diff options
| author | Miloslav Trmač <mitr@redhat.com> | 2010-07-26 19:08:44 +0200 |
|---|---|---|
| committer | Miloslav Trmač <mitr@redhat.com> | 2010-07-26 19:08:44 +0200 |
| commit | afed807b11199877214ec2e5d81e96c230237759 (patch) | |
| tree | 8b01ef8a6f881656d78e4f54b60a9ea41187a175 /examples | |
| parent | d750b60952619af570ac4d91cd650ffa6bbe311d (diff) | |
| parent | 935be4945512eb37461a226c51ede5e8b05cbe24 (diff) | |
Merge branch 'master' into algorithm-speedup
Conflicts:
libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c
libtomcrypt/pk/pkcs1/pkcs_1_pss_encode.c
libtomcrypt/pk/rsa/rsa_decrypt_key.c
libtomcrypt/pk/rsa/rsa_encrypt_key.c
libtomcrypt/pk/rsa/rsa_sign_hash.c
libtomcrypt/pk/rsa/rsa_verify_hash.c
ncr-int.h
ncr-key.c
ncr-pk.c
ncr-sessions.c
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/Makefile | 2 | ||||
| -rw-r--r-- | examples/ncr.c | 657 | ||||
| -rw-r--r-- | examples/pk.c | 305 | ||||
| -rw-r--r-- | examples/speed.c | 59 |
4 files changed, 308 insertions, 715 deletions
diff --git a/examples/Makefile b/examples/Makefile index c65297f..100cc49 100644 --- a/examples/Makefile +++ b/examples/Makefile @@ -28,4 +28,4 @@ check: $(progs) ./speed clean: - rm -f *.o *~ hmac cipher ncr pk speed + rm -f *.o *~ hmac cipher ncr pk speed
\ No newline at end of file diff --git a/examples/ncr.c b/examples/ncr.c index 234e8bd..4231ffa 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -32,11 +32,9 @@ int i; static int test_ncr_key(int cfd) { - struct ncr_data_init_st dinit; struct ncr_key_generate_st kgen; ncr_key_t key; struct ncr_key_data_st keydata; - struct ncr_data_st kdata; uint8_t data[KEY_DATA_SIZE]; uint8_t data_bak[KEY_DATA_SIZE]; @@ -51,17 +49,6 @@ test_ncr_key(int cfd) randomize_data(data, sizeof(data)); memcpy(data_bak, data, sizeof(data)); - dinit.max_object_size = KEY_DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = data; - dinit.initial_data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &key)) { perror("ioctl(NCRIO_KEY_INIT)"); @@ -76,7 +63,8 @@ test_ncr_key(int cfd) keydata.flags = NCR_KEY_FLAG_EXPORTABLE; keydata.key = key; - keydata.data = dinit.desc; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -86,43 +74,21 @@ test_ncr_key(int cfd) /* now try to read it */ fprintf(stdout, "\tKey export...\n"); - if (ioctl(cfd, NCRIO_DATA_DEINIT, &dinit.desc)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_DEINIT)"); - return 1; - } - - dinit.max_object_size = DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = NULL; - dinit.initial_data_size = 0; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } memset(&keydata, 0, sizeof(keydata)); keydata.key = key; - keydata.data = dinit.desc; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } - - /* now read data */ - memset(&kdata, 0, sizeof(kdata)); - - kdata.desc = dinit.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { + + if (keydata.idata_size != sizeof(data)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); + fprintf(stderr, "data returned but differ!\n"); return 1; } @@ -162,9 +128,12 @@ test_ncr_key(int cfd) return 1; } + memset(data, 0, sizeof(data)); + memset(&keydata, 0, sizeof(keydata)); keydata.key = key; - keydata.data = dinit.desc; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -172,27 +141,16 @@ test_ncr_key(int cfd) return 1; } - /* now read data */ - memset(data, 0, sizeof(data)); - - kdata.desc = dinit.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { + if (keydata.idata_size == 0 || (data[0] == 0 && data[1] == 0 && data[2] == 0 && data[4] == 0)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); + fprintf(stderr, "Generated key: %.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x." + "%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x\n", data[0], data[1], + data[2], data[3], data[4], data[5], data[6], data[7], data[8], + data[9], data[10], data[11], data[12], data[13], data[14], + data[15]); return 1; } -#if 0 - fprintf(stderr, "Generated key: %.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x." - "%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x\n", data[0], data[1], - data[2], data[3], data[4], data[5], data[6], data[7], data[8], - data[9], data[10], data[11], data[12], data[13], data[14], - data[15]); -#endif - if (ioctl(cfd, NCRIO_KEY_DEINIT, &key)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_DEINIT)"); @@ -219,24 +177,16 @@ test_ncr_key(int cfd) return 1; } + memset(data, 0, sizeof(data)); + memset(&keydata, 0, sizeof(keydata)); keydata.key = key; - keydata.data = dinit.desc; - - if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_EXPORT)"); - return 1; - } + keydata.idata = data; + keydata.idata_size = sizeof(data); /* try to get the output data - should fail */ - memset(data, 0, sizeof(data)); - - kdata.desc = dinit.