summaryrefslogtreecommitdiffstats
path: root/userspace/ncrypto.h
diff options
context:
space:
mode:
Diffstat (limited to 'userspace/ncrypto.h')
-rw-r--r--userspace/ncrypto.h230
1 files changed, 91 insertions, 139 deletions
diff --git a/userspace/ncrypto.h b/userspace/ncrypto.h
index 546b6ba..5bcb4a7 100644
--- a/userspace/ncrypto.h
+++ b/userspace/ncrypto.h
@@ -1,141 +1,93 @@
-#include <crypto/ncr.h>
-
-int ncr_global_init(unsigned int flags); /* open device */
-void ncr_global_deinit(void); /* close device */
-
-
-/* parameters for key generation
+/*
+ * Copyright (c) 2010 Katholieke Universiteit Leuven
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+ * Red Hat author: Jan Chadima <jchadima@redhat.com>
*/
-int ncr_generate_params_init(ncr_generate_params_t*); /* userspace */
-void ncr_generate_params_deinit(ncr_generate_params_t); /* userspace */
-
-/* common for ciphers and public key algorithms */
-void ncr_generate_params_set_algorithm(ncr_generate_params_t, ncr_algorithm_t); /* userspace */
-
-/* public key algorithms */
-void ncr_generate_params_set_bits(ncr_generate_params_t, unsigned int bits); /* RSA+DSA */
-int ncr_generate_params_set_rsa_e(ncr_generate_params_t, void* e, unsigned int e_size); /* RSA */
-
-/* parameters for encryption/decryption/derivation
- */
-int ncr_params_init(ncr_params_t*); /* userspace */
-void ncr_params_deinit(ncr_params_t); /* userspace */
-
-int ncr_params_set_cipher_iv(ncr_params_t, void* iv, unsigned int iv_size); /* userspace */
-
-int ncr_params_set_dh_key(ncr_params_t, ncr_key_t dh_priv); /* DH */
-
-
-/* data flags are of NCR_DATA_FLAG_* type */
-
-int ncr_data_init(ncr_data_t *, size_t max_object_size, unsigned int dataflags); /* ioctl DATA_INIT */
-size_t ncr_data_get_size(ncr_data_t); /* ioctl DATA_GET */
-int ncr_data_get_data(ncr_data_t, void* data_ptr, size_t *data_size); /* ioctl DATA_GET */
-int ncr_data_set_data(ncr_data_t, void* data_ptr, size_t data_size); /* ioctl DATA_SET */
-int ncr_data_append_data(ncr_data_t, void* data_ptr, size_t data_size); /* ioctl DATA_SET */
-void ncr_data_deinit(ncr_data_t); /* ioctl DATA_DEINIT */
-
-/* key flags are NCR_KEY_FLAG_* */
-
-int ncr_key_init(ncr_key_t* key); /* ioctl KEY_INIT */
-int ncr_key_generate(ncr_key_t key, ncr_algorithm_t algorithm, unsigned int bits, unsigned int keyflags); /* ioctl KEY_GENERATE */
-int ncr_key_generate_pair(ncr_key_t public_key, ncr_key_t private_key, ncr_generate_params_t params, unsigned int keyflags); /* ioctl KEY_GENERATE_PAIR */
-int ncr_key_derive(ncr_key_t newkey, ncr_params_t params, unsigned int keyflags, ncr_key_t data); /* ioctl KEY_DERIVE */
-unsigned int ncr_key_get_flags(ncr_key_t key); /* ioctl KEY_GET_INFO */
-ncr_key_type_t ncr_key_get_type(ncr_key_t key); /* ioctl KEY_GET_INFO */
-int ncr_key_export(ncr_key_t key, ncr_data_t obj); /* ioctl KEY_EXPORT */
