diff options
-rw-r--r-- | examples/ncr.c | 14 | ||||
-rw-r--r-- | examples/pk.c | 24 | ||||
-rw-r--r-- | examples/speed.c | 4 | ||||
-rw-r--r-- | ncr-sessions.c | 146 | ||||
-rw-r--r-- | ncr.h | 19 | ||||
-rw-r--r-- | ncr_int.h | 1 |
6 files changed, 97 insertions, 111 deletions
diff --git a/examples/ncr.c b/examples/ncr.c index 234e8bd..d9870e0 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -809,8 +809,8 @@ test_ncr_aes(int cfd) nop.init.algorithm = NCR_ALG_AES_ECB; nop.init.key = key; nop.init.op = NCR_OP_ENCRYPT; - nop.op.data.cipher.plaintext = dd; - nop.op.data.cipher.ciphertext = dd2; + nop.op.input = dd; + nop.op.output = dd2; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -884,8 +884,8 @@ test_ncr_aes(int cfd) nop.init.algorithm = NCR_ALG_AES_ECB; nop.init.key = key; nop.init.op = NCR_OP_DECRYPT; - nop.op.data.cipher.ciphertext = dd; - nop.op.data.cipher.plaintext = dd2; + nop.op.input = dd; + nop.op.output = dd2; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -946,7 +946,7 @@ struct hash_vectors_st { .plaintext_size = sizeof("what do ya want for nothing?")-1, .output = (uint8_t*)"\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32", .output_size = 20, - .op = NCR_OP_DIGEST, + .op = NCR_OP_SIGN, }, { .name = "HMAC-MD5", @@ -1098,8 +1098,8 @@ test_ncr_hash(int cfd) if (hash_vectors[i].key != NULL) nop.init.key = key; nop.init.op = hash_vectors[i].op; - nop.op.data.sign.text = dd; - nop.op.data.sign.output = dd2; + nop.op.input = dd; + nop.op.output = dd2; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); diff --git a/examples/pk.c b/examples/pk.c index fef695c..ce9dff8 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -371,8 +371,8 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae nop.init.params.params.rsa.type = RSA_PKCS1_V1_5; } nop.init.op = NCR_OP_ENCRYPT; - nop.op.data.cipher.plaintext = datad; - nop.op.data.cipher.ciphertext = encd; + nop.op.input = datad; + nop.op.output = encd; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -391,8 +391,8 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae } else { nop.init.params.params.rsa.type = RSA_PKCS1_V1_5; } - nop.op.data.cipher.plaintext = encd; - nop.op.data.cipher.ciphertext = encd; + nop.op.input = encd; + nop.op.output = encd; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -466,8 +466,8 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int nop.init.params.params.rsa.sign_hash = NCR_ALG_SHA1; nop.init.op = NCR_OP_SIGN; - nop.op.data.sign.text = datad; - nop.op.data.sign.output = signd; + nop.op.input = datad; + nop.op.output = signd; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -483,8 +483,8 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int nop.init.params.params.rsa.sign_hash = NCR_ALG_SHA1; nop.init.op = NCR_OP_VERIFY; - nop.op.data.verify.text = datad; - nop.op.data.verify.signature = signd; + nop.op.input = datad; + nop.op.output = signd; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -545,8 +545,8 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) nop.init.params.params.dsa.sign_hash = NCR_ALG_SHA1; nop.init.op = NCR_OP_SIGN; - nop.op.data.sign.text = datad; - nop.op.data.sign.output = signd; + nop.op.input = datad; + nop.op.output = signd; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); @@ -561,8 +561,8 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) nop.init.params.params.dsa.sign_hash = NCR_ALG_SHA1; nop.init.op = NCR_OP_VERIFY; - nop.op.data.verify.text = datad; - nop.op.data.verify.signature = signd; + nop.op.input = datad; + nop.op.output = signd; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); diff --git a/examples/speed.c b/examples/speed.c index 1c76eb6..d3cf04a 100644 --- a/examples/speed.c +++ b/examples/speed.c @@ -189,8 +189,8 @@ int encrypt_data_ncr(int cfd, int algo, int chunksize) nop.init.algorithm = algo; nop.init.key = key; nop.init.op = NCR_OP_ENCRYPT; - nop.op.data.cipher.plaintext = dd; - nop.op.data.cipher.ciphertext = dd; + nop.op.input = dd; + nop.op.output = dd; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); diff --git a/ncr-sessions.c b/ncr-sessions.c index f768cb3..b8eabdd 100644 --- a/ncr-sessions.c +++ b/ncr-sessions.c @@ -176,9 +176,9 @@ static const struct algo_properties_st algo_properties[] = { { .algo = NCR_ALG_HMAC_SHA2_512, .is_hmac = 1, .kstr = "hmac(sha512)", .digest_size = 64, .can_sign=1, .key_type = NCR_KEY_TYPE_SECRET }, - { .algo = NCR_ALG_RSA, .kstr = NULL, + { .algo = NCR_ALG_RSA, .kstr = NULL, .is_pk = 1, .can_encrypt=1, .can_sign=1, .key_type = NCR_KEY_TYPE_PUBLIC }, - { .algo = NCR_ALG_DSA, .kstr = NULL, + { .algo = NCR_ALG_DSA, .kstr = NULL, .is_pk = 1, .can_sign=1, .key_type = NCR_KEY_TYPE_PUBLIC }, { .algo = NCR_ALG_NONE } @@ -273,85 +273,83 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses case NCR_OP_SIGN: case NCR_OP_VERIFY: - if (!ns->algorithm->can_sign) { + if (!ns->algorithm->can_sign && !ns->algorithm->can_digest) { err(); ret = -EINVAL; goto fail; } - /* read key */ - ret = ncr_key_item_get_read( &ns->key, &lists->key, session->key); - if (ret < 0) { - err(); - goto fail; - } - - if (ns->key->type == NCR_KEY_TYPE_SECRET) { + if (ns->algorithm->can_digest) { if (ns->algorithm->kstr == NULL) { err(); - return -EINVAL; - } - - ret = cryptodev_hash_init(&ns->hash, ns->algorithm->kstr, 1, - ns->key->key.secret.data, ns->key->key.secret.size); - if (ret < 0) { - err(); - goto fail; - } - - } else if (ns->key->type == NCR_KEY_TYPE_PRIVATE || ns->key->type == NCR_KEY_TYPE_PUBLIC) { - sign_hash = ncr_key_params_get_sign_hash(ns->key->algorithm, &session->params); - if (IS_ERR(sign_hash)) { - err(); - return PTR_ERR(sign_hash); - } - - if (!sign_hash->can_digest) { - err(); - ret = -EINVAL; - goto fail; - } - if (sign_hash->kstr == NULL) { - err(); ret = -EINVAL; goto fail; } - ret = ncr_pk_cipher_init(ns->algorithm, &ns->pk, - &session->params, ns->key, sign_hash); + ret = cryptodev_hash_init(&ns->hash, ns->algorithm->kstr, 0, NULL, 0); if (ret < 0) { err(); goto fail; } - - ret = cryptodev_hash_init(&ns->hash, sign_hash->kstr, 0, NULL, 0); + + } else { + /* read key */ + ret = ncr_key_item_get_read( &ns->key, &lists->key, session->key); if (ret < 0) { err(); goto fail; } - } else { - err(); - ret = -EINVAL; - goto fail; - } - break; - case NCR_OP_DIGEST: - if (!ns->algorithm->can_digest) { - err(); - ret = -EINVAL; - goto fail; - } - if (ns->algorithm->kstr == NULL) { - err(); - ret = -EINVAL; - goto fail; - } + if (ns->algorithm->is_hmac && ns->key->type == NCR_KEY_TYPE_SECRET) { + if (ns->algorithm->kstr == NULL) { + err(); + ret = -EINVAL; + goto fail; + } - ret = cryptodev_hash_init(&ns->hash, ns->algorithm->kstr, 0, NULL, 0); - if (ret < 0) { - err(); - goto fail; + ret = cryptodev_hash_init(&ns->hash, ns->algorithm->kstr, 1, + ns->key->key.secret.data, ns->key->key.secret.size); + if (ret < 0) { + err(); + goto fail; + } + + } else if (ns->algorithm->is_pk && (ns->key->type == NCR_KEY_TYPE_PRIVATE || ns->key->type == NCR_KEY_TYPE_PUBLIC)) { + sign_hash = ncr_key_params_get_sign_hash(ns->key->algorithm, &session->params); + if (IS_ERR(sign_hash)) { + err(); + return PTR_ERR(sign_hash); + } + + if (!sign_hash->can_digest) { + err(); + ret = -EINVAL; + goto fail; + } + + if (sign_hash->kstr == NULL) { + err(); + ret = -EINVAL; + goto fail; + } + + ret = ncr_pk_cipher_init(ns->algorithm, &ns->pk, + &session->params, ns->key, sign_hash); + if (ret < 0) { + err(); + goto fail; + } + + ret = cryptodev_hash_init(&ns->hash, sign_hash->kstr, 0, NULL, 0); + if (ret < 0) { + err(); + goto fail; + } + } else { + err(); + ret = -EINVAL; + goto fail; + } } break; @@ -415,14 +413,14 @@ static int _ncr_session_update(struct ncr_lists* lists, struct ncr_session_op_st switch(sess->op) { case NCR_OP_ENCRYPT: /* obtain data item */ - data = ncr_data_item_get( &lists->data, op->data.cipher.plaintext); + data = ncr_data_item_get( &lists->data, op->input); if (data == NULL) { err(); ret = -EINVAL; goto