From 63db14a8400c31325f62b82acb91df8fee6ef654 Mon Sep 17 00:00:00 2001
From: Jan Chadima <jchadima@redhat.com>
Date: Thu, 5 Aug 2010 16:25:56 +0200
Subject: Add Jan's port of ncr.c to libcryptodev.

---
 examples/ncr_lib.c | 476 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 476 insertions(+)
 create mode 100644 examples/ncr_lib.c

(limited to 'examples/ncr_lib.c')

diff --git a/examples/ncr_lib.c b/examples/ncr_lib.c
new file mode 100644
index 0000000..98c35cb
--- /dev/null
+++ b/examples/ncr_lib.c
@@ -0,0 +1,476 @@
+/*
+ * Demo on how to use libcryptodev for HMAC.
+ *
+ * Placed under public domain.
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+//#include <fcntl.h>
+#include <time.h>
+//#include <sys/ioctl.h>
+#include <sys/types.h>
+//#include <sys/stat.h>
+#include "../ncr.h"
+#include "../userspace/ncrypto.h"
+#include <stdlib.h>
+
+#define DATA_SIZE 4096
+#define KEY_DATA_SIZE 16
+#define WRAPPED_KEY_DATA_SIZE 32
+#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"
+#define DIAGNOSTIC_CALL(f,p...)							\
+	if ((output_size = f(p)) < 0) {						\
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);		\
+		perror(#f);							\
+		return 1;							\
+	}
+#define DIAGNOSTIC_ERROR(p...)							\
+	fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);			\
+	fprintf(stderr, p);
+#define DIAGNOSTIC_DUMP(d,l)							\
+	{									\
+		int out_index;							\
+										\
+		for (out_index = 0; out_index < l; out_index++)			\
+			fprintf(stderr, "%.2x:", (int)d[out_index]);		\
+		fprintf(stderr, "\n");						\
+	}
+
+static void randomize_data(uint8_t * data, size_t data_size)
+{
+	int i;
+	
+	srand(time(0) * getpid());
+	for (i = 0; i < data_size; i++) {
+		data[i] = rand() & 0xff;
+	}
+}
+
+static int
+test_ncr_key(void)
+{
+	ncr_key_t key;
+	struct ncr_key_data_st keydata;
+	uint8_t data[KEY_DATA_SIZE];
+	uint8_t data_bak[KEY_DATA_SIZE];
+	ssize_t output_size;
+	ncr_key_generate_params_t params;
+
+	fprintf(stdout, "Tests on Keys:\n");
+
+	/* test 1: generate a key in userspace import it
+	 * to kernel via data and export it.
+	 */
+
+	fprintf(stdout, "\tKey import...\n");
+	randomize_data(data, sizeof(data));
+	memcpy(data_bak, data, sizeof(data));
+	DIAGNOSTIC_CALL(ncr_key_init, &key);
+	/* import into a key */
+	DIAGNOSTIC_CALL(ncr_key_import, key, data, sizeof(data), "ab", 2, NCR_ALG_AES_CBC, NCR_KEY_TYPE_SECRET, NCR_KEY_FLAG_EXPORTABLE);
+	/* now try to read it */
+	fprintf(stdout, "\tKey export...\n");
+	memset(&keydata, 0, sizeof(keydata));
+	DIAGNOSTIC_CALL(ncr_key_export, key, data, sizeof(data));
+	if ((output_size != sizeof(data)) || memcmp(data, data_bak, sizeof(data))) {
+		DIAGNOSTIC_ERROR("data returned but differ!\n");
+		return 1;
+	}
+	DIAGNOSTIC_CALL(ncr_key_deinit, key);
+
+	/* finished, we keep data for next test */
+
+	/* test 2: generate a key in kernel space and
+	 * export it.
+	 */
+
+	fprintf(stdout, "\tKey generation...\n");
+	DIAGNOSTIC_CALL(ncr_key_generate_params_init, &params);
+	DIAGNOSTIC_CALL(ncr_key_generate_params_set_algorithm, params, NCR_ALG_AES_CBC);
+	DIAGNOSTIC_CALL(ncr_key_generate_params_set_keyflags, params, NCR_KEY_FLAG_EXPORTABLE);
+	DIAGNOSTIC_CALL(ncr_key_generate_params_set_bits, params, 128); /* 16  bytes */
+	DIAGNOSTIC_CALL(ncr_key_init, &key);
+	/* generate a key */
+	DIAGNOSTIC_CALL(ncr_key_generate, key, params);
+	DIAGNOSTIC_CALL(ncr_key_generate_params_deinit, params);
+	memset(data, 0, sizeof(data));
+	DIAGNOSTIC_CALL(ncr_key_export, key, data, sizeof(data));
+	if (output_size == 0 || (data[0] == 0 && data[1] == 0 && data[2] == 0 && data[4] == 0)) {
+		DIAGNOSTIC_ERROR("Generated key: ");
+		DIAGNOSTIC_DUMP(data, 16);
+		return 1;
+	}
+	DIAGNOSTIC_CALL(ncr_key_deinit, key);
+	
+	/* test 3: generate an unexportable key in kernel space and
+	 * try to export it.
