = key; @@ -160,6 +159,10 @@ int encrypt_data_ncr_direct(int cfd, int algo, int chunksize) op.output.result_size_ptr = &output_size; op.iv_head.nla_len = NLA_HDRLEN + 0; op.iv_head.nla_type = NCR_ATTR_IV; + op.algo_head.nla_len = NLA_HDRLEN + algo_size; + op.algo_head.nla_type = NCR_ATTR_ALGORITHM; + memcpy(op.algo, algo, algo_size); + op.f.input_size = op.algo + algo_size - (char *)&op; if (ioctl(cfd, NCRIO_SESSION_ONCE, &op)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -193,14 +196,14 @@ int main(void) fprintf(stderr, "\nTesting NCR-DIRECT with NULL cipher: \n"); for (i = 256; i <= (64 * 1024); i *= 2) { - if (encrypt_data_ncr_direct(fd, NCR_ALG_NULL, i)) + if (encrypt_data_ncr_direct(fd, "ecb(cipher_null)", i)) break; } fprintf(stderr, "\nTesting NCR-DIRECT with AES-128-CBC cipher: \n"); for (i = 256; i <= (64 * 1024); i *= 2) { - if (encrypt_data_ncr_direct(fd, NCR_ALG_AES_CBC, i)) + if (encrypt_data_ncr_direct(fd, "cbc(aes)", i)) break; } @@ -18,9 +18,29 @@ struct nlattr; struct ncr_out; +// Not all known algorithms - only for quick internal identification +enum ncr_algorithm { + NCR_ALG_NONE__, + NCR_ALG_NULL, + + NCR_ALG_3DES_CBC, + + NCR_ALG_MD5, + NCR_ALG_SHA1, + NCR_ALG_SHA2_224, + NCR_ALG_SHA2_256, + NCR_ALG_SHA2_384, + NCR_ALG_SHA2_512, + + NCR_ALG_RSA, + NCR_ALG_DSA, + NCR_ALG_DH, +}; + struct algo_properties_st { - ncr_algorithm_t algo; + enum ncr_algorithm algo; const char *kstr; + size_t kstr_len; unsigned needs_iv:1; unsigned is_hmac:1; unsigned can_sign:1; @@ -196,7 +216,7 @@ int key_to_storage_data( uint8_t** data, size_t * data_size, const struct key_it /* misc helper macros */ -const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo); +const struct algo_properties_st *_ncr_algo_to_properties(const char *algo); const struct algo_properties_st *_ncr_nla_to_properties(const struct nlattr *nla); int _ncr_key_get_sec_level(struct key_item_st* item); diff --git a/ncr-key-storage.c b/ncr-key-storage.c index 149c45a..9afa2dc 100644 --- a/ncr-key-storage.c +++ b/ncr-key-storage.c @@ -35,7 +35,7 @@ struct packed_key { uint32_t version; uint8_t type; uint32_t flags; - uint16_t algorithm; /* valid for public/private keys */ + uint8_t algorithm[32]; /* NUL-terminated */ uint8_t key_id[MAX_KEY_ID_SIZE]; uint8_t key_id_size; @@ -59,7 +59,8 @@ int key_to_storage_data( uint8_t** sdata, size_t * sdata_size, const struct key_ pkey->version = THIS_VERSION; pkey->type = key->type; pkey->flags = key->flags; - pkey->algorithm = key->algorithm->algo; + BUG_ON(strlen(key->algorithm->kstr) > sizeof(pkey->algorithm) - 1); + strcpy(pkey->algorithm, key->algorithm->kstr); pkey->key_id_size = key->key_id_size; memcpy(pkey->key_id, key->key_id, key->key_id_size); @@ -95,6 +96,7 @@ int key_from_storage_data(struct key_item_st* key, const void* data, size_t data int ret; if (data_size != sizeof(*pkey) || pkey->version != THIS_VERSION + || memchr(pkey->algorithm, '\0', sizeof(pkey->algorithm)) == NULL || pkey->key_id_size > MAX_KEY_ID_SIZE) { err(); return -EINVAL; @@ -624,8 +624,8 @@ int ret; ret = ncr_out_put_u32(out, *attr, item->type); break; case NCR_ATTR_ALGORITHM: - ret = ncr_out_put_u32(out, *attr, - item->algorithm->algo); + ret = ncr_out_put_string(out, *attr, + item->algorithm->kstr); break; default: break; /* Silently ignore */ @@ -123,7 +123,8 @@ static int ncr_pk_make_public_and_id( struct key_item_st * private, struct key_i } key_id_size = MAX_KEY_ID_SIZE; - cret = hash_memory(_ncr_algo_to_properties(NCR_ALG_SHA1), tmp, max_size, private->key_id, &key_id_size); + cret = hash_memory(_ncr_algo_to_properties("sha1"), tmp, max_size, + private->key_id, &key_id_size); if (cret != CRYPT_OK) { err(); ret = _ncr_tomerr(cret); diff --git a/ncr-sessions.c b/ncr-sessions.c index 8f3e721..41f8a4c 100644 --- a/ncr-sessions.c +++ b/ncr-sessions.c @@ -130,87 +130,91 @@ err_sess: } static const struct algo_properties_st algo_properties[] = { - { .algo = NCR_ALG_NULL, .kstr = "ecb(cipher_null)", +#define KSTR(x) .kstr = x, .kstr_len = sizeof(x) - 1 + { .algo = NCR_ALG_NULL, KSTR("ecb(cipher_null)"), .needs_iv = 0, .is_symmetric=1, .can_encrypt=1, .key_type = NCR_KEY_TYPE_INVALID }, - { .algo = NCR_ALG_3DES_CBC, .kstr = "cbc(des3_ede)", + { .algo = NCR_ALG_3DES_CBC, KSTR("cbc(des3_ede)"), .needs_iv = 1, .is_symmetric=1, .can_encrypt=1, .key_type = NCR_KEY_TYPE_SECRET }, - { .algo = NCR_ALG_AES_CBC, .kstr = "cbc(aes)", + { KSTR("cbc(aes)"), .needs_iv = 1, .is_symmetric=1, .can_encrypt=1, .key_type = NCR_KEY_TYPE_SECRET }, - { .algo = NCR_ALG_CAMELLIA_CBC, .kstr = "cbc(camelia)", + { KSTR("cbc(camelia)"), .needs_iv = 1, .is_symmetric=1, .can_encrypt=1, .key_type = NCR_KEY_TYPE_SECRET }, - { .algo = NCR_ALG_AES_CTR, .kstr = "ctr(aes)", + { KSTR("ctr(aes)"), .needs_iv = 1, .is_symmetric=1, .can_encrypt=1, .key_type = NCR_KEY_TYPE_SECRET }, - { .algo = NCR_ALG_CAMELLIA_CTR, .kstr = "ctr(camelia)", + { KSTR("ctr(camelia)"), .needs_iv = 1, .is_symmetric=1, .can_encrypt=1, .key_type = NCR_KEY_TYPE_SECRET }, - { .algo = NCR_ALG_ARCFOUR, .kstr = NULL, + { KSTR("ecb(aes)"), .needs_iv = 0, .is_symmetric=1, .can_encrypt=1, .key_type = NCR_KEY_TYPE_SECRET }, - { .algo = NCR_ALG_AES_ECB, .kstr = "ecb(aes)", + { KSTR("ecb(camelia)"), .needs_iv = 