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)==0) { + if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)==0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); fprintf(stderr, "Data were exported, but shouldn't be!\n"); return 1; @@ -252,138 +202,17 @@ test_ncr_key(int cfd) } -static int test_ncr_data(int cfd) -{ - struct ncr_data_init_st init; - struct ncr_data_st kdata; - uint8_t data[DATA_SIZE]; - uint8_t data_bak[DATA_SIZE]; - int i; - - fprintf(stdout, "Tests on Data:\n"); - - randomize_data(data, sizeof(data)); - memcpy(data_bak, data, sizeof(data)); - - init.max_object_size = DATA_SIZE; - init.flags = NCR_DATA_FLAG_EXPORTABLE; - init.initial_data = data; - init.initial_data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_INIT, &init)) { - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - fprintf(stdout, "\tData Import...\n"); - - memset(data, 0, sizeof(data)); - - kdata.desc = init.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - - if (memcmp(data, data_bak, sizeof(data))!=0) { - fprintf(stderr, "data returned but differ!\n"); - return 1; - } - - fprintf(stdout, "\tData Export...\n"); - - /* test set */ - memset(data, 0xf1, sizeof(data)); - - kdata.desc = init.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - perror("ioctl(NCRIO_DATA_SET)"); - return 1; - } - - /* test get after set */ - memset(data, 0, sizeof(data)); - - kdata.desc = init.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - - for(i=0;i<kdata.data_size;i++) { - if (((uint8_t*)kdata.data)[i] != 0xf1) { - fprintf(stderr, "data returned but differ!\n"); - return 1; - } - } - fprintf(stdout, "\t2nd Data Import/Export...\n"); - - if (ioctl(cfd, NCRIO_DATA_DEINIT, &kdata.desc)) { - perror("ioctl(NCRIO_DATA_DEINIT)"); - return 1; - } - - fprintf(stdout, "\tProtection of non-exportable data...\n"); - randomize_data(data, sizeof(data)); - - init.max_object_size = DATA_SIZE; - init.flags = 0; - init.initial_data = data; - init.initial_data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_INIT, &init)) { - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - kdata.desc = init.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)==0) { - fprintf(stderr, "Unexportable data were exported!?\n"); - return 1; - } - - fprintf(stdout, "\tLimits on maximum allowed data...\n"); - for (i=0;i<256;i++ ) { - init.max_object_size = DATA_SIZE; - init.flags = 0; - init.initial_data = data; - init.initial_data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_INIT, &init)) { - //fprintf(stderr, "Reached maximum limit at: %d data items\n", i); - break; - } - } - - /* shouldn't run any other tests after that */ - - return 0; -} /* Key wrapping */ static int test_ncr_wrap_key(int cfd) { int i; - struct ncr_data_init_st dinit; ncr_key_t key, key2; struct ncr_key_data_st keydata; - struct ncr_data_st kdata; struct ncr_key_wrap_st kwrap; uint8_t data[WRAPPED_KEY_DATA_SIZE]; - + int data_size; fprintf(stdout, "Tests on Keys:\n"); @@ -393,17 +222,6 @@ test_ncr_wrap_key(int cfd) fprintf(stdout, "\tKey Wrap test...\n"); - dinit.max_object_size = WRAPPED_KEY_DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; - dinit.initial_data_size = 16; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &key)) { perror("ioctl(NCRIO_KEY_INIT)"); @@ -418,7 +236,8 @@ test_ncr_wrap_key(int cfd) keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; keydata.key = key; - keydata.data = dinit.desc; + keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; + keydata.idata_size = 16; if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -426,17 +245,6 @@ test_ncr_wrap_key(int cfd) return 1; } -#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" - /* now key data */ - kdata.data = DKEY; - kdata.data_size = 16; - kdata.desc = dinit.desc; - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_SET)"); - return 1; - } /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &key2)) { @@ -452,7 +260,9 @@ test_ncr_wrap_key(int cfd) keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; keydata.key = key2; - keydata.data = kdata.desc; +#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" + keydata.idata = DKEY; + keydata.idata_size = 16; if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -465,29 +275,23 @@ test_ncr_wrap_key(int cfd) kwrap.algorithm = NCR_WALG_AES_RFC3394; kwrap.keytowrap = key2; kwrap.key = key; - kwrap.data = kdata.desc; + kwrap.io = data; + kwrap.io_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_WRAP, &kwrap)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_WRAP)"); return 1; } + + data_size = kwrap.io_size; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - - if (kdata.data_size != 24 || memcmp(kdata.data, + if (kwrap.io_size != 24 || memcmp(data, "\x1F\xA6\x8B\x0A\x81\x12\xB4\x47\xAE\xF3\x4B\xD8\xFB\x5A\x7B\x82\x9D\x3E\x86\x23\x71\xD2\xCF\xE5", 24) != 0) { fprintf(stderr, "Wrapped data do not match.