-int ncr_key_import(ncr_key_t key, ncr_data_t obj); /* ioctl KEY_IMPORT */
-int ncr_key_get_id(ncr_key_t, void* id, size_t* id_size); /* KEY_GET_INFO */
-void ncr_key_deinit(ncr_key_t); /* ioctl KEY_DEINIT */
-
-typedef enum {
- NCR_RSA_MODULUS,
- NCR_RSA_EXPONENT,
- NCR_DSA_P,
- NCR_DSA_Q,
- NCR_DSA_Y,
-} ncr_public_param_t;
-
-int ncr_key_get_public_param(ncr_key_t key, ncr_public_param_t, void* output, size_t* output_size);
-
-/* store keys */
-int ncr_storage_store(const char* label, mode_t mode, ncr_key_t key); /* ioctl STORE_STORE */
-int ncr_storage_mkstemp(char* template, mode_t mode, ncr_key_t key);/* ioctl STORE_MKSTEMP */
-ncr_key_t ncr_storage_load(const char* label); /* ioctl STORE_LOAD */
-
-int ncr_storage_chmod(const char* label, mode_t newmode); /* ioctl STORE_CHMOD */
-int ncr_storage_chown(const char* label, uid_t owner, gid_t grp); /* ioctl STORE_CHOWN */
-int ncr_storage_remove(const char* label); /* ioctl STORE_REMOVE */
-typedef struct {} * ncr_metadata_t;
-
-int ncr_metadata_init(ncr_metadata_t* metadata); /* userspace */
-void ncr_metadata_deinit(ncr_metadata_t metadata);/* userspace */
-
-/* read info from metadata */
-const char* ncr_metadata_get_label(ncr_metadata_t); /* userspace */
-ncr_key_type_t ncr_metadata_get_type(ncr_metadata_t); /* userspace */
-
-/* id of the key. For public/private key pairs it should be the same */
-int ncr_metadata_get_id(ncr_metadata_t, void* id, size_t* id_size); /* userspace */
-/* this has meaning only if type is public or private key */
-ncr_algorithm_t ncr_metadata_get_algorithm(ncr_metadata_t); /* userspace */
-
-uid_t ncr_metadata_get_uid(ncr_metadata_t); /* userspace */
-gid_t ncr_metadata_get_gid(ncr_metadata_t); /* userspace */
-mode_t ncr_metadata_get_mode(ncr_metadata_t); /*userspace */
-
-/* load metadata for particular file */
-int ncr_metadata_load(const char* label, ncr_metadata_t metadata); /* ioctl STORE_METADATA_GET_INFO */
-
-/* traverse all storage entries */
-int ncr_storage_traverse_init(ncr_traverse_t* tr); /* ioctl STORE_METADATA_TRAVERSE_INIT */
-int ncr_storage_traverse_next(ncr_traverse_t, ncr_metadata_t metadata); /* ioctl STORE_METADATA_TRAVERSE_NEXT */
-void ncr_storage_traverse_deinit(ncr_traverse_t); /* ioctl STORE_METADATA_TRAVERSE_DEINIT */
-
-/* wrap unwrap */
-int ncr_key_wrap(ncr_key_t wrapping_key, ncr_params_t params, ncr_key_t key, void* output_data, size_t output_data_size); /* ioctl KEY_WRAP */
-int ncr_key_unwrap(ncr_key_t*key, ncr_key_t wrapping_key, ncr_params_t params, unsigned int keyflags, void* input_data, size_t input_data_size); /* ioctl KEY_UNWRAP */
-
-/* operations to objects result in objects that have the same properties as the original
- * object. I.e. encrypting a secret key under an object will not allow you to export it.
