summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile2
-rw-r--r--examples/Makefile5
-rw-r--r--examples/ncr.c399
-rw-r--r--examples/pk.c148
-rw-r--r--examples/speed.c113
-rw-r--r--ncr-data.c303
-rw-r--r--ncr-int.h55
-rw-r--r--ncr-key.c100
-rw-r--r--ncr-limits.c2
-rw-r--r--ncr-pk.c14
-rw-r--r--ncr-sessions.c14
-rw-r--r--ncr.c14
-rw-r--r--ncr.h33
13 files changed, 175 insertions, 1027 deletions
diff --git a/Makefile b/Makefile
index f85e7bd..3b7ebf6 100644
--- a/Makefile
+++ b/Makefile
@@ -67,7 +67,7 @@ TOMCRYPT_OBJECTS = libtomcrypt/misc/zeromem.o libtomcrypt/misc/crypt/crypt_argch
libtomcrypt/pk/asn1/der/x509/der_decode_subject_public_key_info.o
cryptodev-objs = cryptodev_main.o cryptodev_cipher.o ncr.o \
- ncr-data.o ncr-key.o ncr-limits.o ncr-pk.o \
+ ncr-key.o ncr-limits.o ncr-pk.o \
ncr-sessions-direct.o ncr-sessions.o \
ncr-key-wrap.o ncr-key-storage.o $(TOMMATH_OBJECTS) \
$(TOMCRYPT_OBJECTS)
diff --git a/examples/Makefile b/examples/Makefile
index ff5381d..100cc49 100644
--- a/examples/Makefile
+++ b/examples/Makefile
@@ -1,7 +1,7 @@
CC = gcc
CFLAGS = -Wall -g -O2
-progs := cipher hmac ncr pk speed ncr-direct
+progs := cipher hmac ncr pk speed
all: $(progs)
@@ -22,11 +22,10 @@ pk: pk.c
check: $(progs)
./ncr
- ./ncr-direct
./pk
./cipher
./hmac
./speed
clean:
- rm -f *.o *~ hmac cipher ncr pk speed ncr-direct
+ rm -f *.o *~ hmac cipher ncr pk speed \ No newline at end of file
diff --git a/examples/ncr.c b/examples/ncr.c
index f2c4b72..4ff59fd 100644
--- a/examples/ncr.c
+++ b/examples/ncr.c
@@ -32,11 +32,9 @@ int i;
static int
test_ncr_key(int cfd)
{
- struct ncr_data_init_st dinit;
struct ncr_key_generate_st kgen;
ncr_key_t key;
struct ncr_key_data_st keydata;
- struct ncr_data_st kdata;
uint8_t data[KEY_DATA_SIZE];
uint8_t data_bak[KEY_DATA_SIZE];
@@ -51,17 +49,6 @@ test_ncr_key(int cfd)
randomize_data(data, sizeof(data));
memcpy(data_bak, data, sizeof(data));
- dinit.max_object_size = KEY_DATA_SIZE;
- dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
- dinit.initial_data = data;
- dinit.initial_data_size = sizeof(data);
-
- if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_INIT)");
- return 1;
- }
-
/* convert it to key */
if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
perror("ioctl(NCRIO_KEY_INIT)");
@@ -76,7 +63,8 @@ test_ncr_key(int cfd)
keydata.flags = NCR_KEY_FLAG_EXPORTABLE;
keydata.key = key;
- keydata.data = dinit.desc;
+ keydata.idata = data;
+ keydata.idata_size = sizeof(data);
if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -86,43 +74,21 @@ test_ncr_key(int cfd)
/* now try to read it */
fprintf(stdout, "\tKey export...\n");
- if (ioctl(cfd, NCRIO_DATA_DEINIT, &dinit.desc)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_DEINIT)");
- return 1;
- }
-
- dinit.max_object_size = DATA_SIZE;
- dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
- dinit.initial_data = NULL;
- dinit.initial_data_size = 0;
-
- if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_INIT)");
- return 1;
- }
memset(&keydata, 0, sizeof(keydata));
keydata.key = key;
- keydata.data = dinit.desc;
+ keydata.idata = data;
+ keydata.idata_size = sizeof(data);
if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
perror("ioctl(NCRIO_KEY_IMPORT)");
return 1;
}
-
- /* now read data */
- memset(&kdata, 0, sizeof(kdata));
-
- kdata.desc = dinit.desc;
- kdata.data = data;
- kdata.data_size = sizeof(data);
-
- if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
+
+ if (keydata.idata_size != sizeof(data)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_GET)");
+ fprintf(stderr, "data returned but differ!\n");
return 1;
}
@@ -162,9 +128,12 @@ test_ncr_key(int cfd)
return 1;
}
+ memset(data, 0, sizeof(data));
+
memset(&keydata, 0, sizeof(keydata));
keydata.key = key;
- keydata.data = dinit.desc;
+ keydata.idata = data;
+ keydata.idata_size = sizeof(data);
if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -172,27 +141,16 @@ test_ncr_key(int cfd)
return 1;
}
- /* now read data */
- memset(data, 0, sizeof(data));
-
- kdata.desc = dinit.desc;
- kdata.data = data;
- kdata.data_size = sizeof(data);
-
- if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
+ if (keydata.idata_size == 0 || (data[0] == 0 && data[1] == 0 && data[2] == 0 && data[4] == 0)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_GET)");
+ fprintf(stderr, "Generated key: %.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x."
+ "%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x\n", data[0], data[1],
+ data[2], data[3], data[4], data[5], data[6], data[7], data[8],
+ data[9], data[10], data[11], data[12], data[13], data[14],
+ data[15]);
return 1;
}
-#if 0
- fprintf(stderr, "Generated key: %.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x."
