summaryrefslogtreecommitdiffstats
path: root/userspace
diff options
context:
space:
mode:
Diffstat (limited to 'userspace')
-rw-r--r--userspace/Makefile24
-rw-r--r--userspace/ncrypto.h230
-rw-r--r--userspace/ncrypto_fd.c72
-rw-r--r--userspace/ncrypto_generate_params.c182
-rw-r--r--userspace/ncrypto_internal.h36
-rw-r--r--userspace/ncrypto_key.c390
-rw-r--r--userspace/ncrypto_masterkey.c61
-rw-r--r--userspace/ncrypto_params.c146
-rw-r--r--userspace/ncrypto_session.c245
9 files changed, 1244 insertions, 142 deletions
diff --git a/userspace/Makefile b/userspace/Makefile
index fddefb3..a2757a4 100644
--- a/userspace/Makefile
+++ b/userspace/Makefile
@@ -1,12 +1,30 @@
CC = gcc
+AM_CFLAGS = -I. -fPIC
CFLAGS = -Wall -g -O2
progs := ncr-setkey
-all: $(progs)
+libobj = ncrypto_fd.o ncrypto_generate_params.o ncrypto_key.o ncrypto_masterkey.o ncrypto_params.o ncrypto_session.o
+
+all: $(progs) libcryptodev.so
ncr-setkey: setkey.c
- $(CC) $(CFLAGS) $< -o $@
+ $(CC) $(AM_CFLAGS) $(CFLAGS) $< -o $@
+
+libcryptodev.so: ${libobj}
+ $(CC) $(AM_CFLAGS) $(CFLAGS) -shared -o libcryptodev.so.0.0 \
+ -Wl,-soname,libcryptodev.so.0 ${libobj}
+ ln -sf libcryptodev.so.0.0 libcryptodev.so.0
+ ln -sf libcryptodev.so.0.0 libcryptodev.so
+
+$(libobj): linux/ncr.h ncrypto_internal.h
+
+linux/ncr.h: ../ncr.h
+ mkdir -p linux
+ cp $< linux/ncr.h
clean:
- rm -f *.o *~ ncr-setkey
+ rm -rf *.o *~ libcryptodev.so* ncr-setkey linux
+
+.c.o:
+ $(CC) $(AM_CFLAGS) $(CFLAGS) -c -o $@ $< \ No newline at end of file
diff --git a/userspace/ncrypto.h b/userspace/ncrypto.h
index 546b6ba..5bcb4a7 100644
--- a/userspace/ncrypto.h
+++ b/userspace/ncrypto.h
@@ -1,141 +1,93 @@
-#include <crypto/ncr.h>
-
-int ncr_global_init(unsigned int flags); /* open device */
-void ncr_global_deinit(void); /* close device */
-
-
-/* parameters for key generation
+/*
+ * Copyright (c) 2010 Katholieke Universiteit Leuven
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+ * Red Hat author: Jan Chadima <jchadima@redhat.com>
*/
-int ncr_generate_params_init(ncr_generate_params_t*); /* userspace */
-void ncr_generate_params_deinit(ncr_generate_params_t); /* userspace */
-
-/* common for ciphers and public key algorithms */
-void ncr_generate_params_set_algorithm(ncr_generate_params_t, ncr_algorithm_t); /* userspace */
-
-/* public key algorithms */
-void ncr_generate_params_set_bits(ncr_generate_params_t, unsigned int bits); /* RSA+DSA */
-int ncr_generate_params_set_rsa_e(ncr_generate_params_t, void* e, unsigned int e_size); /* RSA */
-
-/* parameters for encryption/decryption/derivation
- */
-int ncr_params_init(ncr_params_t*); /* userspace */
-void ncr_params_deinit(ncr_params_t); /* userspace */
-
-int ncr_params_set_cipher_iv(ncr_params_t, void* iv, unsigned int iv_size); /* userspace */
-
-int ncr_params_set_dh_key(ncr_params_t, ncr_key_t dh_priv); /* DH */
-
-
-/* data flags are of NCR_DATA_FLAG_* type */
-
-int ncr_data_init(ncr_data_t *, size_t max_object_size, unsigned int dataflags); /* ioctl DATA_INIT */
-size_t ncr_data_get_size(ncr_data_t); /* ioctl DATA_GET */
-int ncr_data_get_data(ncr_data_t, void* data_ptr, size_t *data_size); /* ioctl DATA_GET */
-int ncr_data_set_data(ncr_data_t, void* data_ptr, size_t data_size); /* ioctl DATA_SET */
-int ncr_data_append_data(ncr_data_t, void* data_ptr, size_t data_size); /* ioctl DATA_SET */
-void ncr_data_deinit(ncr_data_t); /* ioctl DATA_DEINIT */
-
-/* key flags are NCR_KEY_FLAG_* */
-
