diff options
-rw-r--r-- | examples/pk.c | 166 | ||||
-rw-r--r-- | ncr-int.h | 4 | ||||
-rw-r--r-- | ncr-key.c | 27 | ||||
-rw-r--r-- | ncr-pk.c | 100 | ||||
-rw-r--r-- | ncr-pk.h | 5 | ||||
-rw-r--r-- | ncr.c | 5 | ||||
-rw-r--r-- | ncr.h | 57 | ||||
-rw-r--r-- | utils.c | 6 |
8 files changed, 225 insertions, 145 deletions
diff --git a/examples/pk.c b/examples/pk.c index d2e74a9..bb73f28 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -4,6 +4,7 @@ * Placed under public domain. * */ +#include <assert.h> #include <stdint.h> #include <stdio.h> #include <string.h> @@ -11,8 +12,10 @@ #include <fcntl.h> #include <time.h> #include <sys/ioctl.h> +#include <sys/socket.h> #include <sys/types.h> #include <sys/stat.h> +#include <linux/netlink.h> #include "../ncr.h" #include <stdlib.h> #include <gnutls/gnutls.h> @@ -23,6 +26,8 @@ #define DATA_SIZE 4096 +#define ALIGN_NL __attribute__((aligned(NLA_ALIGNTO))) + static void print_hex_datum (gnutls_datum_t * dat) { @@ -307,7 +312,15 @@ const char dh_params_txt[] = "-----BEGIN DH PARAMETERS-----\n"\ static int test_ncr_dh(int cfd) { -struct ncr_key_generate_st kgen; +struct __attribute__((packed)) { + struct ncr_key_generate_pair f; + struct nlattr algo_head ALIGN_NL; + uint32_t algo ALIGN_NL; + struct nlattr flags_head ALIGN_NL; + uint32_t flags ALIGN_NL; + unsigned char buffer[DATA_SIZE] ALIGN_NL; +} kgen; +struct nlattr *nla; ncr_key_t private1, public1, public2, private2; ncr_key_t z1, z2; int ret; @@ -360,19 +373,30 @@ struct ncr_key_derivation_params_st kderive; return 1; } - memset(&kgen, 0, sizeof(kgen)); - kgen.desc = private1; - kgen.desc2 = public1; - kgen.params.algorithm = NCR_ALG_DH; - kgen.params.keyflags = NCR_KEY_FLAG_EXPORTABLE; - kgen.params.params.dh.p = p.data; - kgen.params.params.dh.p_size = p.size; - kgen.params.params.dh.g = g.data; - kgen.params.params.dh.g_size = g.size; + memset(&kgen.f, 0, sizeof(kgen.f)); + kgen.f.private_key = private1; + kgen.f.public_key = public1; + kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); + kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kgen.algo = NCR_ALG_DH; + kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); + kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kgen.flags = NCR_KEY_FLAG_EXPORTABLE; + nla = (struct nlattr *)kgen.buffer; + nla->nla_len = NLA_HDRLEN + p.size; + nla->nla_type = NCR_ATTR_DH_PRIME; + memcpy((char *)nla + NLA_HDRLEN, p.data, p.size); + nla = (struct nlattr *)((char *)nla + NLA_ALIGN(nla->nla_len)); + nla->nla_len = NLA_HDRLEN + g.size; + nla->nla_type = NCR_ATTR_DH_BASE; + memcpy((char *)nla + NLA_HDRLEN, g.data, g.size); + nla = (struct nlattr *)((char *)nla + NLA_ALIGN(nla->nla_len)); + kgen.f.input_size = (char *)nla - (char *)&kgen; + assert(kgen.f.input_size <= sizeof(kgen)); if (ioctl(cfd, NCRIO_KEY_GENERATE_PAIR, &kgen)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_GENERATE)"); + perror("ioctl(NCRIO_KEY_GENERATE_PAIR)"); return 1; } @@ -391,19 +415,30 @@ struct ncr_key_derivation_params_st kderive; return 1; } - memset(&kgen, 0, sizeof(kgen)); - kgen.desc = private2; - kgen.desc2 = public2; - kgen.params.algorithm = NCR_ALG_DH; - kgen.params.keyflags = NCR_KEY_FLAG_EXPORTABLE; - kgen.params.params.dh.p = p.data; - kgen.params.params.dh.p_size = p.size; - kgen.params.params.dh.g = g.data; - kgen.params.params.dh.g_size = g.size; + memset(&kgen.f, 0, sizeof(kgen.f)); + kgen.f.private_key = private2; + kgen.f.public_key = public2; + kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); + kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kgen.algo = NCR_ALG_DH; + kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); + kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kgen.flags = NCR_KEY_FLAG_EXPORTABLE; + nla = (struct nlattr *)kgen.buffer; + nla->nla_len = NLA_HDRLEN + p.size; + nla->nla_type = NCR_ATTR_DH_PRIME; + memcpy((char *)nla + NLA_HDRLEN, p.data, p.size); + nla = (struct nlattr *)((char *)nla + NLA_ALIGN(nla->nla_len)); + nla->nla_len = NLA_HDRLEN + g.size; + nla->nla_type = NCR_ATTR_DH_BASE; + memcpy((char *)nla + NLA_HDRLEN, g.data, g.size); + nla = (struct nlattr *)((char *)nla + NLA_ALIGN(nla->nla_len)); + kgen.f.input_size = (char *)nla - (char *)&kgen; + assert(kgen.f.input_size <= sizeof(kgen)); if (ioctl(cfd, NCRIO_KEY_GENERATE_PAIR, &kgen)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_KEY_GENERATE)"); + perror("ioctl(NCRIO_KEY_GENERATE_PAIR)"); return 1; } @@ -540,7 +575,15 @@ test_ncr_wrap_key3(int cfd) size_t data_size; struct ncr_key_data_st keydata; struct ncr_key_wrap_st kwrap; - struct ncr_key_generate_st kgen; + struct __attribute__((packed)) { + struct ncr_key_generate_pair f; + struct nlattr algo_head ALIGN_NL; + uint32_t algo ALIGN_NL; + struct nlattr flags_head ALIGN_NL; + uint32_t flags ALIGN_NL; + struct nlattr bits_head ALIGN_NL; + uint32_t bits ALIGN_NL; + } kgen; ncr_key_t pubkey, privkey; uint8_t data[DATA_SIZE]; /* only the first two should be allowed to be wrapped. @@ -599,12 +642,19 @@ test_ncr_wrap_key3(int cfd) fprintf(stdout, "."); fflush(stdout); - memset(&kgen, 0, sizeof(kgen)); - kgen.desc = privkey; - kgen.desc2 = pubkey; - kgen.params.algorithm = NCR_ALG_RSA; - kgen.params.keyflags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; - kgen.params.params.rsa.bits = sizes[i]; + memset(&kgen.f, 0, sizeof(kgen.f)); + kgen.f.input_size = sizeof(kgen); + kgen.f.private_key = privkey; + kgen.f.public_key = pubkey; + kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); + kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kgen.algo = NCR_ALG_RSA; + kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); + kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; + kgen.bits_head.nla_len = NLA_HDRLEN + sizeof(kgen.bits); + kgen.bits_head.nla_type = NCR_ATTR_RSA_MODULUS_BITS; + kgen.bits = sizes[i]; if (ioctl(cfd, NCRIO_KEY_GENERATE_PAIR, &kgen)) { fprintf(stderr, "Error[%d-%d]: %s:%d\n", i, sizes[i], __func__, __LINE__); @@ -885,7 +935,15 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) static int test_ncr_rsa(int cfd) { int ret; - struct ncr_key_generate_st kgen; + struct __attribute__((packed)) { + struct ncr_key_generate_pair f; + struct nlattr algo_head ALIGN_NL; + uint32_t algo ALIGN_NL; + struct nlattr flags_head ALIGN_NL; + uint32_t flags ALIGN_NL; + struct nlattr bits_head ALIGN_NL; + uint32_t