- "%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x\n", data[0], data[1],
- data[2], data[3], data[4], data[5], data[6], data[7], data[8],
- data[9], data[10], data[11], data[12], data[13], data[14],
- data[15]);
-#endif
-
if (ioctl(cfd, NCRIO_KEY_DEINIT, &key)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
perror("ioctl(NCRIO_KEY_DEINIT)");
@@ -219,24 +177,16 @@ test_ncr_key(int cfd)
return 1;
}
+ memset(data, 0, sizeof(data));
+
memset(&keydata, 0, sizeof(keydata));
keydata.key = key;
- keydata.data = dinit.desc;
-
- if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_KEY_EXPORT)");
- return 1;
- }
+ keydata.idata = data;
+ keydata.idata_size = sizeof(data);
/* try to get the output data - should fail */
- memset(data, 0, sizeof(data));
-
- kdata.desc = dinit.desc;
- kdata.data = data;
- kdata.data_size = sizeof(data);
- if (ioctl(cfd, NCRIO_DATA_GET, &kdata)==0) {
+ if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)==0) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
fprintf(stderr, "Data were exported, but shouldn't be!\n");
return 1;
@@ -252,135 +202,14 @@ test_ncr_key(int cfd)
}
-static int test_ncr_data(int cfd)
-{
- struct ncr_data_init_st init;
- struct ncr_data_st kdata;
- uint8_t data[DATA_SIZE];
- uint8_t data_bak[DATA_SIZE];
- int i;
-
- fprintf(stdout, "Tests on Data:\n");
-
- randomize_data(data, sizeof(data));
- memcpy(data_bak, data, sizeof(data));
-
- init.max_object_size = DATA_SIZE;
- init.flags = NCR_DATA_FLAG_EXPORTABLE;
- init.initial_data = data;
- init.initial_data_size = sizeof(data);
-
- if (ioctl(cfd, NCRIO_DATA_INIT, &init)) {
- perror("ioctl(NCRIO_DATA_INIT)");
- return 1;
- }
-
- fprintf(stdout, "\tData Import...\n");
-
- memset(data, 0, sizeof(data));
-
- kdata.desc = init.desc;
- kdata.data = data;
- kdata.data_size = sizeof(data);
-
- if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
- perror("ioctl(NCRIO_DATA_GET)");
- return 1;
- }
-
- if (memcmp(data, data_bak, sizeof(data))!=0) {
- fprintf(stderr, "data returned but differ!\n");
- return 1;
- }
-
- fprintf(stdout, "\tData Export...\n");
-
- /* test set */
- memset(data, 0xf1, sizeof(data));
-
- kdata.desc = init.desc;
- kdata.data = data;
- kdata.data_size = sizeof(data);
-
- if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
- perror("ioctl(NCRIO_DATA_SET)");
- return 1;
- }
-
- /* test get after set */
- memset(data, 0, sizeof(data));
-
- kdata.desc = init.desc;
- kdata.data = data;
- kdata.data_size = sizeof(data);
-
- if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
- perror("ioctl(NCRIO_DATA_GET)");
- return 1;
- }
-
- for(i=0;i<kdata.data_size;i++) {
- if (((uint8_t*)kdata.data)[i] != 0xf1) {
- fprintf(stderr, "data returned but differ!\n");
- return 1;
- }
- }
- fprintf(stdout, "\t2nd Data Import/Export...\n");
-
- if (ioctl(cfd, NCRIO_DATA_DEINIT, &kdata.desc)) {
- perror("ioctl(NCRIO_DATA_DEINIT)");
- return 1;
- }
-
- fprintf(stdout, "\tProtection of non-exportable data...\n");
- randomize_data(data, sizeof(data));
-
- init.max_object_size = DATA_SIZE;
- init.flags = 0;
- init.initial_data = data;
- init.initial_data_size = sizeof(data);
-
- if (ioctl(cfd, NCRIO_DATA_INIT, &init)) {
- perror("ioctl(NCRIO_DATA_INIT)");
- return 1;
- }
-
- kdata.desc = init.desc;
- kdata.data = data;
- kdata.data_size = sizeof(data);
-
- if (ioctl(cfd, NCRIO_DATA_GET, &kdata)==0) {
- fprintf(stderr, "Unexportable data were exported!?\n");
- return 1;
- }
-
- fprintf(stdout, "\tLimits on maximum allowed data...\n");
- for (i=0;i<256;i++ ) {
- init.max_object_size = DATA_SIZE;
- init.flags = 0;
- init.initial_data = data;
- init.initial_data_size = sizeof(data);
-
- if (ioctl(cfd, NCRIO_DATA_INIT, &init)) {
- //fprintf(stderr, "Reached maximum limit at: %d data items\n", i);
- break;
- }
- }
-
- /* shouldn't run any other tests after that */
-
- return 0;
-}
/* Key wrapping */
static int
test_ncr_wrap_key(int cfd)
{
int i;
- struct ncr_data_init_st dinit;
ncr_key_t key, key2;
struct ncr_key_data_st keydata;
- struct ncr_data_st kdata;
struct ncr_key_wrap_st kwrap;
uint8_t data[WRAPPED_KEY_DATA_SIZE];
int data_size;
@@ -393,17 +222,6 @@ test_ncr_wrap_key(int cfd)
fprintf(stdout, "\tKey Wrap test...\n");
- dinit.max_object_size = WRAPPED_KEY_DATA_SIZE;
- dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
- dinit.initial_data = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
- dinit.initial_data_size = 16;
-
- if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_INIT)");
- return 1;
- }
-
/* convert it to key */
if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
perror("ioctl(NCRIO_KEY_INIT)");
@@ -418,7 +236,8 @@ test_ncr_wrap_key(int cfd)
keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE;
keydata.key = key;
- keydata.data = dinit.desc;
+ keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
+ keydata.idata_size = 16;
if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -426,17 +245,6 @@ test_ncr_wrap_key(int cfd)
return 1;
}
-#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"
- /* now key data */
- kdata.data = DKEY;
- kdata.data_size = 16;
- kdata.desc = dinit.desc;
-
- if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_SET)");
- return 1;
- }
/* convert it to key */
if (ioctl(cfd, NCRIO_KEY_INIT, &key2)) {
@@ -452,7 +260,9 @@ test_ncr_wrap_key(int cfd)
keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE;
keydata.key = key2;
- keydata.data = kdata.desc;
+#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"
+ keydata.idata = DKEY;
+ keydata.idata_size = 16;
if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -556,13 +366,10 @@ static int
test_ncr_store_wrap_key(int cfd)
{
int i;
- struct ncr_data_init_st dinit;
ncr_key_t key2;
struct ncr_key_data_st keydata;
- struct ncr_data_st kdata;
struct ncr_key_storage_wrap_st kwrap;
uint8_t data[DATA_SIZE];
- int dd;
int data_size;
fprintf(stdout, "Tests on Key storage:\n");
@@ -573,30 +380,6 @@ test_ncr_store_wrap_key(int cfd)
fprintf(stdout, "\tKey Storage wrap test...\n");
- memset(&dinit, 0, sizeof(dinit));
- dinit.max_object_size = DATA_SIZE;
- dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-
- if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_INIT)");
- return 1;
- }
-
- dd = dinit.desc;
-
-#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"
- /* now key data */
- kdata.data = DKEY;
- kdata.data_size = 16;
- kdata.desc = dd;
-