\n"); - fprintf(stderr, "Data[%d]: ",(int) kdata.data_size); - for(i=0;i<kdata.data_size;i++) + fprintf(stderr, "Data[%d]: ",(int) kwrap.io_size); + for(i=0;i<kwrap.io_size;i++) fprintf(stderr, "%.2x:", data[i]); fprintf(stderr, "\n"); return 1; @@ -514,7 +318,8 @@ test_ncr_wrap_key(int cfd) kwrap.algorithm = NCR_WALG_AES_RFC3394; kwrap.keytowrap = key2; kwrap.key = key; - kwrap.data = kdata.desc; + kwrap.io = data; + kwrap.io_size = data_size; if (ioctl(cfd, NCRIO_KEY_UNWRAP, &kwrap)) { perror("ioctl(NCRIO_KEY_UNWRAP)"); @@ -561,13 +366,11 @@ static int test_ncr_store_wrap_key(int cfd) { int i; - struct ncr_data_init_st dinit; ncr_key_t key2; struct ncr_key_data_st keydata; - struct ncr_data_st kdata; struct ncr_key_storage_wrap_st kwrap; uint8_t data[DATA_SIZE]; - int dd; + int data_size; fprintf(stdout, "Tests on Key storage:\n"); @@ -577,30 +380,6 @@ test_ncr_store_wrap_key(int cfd) fprintf(stdout, "\tKey Storage wrap test...\n"); - memset(&dinit, 0, sizeof(dinit)); - dinit.max_object_size = DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - dd = dinit.desc; - -#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" - /* now key data */ - kdata.data = DKEY; - kdata.data_size = 16; - kdata.desc = dd; - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_SET)"); - return 1; - } - /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &key2)) { perror("ioctl(NCRIO_KEY_INIT)"); @@ -615,7 +394,9 @@ test_ncr_store_wrap_key(int cfd) keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; keydata.key = key2; - keydata.data = dd; +#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" + keydata.idata = DKEY; + keydata.idata_size = 16; if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -626,7 +407,8 @@ test_ncr_store_wrap_key(int cfd) /* now try wrapping key2 using key */ memset(&kwrap, 0, sizeof(kwrap)); kwrap.keytowrap = key2; - kwrap.data = dd; + kwrap.io = data; + kwrap.io_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_STORAGE_WRAP, &kwrap)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -635,6 +417,7 @@ test_ncr_store_wrap_key(int cfd) } /* test unwrapping */ + data_size = kwrap.io_size; fprintf(stdout, "\tKey Storage Unwrap test...\n"); /* reset key2 */ @@ -652,7 +435,8 @@ test_ncr_store_wrap_key(int cfd) memset(&kwrap, 0, sizeof(kwrap)); kwrap.keytowrap = key2; - kwrap.data = dd; + kwrap.io = data; + kwrap.io_size = data_size; if (ioctl(cfd, NCRIO_KEY_STORAGE_UNWRAP, &kwrap)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -663,25 +447,21 @@ test_ncr_store_wrap_key(int cfd) /* now export the unwrapped */ memset(&keydata, 0, sizeof(keydata)); keydata.key = key2; - keydata.data = dd; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } + + data_size = keydata.idata_size; - kdata.data = data; - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - - if (kdata.data_size != 16 || memcmp(kdata.data, DKEY, 16) != 0) { + if (data_size != 16 || memcmp(data, DKEY, 16) != 0) { fprintf(stderr, "Unwrapped data do not match.\n"); - fprintf(stderr, "Data[%d]: ", (int) kdata.data_size); - for(i=0;i<kdata.data_size;i++) + fprintf(stderr, "Data[%d]: ", (int) data_size); + for(i=0;i<data_size;i++) fprintf(stderr, "%.2x:", data[i]); fprintf(stderr, "\n"); return 1; @@ -727,35 +507,12 @@ struct aes_vectors_st { static int test_ncr_aes(int cfd) { - struct ncr_data_init_st dinit; ncr_key_t key; struct ncr_key_data_st keydata; - struct ncr_data_st kdata; - ncr_data_t dd, dd2; uint8_t data[KEY_DATA_SIZE]; int i, j; struct ncr_session_once_op_st nop; - - dinit.max_object_size = KEY_DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = NULL; - dinit.initial_data_size = 0; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - dd = dinit.desc; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - dd2 = dinit.desc; + int data_size; /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &key)) { @@ -774,43 +531,25 @@ test_ncr_aes(int cfd) fprintf(stdout, "Tests on AES Encryption\n"); for (i=0;i<sizeof(aes_vectors)/sizeof(aes_vectors[0]);i++) { - /* import key */ - kdata.data = (void*)aes_vectors[i].key; - kdata.data_size = 16; - kdata.desc = dd; - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_SET)"); - return 1; - } - keydata.key = key; - keydata.data = dd; + keydata.idata = (void*)aes_vectors[i].key; + keydata.idata_size = 16; if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } - /* import data */ - - kdata.data = (void*)aes_vectors[i].plaintext; - kdata.data_size = 16; - kdata.desc = dd; - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_SET)"); - return 1; - } /* encrypt */ memset(&nop, 0, sizeof(nop)); nop.init.algorithm = NCR_ALG_AES_ECB; nop.init.key = key; nop.init.op = NCR_OP_ENCRYPT; - nop.op.data.cipher.plaintext = dd; - nop.op.data.cipher.ciphertext = dd2; + nop.op.data.udata.input = (void*)aes_vectors[i].plaintext; + nop.op.data.udata.input_size = 16; + nop.op.data.udata.output = data; + nop.op.data.udata.output_size = sizeof(data); + nop.op.type = NCR_DIRECT_DATA; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -818,22 +557,14 @@ test_ncr_aes(int cfd) return 1; } + data_size = nop.op.data.udata.output_size; /* verify */ - kdata.desc = dd2; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - if (kdata.data_size != 16 || memcmp(kdata.data, aes_vectors[i].ciphertext, 16) != 0) { + if (data_size != 16 || memcmp(data, aes_vectors[i].ciphertext, 16) != 0) { fprintf(stderr, "AES test vector %d failed!