-int ncr_key_init(ncr_key_t* key); /* ioctl KEY_INIT */
-int ncr_key_generate(ncr_key_t key, ncr_algorithm_t algorithm, unsigned int bits, unsigned int keyflags); /* ioctl KEY_GENERATE */
-int ncr_key_generate_pair(ncr_key_t public_key, ncr_key_t private_key, ncr_generate_params_t params, unsigned int keyflags); /* ioctl KEY_GENERATE_PAIR */
-int ncr_key_derive(ncr_key_t newkey, ncr_params_t params, unsigned int keyflags, ncr_key_t data); /* ioctl KEY_DERIVE */
-unsigned int ncr_key_get_flags(ncr_key_t key); /* ioctl KEY_GET_INFO */
-ncr_key_type_t ncr_key_get_type(ncr_key_t key); /* ioctl KEY_GET_INFO */
-int ncr_key_export(ncr_key_t key, ncr_data_t obj); /* ioctl KEY_EXPORT */
-int ncr_key_import(ncr_key_t key, ncr_data_t obj); /* ioctl KEY_IMPORT */
-int ncr_key_get_id(ncr_key_t, void* id, size_t* id_size); /* KEY_GET_INFO */
-void ncr_key_deinit(ncr_key_t); /* ioctl KEY_DEINIT */
-
-typedef enum {
- NCR_RSA_MODULUS,
- NCR_RSA_EXPONENT,
- NCR_DSA_P,
- NCR_DSA_Q,
- NCR_DSA_Y,
-} ncr_public_param_t;
-
-int ncr_key_get_public_param(ncr_key_t key, ncr_public_param_t, void* output, size_t* output_size);
-
-/* store keys */
-int ncr_storage_store(const char* label, mode_t mode, ncr_key_t key); /* ioctl STORE_STORE */
-int ncr_storage_mkstemp(char* template, mode_t mode, ncr_key_t key);/* ioctl STORE_MKSTEMP */
-ncr_key_t ncr_storage_load(const char* label); /* ioctl STORE_LOAD */
-
-int ncr_storage_chmod(const char* label, mode_t newmode); /* ioctl STORE_CHMOD */
-int ncr_storage_chown(const char* label, uid_t owner, gid_t grp); /* ioctl STORE_CHOWN */
-int ncr_storage_remove(const char* label); /* ioctl STORE_REMOVE */
-typedef struct {} * ncr_metadata_t;
-
-int ncr_metadata_init(ncr_metadata_t* metadata); /* userspace */
-void ncr_metadata_deinit(ncr_metadata_t metadata);/* userspace */
-
-/* read info from metadata */
-const char* ncr_metadata_get_label(ncr_metadata_t); /* userspace */
-ncr_key_type_t ncr_metadata_get_type(ncr_metadata_t); /* userspace */
-
-/* id of the key. For public/private key pairs it should be the same */
-int ncr_metadata_get_id(ncr_metadata_t, void* id, size_t* id_size); /* userspace */
-/* this has meaning only if type is public or private key */
-ncr_algorithm_t ncr_metadata_get_algorithm(ncr_metadata_t); /* userspace */
-
-uid_t ncr_metadata_get_uid(ncr_metadata_t); /* userspace */
-gid_t ncr_metadata_get_gid(ncr_metadata_t); /* userspace */
-mode_t ncr_metadata_get_mode(ncr_metadata_t); /*userspace */
-
-/* load metadata for particular file */
-int ncr_metadata_load(const char* label, ncr_metadata_t metadata); /* ioctl STORE_METADATA_GET_INFO */
-
-/* traverse all storage entries */
-int ncr_storage_traverse_init(ncr_traverse_t* tr); /* ioctl STORE_METADATA_TRAVERSE_INIT */
-int ncr_storage_traverse_next(ncr_traverse_t, ncr_metadata_t metadata); /* ioctl STORE_METADATA_TRAVERSE_NEXT */
-void ncr_storage_traverse_deinit(ncr_traverse_t); /* ioctl STORE_METADATA_TRAVERSE_DEINIT */
-
-/* wrap unwrap */
-int ncr_key_wrap(ncr_key_t wrapping_key, ncr_params_t params, ncr_key_t key, void* output_data, size_t output_data_size); /* ioctl KEY_WRAP */
-int ncr_key_unwrap(ncr_key_t*key, ncr_key_t wrapping_key, ncr_params_t params, unsigned int keyflags, void* input_data, size_t input_data_size); /* ioctl KEY_UNWRAP */
-
-/* operations to objects result in objects that have the same properties as the original
- * object. I.e. encrypting a secret key under an object will not allow you to export it.