0, .is_symmetric=1, .can_encrypt=1, .key_type = NCR_KEY_TYPE_SECRET }, - { .algo = NCR_ALG_CAMELLIA_ECB, .kstr = "ecb(camelia)", - .needs_iv = 0, .is_symmetric=1, .can_encrypt=1, - .key_type = NCR_KEY_TYPE_SECRET }, - { .algo = NCR_ALG_SHA1, .kstr = "sha1", + { .algo = NCR_ALG_SHA1, KSTR("sha1"), .digest_size = 20, .can_digest=1, .key_type = NCR_KEY_TYPE_INVALID }, - { .algo = NCR_ALG_MD5, .kstr = "md5", + { .algo = NCR_ALG_MD5, KSTR("md5"), .digest_size = 16, .can_digest=1, .key_type = NCR_KEY_TYPE_INVALID }, - { .algo = NCR_ALG_SHA2_224, .kstr = "sha224", + { .algo = NCR_ALG_SHA2_224, KSTR("sha224"), .digest_size = 28, .can_digest=1, .key_type = NCR_KEY_TYPE_INVALID }, - { .algo = NCR_ALG_SHA2_256, .kstr = "sha256", + { .algo = NCR_ALG_SHA2_256, KSTR("sha256"), .digest_size = 32, .can_digest=1, .key_type = NCR_KEY_TYPE_INVALID }, - { .algo = NCR_ALG_SHA2_384, .kstr = "sha384", + { .algo = NCR_ALG_SHA2_384, KSTR("sha384"), .digest_size = 48, .can_digest=1, .key_type = NCR_KEY_TYPE_INVALID }, - { .algo = NCR_ALG_SHA2_512, .kstr = "sha512", + { .algo = NCR_ALG_SHA2_512, KSTR("sha512"), .digest_size = 64, .can_digest=1, .key_type = NCR_KEY_TYPE_INVALID }, - { .algo = NCR_ALG_HMAC_SHA1, .is_hmac = 1, .kstr = "hmac(sha1)", + { .is_hmac = 1, KSTR("hmac(sha1)"), .digest_size = 20, .can_sign=1, .key_type = NCR_KEY_TYPE_SECRET }, - { .algo = NCR_ALG_HMAC_MD5, .is_hmac = 1, .kstr = "hmac(md5)", + { .is_hmac = 1, KSTR("hmac(md5)"), .digest_size = 16, .can_sign=1, .key_type = NCR_KEY_TYPE_SECRET }, - { .algo = NCR_ALG_HMAC_SHA2_224, .is_hmac = 1, .kstr = "hmac(sha224)", + { .is_hmac = 1, KSTR("hmac(sha224)"), .digest_size = 28, .can_sign=1, .key_type = NCR_KEY_TYPE_SECRET }, - { .algo = NCR_ALG_HMAC_SHA2_256, .is_hmac = 1, .kstr = "hmac(sha256)", + { .is_hmac = 1, KSTR("hmac(sha256)"), .digest_size = 32, .can_sign=1, .key_type = NCR_KEY_TYPE_SECRET }, - { .algo = NCR_ALG_HMAC_SHA2_384, .is_hmac = 1, .kstr = "hmac(sha384)", + { .is_hmac = 1, KSTR("hmac(sha384)"), .digest_size = 48, .can_sign=1, .key_type = NCR_KEY_TYPE_SECRET }, - { .algo = NCR_ALG_HMAC_SHA2_512, .is_hmac = 1, .kstr = "hmac(sha512)", + { .is_hmac = 1, KSTR("hmac(sha512)"), .digest_size = 64, .can_sign=1, .key_type = NCR_KEY_TYPE_SECRET }, - { .algo = NCR_ALG_RSA, .kstr = NULL, .is_pk = 1, + /* NOTE: These algorithm names are not available through the kernel API + (yet). */ + { .algo = NCR_ALG_RSA, KSTR("rsa"), .is_pk = 1, .can_encrypt=1, .can_sign=1, .key_type = NCR_KEY_TYPE_PUBLIC }, - { .algo = NCR_ALG_DSA, .kstr = NULL, .is_pk = 1, + { .algo = NCR_ALG_DSA, KSTR("dsa"), .is_pk = 1, .can_sign=1, .key_type = NCR_KEY_TYPE_PUBLIC }, - { .algo = NCR_ALG_DH, .kstr = NULL, .is_pk = 1, + { .algo = NCR_ALG_DH, KSTR("dh"), .is_pk = 1, .can_kx=1, .key_type = NCR_KEY_TYPE_PUBLIC }, - { .algo = NCR_ALG_NONE } - +#undef KSTR }; -const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo) +/* The lookups by string are inefficient - can we look up all we need from + crypto API? */ +const struct algo_properties_st *_ncr_algo_to_properties(const char *algo) { - ncr_algorithm_t a; - int i = 0; - - for (i = 0; (a = algo_properties[i].algo) != NCR_ALG_NONE; i++) { - if (a == algo) - return &algo_properties[i]; + const struct algo_properties_st *a; + size_t name_len; + + name_len = strlen(algo); + for (a = algo_properties; + a < algo_properties + ARRAY_SIZE(algo_properties); a++) { + if (a->kstr_len == name_len + && memcmp(a->kstr, algo, name_len) == 0) + return a; } return NULL; @@ -218,9 +222,21 @@ const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo) const struct algo_properties_st *_ncr_nla_to_properties(const struct nlattr *nla) { + const struct algo_properties_st *a; + size_t name_len; + if (nla == NULL) return NULL; - return _ncr_algo_to_properties(nla_get_u32(nla)); + + /* nla_len() >= 1 ensured by validate_nla() case NLA_NUL_STRING */ + name_len = nla_len(nla) - 1; + for (a = algo_properties; + a < algo_properties + ARRAY_SIZE(algo_properties); a++) { + if (a->kstr_len == name_len + && memcmp(a->kstr, nla_data(nla), name_len + 1) == 0) + return a; + } + return NULL; } static int key_item_get_nla_read(struct key_item_st **st, @@ -294,7 +310,7 @@ static int _ncr_session_init(struct ncr_lists *lists, ncr_crypto_op_t op, if (ns->algorithm->algo == NCR_ALG_NULL) keysize = 0; - if (ns->algorithm->kstr == NULL) { + if (ns->algorithm->is_pk) { err(); ret = -EINVAL; goto fail; @@ -341,7 +357,7 @@ static int _ncr_session_init(struct ncr_lists *lists, ncr_crypto_op_t op, } if (ns->algorithm->can_digest) { - if (ns->algorithm->kstr == NULL) { + if (ns->algorithm->is_pk) { err(); ret = -EINVAL; goto fail; @@ -371,7 +387,7 @@ static int _ncr_session_init(struct ncr_lists *lists, ncr_crypto_op_t op, } if (ns->algorithm->is_hmac && ns->key->type == NCR_KEY_TYPE_SECRET) { - if (ns->algorithm->kstr == NULL) { + if (ns->algorithm->is_pk) { err(); ret = -EINVAL; goto fail; @@ -399,7 +415,7 @@ static int _ncr_session_init(struct ncr_lists *lists, ncr_crypto_op_t op, goto fail; } - if (sign_hash->kstr == NULL) { + if (sign_hash->is_pk) { err(); ret = -EINVAL; goto fail; @@ -30,10 +30,9 @@ of attributes used for the frequent operations? */ enum { NCR_ATTR_UNSPEC, /* 0 is special in lib/nlattr.c. */ - /* FIXME: Use NLA_STRING for