\n", i); - fprintf(stderr, "Cipher[%d]: ", (int)kdata.data_size); - for(j=0;j<kdata.data_size;j++) + fprintf(stderr, "Cipher[%d]: ", (int)data_size); + for(j=0;j<data_size;j++) fprintf(stderr, "%.2x:", (int)data[j]); fprintf(stderr, "\n"); @@ -848,67 +579,40 @@ test_ncr_aes(int cfd) fprintf(stdout, "Tests on AES Decryption\n"); for (i=0;i<sizeof(aes_vectors)/sizeof(aes_vectors[0]);i++) { - /* import key */ - kdata.data = (void*)aes_vectors[i].key; - kdata.data_size = 16; - kdata.desc = dd; - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_SET)"); - return 1; - } - keydata.key = key; - keydata.data = dd; + keydata.idata = (void*)aes_vectors[i].key; + keydata.idata_size = 16; if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } - /* import ciphertext */ - - kdata.data = (void*)aes_vectors[i].ciphertext; - kdata.data_size = 16; - kdata.desc = dd; - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_SET)"); - return 1; - } - /* decrypt */ memset(&nop, 0, sizeof(nop)); nop.init.algorithm = NCR_ALG_AES_ECB; nop.init.key = key; nop.init.op = NCR_OP_DECRYPT; - nop.op.data.cipher.ciphertext = dd; - nop.op.data.cipher.plaintext = dd2; + nop.op.data.udata.input = (void*)aes_vectors[i].ciphertext; + nop.op.data.udata.input_size = 16; + nop.op.data.udata.output = data; + nop.op.data.udata.output_size = sizeof(data); + nop.op.type = NCR_DIRECT_DATA; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_SESSION_ONCE)"); return 1; } + + data_size = nop.op.data.udata.output_size; - /* verify */ - kdata.desc = dd2; - kdata.data = data; - kdata.data_size = sizeof(data); - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - - if (kdata.data_size != 16 || memcmp(kdata.data, aes_vectors[i].plaintext, 16) != 0) { + if (data_size != 16 || memcmp(data, aes_vectors[i].plaintext, 16) != 0) { fprintf(stderr, "AES test vector %d failed!\n", i); - fprintf(stderr, "Plain[%d]: ", (int)kdata.data_size); - for(j=0;j<kdata.data_size;j++) + fprintf(stderr, "Plain[%d]: ", (int)data_size); + for(j=0;j<data_size;j++) fprintf(stderr, "%.2x:", (int)data[j]); fprintf(stderr, "\n"); @@ -946,7 +650,7 @@ struct hash_vectors_st { .plaintext_size = sizeof("what do ya want for nothing?")-1, .output = (uint8_t*)"\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32", .output_size = 20, - .op = NCR_OP_DIGEST, + .op = NCR_OP_SIGN, }, { .name = "HMAC-MD5", @@ -1012,36 +716,12 @@ struct hash_vectors_st { static int test_ncr_hash(int cfd) { - struct ncr_data_init_st dinit; ncr_key_t key; struct ncr_key_data_st keydata; - struct ncr_data_st kdata; - ncr_data_t dd, dd2; uint8_t data[HASH_DATA_SIZE]; - int i, j; + int i, j, data_size; struct ncr_session_once_op_st nop; - dinit.max_object_size = HASH_DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = NULL; - dinit.initial_data_size = 0; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - dd = dinit.desc; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - dd2 = dinit.desc; - /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &key)) { perror("ioctl(NCRIO_KEY_INIT)"); @@ -1062,35 +742,16 @@ test_ncr_hash(int cfd) fprintf(stdout, "\t%s:\n", hash_vectors[i].name); /* import key */ if (hash_vectors[i].key != NULL) { - kdata.data = (void*)hash_vectors[i].key; - kdata.data_size = hash_vectors[i].key_size; - kdata.desc = dd; - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_SET)"); - return 1; - } keydata.key = key; - keydata.data = dd; + keydata.idata = (void*)hash_vectors[i].key; + keydata.idata_size = hash_vectors[i].key_size; if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } } - /* import data */ - - kdata.data = (void*)hash_vectors[i].plaintext; - kdata.data_size = hash_vectors[i].plaintext_size; - kdata.desc = dd; - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_SET)"); - return 1; - } /* encrypt */ memset(&nop, 0, sizeof(nop)); @@ -1098,33 +759,27 @@ test_ncr_hash(int cfd) if (hash_vectors[i].key != NULL) nop.init.key = key; nop.init.op = hash_vectors[i].op; - nop.op.data.sign.text = dd; - nop.op.data.sign.output = dd2; + nop.op.data.udata.input = (void*)hash_vectors[i].plaintext; + nop.op.data.udata.input_size = hash_vectors[i].plaintext_size; + nop.op.data.udata.output = data; + nop.op.data.udata.output_size = sizeof(data); + nop.op.type = NCR_DIRECT_DATA; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_SESSION_ONCE)"); return 1; } + + data_size = nop.op.data.udata.output_size; - /* verify */ - memset(&kdata, 0, sizeof(kdata)); - kdata.desc = dd2; - kdata.data = data; - kdata.data_size = sizeof(data); - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - - if (kdata.data_size != hash_vectors[i].output_size || - memcmp(kdata.data, hash_vectors[i].output, hash_vectors[i].output_size) != 0) { + if (data_size != hash_vectors[i].output_size || + memcmp(data, hash_vectors[i].output, hash_vectors[i].output_size) != 0) { fprintf(stderr, "HASH test vector %d failed!\n", i); - fprintf(stderr, "Output[%d]: ", (int)kdata.data_size); - for(j=0;j<kdata.data_size;j++) + fprintf(stderr, "Output[%d]: ", (int)data_size); + for(j=0;j<data_size;j++) fprintf(stderr, "%.2x:", (int)data[j]); fprintf(stderr, "\n"); @@ -1142,37 +797,132 @@ test_ncr_hash(int cfd) } - -int -main() +static int +test_ncr_hash_key(int cfd) { - int fd = -1; + ncr_key_t key; + struct ncr_key_data_st keydata; + uint8_t data[HASH_DATA_SIZE]; + int j, data_size; + struct ncr_session_op_st op; + struct ncr_session_st op_init; + const uint8_t *output = (void*)"\xe2\xd7\x2c\x2e\x14\xad\x97\xc8\xd2\xdb\xce\xd8\xb3\x52\x9f\x1c\xb3\x2c\x5c\xec"; - /* Open the crypto device */ - fd = open("/dev/crypto", O_RDWR, 0); - if (fd < 0) { - perror("open(/dev/crypto)"); + /* convert it to key */ + if (ioctl(cfd, NCRIO_KEY_INIT, &key)) { + perror("ioctl(NCRIO_KEY_INIT)"); + return 1; + } + + keydata.key_id[0] = 'a'; + keydata.key_id[2] = 'b'; + keydata.key_id_size = 2; + keydata.type = NCR_KEY_TYPE_SECRET; + keydata.algorithm = NCR_ALG_AES_CBC; + keydata.flags = NCR_KEY_FLAG_EXPORTABLE; + + fprintf(stdout, "Tests on Hashes of Keys\n"); + + fprintf(stdout, "\t%s:\n", hash_vectors[0].name); + /* import key */ + keydata.key = key; + keydata.idata = (void*)hash_vectors[0].plaintext; + keydata.idata_size = hash_vectors[0].plaintext_size; + if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } - /* Run the test itself */ - if (test_ncr_data(fd)) + /* encrypt */ + memset(&op_init, 0, sizeof(op_init)); + op_init.algorithm = hash_vectors[0].algorithm; + op_init.op = hash_vectors[0].op; + + if (ioctl(cfd, NCRIO_SESSION_INIT, &op_init)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_SESSION_INIT)"); return 1; + } - /* Close the original descriptor */ - if (close(fd)) { - perror("close(fd)"); + memset(&op, 0, sizeof(op)); + op.ses = op_init.ses; + op.data.udata.input = (void*)hash_vectors[0].plaintext; + op.data.udata.input_size = hash_vectors[0].plaintext_size; + op.data.udata.output = NULL; + op.data.udata.output_size = 0; + op.type = NCR_DIRECT_DATA; + + if (ioctl(cfd, NCRIO_SESSION_UPDATE, &op)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_SESSION_UPDATE)"); + return 1; + } + + memset(&op, 0, sizeof(op)); + op.ses = op_init.ses; + op.data.kdata.input = key; + op.data.kdata.output = NULL; + op.data.kdata.output_size = 0; + op.type = NCR_KEY_DATA; + + if (ioctl(cfd, NCRIO_SESSION_UPDATE, &op)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_SESSION_UPDATE)"); + return 1; + } + + op.data.udata.input = NULL; + op.data.udata.input_size = 0; + op.data.udata.output = data; + op.data.udata.output_size = sizeof(data); + op.type = NCR_DIRECT_DATA; + + if (ioctl(cfd, NCRIO_SESSION_FINAL, &op)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_SESSION_FINAL)"); return 1; + } + + data_size = op.data.udata.output_size; + + + if (data_size != hash_vectors[0].output_size || + memcmp(data, output, hash_vectors[0].output_size) != 0) { + fprintf(stderr, "HASH test vector %d failed!\n", 0); + + fprintf(stderr, "Output[%d]: ", (int)data_size); + for(j=0;j<data_size;j++) + fprintf(stderr, "%.2x:", (int)data[j]); + fprintf(stderr, "\n"); + + fprintf(stderr, "Expected[%d]: ", hash_vectors[0].output_size); + for(j=0;j<hash_vectors[0].output_size;j++) + fprintf(stderr, "%.2x:", (int)output[j]); + fprintf(stderr, "\n"); + return 1; } - /* actually test if the initial close - * will really delete all used lists */ + fprintf(stdout, "\n"); + + return 0; + +} + + +int +main() +{ + int fd = -1; + + /* Open the crypto device */ fd = open("/dev/crypto", O_RDWR, 0); if (fd < 0) { perror("open(/dev/crypto)"); return 1; } + if (test_ncr_key(fd)) return 1; @@ -1182,6 +932,9 @@ main() if (test_ncr_hash(fd)) return 1; + if (test_ncr_hash_key(fd)) + return 1; + if (test_ncr_wrap_key(fd)) return 1; diff --git a/examples/pk.c b/examples/pk.c index fef695c..1aa4c5a 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -297,68 +297,20 @@ int pubkey_info(void* data, int data_size, int verbose) return 0; } -static int data_get(int cfd, ncr_data_t dd, void* data, size_t data_size) -{ -struct ncr_data_st kdata; - - memset(&kdata, 0, sizeof(kdata)); - kdata.desc = dd; - kdata.data = data; - kdata.data_size = data_size; - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); - return -1; - } - - return 0; -} - #define RSA_ENCRYPT_SIZE 32 static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oaep) { - struct ncr_data_init_st dinit; - ncr_data_t datad; - ncr_data_t encd; struct ncr_session_once_op_st nop; uint8_t data[DATA_SIZE]; uint8_t vdata[RSA_ENCRYPT_SIZE]; - int ret; + int enc_size; fprintf(stdout, "Tests on RSA (%s) key encryption:", (oaep!