diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-07-26 00:19:45 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-07-26 00:19:45 +0200 |
| commit | f84ea240b18ce93ae26030ce28d19af4bc9962a1 (patch) | |
| tree | 0031e87ea33a0e789bdda9b2beadbf7291c8faf2 | |
| parent | 6a2560330da7bc05ccb9bc75e70ce745acba7d6c (diff) | |
| download | cryptodev-linux-f84ea240b18ce93ae26030ce28d19af4bc9962a1.tar.gz cryptodev-linux-f84ea240b18ce93ae26030ce28d19af4bc9962a1.tar.xz cryptodev-linux-f84ea240b18ce93ae26030ce28d19af4bc9962a1.zip | |
removed the data type.
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | examples/Makefile | 5 | ||||
| -rw-r--r-- | examples/ncr.c | 399 | ||||
| -rw-r--r-- | examples/pk.c | 148 | ||||
| -rw-r--r-- | examples/speed.c | 113 | ||||
| -rw-r--r-- | ncr-data.c | 303 | ||||
| -rw-r--r-- | ncr-int.h | 55 | ||||
| -rw-r--r-- | ncr-key.c | 100 | ||||
| -rw-r--r-- | ncr-limits.c | 2 | ||||
| -rw-r--r-- | ncr-pk.c | 14 | ||||
| -rw-r--r-- | ncr-sessions.c | 14 | ||||
| -rw-r--r-- | ncr.c | 14 | ||||
| -rw-r--r-- | ncr.h | 33 |
13 files changed, 175 insertions, 1027 deletions
@@ -67,7 +67,7 @@ TOMCRYPT_OBJECTS = libtomcrypt/misc/zeromem.o libtomcrypt/misc/crypt/crypt_argch libtomcrypt/pk/asn1/der/x509/der_decode_subject_public_key_info.o cryptodev-objs = cryptodev_main.o cryptodev_cipher.o ncr.o \ - ncr-data.o ncr-key.o ncr-limits.o ncr-pk.o \ + ncr-key.o ncr-limits.o ncr-pk.o \ ncr-sessions-direct.o ncr-sessions.o \ ncr-key-wrap.o ncr-key-storage.o $(TOMMATH_OBJECTS) \ $(TOMCRYPT_OBJECTS) diff --git a/examples/Makefile b/examples/Makefile index ff5381d..100cc49 100644 --- a/examples/Makefile +++ b/examples/Makefile @@ -1,7 +1,7 @@ CC = gcc CFLAGS = -Wall -g -O2 -progs := cipher hmac ncr pk speed ncr-direct +progs := cipher hmac ncr pk speed all: $(progs) @@ -22,11 +22,10 @@ pk: pk.c check: $(progs) ./ncr - ./ncr-direct ./pk ./cipher ./hmac ./speed clean: - rm -f *.o *~ hmac cipher ncr pk speed ncr-direct + rm -f *.o *~ hmac cipher ncr pk speed
\ No newline at end of file diff --git a/examples/ncr.c b/examples/ncr.c index f2c4b72..4ff59fd 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -32,11 +32,9 @@ int i; static int test_ncr_key(int cfd) { - struct ncr_data_init_st dinit; struct ncr_key_generate_st kgen; ncr_key_t key; struct ncr_key_data_st keydata; - struct ncr_data_st kdata; uint8_t data[KEY_DATA_SIZE]; uint8_t data_bak[KEY_DATA_SIZE]; @@ -51,17 +49,6 @@ test_ncr_key(int cfd) randomize_data(data, sizeof(data)); memcpy(data_bak, data, sizeof(data)); - dinit.max_object_size = KEY_DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = data; - dinit.initial_data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &key)) { perror("ioctl(NCRIO_KEY_INIT)"); @@ -76,7 +63,8 @@ test_ncr_key(int cfd) keydata.flags = NCR_KEY_FLAG_EXPORTABLE; keydata.key = key; - keydata.data = dinit.desc; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -86,43 +74,21 @@ test_ncr_key(int cfd) /* now try to read it */ fprintf(stdout, "\tKey export...\n"); - if (ioctl(cfd, NCRIO_DATA_DEINIT, &dinit.desc)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_DEINIT)"); - return 1; - } - - dinit.max_object_size = DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = NULL; - dinit.initial_data_size = 0; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } memset(&keydata, 0, sizeof(keydata)); keydata.key = key; - keydata.data = dinit.desc; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } - - /* now read data */ - memset(&kdata, 0, sizeof(kdata)); - - kdata.desc = dinit.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { + + if (keydata.idata_size != sizeof(data)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); + fprintf(stderr, "data returned but differ!\n"); return 1; } @@ -162,9 +128,12 @@ test_ncr_key(int cfd) return 1; } + memset(data, 0, sizeof(data)); + memset(&keydata, 0, sizeof(keydata)); keydata.key = key; - keydata.data = dinit.desc; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -172,27 +141,16 @@ test_ncr_key(int cfd) return 1; } - /* now read data */ - memset(data, 0, sizeof(data)); - - kdata.desc = dinit.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { + if (keydata.idata_size == 0 || (data[0] == 0 && data[1] == 0 && data[2] == 0 && data[4] == 0)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); + fprintf(stderr, "Generated key: %.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x." + "%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x\n", data[0], data[1], + data[2], data[3], data[4], data[5], data[6], data[7], data[8], + data[9], data[10], data[11], data[12], data[13], data[14], + data[15]); return 1; } -#if 0 - fprintf(stderr, "Generated key: %.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x." - "%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x\n", data[0], data[1], - data[2], data[3], data[4], data[5], data[6], data[7], data[8], - data[9], data[10], data[11], data[12], data[13], data[14], - data[15]); -#endif - if (ioctl(cfd, NCRIO_KEY_DEINIT, &key)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_DEINIT)"); @@ -219,24 +177,16 @@ test_ncr_key(int cfd) return 1; } + memset(data, 0, sizeof(data)); + memset(&keydata, 0, sizeof(keydata)); keydata.key = key; - keydata.data = dinit.desc; - - if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_EXPORT)"); - return 1; - } + keydata.idata = data; + keydata.idata_size = sizeof(data); /* try to get the output data - should fail */ - memset(data, 0, sizeof(data)); - - kdata.desc = dinit.