+	 */
+	fprintf(stdout, "\tKey protection of non-exportable keys...\n");
+	DIAGNOSTIC_CALL(ncr_key_generate_params_init, &params);
+	DIAGNOSTIC_CALL(ncr_key_generate_params_set_algorithm, params, NCR_ALG_AES_CBC);
+	DIAGNOSTIC_CALL(ncr_key_generate_params_set_keyflags, params, 0);
+	DIAGNOSTIC_CALL(ncr_key_generate_params_set_bits, params, 128); /* 16  bytes */
+	DIAGNOSTIC_CALL(ncr_key_init, &key);
+	DIAGNOSTIC_CALL(ncr_key_generate, key, params);
+	DIAGNOSTIC_CALL(ncr_key_generate_params_deinit, params);
+	memset(data, 0, sizeof(data));
+	/* try to get the output data - should fail */
+	if (ncr_key_export(key, data, sizeof(data)) >= 0) {
+		DIAGNOSTIC_ERROR("Data were exported, but shouldn't be!\n");
+		return 1;
+	}
+	DIAGNOSTIC_CALL(ncr_key_deinit, key);
+	return 0;
+}
+
+/* Key wrapping */
+static int
+test_ncr_wrap_key(void)
+{
+	ncr_key_t key, key2;
+	uint8_t data[WRAPPED_KEY_DATA_SIZE];
+	ssize_t output_size;
+
+	fprintf(stdout, "Tests on Keys:\n");
+
+	/* test 1: generate a key in userspace import it
+	 * to kernel via data and export it.
+	 */
+
+	fprintf(stdout, "\tKey Wrap test...\n");
+	DIAGNOSTIC_CALL(ncr_key_init, &key);
+	/* import into a key */
+	DIAGNOSTIC_CALL(ncr_key_import, key, DKEY, 16, "ab", 2, NCR_ALG_AES_CBC, NCR_KEY_TYPE_SECRET, NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE);
+	DIAGNOSTIC_CALL(ncr_key_init, &key2);
+	/* import into a key2 */
+	DIAGNOSTIC_CALL(ncr_key_import, key2, DKEY, 16, "ba", 2, NCR_ALG_AES_CBC, NCR_KEY_TYPE_SECRET, NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE);
+	/* now try wrapping key2 using key */
+	DIAGNOSTIC_CALL(ncr_key_wrap, key, NCR_WALG_AES_RFC3394, NULL, key2, data, sizeof(data));
+	if (output_size != 24 || memcmp(data, "\x1F\xA6\x8B\x0A\x81\x12\xB4\x47\xAE\xF3\x4B\xD8\xFB\x5A\x7B\x82\x9D\x3E\x86\x23\x71\xD2\xCF\xE5", 24) != 0) {
+		DIAGNOSTIC_ERROR("Wrapped data do not match.\nData[%d]: ", (int) output_size);
+		DIAGNOSTIC_DUMP(data, output_size);
+//		return 1;
+	}
+	DIAGNOSTIC_CALL(ncr_key_deinit, key2);
+	/* test unwrapping */
+	fprintf(stdout, "\tKey Unwrap test...\n");
+
+	/* create empty key2 */
+	DIAGNOSTIC_CALL(ncr_key_init, &key2);
+//	DIAGNOSTIC_CALL(ncr_key_unwrap, key, NCR_WALG_AES_RFC3394, NULL, key2, data, sizeof(data));
+	/* now export the unwrapped */
+#if 0
+	/* this cannot be performed like that, because unwrap
+	 * always sets keys as unexportable. Maybe we can implement
+	 * a data comparison ioctl().
+	 */
+#endif
+	DIAGNOSTIC_CALL(ncr_key_deinit, key2);
+	DIAGNOSTIC_CALL(ncr_key_deinit, key);
+
+	return 0;
+}
+
+static int
+test_ncr_store_wrap_key(void)
+{
+	ncr_key_t key2;
+	uint8_t data[DATA_SIZE];
+	int data_size;
+	ssize_t output_size;
+
+	fprintf(stdout, "Tests on Key storage:\n");
+
+	/* test 1: generate a key in userspace import it
+	 * to kernel via data and export it.