- */
-
-int ncr_session_copy(ncr_session_t* copy, ncr_session_t source); /* ioctl SESSION_COPY */
-
-/* encryption functions */
-int ncr_encrypt_init(ncr_session_t* session, ncr_key_t key, ncr_params_t params); /* ioctl SESSION_INIT */
-int ncr_encrypt_once(ncr_key_t key, ncr_params_t params, const ncr_data_t plaintext, ncr_data_t ciphertext); /*userspace */
-int ncr_encrypt_update(ncr_session_t session, const ncr_data_t plaintext, ncr_data_t ciphertext); /* ioctl SESSION_UPDATE */
-int ncr_encrypt_final(ncr_session_t session, ncr_data_t obj); /* ioctl SESSION_FINAL */
-
-/* decryption functions */
-int ncr_decrypt_init(ncr_session_t* session, ncr_key_t key, ncr_params_t params);
-int ncr_decrypt_once(ncr_key_t key, ncr_params_t params, const ncr_data_t ciphertext, ncr_data_t plaintext);
-int ncr_decrypt_update(ncr_session_t session, const ncr_data_t ciphertext, ncr_data_t plaintext);
-int ncr_decrypt_final(ncr_session_t session, ncr_data_t obj);
-
-/* PK hash functions */
-int ncr_digest_init(ncr_session_t* session, ncr_params_t params);
-int ncr_digest_once(ncr_key_t key, ncr_params_t params, const ncr_data_t plaintext, ncr_data_t hash);
-int ncr_digest_update(ncr_session_t session, const ncr_data_t plaintext);
-int ncr_digest_final(ncr_session_t session, ncr_data_t hash);
-
-/* PK SIGN and MAC functions */
-int ncr_sign_init(ncr_session_t* session, ncr_key_t key, ncr_params_t params);
-int ncr_sign_once(ncr_key_t key, ncr_params_t params, const ncr_data_t plaintext, ncr_data_t signature);
-int ncr_sign_update(ncr_session_t session, const ncr_data_t plaintext);
-int ncr_sign_final(ncr_session_t session, ncr_data_t signature);
-
-/* Verify PK signature or MAC signature */
-int ncr_verify_init(ncr_session_t* session, ncr_key_t key, ncr_params_t params);
-int ncr_verify_once(ncr_key_t key, ncr_params_t params, const ncr_data_t plaintext, const ncr_data_t signature);
-int ncr_verify_update(ncr_session_t session, const ncr_data_t plaintext);
-int ncr_verify_final(ncr_session_t session, const ncr_data_t signature);
-
-/* Everything looks straight forward except for authentication
- * algorithms such as Diffie Hellman. This should be done as in PKCS #11
- * as:
- * ncr_key_generate_pair(our_pubkey, our_privkey)
- * ncr_key_derive(shared_key, params -contain our privkey-, flags_for_new_key, peer_pubkey);
- */
+#ifndef __NCRYPT_H__
+#define __NCRYPT_H__
+
+#include <linux/ncr.h>
+
+#define NCR_DATA_GET_LAST 1
+//#define NCR_DATA_SET_APPEND 1
+#define NCR_SESSION_FINAL 1
+
+//struct ncr_key_generate_params_st;
+typedef struct ncr_key_generate_params_st *ncr_key_generate_params_t;
+//struct ncr_key_params_st;
+typedef struct ncr_key_params_st *ncr_key_params_t;
+
+int ncr_global_init(unsigned int flags);
+void ncr_global_deinit(void);
+
+int ncr_key_generate_params_init(ncr_key_generate_params_t *params);
+int ncr_key_generate_params_deinit(ncr_key_generate_params_t params);
+int ncr_key_generate_params_set_algorithm(ncr_key_generate_params_t params, ncr_algorithm_t algorithm);
+int ncr_key_generate_params_set_keyflags(ncr_key_generate_params_t params, unsigned int keyflags);
+int ncr_key_generate_params_set_secret_bits(ncr_key_generate_params_t params, unsigned int bits);
+int ncr_key_generate_params_set_rsa_bits(ncr_key_generate_params_t params, unsigned int bits);
+int ncr_key_generate_params_set_rsa_e(ncr_key_generate_params_t params, void *e, size_t e_size);
+int ncr_key_generate_params_set_dsa_p_bits(ncr_key_generate_params_t params, unsigned int p_bits);
+int ncr_key_generate_params_set_dsa_q_bits(ncr_key_generate_params_t params, unsigned int q_bits);
+int ncr_key_generate_params_set_dh(ncr_key_generate_params_t params, void *p, size_t p_size, void *g, size_t g_size);
+
+int ncr_key_init(ncr_key_t *key);
+int ncr_key_generate(ncr_key_t key, ncr_key_generate_params_t params);
+int ncr_key_generate_pair(ncr_key_t key1, ncr_key_t key2, ncr_key_generate_params_t params);
+int ncr_key_derive(ncr_key_t newkey, unsigned int keyflags, ncr_key_t key, ncr_derive_t derive, ncr_key_params_t key_params);
+ncr_algorithm_t ncr_key_get_algorithm(ncr_key_t key);
+int ncr_key_get_flags(ncr_key_t key);
+ncr_key_type_t ncr_key_get_type(ncr_key_t key);
+int ncr_key_get_id(ncr_key_t key, void *id, size_t *id_size);
+int ncr_key_export(ncr_key_t key, void *idata, size_t idata_size);
+int ncr_key_import(ncr_key_t key, void *idata, size_t idata_size, void *id, size_t id_size, ncr_algorithm_t algorithm, unsigned int type, unsigned int flags);