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)==0) { + if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)==0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); fprintf(stderr, "Data were exported, but shouldn't be!\n"); return 1; @@ -252,135 +202,14 @@ test_ncr_key(int cfd) } -static int test_ncr_data(int cfd) -{ - struct ncr_data_init_st init; - struct ncr_data_st kdata; - uint8_t data[DATA_SIZE]; - uint8_t data_bak[DATA_SIZE]; - int i; - - fprintf(stdout, "Tests on Data:\n"); - - randomize_data(data, sizeof(data)); - memcpy(data_bak, data, sizeof(data)); - - init.max_object_size = DATA_SIZE; - init.flags = NCR_DATA_FLAG_EXPORTABLE; - init.initial_data = data; - init.initial_data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_INIT, &init)) { - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - fprintf(stdout, "\tData Import...\n"); - - memset(data, 0, sizeof(data)); - - kdata.desc = init.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - - if (memcmp(data, data_bak, sizeof(data))!=0) { - fprintf(stderr, "data returned but differ!\n"); - return 1; - } - - fprintf(stdout, "\tData Export...\n"); - - /* test set */ - memset(data, 0xf1, sizeof(data)); - - kdata.desc = init.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - perror("ioctl(NCRIO_DATA_SET)"); - return 1; - } - - /* test get after set */ - memset(data, 0, sizeof(data)); - - kdata.desc = init.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - - for(i=0;i<kdata.data_size;i++) { - if (((uint8_t*)kdata.data)[i] != 0xf1) { - fprintf(stderr, "data returned but differ!\n"); - return 1; - } - } - fprintf(stdout, "\t2nd Data Import/Export...\n"); - - if (ioctl(cfd, NCRIO_DATA_DEINIT, &kdata.desc)) { - perror("ioctl(NCRIO_DATA_DEINIT)"); - return 1; - } - - fprintf(stdout, "\tProtection of non-exportable data...\n"); - randomize_data(data, sizeof(data)); - - init.max_object_size = DATA_SIZE; - init.flags = 0; - init.initial_data = data; - init.initial_data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_INIT, &init)) { - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - kdata.desc = init.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)==0) { - fprintf(stderr, "Unexportable data were exported!?\n"); - return 1; - } - - fprintf(stdout, "\tLimits on maximum allowed data...\n"); - for (i=0;i<256;i++ ) { - init.max_object_size = DATA_SIZE; - init.flags = 0; - init.initial_data = data; - init.initial_data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_INIT, &init)) { - //fprintf(stderr, "Reached maximum limit at: %d data items\n", i); - break; - } - } - - /* shouldn't run any other tests after that */ - - return 0; -} /* Key wrapping */ static int test_ncr_wrap_key(int cfd) { int i; - struct ncr_data_init_st dinit; ncr_key_t key, key2; struct ncr_key_data_st keydata; - struct ncr_data_st kdata; struct ncr_key_wrap_st kwrap; uint8_t data[WRAPPED_KEY_DATA_SIZE]; int data_size; @@ -393,17 +222,6 @@ test_ncr_wrap_key(int cfd) fprintf(stdout, "\tKey Wrap test...\n"); - dinit.max_object_size = WRAPPED_KEY_DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; - dinit.initial_data_size = 16; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &key)) { perror("ioctl(NCRIO_KEY_INIT)"); @@ -418,7 +236,8 @@ test_ncr_wrap_key(int cfd) keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; keydata.key = key; - keydata.data = dinit.desc; + keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; + keydata.idata_size = 16; if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -426,17 +245,6 @@ test_ncr_wrap_key(int cfd) return 1; } -#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" - /* now key data */ - kdata.data = DKEY; - kdata.data_size = 16; - kdata.desc = dinit.desc; - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_SET)"); - return 1; - } /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &key2)) { @@ -452,7 +260,9 @@ test_ncr_wrap_key(int cfd) keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; keydata.key = key2; - keydata.data = kdata.desc; +#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" + keydata.idata = DKEY; + keydata.idata_size = 16; if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -556,13 +366,10 @@ static int test_ncr_store_wrap_key(int cfd) { int i; - struct ncr_data_init_st dinit; ncr_key_t key2; struct ncr_key_data_st keydata; - struct ncr_data_st kdata; struct ncr_key_storage_wrap_st kwrap; uint8_t data[DATA_SIZE]; - int dd; int data_size; fprintf(stdout, "Tests on Key storage:\n"); @@ -573,30 +380,6 @@ test_ncr_store_wrap_key(int cfd) fprintf(stdout, "\tKey Storage wrap test...\n"); - memset(&dinit, 0, sizeof(dinit)); - dinit.max_object_size = DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - dd = dinit.desc; - -#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" - /* now key data */ - kdata.data = DKEY; - kdata.data_size = 16; - kdata.desc = dd; - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_SET)"); - return 1; - } - /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &key2)) { perror("ioctl(NCRIO_KEY_INIT)"); @@ -611,7 +394,9 @@ test_ncr_store_wrap_key(int cfd) keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; keydata.key = key2; - keydata.data = dd; +#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" + keydata.idata = DKEY; + keydata.idata_size = 16; if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -662,25 +447,21 @@ test_ncr_store_wrap_key(int cfd) /* now export the unwrapped */ memset(&keydata, 0, sizeof(keydata)); keydata.key = key2; - keydata.data = dd; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } + + data_size = keydata.idata_size; - kdata.data = data; - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - - if (kdata.data_size != 16 || memcmp(kdata.data, DKEY, 16) != 0) { + if (data_size != 16 || memcmp(data, DKEY, 16) != 0) { fprintf(stderr, "Unwrapped data do not match.