bits ALIGN_NL; + } kgen; ncr_key_t pubkey, privkey; struct ncr_key_data_st keydata; uint8_t data[DATA_SIZE]; @@ -910,11 +968,18 @@ static int test_ncr_rsa(int cfd) } memset(&kgen, 0, sizeof(kgen)); - kgen.desc = privkey; - kgen.desc2 = pubkey; - kgen.params.algorithm = NCR_ALG_RSA; - kgen.params.keyflags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; - kgen.params.params.rsa.bits = 1024; + kgen.f.input_size = sizeof(kgen); + kgen.f.private_key = privkey; + kgen.f.public_key = pubkey; + kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); + kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kgen.algo = NCR_ALG_RSA; + kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); + kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; + kgen.bits_head.nla_len = NLA_HDRLEN + sizeof(kgen.bits); + kgen.bits_head.nla_type = NCR_ATTR_RSA_MODULUS_BITS; + kgen.bits = 1024; if (ioctl(cfd, NCRIO_KEY_GENERATE_PAIR, &kgen)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -998,7 +1063,17 @@ static int test_ncr_rsa(int cfd) static int test_ncr_dsa(int cfd) { int ret; - struct ncr_key_generate_st kgen; + struct __attribute__((packed)) { + struct ncr_key_generate_pair f; + struct nlattr algo_head ALIGN_NL; + uint32_t algo ALIGN_NL; + struct nlattr flags_head ALIGN_NL; + uint32_t flags ALIGN_NL; + struct nlattr q_bits_head ALIGN_NL; + uint32_t q_bits ALIGN_NL; + struct nlattr p_bits_head ALIGN_NL; + uint32_t p_bits ALIGN_NL; + } kgen; ncr_key_t pubkey, privkey; struct ncr_key_data_st keydata; uint8_t data[DATA_SIZE]; @@ -1023,12 +1098,21 @@ static int test_ncr_dsa(int cfd) } memset(&kgen, 0, sizeof(kgen)); - kgen.desc = privkey; - kgen.desc2 = pubkey; - kgen.params.algorithm = NCR_ALG_DSA; - kgen.params.keyflags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; - kgen.params.params.dsa.q_bits = 160; - kgen.params.params.dsa.p_bits = 1024; + kgen.f.input_size = sizeof(kgen); + kgen.f.private_key = privkey; + kgen.f.public_key = pubkey; + kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo); + kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM; + kgen.algo = NCR_ALG_DSA; + kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); + kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; + kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; + kgen.q_bits_head.nla_len = NLA_HDRLEN + sizeof(kgen.q_bits); + kgen.q_bits_head.nla_type = NCR_ATTR_DSA_Q_BITS; + kgen.q_bits = 160; + kgen.p_bits_head.nla_len = NLA_HDRLEN + sizeof(kgen.p_bits); + kgen.p_bits_head.nla_type = NCR_ATTR_DSA_P_BITS; + kgen.p_bits = 1024; if (ioctl(cfd, NCRIO_KEY_GENERATE_PAIR, &kgen)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -126,7 +126,9 @@ int ncr_key_generate(struct ncr_lists *lst, const struct ncr_key_generate *gen, struct nlattr *tb[]); int ncr_key_info(struct ncr_lists *lst, void __user* arg); -int ncr_key_generate_pair(struct ncr_lists *lst, void __user* arg); +int ncr_key_generate_pair(struct ncr_lists *lst, + const struct ncr_key_generate_pair *gen, + struct nlattr *tb[]); int ncr_key_get_public(struct ncr_lists *lst, void __user* arg); int ncr_key_item_get_read(struct key_item_st**st, struct ncr_lists *lst, @@ -634,25 +634,22 @@ fail: return ret; } -int ncr_key_generate_pair(struct ncr_lists *lst, void __user* arg) +int ncr_key_generate_pair(struct ncr_lists *lst, + const struct ncr_key_generate_pair *gen, + struct nlattr *tb[]) { -struct ncr_key_generate_st gen; +const struct nlattr *nla; struct key_item_st* private = NULL; struct key_item_st* public = NULL; int ret; - if (unlikely(copy_from_user(&gen, arg, sizeof(gen)))) { - err(); - return -EFAULT; - } - - ret = ncr_key_item_get_write( &private, lst, gen.desc); + ret = ncr_key_item_get_write(&private, lst, gen->private_key); if (ret < 0) { err(); goto fail; } - ret = ncr_key_item_get_write( &public, lst, gen.desc2); + ret = ncr_key_item_get_write(&public, lst, gen->public_key); if (ret < 0) { err(); goto fail; @@ -662,7 +659,8 @@ int ret; ncr_key_clear(private); /* we generate only secret keys */ - private->algorithm = public->algorithm = _ncr_algo_to_properties(gen.params.algorithm); + private->algorithm = public->algorithm + = _ncr_nla_to_properties(tb[NCR_ATTR_ALGORITHM]); if (private->algorithm == NULL) { err(); ret = -EINVAL; @@ -670,13 +668,16 @@ int ret; } public->type = public->algorithm->key_type; private->type = NCR_KEY_TYPE_PRIVATE; - ncr_key_assign_flags(private, gen.params.keyflags); - ncr_key_assign_flags(public, gen.params.keyflags); + nla = tb[NCR_ATTR_KEY_FLAGS]; + if (nla != NULL) { + ncr_key_assign_flags(private, nla_get_u32(nla)); + ncr_key_assign_flags(public, nla_get_u32(nla)); + } public->flags |= (NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE); if (public->type == NCR_KEY_TYPE_PUBLIC) { - ret = ncr_pk_generate(public->algorithm, &gen.params, private, public); + ret = ncr_pk_generate(public->algorithm, tb, private, public); if (ret < 0) { err(); goto fail; @@ -28,6 +28,7 @@ #include <linux/random.h> #include <linux/uaccess.h> #include <linux/scatterlist.h> +#include <net/netlink.h> #include "ncr.h" #include "ncr-int.h" #include <tomcrypt.h> @@ -222,75 +223,88 @@ int ncr_pk_unpack( struct key_item_st * key, const void * packed, size_t packed_ return 0; } -struct keygen_st { -}; +static int binary_to_ulong(unsigned long *dest, const struct nlattr *nla) +{ + unsigned long value; + const uint8_t *start, *end, *p; + + value = 0; + start = nla_data(nla); + end = start + nla_len(nla); + for (p = start; p < end; p++) { + if (value > (ULONG_MAX - *p) / 256) + return -EOVERFLOW; + value = value * 256 + *p; + } + *dest = value; + return 0; +} -int ncr_pk_generate(const struct algo_properties_st *algo, - struct ncr_key_generate_params_st * params, +int ncr_pk_generate(const struct algo_properties_st *algo, struct nlattr *tb[], struct key_item_st* private, struct key_item_st* public) { + const struct nlattr *nla; unsigned long e; int cret, ret; - uint8_t * tmp = NULL; private->algorithm = public->algorithm = algo; ret = 0; switch(algo->algo) { case NCR_ALG_RSA: - e = params->params.rsa.e; - - if (e == 0) + nla = tb[NCR_ATTR_RSA_E]; + if (nla != NULL) { + ret = binary_to_ulong(&e, nla); + if (ret != 0) + break; + } else e = 65537; - cret = rsa_make_key(params->params.rsa.bits/8, e, &private->key.pk.rsa); + + nla = tb[NCR_ATTR_RSA_MODULUS_BITS]; + if (nla == NULL) { + ret = -EINVAL; + break; + } + cret = rsa_make_key(nla_get_u32(nla) / 8, e, &private->key.pk.rsa); if (cret != CRYPT_OK) { err(); return _ncr_tomerr(cret); } break; - case NCR_ALG_DSA: - if (params->params.dsa.q_bits==0) - params->params.dsa.q_bits = 160; - if (params->params.dsa.p_bits==0) - params->params.dsa.p_bits = 1024; + case NCR_ALG_DSA: { + u32 q_bits, p_bits; - cret = dsa_make_key(params->params.dsa.q_bits/8, - params->params.dsa.p_bits/8, &private->key.pk.dsa); + nla = tb[NCR_ATTR_DSA_Q_BITS]; + if (nla != NULL) + q_bits = nla_get_u32(nla); + else + q_bits = 160; + nla = tb[NCR_ATTR_DSA_P_BITS]; + if (nla != NULL) + p_bits = nla_get_u32(nla); + else + p_bits = 1024; + cret = dsa_make_key(q_bits / 8, p_bits / 8, + &private->key.pk.dsa); if (cret != CRYPT_OK) { err(); return _ncr_tomerr(cret); } break; + } case NCR_ALG_DH: { - uint8_t * p, *g; - size_t p_size, g_size; - - p_size = params->params.dh.p_size; - g_size = params->params.dh.g_size; - - tmp = kmalloc(g_size+p_size, GFP_KERNEL); - if (tmp == NULL) { - err(); - ret = -ENOMEM; - goto fail; - } - - p = tmp; - g = &tmp[p_size]; - - if (unlikely(copy_from_user(p, params->params.dh.p, p_size))) { - err(); - ret = -EFAULT; - goto fail; - } + const struct nlattr *p, *g; - if (unlikely(copy_from_user(g, params->params.dh.g, g_size))) { - err(); - ret = -EFAULT; + p = tb[NCR_ATTR_DH_PRIME]; + g = tb[NCR_ATTR_DH_BASE]; + if (p == NULL || g == NULL) { + ret = -EINVAL; goto fail; } - - ret = dh_import_params(&private->key.pk.dh, p, p_size, g, g_size); + + ret = dh_import_params(&private->key.pk.dh, nla_data(p), + nla_len(p), nla_data(g), + nla_len(g)); if (ret < 0) { err(); goto fail; @@ -309,8 +323,6 @@ int ncr_pk_generate(const struct algo_properties_st *algo, } fail: - kfree(tmp); - if (ret < 0) { err(); return ret; @@ -3,6 +3,8 @@ #include <tomcrypt.h> +struct nlattr; + struct ncr_pk_ctx { const struct algo_properties_st *algorithm; /* algorithm */ @@ -19,8 +21,7 @@ struct ncr_pk_ctx { /* PK */ void ncr_pk_clear(struct key_item_st* key); -int ncr_pk_generate(const struct algo_properties_st *algo, - struct ncr_key_generate_params_st * params, +int ncr_pk_generate(const struct algo_properties_st *algo, struct nlattr *tb[], struct key_item_st* private, struct key_item_st* public); int ncr_pk_pack( const struct key_item_st * key, uint8_t * packed, uint32_t * packed_size); int ncr_pk_unpack( struct key_item_st * key, const void * packed, size_t packed_size); @@ -145,6 +145,8 @@ ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) case NCRIO_KEY_INIT: return ncr_key_init(lst); CASE_NO_OUTPUT(NCRIO_KEY_GENERATE, ncr_key_generate, ncr_key_generate); + CASE_NO_OUTPUT(NCRIO_KEY_GENERATE_PAIR, ncr_key_generate_pair, + ncr_key_generate_pair); case NCRIO_KEY_DEINIT: return ncr_key_deinit(lst, arg); case NCRIO_KEY_EXPORT: @@ -172,8 +174,6 @@ ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) case NCRIO_MASTER_KEY_SET: return ncr_master_key_set(arg); - case NCRIO_KEY_GENERATE_PAIR: - return ncr_key_generate_pair(lst, arg); case NCRIO_KEY_DERIVE: return ncr_key_derive(lst, arg); default: @@ -194,6 +194,7 @@ ncr_compat_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg_) switch (cmd) { case NCRIO_KEY_INIT: case NCRIO_KEY_GENERATE: + case NCRIO_KEY_GENERATE_PAIR: return ncr_ioctl(lst, cmd, arg_); default: return -EINVAL; @@ -25,12 +25,19 @@ and is treated equivalent to sizeof(struct ncr_*). output_size 0 means no space for output attributes is available, and is not updated. */ +/* FIXME: better names for algorithm parameters? */ enum { NCR_ATTR_UNSPEC, /* 0 is special in lib/nlattr.c. */ /* FIXME: Use NLA_STRING for this, later */ NCR_ATTR_ALGORITHM, /* NLA_U32 - ncr_algorithm_t */ NCR_ATTR_KEY_FLAGS, /* NLA_U32 - NCR_KEY_FLAG_* */ NCR_ATTR_SECRET_KEY_BITS, /* NLA_U32 */ + NCR_ATTR_RSA_MODULUS_BITS, /* NLA_U32 */ + NCR_ATTR_RSA_E, /* NLA_BINARY */ + NCR_ATTR_DSA_P_BITS, /* NLA_U32 */ + NCR_ATTR_DSA_Q_BITS, /* NLA_U32 */ + NCR_ATTR_DH_PRIME, /* NLA_BINARY */ + NCR_ATTR_DH_BASE, /* NLA_BINARY */ /* Add new attributes here */ @@ -107,53 +114,19 @@ typedef __s32 ncr_key_t; */ #define NCR_KEY_FLAG_WRAPPING (1<<4) -struct ncr_key_generate_params_st { - ncr_algorithm_t algorithm; /* just a cipher algorithm when - * generating secret keys - */ - - unsigned int keyflags; - union { - struct { - unsigned int bits; - } secret; - struct { - unsigned int bits; - unsigned long e; /* use zero for default */ - } rsa; - struct { - /* For DSS standard allowed values - * are: p:1024 q: 160 - * p:2048 q: 224 - * p:2048 q: 256 - * p:3072 q: 256 - */ - unsigned int p_bits; - unsigned int q_bits; - } dsa; - struct { - __u8 __user *p; /* prime */ - __kernel_size_t p_size; - __u8 __user *g; /* generator */ - __kernel_size_t g_size; - } dh; - } params; -}; - -/* used in generation - */ -struct ncr_key_generate_st { - ncr_key_t desc; - ncr_key_t desc2; /* public key when called with GENERATE_PAIR */ - struct ncr_key_generate_params_st params; -}; - struct ncr_key_generate { __u32 input_size, output_size; ncr_key_t key; __NL_ATTRIBUTES; }; +struct ncr_key_generate_pair { + __u32 input_size, output_size; + ncr_key_t private_key; + ncr_key_t public_key; + __NL_ATTRIBUTES; +}; + typedef enum { RSA_PKCS1_V1_5, /* both signatures and encryption */ RSA_PKCS1_OAEP, /* for encryption only */ @@ -232,7 +205,7 @@ struct ncr_key_data_st { /* generate a secret key */ #define NCRIO_KEY_GENERATE _IOWR('c', 205, struct ncr_key_generate) /* generate a public key pair */ -#define NCRIO_KEY_GENERATE_PAIR _IOR ('c', 206, struct ncr_key_generate_st) +#define NCRIO_KEY_GENERATE_PAIR _IOWR('c', 206, struct ncr_key_generate_pair) /* derive a new key from an old one */ #define NCRIO_KEY_DERIVE _IOR ('c', 207, struct ncr_key_derivation_params_st) /* return information on a key */ @@ -32,6 +32,12 @@ static const struct nla_policy ncr_attr_policy[NCR_ATTR_MAX + 1] = { [NCR_ATTR_ALGORITHM] = { NLA_U32, 0 }, [NCR_ATTR_KEY_FLAGS] = { NLA_U32, 0 }, [NCR_ATTR_SECRET_KEY_BITS] = { NLA_U32, 0 }, + [NCR_ATTR_RSA_MODULUS_BITS] = { NLA_U32, 0 }, + [NCR_ATTR_RSA_E] = { NLA_BINARY, 0 }, + [NCR_ATTR_DSA_P_BITS] = { NLA_U32, 0 }, + [NCR_ATTR_DSA_Q_BITS] = { NLA_U32, 0 }, + [NCR_ATTR_DH_PRIME] = { NLA_BINARY, 0 }, + [NCR_ATTR_DH_BASE] = { NLA_BINARY, 0 }, }; void *__ncr_get_input_args(void *fixed, struct nlattr *tb[], size_t fixed_size, |