- */
-
-int ncr_session_copy(ncr_session_t* copy, ncr_session_t source); /* ioctl SESSION_COPY */
-
-/* encryption functions */
-int ncr_encrypt_init(ncr_session_t* session, ncr_key_t key, ncr_params_t params); /* ioctl SESSION_INIT */
-int ncr_encrypt_once(ncr_key_t key, ncr_params_t params, const ncr_data_t plaintext, ncr_data_t ciphertext); /*userspace */
-int ncr_encrypt_update(ncr_session_t session, const ncr_data_t plaintext, ncr_data_t ciphertext); /* ioctl SESSION_UPDATE */
-int ncr_encrypt_final(ncr_session_t session, ncr_data_t obj); /* ioctl SESSION_FINAL */
-
-/* decryption functions */
-int ncr_decrypt_init(ncr_session_t* session, ncr_key_t key, ncr_params_t params);
-int ncr_decrypt_once(ncr_key_t key, ncr_params_t params, const ncr_data_t ciphertext, ncr_data_t plaintext);
-int ncr_decrypt_update(ncr_session_t session, const ncr_data_t ciphertext, ncr_data_t plaintext);
-int ncr_decrypt_final(ncr_session_t session, ncr_data_t obj);
-
-/* PK hash functions */
-int ncr_digest_init(ncr_session_t* session, ncr_params_t params);
-int ncr_digest_once(ncr_key_t key, ncr_params_t params, const ncr_data_t plaintext, ncr_data_t hash);
-int ncr_digest_update(ncr_session_t session, const ncr_data_t plaintext);
-int ncr_digest_final(ncr_session_t session, ncr_data_t hash);
-
-/* PK SIGN and MAC functions */
-int ncr_sign_init(ncr_session_t* session, ncr_key_t key, ncr_params_t params);
-int ncr_sign_once(ncr_key_t key, ncr_params_t params, const ncr_data_t plaintext, ncr_data_t signature);
-int ncr_sign_update(ncr_session_t session, const ncr_data_t plaintext);
-int ncr_sign_final(ncr_session_t session, ncr_data_t signature);
-
-/* Verify PK signature or MAC signature */
-int ncr_verify_init(ncr_session_t* session, ncr_key_t key, ncr_params_t params);
-int ncr_verify_once(ncr_key_t key, ncr_params_t params, const ncr_data_t plaintext, const ncr_data_t signature);
-int ncr_verify_update(ncr_session_t session, const ncr_data_t plaintext);
-int ncr_verify_final(ncr_session_t session, const ncr_data_t signature);
-
-/* Everything looks straight forward except for authentication
- * algorithms such as Diffie Hellman. This should be done as in PKCS #11
- * as:
- * ncr_key_generate_pair(our_pubkey, our_privkey)
- * ncr_key_derive(shared_key, params -contain our privkey-, flags_for_new_key, peer_pubkey);
- */
+#ifndef __NCRYPT_H__
+#define __NCRYPT_H__
+
+#include <linux/ncr.h>
+
+#define NCR_DATA_GET_LAST 1
+//#define NCR_DATA_SET_APPEND 1
+#define NCR_SESSION_FINAL 1
+
+//struct ncr_key_generate_params_st;
+typedef struct ncr_key_generate_params_st *ncr_key_generate_params_t;
+//struct ncr_key_params_st;
+typedef struct ncr_key_params_st *ncr_key_params_t;
+
+int ncr_global_init(unsigned int flags);
+void ncr_global_deinit(void);
+
+int ncr_key_generate_params_init(ncr_key_generate_params_t *params);
+int ncr_key_generate_params_deinit(ncr_key_generate_params_t params);
+int ncr_key_generate_params_set_algorithm(ncr_key_generate_params_t params, ncr_algorithm_t algorithm);
+int ncr_key_generate_params_set_keyflags(ncr_key_generate_params_t params, unsigned int keyflags);
+int ncr_key_generate_params_set_secret_bits(ncr_key_generate_params_t params, unsigned int bits);
+int ncr_key_generate_params_set_rsa_bits(ncr_key_generate_params_t params, unsigned int bits);