- if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_SET)");
- return 1;
- }
-
/* convert it to key */
if (ioctl(cfd, NCRIO_KEY_INIT, &key2)) {
perror("ioctl(NCRIO_KEY_INIT)");
@@ -611,7 +394,9 @@ test_ncr_store_wrap_key(int cfd)
keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE;
keydata.key = key2;
- keydata.data = dd;
+#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"
+ keydata.idata = DKEY;
+ keydata.idata_size = 16;
if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -662,25 +447,21 @@ test_ncr_store_wrap_key(int cfd)
/* now export the unwrapped */
memset(&keydata, 0, sizeof(keydata));
keydata.key = key2;
- keydata.data = dd;
+ keydata.idata = data;
+ keydata.idata_size = sizeof(data);
if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
perror("ioctl(NCRIO_KEY_IMPORT)");
return 1;
}
+
+ data_size = keydata.idata_size;
- kdata.data = data;
- if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_GET)");
- return 1;
- }
-
- if (kdata.data_size != 16 || memcmp(kdata.data, DKEY, 16) != 0) {
+ if (data_size != 16 || memcmp(data, DKEY, 16) != 0) {
fprintf(stderr, "Unwrapped data do not match.\n");
- fprintf(stderr, "Data[%d]: ", (int) kdata.data_size);
- for(i=0;i<kdata.data_size;i++)
+ fprintf(stderr, "Data[%d]: ", (int) data_size);
+ for(i=0;i<data_size;i++)
fprintf(stderr, "%.2x:", data[i]);
fprintf(stderr, "\n");
return 1;
@@ -726,37 +507,13 @@ struct aes_vectors_st {
static int
test_ncr_aes(int cfd)
{
- struct ncr_data_init_st dinit;
ncr_key_t key;
struct ncr_key_data_st keydata;
- struct ncr_data_st kdata;
- ncr_data_t dd, dd2;
uint8_t data[KEY_DATA_SIZE];
int i, j;
struct ncr_session_once_op_st nop;
int data_size;
- dinit.max_object_size = KEY_DATA_SIZE;
- dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
- dinit.initial_data = NULL;
- dinit.initial_data_size = 0;
-
- if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_INIT)");
- return 1;
- }
-
- dd = dinit.desc;
-
- if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_INIT)");
- return 1;
- }
-
- dd2 = dinit.desc;
-
/* convert it to key */
if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
perror("ioctl(NCRIO_KEY_INIT)");
@@ -774,19 +531,9 @@ test_ncr_aes(int cfd)
fprintf(stdout, "Tests on AES Encryption\n");
for (i=0;i<sizeof(aes_vectors)/sizeof(aes_vectors[0]);i++) {
- /* import key */
- kdata.data = (void*)aes_vectors[i].key;
- kdata.data_size = 16;
- kdata.desc = dd;
-
- if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_SET)");
- return 1;
- }
-
keydata.key = key;
- keydata.data = dd;
+ keydata.idata = (void*)aes_vectors[i].key;
+ keydata.idata_size = 16;
if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
perror("ioctl(NCRIO_KEY_IMPORT)");
@@ -832,19 +579,9 @@ test_ncr_aes(int cfd)
fprintf(stdout, "Tests on AES Decryption\n");
for (i=0;i<sizeof(aes_vectors)/sizeof(aes_vectors[0]);i++) {
- /* import key */
- kdata.data = (void*)aes_vectors[i].key;
- kdata.data_size = 16;
- kdata.desc = dd;
-
- if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_SET)");
- return 1;
- }
-
keydata.key = key;
- keydata.data = dd;
+ keydata.idata = (void*)aes_vectors[i].key;
+ keydata.idata_size = 16;
if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
perror("ioctl(NCRIO_KEY_IMPORT)");
@@ -979,36 +716,12 @@ struct hash_vectors_st {
static int
test_ncr_hash(int cfd)
{
- struct ncr_data_init_st dinit;
ncr_key_t key;
struct ncr_key_data_st keydata;
- struct ncr_data_st kdata;
- ncr_data_t dd, dd2;
uint8_t data[HASH_DATA_SIZE];
int i, j, data_size;
struct ncr_session_once_op_st nop;
- dinit.max_object_size = HASH_DATA_SIZE;
- dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
- dinit.initial_data = NULL;
- dinit.initial_data_size = 0;
-
- if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_INIT)");
- return 1;
- }
-
- dd = dinit.desc;
-
- if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_INIT)");
- return 1;
- }
-
- dd2 = dinit.desc;
-
/* convert it to key */
if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
perror("ioctl(NCRIO_KEY_INIT)");
@@ -1029,18 +742,10 @@ test_ncr_hash(int cfd)
fprintf(stdout, "\t%s:\n", hash_vectors[i].name);
/* import key */
if (hash_vectors[i].key != NULL) {
- kdata.data = (void*)hash_vectors[i].key;
- kdata.data_size = hash_vectors[i].key_size;
- kdata.desc = dd;
-
- if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_SET)");
- return 1;
- }
keydata.key = key;
- keydata.data = dd;
+ keydata.idata = (void*)hash_vectors[i].key;
+ keydata.idata_size = hash_vectors[i].key_size;
if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
perror("ioctl(NCRIO_KEY_IMPORT)");
@@ -1105,24 +810,6 @@ main()
return 1;
}
- /* Run the test itself */
- if (test_ncr_data(fd))
- return 1;
-
- /* Close the original descriptor */
- if (close(fd)) {
- perror("close(fd)");
- return 1;
- }
-
- /* actually test if the initial close
- * will really delete all used lists */
-
- fd = open("/dev/crypto", O_RDWR, 0);
- if (fd < 0) {
- perror("open(/dev/crypto)");
- return 1;
- }
if (test_ncr_key(fd))
return 1;
diff --git a/examples/pk.c b/examples/pk.c
index a529e9a..1aa4c5a 100644
--- a/examples/pk.c
+++ b/examples/pk.c
@@ -310,7 +310,7 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
fflush(stdout);
memset(data, 0x3, sizeof(data));
- memset(vdata, 0x0, sizeof(vdata));
+ memcpy(vdata, data, sizeof(vdata));
/* do encryption */
memset(&nop, 0, sizeof(nop));
@@ -325,8 +325,8 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
nop.init.op = NCR_OP_ENCRYPT;
nop.op.data.udata.input = data;
nop.op.data.udata.input_size = RSA_ENCRYPT_SIZE;
- nop.op.data.udata.output = vdata;
- nop.op.data.udata.output_size = sizeof(vdata);
+ nop.op.data.udata.output = data;
+ nop.op.data.udata.output_size = sizeof(data);
nop.op.type = NCR_DIRECT_DATA;
if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
@@ -348,10 +348,10 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
} else {
nop.init.params.params.rsa.type = RSA_PKCS1_V1_5;
}
- nop.op.data.udata.input = vdata;
+ nop.op.data.udata.input = data;
nop.op.data.udata.input_size = enc_size;
- nop.op.data.udata.output = vdata;
- nop.op.data.udata.output_size = sizeof(vdata);
+ nop.op.data.udata.output = data;
+ nop.op.data.udata.output_size = sizeof(data);
nop.op.type = NCR_DIRECT_DATA;
@@ -373,6 +373,8 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
}
+#define DATA_TO_SIGN 52
+