fail; } - odata = ncr_data_item_get( &lists->data, op->data.cipher.ciphertext); + odata = ncr_data_item_get( &lists->data, op->output); if (odata == NULL) { err(); ret = -EINVAL; @@ -460,14 +458,14 @@ static int _ncr_session_update(struct ncr_lists* lists, struct ncr_session_op_st break; case NCR_OP_DECRYPT: /* obtain data item */ - data = ncr_data_item_get( &lists->data, op->data.cipher.ciphertext); + data = ncr_data_item_get( &lists->data, op->input); if (data == NULL) { err(); ret = -EINVAL; goto fail; } - odata = ncr_data_item_get( &lists->data, op->data.cipher.plaintext); + odata = ncr_data_item_get( &lists->data, op->output); if (odata == NULL) { err(); ret = -EINVAL; @@ -505,9 +503,8 @@ static int _ncr_session_update(struct ncr_lists* lists, struct ncr_session_op_st break; case NCR_OP_SIGN: - case NCR_OP_DIGEST: /* obtain data item */ - data = ncr_data_item_get( &lists->data, op->data.sign.text); + data = ncr_data_item_get( &lists->data, op->input); if (data == NULL) { err(); ret = -EINVAL; @@ -523,7 +520,7 @@ static int _ncr_session_update(struct ncr_lists* lists, struct ncr_session_op_st case NCR_OP_VERIFY: /* obtain data item */ - data = ncr_data_item_get( &lists->data, op->data.verify.text); + data = ncr_data_item_get( &lists->data, op->input); if (data == NULL) { err(); ret = -EINVAL; @@ -602,8 +599,8 @@ static int _ncr_session_final(struct ncr_lists* lists, struct ncr_session_op_st* case NCR_OP_ENCRYPT: case NCR_OP_DECRYPT: /* obtain data item */ - if (op->data.cipher.plaintext != NCR_DATA_INVALID && - op->data.cipher.ciphertext != NCR_DATA_INVALID) { + if (op->input != NCR_DATA_INVALID && + op->output != NCR_DATA_INVALID) { ret = _ncr_session_update(lists, op); if (ret < 0) goto fail; @@ -612,13 +609,13 @@ static int _ncr_session_final(struct ncr_lists* lists, struct ncr_session_op_st* case NCR_OP_VERIFY: /* obtain data item */ - if (op->data.sign.text != NCR_DATA_INVALID) { + if (op->input != NCR_DATA_INVALID) { ret = _ncr_session_update(lists, op); if (ret < 0) goto fail; } - odata = ncr_data_item_get( &lists->data, op->data.verify.signature); + odata = ncr_data_item_get( &lists->data, op->output); if (odata == NULL) { err(); ret = -EINVAL; @@ -658,14 +655,13 @@ static int _ncr_session_final(struct ncr_lists* lists, struct ncr_session_op_st* break; case NCR_OP_SIGN: - case NCR_OP_DIGEST: /* obtain data item */ - if (op->data.sign.text != NCR_DATA_INVALID) { + if (op->input != NCR_DATA_INVALID) { ret = _ncr_session_update(lists, op); if (ret < 0) goto fail; } - odata = ncr_data_item_get( &lists->data, op->data.sign.output); + odata = ncr_data_item_get( &lists->data, op->output); if (odata == NULL) { err(); ret = -EINVAL; @@ -683,7 +679,7 @@ static int _ncr_session_final(struct ncr_lists* lists, struct ncr_session_op_st* cryptodev_hash_deinit(&sess->hash); - if (sess->op != NCR_OP_DIGEST && !sess->algorithm->is_hmac) { + if (sess->algorithm->is_pk) { /* PK signature */ size_t new_size = odata->max_data_size; ret = ncr_pk_cipher_sign(&sess->pk, odata->data, odata->data_size, @@ -250,7 +250,6 @@ struct ncr_key_storage_wrap_st { typedef enum { NCR_OP_ENCRYPT=1, NCR_OP_DECRYPT, - NCR_OP_DIGEST, NCR_OP_SIGN, NCR_OP_VERIFY, } ncr_crypto_op_t; @@ -281,20 +280,10 @@ struct ncr_session_op_st { /* input */ ncr_session_t ses; - union { - struct { - ncr_data_t plaintext; - ncr_data_t ciphertext; - } cipher; - struct { - ncr_data_t text; - ncr_data_t output; - } sign; /* mac/hash/sign */ - struct { - ncr_data_t text; - ncr_data_t signature; - } verify; /* mac/sign */ - } data; + ncr_data_t input; + ncr_data_t output; /* when verifying signature this is + * the place of the signature. + */ /* output of verification */ ncr_error_t err; @@ -19,6 +19,7 @@ struct algo_properties_st { unsigned can_digest:1; unsigned can_encrypt:1; unsigned is_symmetric:1; + unsigned is_pk:1; int digest_size; /* NCR_KEY_TYPE_SECRET if for a secret key algorithm or MAC, * NCR_KEY_TYPE_PUBLIC for a public key algorithm. |