+int ncr_key_wrap(ncr_key_t key, ncr_wrap_algorithm_t algorithm, ncr_key_params_t params, ncr_key_t keytowrap, void *idata, size_t idata_size);
+int ncr_key_unwrap(ncr_key_t key, ncr_wrap_algorithm_t algorithm, ncr_key_params_t params, ncr_key_t keytowrap, void *idata, size_t idata_size);
+int ncr_key_storage_wrap(ncr_key_t keytowrap, void *idata, size_t idata_size);
+int ncr_key_storage_unwrap(ncr_key_t keytowrap, void *idata, size_t idata_size);
+int ncr_key_deinit(ncr_key_t key);
+
+int ncr_masterkey_set(void *key, size_t key_size);
+
+int ncr_key_params_init(ncr_key_params_t *key_params);
+void ncr_key_params_deinit(ncr_key_params_t key_params);
+int ncr_key_params_set_cipher_iv(ncr_key_params_t key_params, void* iv, unsigned int iv_size);
+int ncr_key_params_set_dh_pub(ncr_key_params_t params, void *pub, size_t pub_size);
+int ncr_key_params_set_rsa_type(ncr_key_params_t params, ncr_rsa_type_t type);
+int ncr_key_params_set_rsa_oaep_hash(ncr_key_params_t params, ncr_algorithm_t oaep_hash);
+int ncr_key_params_set_rsa_sign_hash(ncr_key_params_t params, ncr_algorithm_t sign_hash);
+int ncr_key_params_set_rsa_pss_salt(ncr_key_params_t params, unsigned int pss_salt);
+int ncr_key_params_set_dsa_sign_hash(ncr_key_params_t params, ncr_algorithm_t sign_hash);
+
+int ncr_session_once_key_data(ncr_key_t key, ncr_key_params_t params, ncr_crypto_op_t op, ncr_algorithm_t algorithm, ncr_key_t input, void *output, size_t output_size);
+int ncr_session_once_direct_data(ncr_key_t key, ncr_key_params_t params, ncr_crypto_op_t op, ncr_algorithm_t algorithm, void *input, size_t input_size, void *output, size_t output_size);
+int ncr_session_init(ncr_session_t *session, ncr_key_t key, ncr_key_params_t key_params, ncr_crypto_op_t op, ncr_algorithm_t algorithm);
+int ncr_session_update_key_data(ncr_session_t session, ncr_key_t input, void *output, size_t output_size);
+int ncr_session_update_direct_data(ncr_session_t session, void *input, size_t input_size, void *output, size_t output_size);
+int ncr_session_final(ncr_session_t session, void *output, size_t output_size);
+
+#endif
diff --git a/userspace/ncrypto_fd.c b/userspace/ncrypto_fd.c
new file mode 100644
index 0000000..7a9aa5f
--- /dev/null
+++ b/userspace/ncrypto_fd.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL RED HAT, INC. OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Red Hat author: Jan Chadima <jchadima@redhat.com>
+ */
+
+#include <sys/types.h>
+#include <fcntl.h>
+#include <pthread.h>
+#include <unistd.h>
+#include <linux/ncr.h>
+#include "ncrypto.h"
+#include "ncrypto_internal.h"
+
+int __ncr_file_descriptor = -1;
+static int open_count = 0;
+static pthread_mutex_t open_lock = PTHREAD_MUTEX_INITIALIZER;
+
+int
+__ncr_global_init()
+{
+ int rv = 0;
+
+ /* Open the crypto device unles is not already initialized */
+ pthread_mutex_lock(&open_lock);
+ if ((__ncr_file_descriptor < 0) && ((__ncr_file_descriptor = open("/dev/crypto", O_RDWR|O_CLOEXEC)) < 0))
+ rv = -1;
+ else
+ ++open_count;
+ pthread_mutex_unlock(&open_lock);
+ return rv;
+}
+
+int
+ncr_global_init(unsigned int flags)
+{
+ return __ncr_global_init();
+}
+
+void
+ncr_global_deinit(void)
+{
+ pthread_mutex_lock(&open_lock);
+ if (!--open_count && (__ncr_file_descriptor >= 0)) {
+ close(__ncr_file_descriptor);
+ __ncr_file_descriptor = -1;
+ }
+ pthread_mutex_unlock(&open_lock);
+}
+
diff --git a/userspace/ncrypto_generate_params.c b/userspace/ncrypto_generate_params.c
new file mode 100644
index 0000000..a993360
--- /dev/null
+++ b/userspace/ncrypto_generate_params.c
@@ -0,0 +1,182 @@
+/*
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL RED HAT, INC. OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Red Hat authors: Jan Chadima <jchadima@redhat.com>
+ * Miloslav Trmač <mitr@redhat.com
+ */
+
+#include <limits.h>
+#include <stdint.h>
+#include <sys/types.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <linux/ncr.h>
+#include "ncrypto.h"
+
+int
+ncr_key_generate_params_init(ncr_key_generate_params_t *params)
+{
+ ncr_key_generate_params_t rv;
+
+ if (!params) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (!(rv = calloc(1, sizeof(*rv)))) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ rv->algorithm = NCR_ALG_NONE;
+ *params = rv;
+
+ return 0;
+}
+
+int
+ncr_key_generate_params_deinit(ncr_key_generate_params_t params)
+{
+ if (params)
+ free(params);
+
+ return 0;
+}
+
+int