static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int pss)
{
struct ncr_session_once_op_st nop;
@@ -394,7 +396,7 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
nop.init.op = NCR_OP_SIGN;
nop.op.data.udata.input = data;
- nop.op.data.udata.input_size = sizeof(data);
+ nop.op.data.udata.input_size = DATA_TO_SIGN;
nop.op.data.udata.output = sig;
nop.op.data.udata.output_size = sizeof(sig);
nop.op.type = NCR_DIRECT_DATA;
@@ -414,9 +416,11 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
nop.init.params.params.rsa.type = (pss!=0)?RSA_PKCS1_PSS:RSA_PKCS1_V1_5;
nop.init.params.params.rsa.sign_hash = NCR_ALG_SHA1;
+ memset(data, 0x3, sizeof(data));
+
nop.init.op = NCR_OP_VERIFY;
nop.op.data.udata.input = data;
- nop.op.data.udata.input_size = sizeof(data);
+ nop.op.data.udata.input_size = DATA_TO_SIGN;
nop.op.data.udata.output = sig;
nop.op.data.udata.output_size = sig_size;
nop.op.type = NCR_DIRECT_DATA;
@@ -429,8 +433,10 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
if (nop.op.err == NCR_SUCCESS)
fprintf(stdout, " Success\n");
- else
+ else {
fprintf(stdout, " Verification Failed!\n");
+ return 1;
+ }
return 0;
@@ -456,7 +462,7 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
nop.init.op = NCR_OP_SIGN;
nop.op.data.udata.input = data;
- nop.op.data.udata.input_size = sizeof(data);
+ nop.op.data.udata.input_size = DATA_TO_SIGN;
nop.op.data.udata.output = sig;
nop.op.data.udata.output_size = sizeof(sig);
nop.op.type = NCR_DIRECT_DATA;
@@ -477,7 +483,7 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
nop.init.op = NCR_OP_VERIFY;
nop.op.data.udata.input = data;
- nop.op.data.udata.input_size = sizeof(data);
+ nop.op.data.udata.input_size = DATA_TO_SIGN;
nop.op.data.udata.output = sig;
nop.op.data.udata.output_size = sizeof(sig);
nop.op.type = NCR_DIRECT_DATA;
@@ -490,8 +496,10 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
if (nop.op.err == NCR_SUCCESS)
fprintf(stdout, " Success\n");
- else
+ else {
fprintf(stdout, " Verification Failed!\n");
+ return 1;
+ }
return 0;
@@ -501,12 +509,11 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
static int test_ncr_rsa(int cfd)
{
int ret;
- struct ncr_data_init_st dinit;
struct ncr_key_generate_st kgen;
ncr_key_t pubkey, privkey;
struct ncr_key_data_st keydata;
- struct ncr_data_st kdata;
uint8_t data[DATA_SIZE];
+ int data_size;
fprintf(stdout, "Tests on RSA key generation:");
fflush(stdout);
@@ -538,41 +545,21 @@ static int test_ncr_rsa(int cfd)
}
/* export the private key */
- dinit.max_object_size = DATA_SIZE;
- dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
- dinit.initial_data = NULL;
- dinit.initial_data_size = 0;
-
- if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_INIT)");
- return 1;
- }
-
+ memset(data, 0, sizeof(data));
memset(&keydata, 0, sizeof(keydata));
keydata.key = privkey;
- keydata.data = dinit.desc;
+ keydata.idata = data;
+ keydata.idata_size = sizeof(data);
if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
perror("ioctl(NCRIO_KEY_EXPORT)");
return 1;
}
+
+ data_size = keydata.idata_size;
- /* now read data */
- memset(data, 0, sizeof(data));
-
- kdata.desc = dinit.desc;
- kdata.data = data;
- kdata.data_size = sizeof(data);
-
- if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_GET)");
- return 1;
- }
-
- ret = privkey_info(kdata.data, kdata.data_size, 0);
+ ret = privkey_info(data, data_size, 0);
if (ret != 0) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
return 1;
@@ -580,30 +567,21 @@ static int test_ncr_rsa(int cfd)
/* export the public key */
+ memset(data, 0, sizeof(data));
memset(&keydata, 0, sizeof(keydata));
keydata.key = pubkey;
- keydata.data = dinit.desc;
+ keydata.idata = data;
+ keydata.idata_size = sizeof(data);
if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
perror("ioctl(NCRIO_KEY_IMPORT)");
return 1;
}
-
- /* now read data */
- memset(data, 0, sizeof(data));
-
- kdata.desc = dinit.desc;
- kdata.data = data;
- kdata.data_size = sizeof(data);
-
- if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_GET)");
- return 1;
- }
- ret = pubkey_info(kdata.data, kdata.data_size, 0);
+ data_size = keydata.idata_size;
+
+ ret = pubkey_info(data, data_size, 0);
if (ret != 0) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
return 1;
@@ -611,13 +589,13 @@ static int test_ncr_rsa(int cfd)
fprintf(stdout, " Success\n");
- ret = rsa_key_sign_verify(cfd, privkey, pubkey, 0);
+ ret = rsa_key_sign_verify(cfd, privkey, pubkey, 1);
if (ret != 0) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
return 1;
}
- ret = rsa_key_sign_verify(cfd, privkey, pubkey, 1);
+ ret = rsa_key_sign_verify(cfd, privkey, pubkey, 0);
if (ret != 0) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
return 1;
@@ -642,12 +620,11 @@ static int test_ncr_rsa(int cfd)
static int test_ncr_dsa(int cfd)
{
int ret;
- struct ncr_data_init_st dinit;
struct ncr_key_generate_st kgen;
ncr_key_t pubkey, privkey;
struct ncr_key_data_st keydata;
- struct ncr_data_st kdata;
uint8_t data[DATA_SIZE];
+ int data_size;
fprintf(stdout, "Tests on DSA key generation:");
fflush(stdout);
@@ -679,42 +656,20 @@ static int test_ncr_dsa(int cfd)
return 1;
}
- /* export the private key */
- dinit.max_object_size = DATA_SIZE;
- dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
- dinit.initial_data = NULL;
- dinit.initial_data_size = 0;
-
- if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_INIT)");
- return 1;
- }
-
memset(&keydata, 0, sizeof(keydata));
+ memset(data, 0, sizeof(data));
keydata.key = privkey;
- keydata.data = dinit.desc;
+ keydata.idata = data;
+ keydata.idata_size = sizeof(data);
if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
perror("ioctl(NCRIO_KEY_EXPORT)");
return 1;
}
+ data_size = keydata.idata_size;
- /* now read data */
- memset(data, 0, sizeof(data));
-
- kdata.desc = dinit.desc;
- kdata.data = data;
- kdata.data_size = sizeof(data);
-
- if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_GET)");
- return 1;
- }
-
- ret = privkey_info(kdata.data, kdata.data_size, 0);
+ ret = privkey_info(data, data_size, 0);
if (ret != 0) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
return 1;
@@ -722,30 +677,21 @@ static int test_ncr_dsa(int cfd)
/* export the public key */
+ memset(data, 0, sizeof(data));
memset(&keydata, 0, sizeof(keydata));
keydata.key = pubkey;
- keydata.data = dinit.desc;
+ keydata.idata = data;
+ keydata.idata_size = sizeof(data);