=0)?"OAEP":"PKCS V1.5"); fflush(stdout); memset(data, 0x3, sizeof(data)); - memset(vdata, 0x0, sizeof(vdata)); - - /* data to sign */ - memset(&dinit, 0, sizeof(dinit)); - dinit.max_object_size = DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = data; - dinit.initial_data_size = RSA_ENCRYPT_SIZE; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - datad = dinit.desc; - - memset(&dinit, 0, sizeof(dinit)); - dinit.max_object_size = DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - encd = dinit.desc; + memcpy(vdata, data, sizeof(vdata)); /* do encryption */ memset(&nop, 0, sizeof(nop)); @@ -371,14 +323,19 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae nop.init.params.params.rsa.type = RSA_PKCS1_V1_5; } nop.init.op = NCR_OP_ENCRYPT; - nop.op.data.cipher.plaintext = datad; - nop.op.data.cipher.ciphertext = encd; + nop.op.data.udata.input = data; + nop.op.data.udata.input_size = RSA_ENCRYPT_SIZE; + nop.op.data.udata.output = data; + nop.op.data.udata.output_size = sizeof(data); + nop.op.type = NCR_DIRECT_DATA; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_SESSION_ONCE)"); return 1; } + + enc_size = nop.op.data.udata.output_size; /* decrypt data */ memset(&nop, 0, sizeof(nop)); @@ -391,8 +348,12 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae } else { nop.init.params.params.rsa.type = RSA_PKCS1_V1_5; } - nop.op.data.cipher.plaintext = encd; - nop.op.data.cipher.ciphertext = encd; + nop.op.data.udata.input = data; + nop.op.data.udata.input_size = enc_size; + nop.op.data.udata.output = data; + nop.op.data.udata.output_size = sizeof(data); + nop.op.type = NCR_DIRECT_DATA; + if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -400,12 +361,6 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae return 1; } - ret = data_get(cfd, encd, vdata, sizeof(vdata)); - if (ret < 0) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - return 1; - } - if (memcmp(vdata, data, sizeof(vdata)) != 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); fprintf(stderr, "Decrypted data do not match!\n"); @@ -418,46 +373,20 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae } +#define DATA_TO_SIGN 52 + static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int pss) { - struct ncr_data_init_st dinit; - ncr_data_t datad; - ncr_data_t signd; struct ncr_session_once_op_st nop; uint8_t data[DATA_SIZE]; + uint8_t sig[DATA_SIZE]; + int sig_size; fprintf(stdout, "Tests on RSA (%s) key signature:", (pss!=0)?"PSS":"PKCS V1.5"); fflush(stdout); memset(data, 0x3, sizeof(data)); - /* data to sign */ - memset(&dinit, 0, sizeof(dinit)); - dinit.max_object_size = DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = data; - dinit.initial_data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - datad = dinit.desc; - - memset(&dinit, 0, sizeof(dinit)); - dinit.max_object_size = DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - signd = dinit.desc; - /* sign datad */ memset(&nop, 0, sizeof(nop)); nop.init.algorithm = NCR_ALG_RSA; @@ -466,14 +395,19 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int nop.init.params.params.rsa.sign_hash = NCR_ALG_SHA1; nop.init.op = NCR_OP_SIGN; - nop.op.data.sign.text = datad; - nop.op.data.sign.output = signd; + nop.op.data.udata.input = data; + nop.op.data.udata.input_size = DATA_TO_SIGN; + nop.op.data.udata.output = sig; + nop.op.data.udata.output_size = sizeof(sig); + nop.op.type = NCR_DIRECT_DATA; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_SESSION_ONCE)"); return 1; } + + sig_size = nop.op.data.udata.output_size; /* verify signature */ memset(&nop, 0, sizeof(nop)); @@ -482,9 +416,14 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int nop.init.params.params.rsa.type = (pss!=0)?RSA_PKCS1_PSS:RSA_PKCS1_V1_5; nop.init.params.params.rsa.sign_hash = NCR_ALG_SHA1; + memset(data, 0x3, sizeof(data)); + nop.init.op = NCR_OP_VERIFY; - nop.op.data.verify.text = datad; - nop.op.data.verify.signature = signd; + nop.op.data.udata.input = data; + nop.op.data.udata.input_size = DATA_TO_SIGN; + nop.op.data.udata.output = sig; + nop.op.data.udata.output_size = sig_size; + nop.op.type = NCR_DIRECT_DATA; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -492,7 +431,12 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int return 1; } - fprintf(stdout, " Success\n"); + if (nop.op.err == NCR_SUCCESS) + fprintf(stdout, " Success\n"); + else { + fprintf(stdout, " Verification Failed!