+int ncr_key_generate_params_set_rsa_e(ncr_key_generate_params_t params, void *e, size_t e_size);
+int ncr_key_generate_params_set_dsa_p_bits(ncr_key_generate_params_t params, unsigned int p_bits);
+int ncr_key_generate_params_set_dsa_q_bits(ncr_key_generate_params_t params, unsigned int q_bits);
+int ncr_key_generate_params_set_dh(ncr_key_generate_params_t params, void *p, size_t p_size, void *g, size_t g_size);
+
+int ncr_key_init(ncr_key_t *key);
+int ncr_key_generate(ncr_key_t key, ncr_key_generate_params_t params);
+int ncr_key_generate_pair(ncr_key_t key1, ncr_key_t key2, ncr_key_generate_params_t params);
+int ncr_key_derive(ncr_key_t newkey, unsigned int keyflags, ncr_key_t key, ncr_derive_t derive, ncr_key_params_t key_params);
+ncr_algorithm_t ncr_key_get_algorithm(ncr_key_t key);
+int ncr_key_get_flags(ncr_key_t key);
+ncr_key_type_t ncr_key_get_type(ncr_key_t key);
+int ncr_key_get_id(ncr_key_t key, void *id, size_t *id_size);
+int ncr_key_export(ncr_key_t key, void *idata, size_t idata_size);
+int ncr_key_import(ncr_key_t key, void *idata, size_t idata_size, void *id, size_t id_size, ncr_algorithm_t algorithm, unsigned int type, unsigned int flags);
+int ncr_key_wrap(ncr_key_t key, ncr_wrap_algorithm_t algorithm, ncr_key_params_t params, ncr_key_t keytowrap, void *idata, size_t idata_size);
+int ncr_key_unwrap(ncr_key_t key, ncr_wrap_algorithm_t algorithm, ncr_key_params_t params, ncr_key_t keytowrap, void *idata, size_t idata_size);
+int ncr_key_storage_wrap(ncr_key_t keytowrap, void *idata, size_t idata_size);
+int ncr_key_storage_unwrap(ncr_key_t keytowrap, void *idata, size_t idata_size);
+int ncr_key_deinit(ncr_key_t key);
+
+int ncr_masterkey_set(void *key, size_t key_size);
+
+int ncr_key_params_init(ncr_key_params_t *key_params);
+void ncr_key_params_deinit(ncr_key_params_t key_params);
+int ncr_key_params_set_cipher_iv(ncr_key_params_t key_params, void* iv, unsigned int iv_size);
+int ncr_key_params_set_dh_pub(ncr_key_params_t params, void *pub, size_t pub_size);
+int ncr_key_params_set_rsa_type(ncr_key_params_t params, ncr_rsa_type_t type);
+int ncr_key_params_set_rsa_oaep_hash(ncr_key_params_t params, ncr_algorithm_t oaep_hash);
+int ncr_key_params_set_rsa_sign_hash(ncr_key_params_t params, ncr_algorithm_t sign_hash);
+int ncr_key_params_set_rsa_pss_salt(ncr_key_params_t params, unsigned int pss_salt);
+int ncr_key_params_set_dsa_sign_hash(ncr_key_params_t params, ncr_algorithm_t sign_hash);
+
+int ncr_session_once_key_data(ncr_key_t key, ncr_key_params_t params, ncr_crypto_op_t op, ncr_algorithm_t algorithm, ncr_key_t input, void *output, size_t output_size);
+int ncr_session_once_direct_data(ncr_key_t key, ncr_key_params_t params, ncr_crypto_op_t op, ncr_algorithm_t algorithm, void *input, size_t input_size, void *output, size_t output_size);
+int ncr_session_init(ncr_session_t *session, ncr_key_t key, ncr_key_params_t key_params, ncr_crypto_op_t op, ncr_algorithm_t algorithm);
+int ncr_session_update_key_data(ncr_session_t session, ncr_key_t input, void *output, size_t output_size);
+int ncr_session_update_direct_data(ncr_session_t session, void *input, size_t input_size, void *output, size_t output_size);
+int ncr_session_final(ncr_session_t session, void *output, size_t output_size);
+
+#endif
generated by cgit (git 2.34.1) at 2025-07-04 10:13:04 +0000