if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
perror("ioctl(NCRIO_KEY_IMPORT)");
return 1;
}
-
- /* now read data */
- memset(data, 0, sizeof(data));
-
- kdata.desc = dinit.desc;
- kdata.data = data;
- kdata.data_size = sizeof(data);
-
- if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_GET)");
- return 1;
- }
- ret = pubkey_info(kdata.data, kdata.data_size, 0);
+ data_size = keydata.idata_size;
+
+ ret = pubkey_info(data, data_size, 0);
if (ret != 0) {
fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
return 1;
diff --git a/examples/speed.c b/examples/speed.c
index d49faa9..5898aaa 100644
--- a/examples/speed.c
+++ b/examples/speed.c
@@ -116,107 +116,6 @@ int encrypt_data(struct session_op *sess, int fdc, int chunksize)
return 0;
}
-int encrypt_data_ncr(int cfd, int algo, int chunksize)
-{
- char *buffer, iv[32];
- static int val = 23;
- struct timeval start, end;
- double total = 0;
- double secs, ddata, dspeed;
- char metric[16];
- ncr_key_t key;
- struct ncr_key_generate_st kgen;
- struct ncr_data_init_st dinit;
- struct ncr_data_st kdata;
- struct ncr_session_once_op_st nop;
- ncr_data_t dd;
-
- if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_KEY_INIT)");
- return 1;
- }
-
- kgen.desc = key;
- kgen.params.algorithm = NCR_ALG_AES_CBC;
- kgen.params.keyflags = NCR_KEY_FLAG_EXPORTABLE;
- kgen.params.params.secret.bits = 128; /* 16 bytes */
-
- if (ioctl(cfd, NCRIO_KEY_GENERATE, &kgen)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_KEY_IMPORT)");
- return 1;
- }
-
-
- buffer = malloc(chunksize);
- memset(iv, 0x23, 32);
-
- memset(&dinit, 0, sizeof(dinit));
- dinit.max_object_size = chunksize;
- dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
- dinit.initial_data = buffer;
- dinit.initial_data_size = chunksize;
-
- if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_INIT)");
- return 1;
- }
- dd = dinit.desc;
-
- printf("\tEncrypting in chunks of %d bytes: ", chunksize);
- fflush(stdout);
-
- memset(buffer, val++, chunksize);
-
- must_finish = 0;
- alarm(5);
-
- gettimeofday(&start, NULL);
- do {
- kdata.data = buffer;
- kdata.data_size = chunksize;
- kdata.desc = dd;
-
- if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_INIT)");
- return 1;
- }
-
- memset(&nop, 0, sizeof(nop));
- nop.init.algorithm = algo;
- nop.init.key = key;
- nop.init.op = NCR_OP_ENCRYPT;
- nop.op.data.ndata.input = dd;
- nop.op.data.ndata.output = dd;
- nop.op.type = NCR_DATA;
-
- if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_SESSION_ONCE)");
- return 1;
- }
-
- total+=chunksize;
- } while(must_finish==0);
- gettimeofday(&end, NULL);
-
- if (ioctl(cfd, NCRIO_DATA_DEINIT, &dd)) {
- fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
- perror("ioctl(NCRIO_DATA_INIT)");
- return 1;
- }
-
- secs = udifftimeval(start, end)/ 1000000.0;
-
- value2human(total, secs, &ddata, &dspeed, metric);
- printf ("done. %.2f %s in %.2f secs: ", ddata, metric, secs);
- printf ("%.2f %s/sec\n", dspeed, metric);
-
- return 0;
-}
int encrypt_data_ncr_direct(int cfd, int algo, int chunksize)
{
@@ -322,12 +221,6 @@ int main(void)
break;
}
- fprintf(stderr, "\nTesting NCR with NULL cipher: \n");
- for (i = 256; i <= (64 * 1024); i *= 2) {
- if (encrypt_data_ncr(fdc, NCR_ALG_NULL, i))
- break;
- }
-
fprintf(stderr, "\nTesting NCR-DIRECT with NULL cipher: \n");
for (i = 256; i <= (64 * 1024); i *= 2) {
if (encrypt_data_ncr_direct(fdc, NCR_ALG_NULL, i))
@@ -351,12 +244,6 @@ int main(void)
break;
}
- fprintf(stderr, "\nTesting NCR with AES-128-CBC cipher: \n");
- for (i = 256; i <= (64 * 1024); i *= 2) {
- if (encrypt_data_ncr(fdc, NCR_ALG_AES_CBC, i))
- break;
- }
-
fprintf(stderr, "\nTesting NCR-DIRECT with AES-128-CBC cipher: \n");
for (i = 256; i <= (64 * 1024); i *= 2) {
if (encrypt_data_ncr_direct(fdc, NCR_ALG_AES_CBC, i))
diff --git a/ncr-data.c b/ncr-data.c
deleted file mode 100644
index 639637f..0000000
--- a/ncr-data.c
+++ /dev/null
@@ -1,303 +0,0 @@
-/*
- * New driver for /dev/crypto device (aka CryptoDev)
-
- * Copyright (c) 2010 Nikos Mavrogiannopoulos <nmav@gnutls.org>
- *
- * This file is part of linux cryptodev.
- *
- * cryptodev is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * cryptodev is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <linux/crypto.h>
-#include <linux/mm.h>
-#include <linux/highmem.h>
-#include "cryptodev.h"
-#include <asm/uaccess.h>
-#include <asm/ioctl.h>
-#include <linux/scatterlist.h>
-#include "ncr.h"
-#include "ncr-int.h"
-
-/* must be called with data semaphore down */
-static void _ncr_data_unlink_item(struct data_item_st *item)
-{
- list_del(&item->list);
- _ncr_data_item_put( item); /* decrement ref count */
-}
-
-void ncr_data_list_deinit(struct list_sem_st* lst)
-{
- if(lst) {
- struct data_item_st * item, *tmp;
-
- down(&lst->sem);
-
- list_for_each_entry_safe(item, tmp, &lst->list, list) {
- _ncr_data_unlink_item(item);
- }
- up(&lst->sem);
-
- }
-}
-
-/* must be called with data semaphore down
- */
-static ncr_data_t _ncr_data_get_new_desc( struct list_sem_st* lst)
-{
-struct data_item_st* item;
-int mx = 1;
-
- list_for_each_entry(item, &lst->list, list) {
- mx = max(mx, item->desc);
- }
- mx++;
-
- return mx;
-}
-
-/* returns the data item corresponding to desc */
-struct data_item_st* ncr_data_item_get( struct list_sem_st* lst, ncr_data_t desc)
-{
-struct data_item_st* item;
-
- down(&lst->sem);
- list_for_each_entry(item, &lst->list, list) {
- if (item->desc == desc) {
- atomic_inc(&item->refcnt);
- up(&lst->sem);
- return item;
- }
- }
- up(&lst->sem);
-
- err();
- return NULL;
-}
-
-static void* data_alloc(size_t size)
-{
- /* FIXME: enforce a maximum memory limit per process and per user */
- /* ncr_data_set() relies this function enforcing a reasonable upper
- limit. */
- if (size > 64*1024) {
- err();
- return NULL;
- }
- return kmalloc(size, GFP_KERNEL);
-}
-
-void _ncr_data_item_put( struct data_item_st* item)
-{
- if (atomic_dec_and_test(&item->refcnt)) {
- ncr_limits_remove(item->uid, item->pid, LIMIT_TYPE_DATA);
- kfree(item->data);
- kfree(item);
- }
-}
-
-int ncr_data_init(struct list_sem_st* lst, void __user* arg)
-{
- struct ncr_data_init_st init;
- struct data_item_st* data;
- int ret;
-
- ret = ncr_limits_add_and_check(current_euid(), task_pid_nr(current), LIMIT_TYPE_DATA);
- if (ret < 0) {
- err();
- return ret;
- }
-
- if (unlikely(copy_from_user(&init, arg, sizeof(init)))) {