\n"); - fprintf(stderr, "Data[%d]: ", (int) kdata.data_size); - for(i=0;i<kdata.data_size;i++) + fprintf(stderr, "Data[%d]: ", (int) data_size); + for(i=0;i<data_size;i++) fprintf(stderr, "%.2x:", data[i]); fprintf(stderr, "\n"); return 1; @@ -726,37 +507,13 @@ struct aes_vectors_st { static int test_ncr_aes(int cfd) { - struct ncr_data_init_st dinit; ncr_key_t key; struct ncr_key_data_st keydata; - struct ncr_data_st kdata; - ncr_data_t dd, dd2; uint8_t data[KEY_DATA_SIZE]; int i, j; struct ncr_session_once_op_st nop; int data_size; - dinit.max_object_size = KEY_DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = NULL; - dinit.initial_data_size = 0; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - dd = dinit.desc; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - dd2 = dinit.desc; - /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &key)) { perror("ioctl(NCRIO_KEY_INIT)"); @@ -774,19 +531,9 @@ test_ncr_aes(int cfd) fprintf(stdout, "Tests on AES Encryption\n"); for (i=0;i<sizeof(aes_vectors)/sizeof(aes_vectors[0]);i++) { - /* import key */ - kdata.data = (void*)aes_vectors[i].key; - kdata.data_size = 16; - kdata.desc = dd; - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_SET)"); - return 1; - } - keydata.key = key; - keydata.data = dd; + keydata.idata = (void*)aes_vectors[i].key; + keydata.idata_size = 16; if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); @@ -832,19 +579,9 @@ test_ncr_aes(int cfd) fprintf(stdout, "Tests on AES Decryption\n"); for (i=0;i<sizeof(aes_vectors)/sizeof(aes_vectors[0]);i++) { - /* import key */ - kdata.data = (void*)aes_vectors[i].key; - kdata.data_size = 16; - kdata.desc = dd; - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_SET)"); - return 1; - } - keydata.key = key; - keydata.data = dd; + keydata.idata = (void*)aes_vectors[i].key; + keydata.idata_size = 16; if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); @@ -979,36 +716,12 @@ struct hash_vectors_st { static int test_ncr_hash(int cfd) { - struct ncr_data_init_st dinit; ncr_key_t key; struct ncr_key_data_st keydata; - struct ncr_data_st kdata; - ncr_data_t dd, dd2; uint8_t data[HASH_DATA_SIZE]; int i, j, data_size; struct ncr_session_once_op_st nop; - dinit.max_object_size = HASH_DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = NULL; - dinit.initial_data_size = 0; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - dd = dinit.desc; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - dd2 = dinit.desc; - /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &key)) { perror("ioctl(NCRIO_KEY_INIT)"); @@ -1029,18 +742,10 @@ test_ncr_hash(int cfd) fprintf(stdout, "\t%s:\n", hash_vectors[i].name); /* import key */ if (hash_vectors[i].key != NULL) { - kdata.data = (void*)hash_vectors[i].key; - kdata.data_size = hash_vectors[i].key_size; - kdata.desc = dd; - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_SET)"); - return 1; - } keydata.key = key; - keydata.data = dd; + keydata.idata = (void*)hash_vectors[i].key; + keydata.idata_size = hash_vectors[i].key_size; if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); @@ -1105,24 +810,6 @@ main() return 1; } - /* Run the test itself */ - if (test_ncr_data(fd)) - return 1; - - /* Close the original descriptor */ - if (close(fd)) { - perror("close(fd)"); - return 1; - } - - /* actually test if the initial close - * will really delete all used lists */ - - fd = open("/dev/crypto", O_RDWR, 0); - if (fd < 0) { - perror("open(/dev/crypto)"); - return 1; - } if (test_ncr_key(fd)) return 1; diff --git a/examples/pk.c b/examples/pk.c index a529e9a..1aa4c5a 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -310,7 +310,7 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae fflush(stdout); memset(data, 0x3, sizeof(data)); - memset(vdata, 0x0, sizeof(vdata)); + memcpy(vdata, data, sizeof(vdata)); /* do encryption */ memset(&nop, 0, sizeof(nop)); @@ -325,8 +325,8 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae nop.init.op = NCR_OP_ENCRYPT; nop.op.data.udata.input = data; nop.op.data.udata.input_size = RSA_ENCRYPT_SIZE; - nop.op.data.udata.output = vdata; - nop.op.data.udata.output_size = sizeof(vdata); + nop.op.data.udata.output = data; + nop.op.data.udata.output_size = sizeof(data); nop.op.type = NCR_DIRECT_DATA; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { @@ -348,10 +348,10 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae } else { nop.init.params.params.rsa.type = RSA_PKCS1_V1_5; } - nop.op.data.udata.input = vdata; + nop.op.data.udata.input = data; nop.op.data.udata.input_size = enc_size; - nop.op.data.udata.output = vdata; - nop.op.data.udata.output_size = sizeof(vdata); + nop.op.data.udata.output = data; + nop.op.data.udata.output_size = sizeof(data); nop.op.type = NCR_DIRECT_DATA; @@ -373,6 +373,8 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae } +#define DATA_TO_SIGN 52 + static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int pss) { struct ncr_session_once_op_st nop; @@ -394,7 +396,7 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int nop.init.op = NCR_OP_SIGN; nop.op.data.udata.input = data; - nop.op.data.udata.input_size = sizeof(data); + nop.op.data.udata.input_size = DATA_TO_SIGN; nop.op.data.udata.output = sig; nop.op.data.udata.output_size = sizeof(sig); nop.op.type = NCR_DIRECT_DATA; @@ -414,9 +416,11 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int nop.init.params.params.rsa.type = (pss!