this, later */ - NCR_ATTR_ALGORITHM, /* NLA_U32 - ncr_algorithm_t */ + NCR_ATTR_ALGORITHM, /* NLA_NUL_STRING */ NCR_ATTR_DERIVATION_ALGORITHM, /* NLA_U32 - ncr_algorithm_t */ - NCR_ATTR_SIGNATURE_HASH_ALGORITHM, /* NLA_U32 - ncr_algorithm_t */ + NCR_ATTR_SIGNATURE_HASH_ALGORITHM, /* NLA_NUL_STRING */ NCR_ATTR_WRAPPING_ALGORITHM, /* NLA_U32 - ncr_wrap_algorithm_t */ NCR_ATTR_UPDATE_INPUT_DATA, /* NLA_BINARY - ncr_session_input_data */ /* NLA_BINARY - ncr_session_output_buffer */ @@ -51,7 +50,7 @@ enum { NCR_ATTR_RSA_MODULUS_BITS, /* NLA_U32 */ NCR_ATTR_RSA_E, /* NLA_BINARY */ NCR_ATTR_RSA_ENCODING_METHOD, /* NLA_U32 - ncr_rsa_type_t */ - NCR_ATTR_RSA_OAEP_HASH_ALGORITHM, /* NLA_U32 - ncr_algorithm_t */ + NCR_ATTR_RSA_OAEP_HASH_ALGORITHM, /* NLA_NUL_STRING */ NCR_ATTR_RSA_PSS_SALT_LENGTH, /* NLA_U32 */ NCR_ATTR_DSA_P_BITS, /* NLA_U32 */ NCR_ATTR_DSA_Q_BITS, /* NLA_U32 */ @@ -70,39 +69,6 @@ enum { #define NCR_HASH_MAX_OUTPUT_SIZE 64 typedef enum { - NCR_ALG_NONE, - NCR_ALG_NULL, - NCR_ALG_3DES_CBC, - NCR_ALG_AES_CBC, - NCR_ALG_CAMELLIA_CBC, - NCR_ALG_ARCFOUR, - NCR_ALG_AES_ECB, - NCR_ALG_CAMELLIA_ECB, - NCR_ALG_AES_CTR, - NCR_ALG_CAMELLIA_CTR, - - NCR_ALG_SHA1=40, - NCR_ALG_MD5, - NCR_ALG_SHA2_224, - NCR_ALG_SHA2_256, - NCR_ALG_SHA2_384, - NCR_ALG_SHA2_512, - - NCR_ALG_HMAC_SHA1=80, - NCR_ALG_HMAC_MD5, - NCR_ALG_HMAC_SHA2_224, - NCR_ALG_HMAC_SHA2_256, - NCR_ALG_HMAC_SHA2_384, - NCR_ALG_HMAC_SHA2_512, - - NCR_ALG_RSA=140, - NCR_ALG_DSA, - NCR_ALG_DH, /* DH as in PKCS #3 */ -} ncr_algorithm_t; - - - -typedef enum { NCR_WALG_AES_RFC3394, /* for secret keys only */ NCR_WALG_AES_RFC5649, /* can wrap arbitrary key */ } ncr_wrap_algorithm_t; @@ -48,9 +48,9 @@ #endif /* !CONFIG_COMPAT */ static const struct nla_policy ncr_attr_policy[NCR_ATTR_MAX + 1] = { - [NCR_ATTR_ALGORITHM] = { NLA_U32, 0 }, + [NCR_ATTR_ALGORITHM] = { NLA_NUL_STRING, 0 }, [NCR_ATTR_DERIVATION_ALGORITHM] = { NLA_U32, 0 }, - [NCR_ATTR_SIGNATURE_HASH_ALGORITHM] = { NLA_U32, 0 }, + [NCR_ATTR_SIGNATURE_HASH_ALGORITHM] = { NLA_NUL_STRING, 0 }, [NCR_ATTR_WRAPPING_ALGORITHM] = { NLA_U32, 0 }, [NCR_ATTR_UPDATE_INPUT_DATA] = { NLA_BINARY, MAX_SESSION_INPUT_DATA_SIZE @@ -74,7 +74,7 @@ static const struct nla_policy ncr_attr_policy[NCR_ATTR_MAX + 1] = { [NCR_ATTR_RSA_MODULUS_BITS] = { NLA_U32, 0 }, [NCR_ATTR_RSA_E] = { NLA_BINARY, 0 }, [NCR_ATTR_RSA_ENCODING_METHOD] = { NLA_U32, 0 }, - [NCR_ATTR_RSA_OAEP_HASH_ALGORITHM] = { NLA_U32, 0 }, + [NCR_ATTR_RSA_OAEP_HASH_ALGORITHM] = { NLA_NUL_STRING, 0 }, [NCR_ATTR_RSA_PSS_SALT_LENGTH] = { NLA_U32, 0 }, [NCR_ATTR_DSA_P_BITS] = { NLA_U32, 0 }, [NCR_ATTR_DSA_Q_BITS] = { NLA_U32, 0 }, |