- err();
- ret = -EFAULT;
- goto err_limits;
- }
-
- data = kmalloc(sizeof(*data), GFP_KERNEL);
- if (data == NULL) {
- err();
- ret = -ENOMEM;
- goto err_limits;
- }
-
- memset(data, 0, sizeof(*data));
-
- data->flags = init.flags;
- data->uid = current_euid();
- data->pid = task_pid_nr(current);
-
- atomic_set(&data->refcnt, 1);
-
- data->data = data_alloc(init.max_object_size);
- if (data->data == NULL) {
- err();
- ret = -ENOMEM;
- goto err_data;
- }
- data->max_data_size = init.max_object_size;
-
- sg_init_one(&data->sg, data->data, data->max_data_size);
-
- if (init.initial_data != NULL) {
- if (unlikely(copy_from_user(data->data, init.initial_data,
- init.initial_data_size))) {
- err();
- _ncr_data_item_put(data);
- return -EFAULT;
- }
- data->data_size = init.initial_data_size;
- }
-
- down(&lst->sem);
-
- data->desc = _ncr_data_get_new_desc(lst);
-
- list_add(&data->list, &lst->list);
-
- up(&lst->sem);
-
- init.desc = data->desc;
- ret = copy_to_user(arg, &init, sizeof(init));
- if (unlikely(ret)) {
- down(&lst->sem);
- _ncr_data_unlink_item(data);
- up(&lst->sem);
- return -EFAULT;
- }
- return ret;
-
- err_data:
- kfree(data);
- err_limits:
- ncr_limits_remove(current_euid(), task_pid_nr(current),
- LIMIT_TYPE_DATA);
- return ret;
-}
-
-
-int ncr_data_deinit(struct list_sem_st* lst, void __user* arg)
-{
- ncr_data_t desc;
- struct data_item_st * item, *tmp;
-
- if (unlikely(copy_from_user(&desc, arg, sizeof(desc)))) {
- err();
- return -EFAULT;
- }
- down(&lst->sem);
-
- list_for_each_entry_safe(item, tmp, &lst->list, list) {
- if(item->desc == desc) {
- _ncr_data_unlink_item(item);
- break;
- }
- }
-
- up(&lst->sem);
-
- return 0;
-}
-
-int ncr_data_get(struct list_sem_st* lst, void __user* arg)
-{
- struct ncr_data_st get;
- struct data_item_st * data;
- size_t len;
- int ret;
-
- if (unlikely(copy_from_user(&get, arg, sizeof(get)))) {
- err();
- return -EFAULT;
- }
-
- data = ncr_data_item_get( lst, get.desc);
-
- if (data == NULL) {
- err();
- return -EINVAL;
- }
-
- if (!(data->flags & NCR_DATA_FLAG_EXPORTABLE)) {
- err();
- ret = -EPERM;
- goto cleanup;
- }
-
- len = min(get.data_size, data->data_size);
-
- /* update length */
- get.data_size = len;
-
- ret = copy_to_user(arg, &get, sizeof(get));
- if (unlikely(ret)) {
- err();
- ret = -EFAULT;
- }
-
- if (ret == 0 && len > 0) {
- ret = copy_to_user(get.data, data->data, len);
- if (unlikely(ret)) {
- err();
- ret = -EFAULT;
- }
- }
-
-cleanup:
- _ncr_data_item_put( data);
-
- return ret;
-}
-
-int ncr_data_set(struct list_sem_st* lst, void __user* arg)
-{
- struct ncr_data_st get;
- struct data_item_st * data;
- int ret;
-
- if (unlikely(copy_from_user(&get, arg, sizeof(get)))) {
- err();
- return -EFAULT;
- }
-
- data = ncr_data_item_get( lst, get.desc);
-
- if (data == NULL) {
- err();
- return -EINVAL;
- }
-
- if ((get.data_size > data->max_data_size) ||
- (get.data == NULL && get.data_size != 0)) {
- err();
- ret = -EINVAL;
- goto cleanup;
- }
-
- if (get.data != NULL) {
- if (unlikely(copy_from_user(data->data, get.data,
- get.data_size))) {
- err();
- ret = -EFAULT;
- goto cleanup;
- }
- }
- data->data_size = get.data_size;
-
- ret = 0;
-
-cleanup:
- _ncr_data_item_put( data);
-
- return ret;
-}
diff --git a/ncr-int.h b/ncr-int.h
index 6ccbcd2..03fab19 100644
--- a/ncr-int.h
+++ b/ncr-int.h
@@ -55,27 +55,6 @@ struct session_item_st {
ncr_session_t desc;
};
-struct data_item_st {
- struct list_head list;
- /* This object is not protected from concurrent access.
- * I see no reason to allow concurrent writes (reads are
- * not an issue).
- */
- struct scatterlist sg; /* points to data */
-
- uint8_t* data;
- size_t data_size;
- size_t max_data_size;
- unsigned int flags;
- atomic_t refcnt;
-
- /* owner. The one charged with this */
- uid_t uid;
- pid_t pid;
-
- ncr_data_t desc;
-};
-
struct key_item_st {
struct list_head list;
/* This object is also not protected from concurrent access.
@@ -129,20 +108,10 @@ void ncr_deinit_lists(struct ncr_lists *lst);
int ncr_ioctl(struct ncr_lists*, struct file *filp,
unsigned int cmd, unsigned long arg);
-int ncr_data_set(struct list_sem_st*, void __user* arg);
-int ncr_data_get(struct list_sem_st*, void __user* arg);
-int ncr_data_deinit(struct list_sem_st*, void __user* arg);
-int ncr_data_init(struct list_sem_st*, void __user* arg);
-void ncr_data_list_deinit(struct list_sem_st*);
-struct data_item_st* ncr_data_item_get( struct list_sem_st* lst, ncr_data_t desc);
-void _ncr_data_item_put( struct data_item_st* item);
-
int ncr_key_init(struct list_sem_st*, void __user* arg);
int ncr_key_deinit(struct list_sem_st*, void __user* arg);
-int ncr_key_export(struct list_sem_st* data_lst,
- struct list_sem_st* key_lst,void __user* arg);
-int ncr_key_import(struct list_sem_st* data_lst,
- struct list_sem_st* key_lst,void __user* arg);
+int ncr_key_export(struct list_sem_st* key_lst,void __user* arg);
+int ncr_key_import(struct list_sem_st* key_lst,void __user* arg);
void ncr_key_list_deinit(struct list_sem_st* lst);
int ncr_key_generate(struct list_sem_st* data_lst, void __user* arg);
int ncr_key_info(struct list_sem_st*, void __user* arg);
@@ -160,7 +129,6 @@ void _ncr_key_item_put( struct key_item_st* item);
typedef enum {
LIMIT_TYPE_KEY,
- LIMIT_TYPE_DATA
} limits_type_t;
void ncr_limits_remove(uid_t uid, pid_t pid, limits_type_t type);
@@ -195,25 +163,6 @@ int key_to_storage_data( uint8_t** data, size_t * data_size, const struct key_it
/* misc helper macros */
-inline static unsigned int key_flags_to_data(unsigned int key_flags)
-{
- unsigned int flags = 0;
-
- if (key_flags & NCR_KEY_FLAG_EXPORTABLE)
- flags |= NCR_DATA_FLAG_EXPORTABLE;
-
- return flags;
-}
-
-inline static unsigned int data_flags_to_key(unsigned int data_flags)
-{
- unsigned int flags = 0;
-
- if (data_flags & NCR_DATA_FLAG_EXPORTABLE)
- flags |= NCR_KEY_FLAG_EXPORTABLE;
-
- return flags;
-}
const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo);
const struct algo_properties_st *ncr_key_params_get_sign_hash(const struct algo_properties_st *algo, struct ncr_key_params_st * params);
diff --git a/ncr-key.c b/ncr-key.c
index 126d1bf..9e67b52 100644
--- a/ncr-key.c
+++ b/ncr-key.c
@@ -231,13 +231,12 @@ int ncr_key_deinit(struct list_sem_st* lst, void __user* arg)
/* "exports" a key to a data item. If the key is not exportable
* to userspace then the data item will also not be.