=0)?RSA_PKCS1_PSS:RSA_PKCS1_V1_5; nop.init.params.params.rsa.sign_hash = NCR_ALG_SHA1; + memset(data, 0x3, sizeof(data)); + nop.init.op = NCR_OP_VERIFY; nop.op.data.udata.input = data; - nop.op.data.udata.input_size = sizeof(data); + nop.op.data.udata.input_size = DATA_TO_SIGN; nop.op.data.udata.output = sig; nop.op.data.udata.output_size = sig_size; nop.op.type = NCR_DIRECT_DATA; @@ -429,8 +433,10 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int if (nop.op.err == NCR_SUCCESS) fprintf(stdout, " Success\n"); - else + else { fprintf(stdout, " Verification Failed!\n"); + return 1; + } return 0; @@ -456,7 +462,7 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) nop.init.op = NCR_OP_SIGN; nop.op.data.udata.input = data; - nop.op.data.udata.input_size = sizeof(data); + nop.op.data.udata.input_size = DATA_TO_SIGN; nop.op.data.udata.output = sig; nop.op.data.udata.output_size = sizeof(sig); nop.op.type = NCR_DIRECT_DATA; @@ -477,7 +483,7 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) nop.init.op = NCR_OP_VERIFY; nop.op.data.udata.input = data; - nop.op.data.udata.input_size = sizeof(data); + nop.op.data.udata.input_size = DATA_TO_SIGN; nop.op.data.udata.output = sig; nop.op.data.udata.output_size = sizeof(sig); nop.op.type = NCR_DIRECT_DATA; @@ -490,8 +496,10 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) if (nop.op.err == NCR_SUCCESS) fprintf(stdout, " Success\n"); - else + else { fprintf(stdout, " Verification Failed!\n"); + return 1; + } return 0; @@ -501,12 +509,11 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) static int test_ncr_rsa(int cfd) { int ret; - struct ncr_data_init_st dinit; struct ncr_key_generate_st kgen; ncr_key_t pubkey, privkey; struct ncr_key_data_st keydata; - struct ncr_data_st kdata; uint8_t data[DATA_SIZE]; + int data_size; fprintf(stdout, "Tests on RSA key generation:"); fflush(stdout); @@ -538,41 +545,21 @@ static int test_ncr_rsa(int cfd) } /* export the private key */ - dinit.max_object_size = DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = NULL; - dinit.initial_data_size = 0; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - + memset(data, 0, sizeof(data)); memset(&keydata, 0, sizeof(keydata)); keydata.key = privkey; - keydata.data = dinit.desc; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_EXPORT)"); return 1; } + + data_size = keydata.idata_size; - /* now read data */ - memset(data, 0, sizeof(data)); - - kdata.desc = dinit.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - - ret = privkey_info(kdata.data, kdata.data_size, 0); + ret = privkey_info(data, data_size, 0); if (ret != 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); return 1; @@ -580,30 +567,21 @@ static int test_ncr_rsa(int cfd) /* export the public key */ + memset(data, 0, sizeof(data)); memset(&keydata, 0, sizeof(keydata)); keydata.key = pubkey; - keydata.data = dinit.desc; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } - - /* now read data */ - memset(data, 0, sizeof(data)); - - kdata.desc = dinit.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - ret = pubkey_info(kdata.data, kdata.data_size, 0); + data_size = keydata.idata_size; + + ret = pubkey_info(data, data_size, 0); if (ret != 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); return 1; @@ -611,13 +589,13 @@ static int test_ncr_rsa(int cfd) fprintf(stdout, " Success\n"); - ret = rsa_key_sign_verify(cfd, privkey, pubkey, 0); + ret = rsa_key_sign_verify(cfd, privkey, pubkey, 1); if (ret != 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); return 1; } - ret = rsa_key_sign_verify(cfd, privkey, pubkey, 1); + ret = rsa_key_sign_verify(cfd, privkey, pubkey, 0); if (ret != 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); return 1; @@ -642,12 +620,11 @@ static int test_ncr_rsa(int cfd) static int test_ncr_dsa(int cfd) { int ret; - struct ncr_data_init_st dinit; struct ncr_key_generate_st kgen; ncr_key_t pubkey, privkey; struct ncr_key_data_st keydata; - struct ncr_data_st kdata; uint8_t data[DATA_SIZE]; + int data_size; fprintf(stdout, "Tests on DSA key generation:"); fflush(stdout); @@ -679,42 +656,20 @@ static int test_ncr_dsa(int cfd) return 1; } - /* export the private key */ - dinit.max_object_size = DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = NULL; - dinit.initial_data_size = 0; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - memset(&keydata, 0, sizeof(keydata)); + memset(data, 0, sizeof(data)); keydata.key = privkey; - keydata.data = dinit.desc; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_EXPORT)"); return 1; } + data_size = keydata.idata_size; - /* now read data */ - memset(data, 0, sizeof(data)); - - kdata.desc = dinit.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - - ret = privkey_info(kdata.data, kdata.data_size, 0); + ret = privkey_info(data, data_size, 0); if (ret != 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); return 1; @@ -722,30 +677,21 @@ static int test_ncr_dsa(int cfd) /* export the public key */ + memset(data, 0, sizeof(data)); memset(&keydata, 0, sizeof(keydata)); keydata.key = pubkey; - keydata.data = dinit.desc; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } - - /* now read data */ - memset(data, 0, sizeof(data)); - - kdata.desc = dinit.