+ncr_key_generate_params_set_algorithm(ncr_key_generate_params_t params, ncr_algorithm_t algorithm)
+{
+ if (!params) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ params->algorithm = algorithm;
+
+ return 0;
+}
+
+int
+ncr_key_generate_params_set_keyflags(ncr_key_generate_params_t params, unsigned int keyflags)
+{
+ if (!params) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ params->keyflags = keyflags;
+
+ return 0;
+}
+
+int
+ncr_key_generate_params_set_secret_bits(ncr_key_generate_params_t params, unsigned int bits)
+{
+ if (!params) {
+ errno = EINVAL;
+ return -1;
+ }
+ params->params.secret.bits = bits;
+
+ return 0;
+}
+
+int
+ncr_key_generate_params_set_rsa_bits(ncr_key_generate_params_t params, unsigned int bits)
+{
+ if (!params) {
+ errno = EINVAL;
+ return -1;
+ }
+ params->params.rsa.bits = bits;
+
+ return 0;
+}
+
+int
+ncr_key_generate_params_set_rsa_e(ncr_key_generate_params_t params, void *e, size_t e_size)
+{
+ unsigned long value;
+ const uint8_t *p;
+
+ if (!params || !e) {
+ errno = EINVAL;
+ return -1;
+ }
+ value = 0;
+ for (p = e; p < (const uint8_t *)e + e_size; p++) {
+ if (value > (ULONG_MAX - *p) / 256) {
+ errno = EOVERFLOW;
+ return -1;
+ }
+ value = value * 256 + *p;
+ }
+
+ params->params.rsa.e = value;
+ return 0;
+}
+
+int
+ncr_key_generate_params_set_dsa_p_bits(ncr_key_generate_params_t params,
+ unsigned int p_bits)
+{
+ if (!params) {
+ errno = EINVAL;
+ return -1;
+ }
+ params->params.dsa.p_bits = p_bits;
+
+ return 0;
+}
+
+int
+ncr_key_generate_params_set_dsa_q_bits(ncr_key_generate_params_t params,
+ unsigned int q_bits)
+{
+ if (!params) {
+ errno = EINVAL;
+ return -1;
+ }
+ params->params.dsa.q_bits = q_bits;
+
+ return 0;
+}
+
+int
+ncr_key_generate_params_set_dh(ncr_key_generate_params_t params, void *p, size_t p_size, void *g, size_t g_size)
+{
+ if (!params) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ params->params.dh.p = p;
+ params->params.dh.p_size = p_size;
+ params->params.dh.g = g;
+ params->params.dh.g_size = g_size;
+
+ return 0;
+}
+
diff --git a/userspace/ncrypto_internal.h b/userspace/ncrypto_internal.h
new file mode 100644
index 0000000..1a60631
--- /dev/null
+++ b/userspace/ncrypto_internal.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL RED HAT, INC. OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Red Hat author: Miloslav Trmač <mitr@redhat.com>
+ */
+
+#ifndef NCRYPTO_INTERNAL_H__
+#define NCRYPTO_INTERNAL_H__
+
+extern int __ncr_file_descriptor __attribute__((visibility ("hidden")));
+
+extern int __ncr_global_init(void) __attribute__((visibility ("hidden")));
+
+#endif
diff --git a/userspace/ncrypto_key.c b/userspace/ncrypto_key.c
new file mode 100644
index 0000000..66bbc96
--- /dev/null
+++ b/userspace/ncrypto_key.c
@@ -0,0 +1,390 @@
+/*
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL RED HAT, INC. OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Red Hat author: Jan Chadima <jchadima@redhat.com>
+ */
+
+#include <sys/types.h>
+#include <sys/ioctl.h>
+#include <string.h>
+#include <errno.h>
+#include <linux/ncr.h>
+#include "ncrypto.h"
+#include "ncrypto_internal.h"
+
+int
+ncr_key_init(ncr_key_t *key)
+{
+ if ((__ncr_file_descriptor < 0) && (__ncr_global_init() < 0))
+ return -1;
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_KEY_INIT, key) < 0)
+ return -1;
+
+ return 0;
+}
+
+int
+ncr_key_generate(ncr_key_t key, ncr_key_generate_params_t params)
+{
+ struct ncr_key_generate_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (key == NCR_KEY_INVALID) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.desc = key;
+ if (params)
+ memmove(&io.params, params, sizeof(io.params));
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_KEY_GENERATE, &io) < 0)
+ return -1;
+
+ return 0;
+}
+
+int
+ncr_key_generate_pair(ncr_key_t key1, ncr_key_t key2, ncr_key_generate_params_t params)
+{
+ struct ncr_key_generate_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (key1 == NCR_KEY_INVALID|| key2 == NCR_KEY_INVALID) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.desc = key1;
+ io.desc2 = key2;
+ if (params)
+ memmove(&io.params, params, sizeof(io.params));
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_KEY_GENERATE_PAIR, &io) < 0)
+ return -1;
+
+ return 0;
+}
+
+int
+ncr_key_derive(ncr_key_t newkey, unsigned int keyflags, ncr_key_t key, ncr_derive_t derive, ncr_key_params_t params)
+{