*/
-int ncr_key_export(struct list_sem_st* data_lst,
- struct list_sem_st* key_lst, void __user* arg)
+int ncr_key_export(struct list_sem_st* key_lst, void __user* arg)
{
struct ncr_key_data_st data;
struct key_item_st* item = NULL;
-struct data_item_st* ditem = NULL;
-uint32_t size;
+void* tmp = NULL;
+uint32_t tmp_size;
int ret;
if (unlikely(copy_from_user(&data, arg, sizeof(data)))) {
@@ -251,18 +250,15 @@ int ret;
return ret;
}
- ditem = ncr_data_item_get( data_lst, data.data);
- if (ditem == NULL) {
+ if (!(item->flags & NCR_KEY_FLAG_EXPORTABLE)) {
err();
- ret = -EINVAL;
+ ret = -EPERM;
goto fail;
}
- ditem->flags = key_flags_to_data(item->flags);
-
switch (item->type) {
case NCR_KEY_TYPE_SECRET:
- if (item->key.secret.size > ditem->max_data_size) {
+ if (item->key.secret.size > data.idata_size) {
err();
ret = -EINVAL;
goto fail;
@@ -270,21 +266,40 @@ int ret;
/* found */
if (item->key.secret.size > 0) {
- memcpy(ditem->data, item->key.secret.data, item->key.secret.size);
+ ret = copy_to_user(data.idata, item->key.secret.data, item->key.secret.size);
+ if (unlikely(ret)) {
+ err();
+ ret = -EFAULT;
+ goto fail;
+ }
}
- ditem->data_size = item->key.secret.size;
+ data.idata_size = item->key.secret.size;
break;
case NCR_KEY_TYPE_PUBLIC:
case NCR_KEY_TYPE_PRIVATE:
- size = ditem->max_data_size;
- ret = ncr_pk_pack(item, ditem->data, &size);
+ tmp_size = data.idata_size;
- ditem->data_size = size;
+ tmp = kmalloc(tmp_size, GFP_KERNEL);
+ if (tmp == NULL) {
+ err();
+ ret = -ENOMEM;
+ goto fail;
+ }
+
+ ret = ncr_pk_pack(item, tmp, &tmp_size);
+ data.idata_size = tmp_size;
if (ret < 0) {
err();
goto fail;
}
+
+ ret = copy_to_user(data.idata, tmp, tmp_size);
+ if (unlikely(ret)) {
+ err();
+ ret = -EFAULT;
+ goto fail;
+ }
break;
default:
@@ -293,16 +308,16 @@ int ret;
goto fail;
}
- _ncr_key_item_put( item);
- _ncr_data_item_put( ditem);
-
- return 0;
+ if (unlikely(copy_to_user(arg, &data, sizeof(data)))) {
+ err();
+ ret = -EFAULT;
+ } else
+ ret = 0;
fail:
+ kfree(tmp);
if (item)
_ncr_key_item_put(item);
- if (ditem)
- _ncr_data_item_put(ditem);
return ret;
}
@@ -310,13 +325,13 @@ fail:
/* "imports" a key from a data item. If the key is not exportable
* to userspace then the key item will also not be.
*/
-int ncr_key_import(struct list_sem_st* data_lst,
- struct list_sem_st* key_lst, void __user* arg)
+int ncr_key_import(struct list_sem_st* key_lst, void __user* arg)
{
struct ncr_key_data_st data;
struct key_item_st* item = NULL;
-struct data_item_st* ditem = NULL;
int ret;
+void* tmp = NULL;
+size_t tmp_size;
if (unlikely(copy_from_user(&data, arg, sizeof(data)))) {
err();
@@ -329,13 +344,20 @@ int ret;
return ret;
}
- ditem = ncr_data_item_get( data_lst, data.data);
- if (ditem == NULL) {
+ tmp = kmalloc(data.idata_size, GFP_KERNEL);
+ if (tmp == NULL) {
err();
- ret = -EINVAL;
+ ret = -ENOMEM;
goto fail;
}
-
+
+ if (unlikely(copy_from_user(tmp, data.idata, data.idata_size))) {
+ err();
+ ret = -EFAULT;
+ goto fail;
+ }
+ tmp_size = data.idata_size;
+
item->type = data.type;
item->algorithm = _ncr_algo_to_properties(data.algorithm);
if (item->algorithm == NULL) {
@@ -344,11 +366,6 @@ int ret;
goto fail;
}
item->flags = data.flags;
- /* if data cannot be exported then the flags above
- * should be overriden */
- if (!(ditem->flags & NCR_DATA_FLAG_EXPORTABLE)) {
- item->flags &= ~NCR_KEY_FLAG_EXPORTABLE;
- }
if (data.key_id_size > MAX_KEY_ID_SIZE) {
err();
@@ -363,18 +380,18 @@ int ret;
switch(item->type) {
case NCR_KEY_TYPE_SECRET:
- if (ditem->data_size > NCR_CIPHER_MAX_KEY_LEN) {
+ if (tmp_size > NCR_CIPHER_MAX_KEY_LEN) {
err();
ret = -EINVAL;
goto fail;
}
- memcpy(item->key.secret.data, ditem->data, ditem->data_size);
- item->key.secret.size = ditem->data_size;
+ memcpy(item->key.secret.data, tmp, tmp_size);
+ item->key.secret.size = tmp_size;
break;
case NCR_KEY_TYPE_PRIVATE:
case NCR_KEY_TYPE_PUBLIC:
- ret = ncr_pk_unpack( item, ditem->data, ditem->data_size);
+ ret = ncr_pk_unpack( item, tmp, tmp_size);
if (ret < 0) {
err();
goto fail;
@@ -387,16 +404,13 @@ int ret;
goto fail;
}
- _ncr_key_item_put( item);
- _ncr_data_item_put( ditem);
-
- return 0;
+ ret = 0;
fail:
if (item)
_ncr_key_item_put(item);
- if (ditem)
- _ncr_data_item_put(ditem);
+ kfree(tmp);
+
return ret;
}
diff --git a/ncr-limits.c b/ncr-limits.c
index 5340954..7a98f3c 100644
--- a/ncr-limits.c
+++ b/ncr-limits.c
@@ -34,12 +34,10 @@
/* arbitrary now */
static unsigned int max_per_user[] = {
[LIMIT_TYPE_KEY] = 128,
- [LIMIT_TYPE_DATA] = 128,
};
static unsigned int max_per_process[] = {
[LIMIT_TYPE_KEY] = 64,
- [LIMIT_TYPE_DATA] = 64,
};
struct limit_user_item_st {
diff --git a/ncr-pk.c b/ncr-pk.c
index cb217d7..ecb2ce3 100644
--- a/ncr-pk.c
+++ b/ncr-pk.c
@@ -359,9 +359,13 @@ int ncr_pk_cipher_init(const struct algo_properties_st *algo,
err();
return -EINVAL;
}
- } else if (params->params.rsa.type == RSA_PKCS1_PSS)
+ } else if (params->params.rsa.type == RSA_PKCS1_PSS) {
ctx->type = LTC_LTC_PKCS_1_PSS;
-
+ } else {
+ err();
+ return -EINVAL;
+ }
+
ctx->salt_len = params->params.rsa.pss_salt;
break;
case NCR_ALG_DSA:
@@ -534,7 +538,6 @@ void * input, *output;
case NCR_ALG_RSA:
cret = rsa_sign_hash_ex( input, isg_size, output, &osize,
ctx->type, ctx->sign_hash, ctx->salt_len, &ctx->key->key.pk.rsa);