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - ret = pubkey_info(kdata.data, kdata.data_size, 0); + data_size = keydata.idata_size; + + ret = pubkey_info(data, data_size, 0); if (ret != 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); return 1; diff --git a/examples/speed.c b/examples/speed.c index d49faa9..5898aaa 100644 --- a/examples/speed.c +++ b/examples/speed.c @@ -116,107 +116,6 @@ int encrypt_data(struct session_op *sess, int fdc, int chunksize) return 0; } -int encrypt_data_ncr(int cfd, int algo, int chunksize) -{ - char *buffer, iv[32]; - static int val = 23; - struct timeval start, end; - double total = 0; - double secs, ddata, dspeed; - char metric[16]; - ncr_key_t key; - struct ncr_key_generate_st kgen; - struct ncr_data_init_st dinit; - struct ncr_data_st kdata; - struct ncr_session_once_op_st nop; - ncr_data_t dd; - - if (ioctl(cfd, NCRIO_KEY_INIT, &key)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_INIT)"); - return 1; - } - - kgen.desc = key; - kgen.params.algorithm = NCR_ALG_AES_CBC; - kgen.params.keyflags = NCR_KEY_FLAG_EXPORTABLE; - kgen.params.params.secret.bits = 128; /* 16 bytes */ - - if (ioctl(cfd, NCRIO_KEY_GENERATE, &kgen)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_IMPORT)"); - return 1; - } - - - buffer = malloc(chunksize); - memset(iv, 0x23, 32); - - memset(&dinit, 0, sizeof(dinit)); - dinit.max_object_size = chunksize; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = buffer; - dinit.initial_data_size = chunksize; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - dd = dinit.desc; - - printf("\tEncrypting in chunks of %d bytes: ", chunksize); - fflush(stdout); - - memset(buffer, val++, chunksize); - - must_finish = 0; - alarm(5); - - gettimeofday(&start, NULL); - do { - kdata.data = buffer; - kdata.data_size = chunksize; - kdata.desc = dd; - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - memset(&nop, 0, sizeof(nop)); - nop.init.algorithm = algo; - nop.init.key = key; - nop.init.op = NCR_OP_ENCRYPT; - nop.op.data.ndata.input = dd; - nop.op.data.ndata.output = dd; - nop.op.type = NCR_DATA; - - if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_SESSION_ONCE)"); - return 1; - } - - total+=chunksize; - } while(must_finish==0); - gettimeofday(&end, NULL); - - if (ioctl(cfd, NCRIO_DATA_DEINIT, &dd)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - secs = udifftimeval(start, end)/ 1000000.0; - - value2human(total, secs, &ddata, &dspeed, metric); - printf ("done. %.2f %s in %.2f secs: ", ddata, metric, secs); - printf ("%.2f %s/sec\n", dspeed, metric); - - return 0; -} int encrypt_data_ncr_direct(int cfd, int algo, int chunksize) { @@ -322,12 +221,6 @@ int main(void) break; } - fprintf(stderr, "\nTesting NCR with NULL cipher: \n"); - for (i = 256; i <= (64 * 1024); i *= 2) { - if (encrypt_data_ncr(fdc, NCR_ALG_NULL, i)) - break; - } - fprintf(stderr, "\nTesting NCR-DIRECT with NULL cipher: \n"); for (i = 256; i <= (64 * 1024); i *= 2) { if (encrypt_data_ncr_direct(fdc, NCR_ALG_NULL, i)) @@ -351,12 +244,6 @@ int main(void) break; } - fprintf(stderr, "\nTesting NCR with AES-128-CBC cipher: \n"); - for (i = 256; i <= (64 * 1024); i *= 2) { - if (encrypt_data_ncr(fdc, NCR_ALG_AES_CBC, i)) - break; - } - fprintf(stderr, "\nTesting NCR-DIRECT with AES-128-CBC cipher: \n"); for (i = 256; i <= (64 * 1024); i *= 2) { if (encrypt_data_ncr_direct(fdc, NCR_ALG_AES_CBC, i)) diff --git a/ncr-data.c b/ncr-data.c deleted file mode 100644 index 639637f..0000000 --- a/ncr-data.c +++ /dev/null @@ -1,303 +0,0 @@ -/* - * New driver for /dev/crypto device (aka CryptoDev) - - * Copyright (c) 2010 Nikos Mavrogiannopoulos <nmav@gnutls.org> - * - * This file is part of linux cryptodev. - * - * cryptodev is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * cryptodev is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -#include <linux/crypto.h> -#include <linux/mm.h> -#include <linux/highmem.h> -#include "cryptodev.h" -#include <asm/uaccess.h> -#include <asm/ioctl.h> -#include <linux/scatterlist.h> -#include "ncr.h" -#include "ncr-int.h" - -/* must be called with data semaphore down */ -static void _ncr_data_unlink_item(struct data_item_st *item) -{ - list_del(&item->list); - _ncr_data_item_put( item); /* decrement ref count */ -} - -void ncr_data_list_deinit(struct list_sem_st* lst) -{ - if(lst) { - struct data_item_st * item, *tmp; - - down(&lst->sem); - - list_for_each_entry_safe(item, tmp, &lst->list, list) { - _ncr_data_unlink_item(item); - } - up(&lst->sem); - - } -} - -/* must be called with data semaphore down - */ -static ncr_data_t _ncr_data_get_new_desc( struct list_sem_st* lst) -{ -struct data_item_st* item; -int mx = 1; - - list_for_each_entry(item, &lst->list, list) { - mx = max(mx, item->desc); - } - mx++; - - return mx; -} - -/* returns the data item corresponding to desc */ -struct data_item_st* ncr_data_item_get( struct list_sem_st* lst, ncr_data_t desc) -{ -struct data_item_st* item; - - down(&lst->sem); - list_for_each_entry(item, &lst->list, list) { - if (item->desc == desc) { - atomic_inc(&item->refcnt); - up(&lst->sem); - return item; - } - } - up(&lst->sem); - - err(); - return NULL; -} - -static void* data_alloc(size_t size) -{ - /* FIXME: enforce a maximum memory limit per process and per user */ - /* ncr_data_set() relies this function enforcing a reasonable upper - limit. */ - if (size > 64*1024) { - err(); - return NULL; - } - return kmalloc(size, GFP_KERNEL); -} - -void _ncr_data_item_put( struct data_item_st* item) -{ - if (atomic_dec_and_test(&item->refcnt)) { - ncr_limits_remove(item->uid, item->pid, LIMIT_TYPE_DATA); - kfree(item->data); - kfree(item); - } -} - -int ncr_data_init(struct list_sem_st* lst, void __user* arg) -{ - struct ncr_data_init_st init; - struct data_item_st* data; - int ret; - - ret = ncr_limits_add_and_check(current_euid(), task_pid_nr(current), LIMIT_TYPE_DATA); - if (ret < 0) { - err(); - return ret; - } - - if (unlikely(copy_from_user(&init, arg, sizeof(init)))) { - err(); - ret = -EFAULT; - goto err_limits; - } - - data = kmalloc(sizeof(*data), GFP_KERNEL); - if (data == NULL) { - err(); - ret = -ENOMEM; - goto err_limits; - } - - memset(data, 0, sizeof(*data)); - - data->flags = init.flags; - data->uid = current_euid(); - data->pid = task_pid_nr(current); - - atomic_set(&data->refcnt, 1); - - data->data = data_alloc(init.max_object_size); - if (data->data == NULL) { - err(); - ret = -ENOMEM; - goto err_data; - } - data->max_data_size = init.max_object_size; - - sg_init_one(&data->sg, data->data, data->max_data_size); - - if (init.initial_data != NULL) { - if (unlikely(copy_from_user(data->data, init.initial_data, - init.initial_data_size))) { - err(); - _ncr_data_item_put(data); - return -EFAULT; - } - data->data_size = init.initial_data_size; - } - - down(&lst->sem); - - data->desc = _ncr_data_get_new_desc(lst); - - list_add(&data->list, &lst->list); - - up(&lst->sem); - - init.desc = data->desc; - ret = copy_to_user(arg, &init, sizeof(init)); - if (unlikely(ret)) { - down(&lst->sem); - _ncr_data_unlink_item(data); - up(&lst->sem); - return -EFAULT; - } - return ret; - - err_data: - kfree(data); - err_limits: - ncr_limits_remove(current_euid(), task_pid_nr(current), - LIMIT_TYPE_DATA); - return ret; -} - - -int ncr_data_deinit(struct list_sem_st* lst, void __user* arg) -{ - ncr_data_t desc; - struct data_item_st * item, *tmp; - - if (unlikely(copy_from_user(&desc, arg, sizeof(desc)))) { - err(); - return -EFAULT; - } - down(&lst->sem); - - list_for_each_entry_safe(item, tmp, &lst->list, list) { - if(item->desc == desc) { - _ncr_data_unlink_item(item); - break; - } - } - - up(&lst->sem); - - return 0; -} - -int ncr_data_get(struct list_sem_st* lst, void __user* arg) -{ - struct ncr_data_st get; - struct data_item_st * data; - size_t len; - int ret; - - if (unlikely(copy_from_user(&get, arg, sizeof(get)))) { - err(); - return -EFAULT; - } - - data = ncr_data_item_get( lst, get.desc); - - if (data == NULL) { - err(); - return -EINVAL; - } - - if (!(data->flags & NCR_DATA_FLAG_EXPORTABLE)) { - err(); - ret = -EPERM; - goto cleanup; - } - - len = min(get.data_size, data->data_size); - - /* update length */ - get.data_size = len; - - ret = copy_to_user(arg, &get, sizeof(get)); - if (unlikely(ret)) { - err(); - ret = -EFAULT; - } - - if (ret == 0 && len > 0) { - ret = copy_to_user(get.data, data->data, len); - if (unlikely(ret)) { - err(); - ret = -EFAULT; - } - } - -cleanup: - _ncr_data_item_put( data); - - return ret; -} - -int ncr_data_set(struct list_sem_st* lst, void __user* arg) -{ - struct ncr_data_st get; - struct data_item_st * data; - int ret; - - if (unlikely(copy_from_user(&get, arg, sizeof(get)))) { - err(); - return -EFAULT; - } - - data = ncr_data_item_get( lst, get.desc); - - if (data == NULL) { - err(); - return -EINVAL; - } - - if ((get.data_size > data->max_data_size) || - (get.data == NULL && get.data_size != 0)) { - err(); - ret = -EINVAL; - goto cleanup; - } - - if (get.data != NULL) { - if (unlikely(copy_from_user(data->data, get.data, - get.data_size))) { - err(); - ret = -EFAULT; - goto cleanup; - } - } - data->data_size = get.data_size; - - ret = 0; - -cleanup: - _ncr_data_item_put( data); - - return ret; -} @@ -55,27 +55,6 @@ struct session_item_st { ncr_session_t desc; }; -struct data_item_st { - struct list_head list; - /* This object is not protected from concurrent access. - * I see no reason to allow concurrent writes (reads are - * not an issue). - */ - struct scatterlist sg; /* points to data */ - - uint8_t* data; - size_t data_size; - size_t max_data_size; - unsigned int flags; - atomic_t refcnt; - - /* owner. The one charged with this */ - uid_t uid; - pid_t pid; - - ncr_data_t desc; -}; - struct key_item_st { struct list_head list; /* This object is also not protected from concurrent access. @@ -129,20 +108,10 @@ void ncr_deinit_lists(struct ncr_lists *lst); int ncr_ioctl(struct ncr_lists*, struct file *filp, unsigned int cmd, unsigned long arg); -int ncr_data_set(struct list_sem_st*, void __user* arg); -int ncr_data_get(struct list_sem_st*, void __user* arg); -int ncr_data_deinit(struct list_sem_st*, void __user* arg); -int ncr_data_init(struct list_sem_st*, void __user* arg); -void ncr_data_list_deinit(struct list_sem_st*); -struct data_item_st* ncr_data_item_get( struct list_sem_st* lst, ncr_data_t desc); -void _ncr_data_item_put( struct data_item_st* item); - int ncr_key_init(struct list_sem_st*, void __user* arg); int ncr_key_deinit(struct list_sem_st*, void __user* arg); -int ncr_key_export(struct list_sem_st* data_lst, - struct list_sem_st* key_lst,void __user* arg); -int ncr_key_import(struct list_sem_st* data_lst, - struct list_sem_st* key_lst,void __user* arg); +int ncr_key_export(struct list_sem_st* key_lst,void __user* arg); +int ncr_key_import(struct list_sem_st* key_lst,void __user* arg); void ncr_key_list_deinit(struct list_sem_st* lst); int ncr_key_generate(struct list_sem_st* data_lst, void __user* arg); int ncr_key_info(struct list_sem_st*, void __user* arg); @@ -160,7 +129,6 @@ void _ncr_key_item_put( struct key_item_st* item); typedef enum { LIMIT_TYPE_KEY, - LIMIT_TYPE_DATA } limits_type_t; void ncr_limits_remove(uid_t uid, pid_t pid, limits_type_t type); @@ -195,25 +163,6 @@ int