+ struct ncr_key_derivation_params_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (newkey == NCR_KEY_INVALID || key == NCR_KEY_INVALID) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.derive = derive;
+ io.newkey = newkey;
+ io.key = key;
+ io.keyflags = keyflags;
+ if (params)
+ memmove(&io.params, params, sizeof(io.params));
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_KEY_DERIVE, &io) < 0)
+ return -1;
+
+ return 0;
+}
+
+static int
+ncr_key_get_info(struct ncr_key_info_st *dest, ncr_key_t key)
+{
+ if (key == NCR_KEY_INVALID) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ memset(dest, 0, sizeof(*dest));
+ dest->key = key;
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_KEY_GET_INFO, dest) < 0)
+ return -1;
+
+ return 0;
+}
+
+ncr_algorithm_t
+ncr_key_get_algorithm(ncr_key_t key)
+{
+ struct ncr_key_info_st io;
+
+ if (ncr_key_get_info(&io, key) < 0)
+ return -1;
+ return io.algorithm;
+}
+
+int
+ncr_key_get_flags(ncr_key_t key)
+{
+ struct ncr_key_info_st io;
+
+ if (ncr_key_get_info(&io, key) < 0)
+ return -1;
+ return io.flags;
+}
+
+ncr_key_type_t
+ncr_key_get_type(ncr_key_t key)
+{
+ struct ncr_key_info_st io;
+
+ if (ncr_key_get_info(&io, key) < 0)
+ return -1;
+ return io.type;
+}
+
+int
+ncr_key_get_id(ncr_key_t key, void *id, size_t *id_size)
+{
+ struct ncr_key_info_st io;
+
+ if (ncr_key_get_info(&io, key) < 0)
+ return -1;
+
+ if (io.key_id_size < *id_size)
+ *id_size = io.key_id_size;
+
+ memmove(id, &io.key_id, *id_size);
+
+ return 0;
+}
+
+int
+ncr_key_export(ncr_key_t key, void *idata, size_t idata_size)
+{
+ struct ncr_key_data_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (key == NCR_KEY_INVALID || !idata || !idata_size) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.key = key;
+ io.idata = idata;
+ io.idata_size = idata_size;
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_KEY_EXPORT, &io) < 0)
+ return -1;
+
+ return io.idata_size;
+}
+
+int
+ncr_key_import(ncr_key_t key, void *idata, size_t idata_size, void *id, size_t id_size, ncr_algorithm_t algorithm, unsigned int type, unsigned int flags)
+{
+ struct ncr_key_data_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (key == NCR_KEY_INVALID || !idata || !idata_size || (!id && id_size != 0) || algorithm == NCR_ALG_NONE) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.key = key;
+ io.idata = idata;
+ io.idata_size = idata_size;
+ if (id_size > MAX_KEY_ID_SIZE) {
+ errno = EOVERFLOW;
+ return -1;
+ }
+ memmove(&io.key_id, id, id_size);
+ io.key_id_size = id_size;
+ io.algorithm = algorithm;
+ io.type = type;
+ io.flags = flags;
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_KEY_IMPORT, &io) < 0)
+ return -1;
+
+ return 0;
+}
+
+int
+ncr_key_wrap(ncr_key_t key, ncr_wrap_algorithm_t algorithm, ncr_key_params_t params, ncr_key_t keytowrap, void *idata, size_t idata_size)
+{
+ struct ncr_key_wrap_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (key == NCR_KEY_INVALID || keytowrap == NCR_KEY_INVALID || !idata || !idata_size) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.key = key;
+ io.algorithm = algorithm;
+ if (params)
+ memmove(&io.params, params, sizeof(io.params));
+ io.keytowrap = keytowrap;
+ io.io = idata;
+ io.io_size = idata_size;
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_KEY_WRAP, &io) < 0)
+ return -1;
+
+ return io.io_size;
+}
+
+int
+ncr_key_unwrap(ncr_key_t key, ncr_wrap_algorithm_t algorithm, ncr_key_params_t params, ncr_key_t keytowrap, void *idata, size_t idata_size)
+{
+ struct ncr_key_wrap_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (key == NCR_KEY_INVALID || keytowrap == NCR_KEY_INVALID || !idata || !idata_size) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.key = key;
+ io.algorithm = algorithm;
+ if (params)
+ memmove(&io.params, params, sizeof(io.params));
+ io.keytowrap = keytowrap;
+ io.io = idata;
+ io.io_size = idata_size;
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_KEY_UNWRAP, &io) < 0)
+ return -1;
+
+ return 0;
+}
+
+int
+ncr_key_storage_wrap(ncr_key_t keytowrap, void *idata, size_t idata_size)
+{
+ struct ncr_key_storage_wrap_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (keytowrap == NCR_KEY_INVALID || !idata || !idata_size) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.keytowrap = keytowrap;
+ io.io = idata;
+ io.io_size = idata_size;
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_KEY_STORAGE_WRAP, &io) < 0)
+ return -1;
+
+ return io.io_size;
+}
+
+int
+ncr_key_storage_unwrap(ncr_key_t keytowrap, void *idata, size_t idata_size)