\n"); + return 1; + } return 0; @@ -500,44 +444,16 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) { - struct ncr_data_init_st dinit; - ncr_data_t datad; - ncr_data_t signd; struct ncr_session_once_op_st nop; uint8_t data[DATA_SIZE]; + uint8_t sig[DATA_SIZE]; + int sig_size; fprintf(stdout, "Tests on DSA key signature:"); fflush(stdout); memset(data, 0x3, sizeof(data)); - /* data to sign */ - memset(&dinit, 0, sizeof(dinit)); - dinit.max_object_size = DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = data; - dinit.initial_data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - datad = dinit.desc; - - memset(&dinit, 0, sizeof(dinit)); - dinit.max_object_size = DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - - signd = dinit.desc; - /* sign datad */ memset(&nop, 0, sizeof(nop)); nop.init.algorithm = NCR_ALG_DSA; @@ -545,14 +461,19 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) nop.init.params.params.dsa.sign_hash = NCR_ALG_SHA1; nop.init.op = NCR_OP_SIGN; - nop.op.data.sign.text = datad; - nop.op.data.sign.output = signd; + nop.op.data.udata.input = data; + nop.op.data.udata.input_size = DATA_TO_SIGN; + nop.op.data.udata.output = sig; + nop.op.data.udata.output_size = sizeof(sig); + nop.op.type = NCR_DIRECT_DATA; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_SESSION_ONCE)"); return 1; } + + sig_size = nop.op.data.udata.output_size; /* verify signature */ memset(&nop, 0, sizeof(nop)); @@ -561,8 +482,11 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) nop.init.params.params.dsa.sign_hash = NCR_ALG_SHA1; nop.init.op = NCR_OP_VERIFY; - nop.op.data.verify.text = datad; - nop.op.data.verify.signature = signd; + nop.op.data.udata.input = data; + nop.op.data.udata.input_size = DATA_TO_SIGN; + nop.op.data.udata.output = sig; + nop.op.data.udata.output_size = sizeof(sig); + nop.op.type = NCR_DIRECT_DATA; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -570,7 +494,12 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) return 1; } - fprintf(stdout, " Success\n"); + if (nop.op.err == NCR_SUCCESS) + fprintf(stdout, " Success\n"); + else { + fprintf(stdout, " Verification Failed!\n"); + return 1; + } return 0; @@ -580,12 +509,11 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) static int test_ncr_rsa(int cfd) { int ret; - struct ncr_data_init_st dinit; struct ncr_key_generate_st kgen; ncr_key_t pubkey, privkey; struct ncr_key_data_st keydata; - struct ncr_data_st kdata; uint8_t data[DATA_SIZE]; + int data_size; fprintf(stdout, "Tests on RSA key generation:"); fflush(stdout); @@ -617,41 +545,21 @@ static int test_ncr_rsa(int cfd) } /* export the private key */ - dinit.max_object_size = DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = NULL; - dinit.initial_data_size = 0; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - + memset(data, 0, sizeof(data)); memset(&keydata, 0, sizeof(keydata)); keydata.key = privkey; - keydata.data = dinit.desc; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_EXPORT)"); return 1; } + + data_size = keydata.idata_size; - /* now read data */ - memset(data, 0, sizeof(data)); - - kdata.desc = dinit.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - - ret = privkey_info(kdata.data, kdata.data_size, 0); + ret = privkey_info(data, data_size, 0); if (ret != 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); return 1; @@ -659,30 +567,21 @@ static int test_ncr_rsa(int cfd) /* export the public key */ + memset(data, 0, sizeof(data)); memset(&keydata, 0, sizeof(keydata)); keydata.key = pubkey; - keydata.data = dinit.desc; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } - - /* now read data */ - memset(data, 0, sizeof(data)); - - kdata.desc = dinit.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - ret = pubkey_info(kdata.data, kdata.data_size, 0); + data_size = keydata.idata_size; + + ret = pubkey_info(data, data_size, 0); if (ret != 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); return 1; @@ -690,13 +589,13 @@ static int test_ncr_rsa(int cfd) fprintf(stdout, " Success\n"); - ret = rsa_key_sign_verify(cfd, privkey, pubkey, 0); + ret = rsa_key_sign_verify(cfd, privkey, pubkey, 1); if (ret != 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); return 1; } - ret = rsa_key_sign_verify(cfd, privkey, pubkey, 1); + ret = rsa_key_sign_verify(cfd, privkey, pubkey, 0); if (ret != 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); return 1; @@ -721,12 +620,11 @@ static int test_ncr_rsa(int cfd) static int test_ncr_dsa(int cfd) { int ret; - struct ncr_data_init_st dinit; struct ncr_key_generate_st kgen; ncr_key_t