key_to_storage_data( uint8_t** data, size_t * data_size, const struct key_it /* misc helper macros */ -inline static unsigned int key_flags_to_data(unsigned int key_flags) -{ - unsigned int flags = 0; - - if (key_flags & NCR_KEY_FLAG_EXPORTABLE) - flags |= NCR_DATA_FLAG_EXPORTABLE; - - return flags; -} - -inline static unsigned int data_flags_to_key(unsigned int data_flags) -{ - unsigned int flags = 0; - - if (data_flags & NCR_DATA_FLAG_EXPORTABLE) - flags |= NCR_KEY_FLAG_EXPORTABLE; - - return flags; -} const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo); const struct algo_properties_st *ncr_key_params_get_sign_hash(const struct algo_properties_st *algo, struct ncr_key_params_st * params); @@ -231,13 +231,12 @@ int ncr_key_deinit(struct list_sem_st* lst, void __user* arg) /* "exports" a key to a data item. If the key is not exportable * to userspace then the data item will also not be. */ -int ncr_key_export(struct list_sem_st* data_lst, - struct list_sem_st* key_lst, void __user* arg) +int ncr_key_export(struct list_sem_st* key_lst, void __user* arg) { struct ncr_key_data_st data; struct key_item_st* item = NULL; -struct data_item_st* ditem = NULL; -uint32_t size; +void* tmp = NULL; +uint32_t tmp_size; int ret; if (unlikely(copy_from_user(&data, arg, sizeof(data)))) { @@ -251,18 +250,15 @@ int ret; return ret; } - ditem = ncr_data_item_get( data_lst, data.data); - if (ditem == NULL) { + if (!(item->flags & NCR_KEY_FLAG_EXPORTABLE)) { err(); - ret = -EINVAL; + ret = -EPERM; goto fail; } - ditem->flags = key_flags_to_data(item->flags); - switch (item->type) { case NCR_KEY_TYPE_SECRET: - if (item->key.secret.size > ditem->max_data_size) { + if (item->key.secret.size > data.idata_size) { err(); ret = -EINVAL; goto fail; @@ -270,21 +266,40 @@ int ret; /* found */ if (item->key.secret.size > 0) { - memcpy(ditem->data, item->key.secret.data, item->key.secret.size); + ret = copy_to_user(data.idata, item->key.secret.data, item->key.secret.size); + if (unlikely(ret)) { + err(); + ret = -EFAULT; + goto fail; + } } - ditem->data_size = item->key.secret.size; + data.idata_size = item->key.secret.size; break; case NCR_KEY_TYPE_PUBLIC: case NCR_KEY_TYPE_PRIVATE: - size = ditem->max_data_size; - ret = ncr_pk_pack(item, ditem->data, &size); + tmp_size = data.idata_size; - ditem->data_size = size; + tmp = kmalloc(tmp_size, GFP_KERNEL); + if (tmp == NULL) { + err(); + ret = -ENOMEM; + goto fail; + } + + ret = ncr_pk_pack(item, tmp, &tmp_size); + data.idata_size = tmp_size; if (ret < 0) { err(); goto fail; } + + ret = copy_to_user(data.idata, tmp, tmp_size); + if (unlikely(ret)) { + err(); + ret = -EFAULT; + goto fail; + } break; default: @@ -293,16 +308,16 @@ int ret; goto fail; } - _ncr_key_item_put( item); - _ncr_data_item_put( ditem); - - return 0; + if (unlikely(copy_to_user(arg, &data, sizeof(data)))) { + err(); + ret = -EFAULT; + } else + ret = 0; fail: + kfree(tmp); if (item) _ncr_key_item_put(item); - if (ditem) - _ncr_data_item_put(ditem); return ret; } @@ -310,13 +325,13 @@ fail: /* "imports" a key from a data item. If the key is not exportable * to userspace then the key item will also not be. */ -int ncr_key_import(struct list_sem_st* data_lst, - struct list_sem_st* key_lst, void __user* arg) +int ncr_key_import(struct list_sem_st* key_lst, void __user* arg) { struct ncr_key_data_st data; struct key_item_st* item = NULL; -struct data_item_st* ditem = NULL; int ret; +void* tmp = NULL; +size_t tmp_size; if (unlikely(copy_from_user(&data, arg, sizeof(data)))) { err(); @@ -329,13 +344,20 @@ int ret; return ret; } - ditem = ncr_data_item_get( data_lst, data.data); - if (ditem == NULL) { + tmp = kmalloc(data.idata_size, GFP_KERNEL); + if (tmp == NULL) { err(); - ret = -EINVAL; + ret = -ENOMEM; goto fail; } - + + if (unlikely(copy_from_user(tmp, data.idata, data.idata_size))) { + err(); + ret = -EFAULT; + goto fail; + } + tmp_size = data.idata_size; + item->type = data.type; item->algorithm = _ncr_algo_to_properties(data.algorithm); if (item->algorithm == NULL) { @@ -344,11 +366,6 @@ int ret; goto fail; } item->flags = data.flags; - /* if data cannot be exported then the flags above - * should be overriden */ - if (!(ditem->flags & NCR_DATA_FLAG_EXPORTABLE)) { - item->flags &= ~NCR_KEY_FLAG_EXPORTABLE; - } if (data.key_id_size > MAX_KEY_ID_SIZE) { err(); @@ -363,18 +380,18 @@ int ret; switch(item->type) { case NCR_KEY_TYPE_SECRET: - if (ditem->data_size > NCR_CIPHER_MAX_KEY_LEN) { + if (tmp_size > NCR_CIPHER_MAX_KEY_LEN) { err(); ret = -EINVAL; goto fail; } - memcpy(item->key.secret.data, ditem->data, ditem->data_size); - item->key.secret.size = ditem->data_size; + memcpy(item->key.secret.data, tmp, tmp_size); + item->key.secret.size = tmp_size; break; case NCR_KEY_TYPE_PRIVATE: case NCR_KEY_TYPE_PUBLIC: - ret = ncr_pk_unpack( item, ditem->data, ditem->data_size); + ret = ncr_pk_unpack( item, tmp, tmp_size); if (ret < 0) { err(); goto fail; @@ -387,16 +404,13 @@ int ret; goto fail; } - _ncr_key_item_put( item); - _ncr_data_item_put( ditem); - - return 0; + ret = 0; fail: if (item) _ncr_key_item_put(item); - if (ditem) - _ncr_data_item_put(ditem); + kfree(tmp); + return ret; } diff --git a/ncr-limits.c b/ncr-limits.c index 5340954..7a98f3c 100644 --- a/ncr-limits.c +++ b/ncr-limits.c @@ -34,12 +34,10 @@ /* arbitrary now */ static unsigned int max_per_user[] = { [LIMIT_TYPE_KEY] = 128, - [LIMIT_TYPE_DATA] = 128, }; static unsigned int max_per_process[] = { [LIMIT_TYPE_KEY] = 64, - [LIMIT_TYPE_DATA] = 64, }; struct limit_user_item_st { @@ -359,9 +359,13 @@ int