+{
+ struct ncr_key_storage_wrap_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (keytowrap == NCR_KEY_INVALID|| !idata || !idata_size) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.keytowrap = keytowrap;
+ io.io = idata;
+ io.io_size = idata_size;
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_KEY_STORAGE_UNWRAP, &io) < 0)
+ return -1;
+
+ return 0;
+}
+
+int
+ncr_key_deinit(ncr_key_t key)
+{
+ if (key == NCR_KEY_INVALID) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_KEY_DEINIT, &key) < 0)
+ return -1;
+
+ return 0;
+}
+
diff --git a/userspace/ncrypto_masterkey.c b/userspace/ncrypto_masterkey.c
new file mode 100644
index 0000000..72aab75
--- /dev/null
+++ b/userspace/ncrypto_masterkey.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL RED HAT, INC. OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Red Hat author: Jan Chadima <jchadima@redhat.com>
+ */
+
+#include <sys/types.h>
+#include <sys/ioctl.h>
+#include <string.h>
+#include <errno.h>
+#include <linux/ncr.h>
+#include "ncrypto.h"
+#include "ncrypto_internal.h"
+
+int
+ncr_masterkey_set(void *key, size_t key_size)
+{
+ struct ncr_master_key_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (!key || !key_size) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.key = key = key;
+ io.key_size = key_size;
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_MASTER_KEY_SET, &io) < 0)
+ return -1;
+
+ return 0;
+}
+
diff --git a/userspace/ncrypto_params.c b/userspace/ncrypto_params.c
new file mode 100644
index 0000000..7a4936d
--- /dev/null
+++ b/userspace/ncrypto_params.c
@@ -0,0 +1,146 @@
+/*
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL RED HAT, INC. OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Red Hat authors: Jan Chadima <jchadima@redhat.com>
+ * Miloslav Trmač <mitr@redhat.com
+ */
+
+#include <sys/types.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <linux/ncr.h>
+#include "ncrypto.h"
+
+int
+ncr_key_params_init(ncr_key_params_t *params)
+{
+ ncr_key_params_t rv;
+
+ if (!params) {
+ errno = EINVAL;
+ return -1;
+ }
+ if (!(rv = calloc(1, sizeof(*rv)))) {
+ errno = ENOMEM;
+ return -1;
+ }
+ *params = rv;
+ return 0;
+}
+
+void
+ncr_key_params_deinit(ncr_key_params_t params)
+{
+ if (params)
+ free(params);
+}
+
+int
+ncr_key_params_set_cipher_iv(ncr_key_params_t params, void* iv, unsigned int iv_size)
+{
+ if (!params) {
+ errno = EINVAL;
+ return -1;
+ }
+ if (iv_size > NCR_CIPHER_MAX_BLOCK_LEN) {
+ errno = EOVERFLOW;
+ return -1;
+ }
+ memmove(params->params.cipher.iv, iv, iv_size);
+ params->params.cipher.iv_size = iv_size;
+ return 0;
+}
+
+int
+ncr_key_params_set_dh_pub(ncr_key_params_t params, void *pub, size_t pub_size)
+{
+ if (!params || !pub || !pub_size) {
+ errno = EINVAL;
+ return -1;
+ }
+ params->params.dh.pub = pub;
+ params->params.dh.pub_size = pub_size;
+ return 0;
+}
+
+int
+ncr_key_params_set_rsa_type(ncr_key_params_t params, ncr_rsa_type_t type)
+{
+ if (!params) {
+ errno = EINVAL;
+ return -1;
+ }
+ params->params.rsa.type = type;
+ return 0;
+}
+
+int
+ncr_key_params_set_rsa_oaep_hash(ncr_key_params_t params,
+ ncr_algorithm_t oaep_hash)
+{
+ if (!params) {
+ errno = EINVAL;
+ return -1;
+ }
+ params->params.rsa.oaep_hash = oaep_hash;
+ return 0;
+}
+
+int
+ncr_key_params_set_rsa_sign_hash(ncr_key_params_t params,
+ ncr_algorithm_t sign_hash)
+{
+ if (!params) {
+ errno = EINVAL;
+ return -1;
+ }
+ params->params.rsa.sign_hash = sign_hash;
+ return 0;
+}
+
+int
+ncr_key_params_set_rsa_pss_salt(ncr_key_params_t params, unsigned int pss_salt)
+{
+ if (!params) {
+ errno = EINVAL;
+ return -1;
+ }
+ params->params.rsa.pss_salt = pss_salt;
+ return 0;
+}
+
+int
+ncr_key_params_set_dsa_sign_hash(ncr_key_params_t params,
+ ncr_algorithm_t sign_hash)
+{
+ if (!params) {
+ errno = EINVAL;
+ return -1;
+ }
+ params->params.dsa.sign_hash = sign_hash;
+ return 0;
+}
+
diff --git a/userspace/ncrypto_session.c b/userspace/ncrypto_session.c
new file mode 100644
index 0000000..a81fb8c
--- /dev/null
+++ b/userspace/ncrypto_session.c
@@ -0,0 +1,245 @@
+/*
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL RED HAT, INC. OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Red Hat author: Jan Chadima <jchadima@redhat.com>
+ */
+
+#include <sys/types.h>
+#include <sys/ioctl.h>
+#include <string.h>
+#include <errno.h>
+#include <linux/ncr.h>
+#include "ncrypto.h"
+#include "ncrypto_internal.h"
+
+int