-
if (cret != CRYPT_OK) {
err();
return tomerr(cret);
@@ -575,7 +578,7 @@ int ncr_pk_cipher_verify(const struct ncr_pk_ctx* ctx,
const void* hash, size_t hash_size, ncr_error_t* err)
{
int cret, ret;
-int stat;
+int stat = 0;
uint8_t* sig;
sig = kmalloc(sign_sg_size, GFP_KERNEL);
@@ -596,13 +599,12 @@ uint8_t* sig;
cret = rsa_verify_hash_ex( sig, sign_sg_size,
hash, hash_size, ctx->type, ctx->sign_hash,
ctx->salt_len, &stat, &ctx->key->key.pk.rsa);
-
if (cret != CRYPT_OK) {
err();
ret = tomerr(cret);
goto fail;
}
-
+
if (stat == 1)
*err = 0;
else
diff --git a/ncr-sessions.c b/ncr-sessions.c
index f0aebc5..8986379 100644
--- a/ncr-sessions.c
+++ b/ncr-sessions.c
@@ -537,12 +537,13 @@ static int get_userbuf2(struct session_item_st* ses,
unsigned *src_cnt, struct scatterlist **dst_sg, unsigned *dst_cnt)
{
int src_pagecount, dst_pagecount = 0, pagecount, write_src = 1;
+ size_t input_size = op->data.udata.input_size;
if (op->data.udata.input == NULL) {
return -EINVAL;
}
- src_pagecount = PAGECOUNT(op->data.udata.input, op->data.udata.input_size);
+ src_pagecount = PAGECOUNT(op->data.udata.input, input_size);
if (op->data.udata.input != op->data.udata.output) { /* non-in-situ transformation */
if (op->data.udata.output != NULL) {
@@ -551,6 +552,10 @@ static int get_userbuf2(struct session_item_st* ses,
} else {
dst_pagecount = 0;
}
+ } else {
+ src_pagecount = max((int)(PAGECOUNT(op->data.udata.output, op->data.udata.output_size)),
+ src_pagecount);
+ input_size = max(input_size, (size_t)op->data.udata.output_size);
}
ses->available_pages = pagecount = src_pagecount + dst_pagecount;
@@ -571,7 +576,7 @@ static int get_userbuf2(struct session_item_st* ses,
}
}
- if (__get_userbuf(op->data.udata.input, op->data.udata.input_size, write_src,
+ if (__get_userbuf(op->data.udata.input, input_size, write_src,
src_pagecount, ses->pages, ses->sg)) {
dprintk(1, KERN_ERR, "failed to get user pages for data input\n");
return -EINVAL;
@@ -639,7 +644,7 @@ int _ncr_session_direct_update(struct ncr_lists* lists, struct ncr_session_op_st
ret = -EINVAL;
goto fail;
}
-
+
ret = _ncr_session_encrypt(sess, isg, isg_cnt, isg_size,
osg, osg_cnt, &osg_size);
if (ret < 0) {
@@ -716,7 +721,6 @@ int _ncr_session_direct_final(struct ncr_lists* lists, struct ncr_session_op_st*
{
int ret;
struct session_item_st* sess;
- struct data_item_st* odata = NULL;
int digest_size;
uint8_t digest[NCR_HASH_MAX_OUTPUT_SIZE];
uint8_t vdigest[NCR_HASH_MAX_OUTPUT_SIZE];
@@ -776,7 +780,7 @@ int _ncr_session_direct_final(struct ncr_lists* lists, struct ncr_session_op_st*
goto fail;
}
- if (digest_size != odata->data_size ||
+ if (digest_size != osg_size ||
memcmp(vdigest, digest, digest_size) != 0) {
op->err = NCR_VERIFICATION_FAILED;
diff --git a/ncr.c b/ncr.c
index 4813eef..1d91456 100644
--- a/ncr.c
+++ b/ncr.c
@@ -64,7 +64,6 @@ void* ncr_init_lists(void)
void ncr_deinit_lists(struct ncr_lists *lst)
{
if(lst) {
- ncr_data_list_deinit(&lst->data);
ncr_key_list_deinit(&lst->key);
ncr_sessions_list_deinit(&lst->sessions);
kfree(lst);
@@ -124,15 +123,6 @@ ncr_ioctl(struct ncr_lists* lst, struct file *filp,
BUG();
switch (cmd) {
- case NCRIO_DATA_INIT:
- return ncr_data_init(&lst->data, arg);
- case NCRIO_DATA_GET:
- return ncr_data_get(&lst->data, arg);
- case NCRIO_DATA_SET:
- return ncr_data_set(&lst->data, arg);
- case NCRIO_DATA_DEINIT:
- return ncr_data_deinit(&lst->data, arg);
-
case NCRIO_KEY_INIT:
return ncr_key_init(&lst->key, arg);
case NCRIO_KEY_DEINIT:
@@ -140,9 +130,9 @@ ncr_ioctl(struct ncr_lists* lst, struct file *filp,
case NCRIO_KEY_GENERATE:
return ncr_key_generate(&lst->key, arg);
case NCRIO_KEY_EXPORT:
- return ncr_key_export(&lst->data, &lst->key, arg);
+ return ncr_key_export(&lst->key, arg);
case NCRIO_KEY_IMPORT:
- return ncr_key_import(&lst->data, &lst->key, arg);
+ return ncr_key_import(&lst->key, arg);
case NCRIO_KEY_GET_INFO:
return ncr_key_info(&lst->key, arg);
case NCRIO_KEY_WRAP:
diff --git a/ncr.h b/ncr.h
index e992c7b..3c87f59 100644
--- a/ncr.h
+++ b/ncr.h
@@ -55,34 +55,6 @@ typedef enum {
NCR_KEY_TYPE_PRIVATE=3,
} ncr_key_type_t;
-/* Data Handling
- */
-#define NCR_DATA_FLAG_EXPORTABLE 1
-#define NCR_DATA_FLAG_SIGN_ONLY 2 /* this object can only be used with hash/sign operations */
-
-typedef int ncr_data_t;
-#define NCR_DATA_INVALID (ncr_data_t)(0)
-
-struct ncr_data_init_st {
- ncr_data_t desc;
- size_t max_object_size;
- unsigned int flags;
- void __user *initial_data; /* can be null */
- size_t initial_data_size;
-};
-
-struct ncr_data_st {
- ncr_data_t desc;
- void __user *data;
- size_t data_size; /* rw in get */
- unsigned int append_flag; /* only when used with NCRIO_DATA_SET */
-};
-
-#define NCRIO_DATA_INIT _IOWR('c', 200, struct ncr_data_init_st)
-#define NCRIO_DATA_GET _IOWR('c', 201, struct ncr_data_st)
-#define NCRIO_DATA_SET _IOR('c', 202, struct ncr_data_st)
-#define NCRIO_DATA_DEINIT _IOR('c', 203, ncr_data_t)
-
/* Key handling
*/
@@ -187,7 +159,10 @@ struct ncr_key_info_st {
struct ncr_key_data_st {
ncr_key_t key;
- ncr_data_t data;
+
+ void __user *idata;
+ size_t idata_size; /* rw in get */
+
/* in case of import this will be used as key id */
uint8_t key_id[MAX_KEY_ID_SIZE];
size_t key_id_size;
generated by cgit (git 2.34.1) at 2025-07-03 05:16:04 +0000