ncr_pk_cipher_init(const struct algo_properties_st *algo, err(); return -EINVAL; } - } else if (params->params.rsa.type == RSA_PKCS1_PSS) + } else if (params->params.rsa.type == RSA_PKCS1_PSS) { ctx->type = LTC_LTC_PKCS_1_PSS; - + } else { + err(); + return -EINVAL; + } + ctx->salt_len = params->params.rsa.pss_salt; break; case NCR_ALG_DSA: @@ -534,7 +538,6 @@ void * input, *output; case NCR_ALG_RSA: cret = rsa_sign_hash_ex( input, isg_size, output, &osize, ctx->type, ctx->sign_hash, ctx->salt_len, &ctx->key->key.pk.rsa); - if (cret != CRYPT_OK) { err(); return tomerr(cret); @@ -575,7 +578,7 @@ int ncr_pk_cipher_verify(const struct ncr_pk_ctx* ctx, const void* hash, size_t hash_size, ncr_error_t* err) { int cret, ret; -int stat; +int stat = 0; uint8_t* sig; sig = kmalloc(sign_sg_size, GFP_KERNEL); @@ -596,13 +599,12 @@ uint8_t* sig; cret = rsa_verify_hash_ex( sig, sign_sg_size, hash, hash_size, ctx->type, ctx->sign_hash, ctx->salt_len, &stat, &ctx->key->key.pk.rsa); - if (cret != CRYPT_OK) { err(); ret = tomerr(cret); goto fail; } - + if (stat == 1) *err = 0; else diff --git a/ncr-sessions.c b/ncr-sessions.c index f0aebc5..8986379 100644 --- a/ncr-sessions.c +++ b/ncr-sessions.c @@ -537,12 +537,13 @@ static int get_userbuf2(struct session_item_st* ses, unsigned *src_cnt, struct scatterlist **dst_sg, unsigned *dst_cnt) { int src_pagecount, dst_pagecount = 0, pagecount, write_src = 1; + size_t input_size = op->data.udata.input_size; if (op->data.udata.input == NULL) { return -EINVAL; } - src_pagecount = PAGECOUNT(op->data.udata.input, op->data.udata.input_size); + src_pagecount = PAGECOUNT(op->data.udata.input, input_size); if (op->data.udata.input != op->data.udata.output) { /* non-in-situ transformation */ if (op->data.udata.output != NULL) { @@ -551,6 +552,10 @@ static int get_userbuf2(struct session_item_st* ses, } else { dst_pagecount = 0; } + } else { + src_pagecount = max((int)(PAGECOUNT(op->data.udata.output, op->data.udata.output_size)), + src_pagecount); + input_size = max(input_size, (size_t)op->data.udata.output_size); } ses->available_pages = pagecount = src_pagecount + dst_pagecount; @@ -571,7 +576,7 @@ static int get_userbuf2(struct session_item_st* ses, } } - if (__get_userbuf(op->data.udata.input, op->data.udata.input_size, write_src, + if (__get_userbuf(op->data.udata.input, input_size, write_src, src_pagecount, ses->pages, ses->sg)) { dprintk(1, KERN_ERR, "failed to get user pages for data input\n"); return -EINVAL; @@ -639,7 +644,7 @@ int _ncr_session_direct_update(struct ncr_lists* lists, struct ncr_session_op_st ret = -EINVAL; goto fail; } - + ret = _ncr_session_encrypt(sess, isg, isg_cnt, isg_size, osg, osg_cnt, &osg_size); if (ret < 0) { @@ -716,7 +721,6 @@ int _ncr_session_direct_final(struct ncr_lists* lists, struct ncr_session_op_st* { int ret; struct session_item_st* sess; - struct data_item_st* odata = NULL; int digest_size; uint8_t digest[NCR_HASH_MAX_OUTPUT_SIZE]; uint8_t vdigest[NCR_HASH_MAX_OUTPUT_SIZE]; @@ -776,7 +780,7 @@ int _ncr_session_direct_final(struct ncr_lists* lists, struct ncr_session_op_st* goto fail; } - if (digest_size != odata->data_size || + if (digest_size != osg_size || memcmp(vdigest, digest, digest_size) != 0) { op->err = NCR_VERIFICATION_FAILED; @@ -64,7 +64,6 @@ void* ncr_init_lists(void) void ncr_deinit_lists(struct ncr_lists *lst) { if(lst) { - ncr_data_list_deinit(&lst->data); ncr_key_list_deinit(&lst->key); ncr_sessions_list_deinit(&lst->sessions); kfree(lst); @@ -124,15 +123,6 @@ ncr_ioctl(struct ncr_lists* lst, struct file *filp, BUG(); switch (cmd) { - case NCRIO_DATA_INIT: - return ncr_data_init(&lst->data, arg); - case NCRIO_DATA_GET: - return ncr_data_get(&lst->data, arg); - case NCRIO_DATA_SET: - return ncr_data_set(&lst->data, arg); - case NCRIO_DATA_DEINIT: - return ncr_data_deinit(&lst->data, arg); - case NCRIO_KEY_INIT: return ncr_key_init(&lst->key, arg); case NCRIO_KEY_DEINIT: @@ -140,9 +130,9 @@ ncr_ioctl(struct ncr_lists* lst, struct file *filp, case NCRIO_KEY_GENERATE: return ncr_key_generate(&lst->key, arg); case NCRIO_KEY_EXPORT: - return ncr_key_export(&lst->data, &lst->key, arg); + return ncr_key_export(&lst->key, arg); case NCRIO_KEY_IMPORT: - return ncr_key_import(&lst->data, &lst->key, arg); + return ncr_key_import(&lst->key, arg); case NCRIO_KEY_GET_INFO: return ncr_key_info(&lst->key, arg); case NCRIO_KEY_WRAP: @@ -55,34 +55,6 @@ typedef enum { NCR_KEY_TYPE_PRIVATE=3, } ncr_key_type_t; -/* Data Handling - */ -#define NCR_DATA_FLAG_EXPORTABLE 1 -#define NCR_DATA_FLAG_SIGN_ONLY 2 /* this object can only be used with hash/sign operations */ - -typedef int ncr_data_t; -#define NCR_DATA_INVALID (ncr_data_t)(0) - -struct ncr_data_init_st { - ncr_data_t desc; - size_t max_object_size; - unsigned int flags; - void __user *initial_data; /* can be null */ - size_t initial_data_size; -}; - -struct ncr_data_st { - ncr_data_t desc; - void __user *data; - size_t data_size; /* rw in get */ - unsigned int append_flag; /* only when used with NCRIO_DATA_SET */ -}; - -#define NCRIO_DATA_INIT _IOWR('c', 200, struct ncr_data_init_st) -#define NCRIO_DATA_GET _IOWR('c', 201, struct ncr_data_st) -#define NCRIO_DATA_SET _IOR('c', 202, struct ncr_data_st) -#define NCRIO_DATA_DEINIT _IOR('c', 203, ncr_data_t) - /* Key handling */ @@ -187,7 +159,10 @@ struct ncr_key_info_st { struct ncr_key_data_st { ncr_key_t key; - ncr_data_t data; + + void __user *idata; + size_t idata_size; /* rw in get */ + /* in case of import this will be used as key id */ uint8_t key_id[MAX_KEY_ID_SIZE]; size_t key_id_size; |