+ncr_session_once_key_data(ncr_key_t key, ncr_key_params_t params, ncr_crypto_op_t op, ncr_algorithm_t algorithm, ncr_key_t input, void *output, size_t output_size)
+{
+ struct ncr_session_once_op_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (input == NCR_KEY_INVALID || !output || !output_size) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.init.algorithm = algorithm;
+ io.init.key = key;
+ if (params)
+ memmove(&io.init.params, params, sizeof(io.init.params));
+ io.init.op = op;
+ io.op.data.kdata.input = input;
+ io.op.data.kdata.output = output;
+ io.op.data.kdata.output_size = output_size;
+ io.op.type = NCR_KEY_DATA;
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_SESSION_ONCE, &io) < 0)
+ return -1;
+
+ switch (io.op.err) {
+ case NCR_VERIFICATION_FAILED:
+ errno = EDOM;
+ return -1;
+ case NCR_SUCCESS:
+ errno = 0;
+ return io.op.data.kdata.output_size;
+ default:
+ errno = EFAULT;
+ return -1;
+ }
+}
+
+int
+ncr_session_once_direct_data(ncr_key_t key, ncr_key_params_t params, ncr_crypto_op_t op, ncr_algorithm_t algorithm, void *input, size_t input_size, void *output, size_t output_size)
+{
+ struct ncr_session_once_op_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (!input || !input_size || !output || !output_size) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.init.key = key;
+ if (params)
+ memmove(&io.init.params, params, sizeof(io.init.params));
+ io.init.algorithm = algorithm;
+ io.init.op = op;
+ io.op.data.udata.input = input;
+ io.op.data.udata.input_size = input_size;
+ io.op.data.udata.output = output;
+ io.op.data.udata.output_size = output_size;
+ io.op.type = NCR_DIRECT_DATA;
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_SESSION_ONCE, &io) < 0)
+ return -1;
+
+ switch (io.op.err) {
+ case NCR_VERIFICATION_FAILED:
+ errno = EDOM;
+ return -1;
+ case NCR_SUCCESS:
+ errno = 0;
+ return io.op.data.udata.output_size;
+ default:
+ errno = EFAULT;
+ return -1;
+ }
+}
+
+int
+ncr_session_init(ncr_session_t *session, ncr_key_t key, ncr_key_params_t params, ncr_crypto_op_t op, ncr_algorithm_t algorithm)
+{
+ struct ncr_session_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (!session) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.algorithm = algorithm;
+ io.key = key;
+ if (params)
+ memmove(&io.params, params, sizeof(io.params));
+ io.op = op;
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_SESSION_INIT, &io) < 0)
+ return -1;
+
+ *session = io.ses;
+
+ return 0;
+}
+
+int
+ncr_session_update_key_data(ncr_session_t session, ncr_key_t input, void *output, size_t output_size)
+{
+ struct ncr_session_op_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (session == NCR_SESSION_INVALID || input == NCR_KEY_INVALID) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.ses = session;
+ io.data.kdata.input = input;
+ io.data.kdata.output = output;
+ io.data.kdata.output_size = output_size;
+ io.type = NCR_KEY_DATA;
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_SESSION_UPDATE, &io) < 0)
+ return -1;
+
+ return io.data.kdata.output_size;
+}
+
+int
+ncr_session_update_direct_data(ncr_session_t session, void *input, size_t input_size, void *output, size_t output_size)
+{
+ struct ncr_session_op_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (session == NCR_SESSION_INVALID || !input || !input_size) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.ses = session;
+ io.data.udata.input = input;
+ io.data.udata.input_size = input_size;
+ io.data.udata.output = output;
+ io.data.udata.output_size = output_size;
+ io.type = NCR_DIRECT_DATA;
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_SESSION_UPDATE, &io) < 0)
+ return -1;
+
+ return io.data.udata.output_size;
+}
+
+int
+ncr_session_final(ncr_session_t session, void *output, size_t output_size)
+{
+ struct ncr_session_op_st io;
+ memset(&io, 0, sizeof(io));
+
+ if (session == NCR_SESSION_INVALID) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ io.ses = session;
+ io.data.udata.output = output;
+ io.data.udata.output_size = output_size;
+ io.type = NCR_DIRECT_DATA;
+
+ if (__ncr_file_descriptor < 0) {
+ errno = EBADF;
+ return -1;
+ }
+
+ if (ioctl(__ncr_file_descriptor, NCRIO_SESSION_FINAL, &io) < 0)
+ return -1;
+
+ switch (io.err) {
+ case NCR_VERIFICATION_FAILED:
+ errno = EDOM;
+ return -1;
+ case NCR_SUCCESS:
+ errno = 0;
+ return io.data.udata.output_size;
+ default:
+ errno = EFAULT;
+ return -1;
+ }
+}
+
generated by cgit (git 2.34.1) at 2025-07-04 07:10:24 +0000