pubkey, privkey; struct ncr_key_data_st keydata; - struct ncr_data_st kdata; uint8_t data[DATA_SIZE]; + int data_size; fprintf(stdout, "Tests on DSA key generation:"); fflush(stdout); @@ -758,42 +656,20 @@ static int test_ncr_dsa(int cfd) return 1; } - /* export the private key */ - dinit.max_object_size = DATA_SIZE; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = NULL; - dinit.initial_data_size = 0; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - memset(&keydata, 0, sizeof(keydata)); + memset(data, 0, sizeof(data)); keydata.key = privkey; - keydata.data = dinit.desc; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_EXPORT)"); return 1; } + data_size = keydata.idata_size; - /* now read data */ - memset(data, 0, sizeof(data)); - - kdata.desc = dinit.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - - ret = privkey_info(kdata.data, kdata.data_size, 0); + ret = privkey_info(data, data_size, 0); if (ret != 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); return 1; @@ -801,30 +677,21 @@ static int test_ncr_dsa(int cfd) /* export the public key */ + memset(data, 0, sizeof(data)); memset(&keydata, 0, sizeof(keydata)); keydata.key = pubkey; - keydata.data = dinit.desc; + keydata.idata = data; + keydata.idata_size = sizeof(data); if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } - - /* now read data */ - memset(data, 0, sizeof(data)); - - kdata.desc = dinit.desc; - kdata.data = data; - kdata.data_size = sizeof(data); - - if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_GET)"); - return 1; - } - ret = pubkey_info(kdata.data, kdata.data_size, 0); + data_size = keydata.idata_size; + + ret = pubkey_info(data, data_size, 0); if (ret != 0) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); return 1; diff --git a/examples/speed.c b/examples/speed.c index 1c76eb6..5898aaa 100644 --- a/examples/speed.c +++ b/examples/speed.c @@ -116,7 +116,8 @@ int encrypt_data(struct session_op *sess, int fdc, int chunksize) return 0; } -int encrypt_data_ncr(int cfd, int algo, int chunksize) + +int encrypt_data_ncr_direct(int cfd, int algo, int chunksize) { char *buffer, iv[32]; static int val = 23; @@ -126,10 +127,7 @@ int encrypt_data_ncr(int cfd, int algo, int chunksize) char metric[16]; ncr_key_t key; struct ncr_key_generate_st kgen; - struct ncr_data_init_st dinit; - struct ncr_data_st kdata; struct ncr_session_once_op_st nop; - ncr_data_t dd; if (ioctl(cfd, NCRIO_KEY_INIT, &key)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -152,19 +150,6 @@ int encrypt_data_ncr(int cfd, int algo, int chunksize) buffer = malloc(chunksize); memset(iv, 0x23, 32); - memset(&dinit, 0, sizeof(dinit)); - dinit.max_object_size = chunksize; - dinit.flags = NCR_DATA_FLAG_EXPORTABLE; - dinit.initial_data = buffer; - dinit.initial_data_size = chunksize; - - if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - dd = dinit.desc; - printf("\tEncrypting in chunks of %d bytes: ", chunksize); fflush(stdout); @@ -175,22 +160,15 @@ int encrypt_data_ncr(int cfd, int algo, int chunksize) gettimeofday(&start, NULL); do { - kdata.data = buffer; - kdata.data_size = chunksize; - kdata.desc = dd; - - if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - memset(&nop, 0, sizeof(nop)); nop.init.algorithm = algo; nop.init.key = key; nop.init.op = NCR_OP_ENCRYPT; - nop.op.data.cipher.plaintext = dd; - nop.op.data.cipher.ciphertext = dd; + nop.op.data.udata.input = buffer; + nop.op.data.udata.input_size = chunksize; + nop.op.data.udata.output = buffer; + nop.op.data.udata.output_size = chunksize; + nop.op.type = NCR_DIRECT_DATA; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -202,12 +180,6 @@ int encrypt_data_ncr(int cfd, int algo, int chunksize) } while(must_finish==0); gettimeofday(&end, NULL); - if (ioctl(cfd, NCRIO_DATA_DEINIT, &dd)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_DATA_INIT)"); - return 1; - } - secs = udifftimeval(start, end)/ 1000000.0; value2human(total, secs, &ddata, &dspeed, metric); @@ -249,6 +221,13 @@ int main(void) break; } + fprintf(stderr, "\nTesting NCR-DIRECT with NULL cipher: \n"); + for (i = 256; i <= (64 * 1024); i *= 2) { + if (encrypt_data_ncr_direct(fdc, NCR_ALG_NULL, i)) + break; + } + + fprintf(stderr, "\nTesting AES-128-CBC cipher: \n"); memset(&sess, 0, sizeof(sess)); sess.cipher = CRYPTO_AES_CBC; @@ -265,15 +244,9 @@ int main(void) break; } - fprintf(stderr, "\nTesting NCR with NULL cipher: \n"); - for (i = 256; i <= (64 * 1024); i *= 2) { - if (encrypt_data_ncr(fdc, NCR_ALG_NULL, i)) - break; - } - - fprintf(stderr, "\nTesting NCR with AES-128-CBC cipher: \n"); + fprintf(stderr, "\nTesting NCR-DIRECT with AES-128-CBC cipher: \n"); for (i = 256; i <= (64 * 1024); i *= 2) { - if (encrypt_data_ncr(fdc, NCR_ALG_AES_CBC, i)) + if (encrypt_data_ncr_direct(fdc, NCR_ALG_AES_CBC, i)) break; } |