+	 */
+
+	fprintf(stdout, "\tKey Storage wrap test...\n");
+	/* create master key */
+	DIAGNOSTIC_CALL(ncr_masterkey_set, DKEY, 16);
+	/* create empty key2 */
+	DIAGNOSTIC_CALL(ncr_key_init, &key2);
+	/* import into a key2 */
+	DIAGNOSTIC_CALL(ncr_key_import, key2, DKEY, 16, "ba", 2, NCR_ALG_AES_CBC, NCR_KEY_TYPE_SECRET, NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE);
+	/* now try wrapping key2 using masterkey */
+	DIAGNOSTIC_CALL(ncr_key_storage_wrap, key2, data, sizeof(data));
+	/* test unwrapping */
+	data_size = output_size;
+	fprintf(stdout, "\tKey Storage Unwrap test...\n");
+	/* reset key2 */
+	DIAGNOSTIC_CALL(ncr_key_deinit, key2);
+	DIAGNOSTIC_CALL(ncr_key_init, &key2);
+	DIAGNOSTIC_CALL(ncr_key_storage_unwrap, key2, data, data_size);
+	/* now export the unwrapped */
+	DIAGNOSTIC_CALL(ncr_key_export, key2, data, sizeof(data));
+	if (output_size != 16 || memcmp(data, DKEY, 16)) {
+		DIAGNOSTIC_ERROR("Unwrapped data do not match.\n");
+		DIAGNOSTIC_DUMP(data, output_size);
+		return 1;
+	}
+	DIAGNOSTIC_CALL(ncr_key_deinit, key2);
+
+	return 0;
+
+}
+
+struct aes_vectors_st {
+	const uint8_t* key;
+	const uint8_t* plaintext;
+	const uint8_t* ciphertext;
+} aes_vectors[] = {
+	{
+		.key = (uint8_t*)"\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+		.plaintext = (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+		.ciphertext = (uint8_t*)"\x4b\xc3\xf8\x83\x45\x0c\x11\x3c\x64\xca\x42\xe1\x11\x2a\x9e\x87",
+	},
+	{
+		.key = (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+		.plaintext = (uint8_t*)"\xf3\x44\x81\xec\x3c\xc6\x27\xba\xcd\x5d\xc3\xfb\x08\xf2\x73\xe6",
+		.ciphertext = (uint8_t*)"\x03\x36\x76\x3e\x96\x6d\x92\x59\x5a\x56\x7c\xc9\xce\x53\x7f\x5e",
+	},
+	{
+		.key = (uint8_t*)"\x10\xa5\x88\x69\xd7\x4b\xe5\xa3\x74\xcf\x86\x7c\xfb\x47\x38\x59",
+		.plaintext = (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+		.ciphertext = (uint8_t*)"\x6d\x25\x1e\x69\x44\xb0\x51\xe0\x4e\xaa\x6f\xb4\xdb\xf7\x84\x65",
+	},
+	{
+		.key = (uint8_t*)"\xca\xea\x65\xcd\xbb\x75\xe9\x16\x9e\xcd\x22\xeb\xe6\xe5\x46\x75",
+		.plaintext = (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+		.ciphertext = (uint8_t*)"\x6e\x29\x20\x11\x90\x15\x2d\xf4\xee\x05\x81\x39\xde\xf6\x10\xbb",
+	},
+	{
+		.key = (uint8_t*)"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe",
+		.plaintext = (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+		.ciphertext = (uint8_t*)"\x9b\xa4\xa9\x14\x3f\x4e\x5d\x40\x48\x52\x1c\x4f\x88\x77\xd8\x8e",
+	},
+};
+
+/* AES cipher */
+static int
+test_ncr_aes(void)
+{
+	ncr_key_t key;
+	uint8_t data[KEY_DATA_SIZE];
+	int i;
+	ssize_t output_size;
+
+	/* convert it to key */
+	DIAGNOSTIC_CALL(ncr_key_init, &key);
+
+	fprintf(stdout, "Tests on AES Encryption\n");
+	for (i = 0; i < sizeof(aes_vectors) / sizeof(aes_vectors[0]); i++) {
+		DIAGNOSTIC_CALL(ncr_key_import, key, (void*)aes_vectors[i].key, 16, "ab", 2, NCR_ALG_AES_CBC, NCR_KEY_TYPE_SECRET, NCR_KEY_FLAG_EXPORTABLE);
+		/* encrypt */
+		DIAGNOSTIC_CALL(ncr_session_once_direct_data, key, NULL, NCR_OP_ENCRYPT, NCR_ALG_AES_ECB, (void*)aes_vectors[i].plaintext, 16, data, 16);
+		/* verify */
+		if (output_size != 16 || memcmp(data, aes_vectors[i].ciphertext, 16)) {
+			DIAGNOSTIC_ERROR("AES test vector %d failed!\n", i);
+			fprintf(stderr, "Cipher[%d]: ", (int)output_size);
+			DIAGNOSTIC_DUMP(data, output_size);
+			fprintf(stderr, "Expected[%d]: ", 16);
+			DIAGNOSTIC_DUMP((int)aes_vectors[i].ciphertext, 16);
+			return 1;
+		}
+	}
+
+	fprintf(stdout, "Tests on AES Decryption\n");
+	for (i = 0; i < sizeof(aes_vectors) / sizeof(aes_vectors[0]); i++) {
+		DIAGNOSTIC_CALL(ncr_key_import, key, (void*)aes_vectors[i].key, 16, "ab", 2, NCR_ALG_AES_CBC, NCR_KEY_TYPE_SECRET, NCR_KEY_FLAG_EXPORTABLE);
+		/* decrypt */
+		DIAGNOSTIC_CALL(ncr_session_once_direct_data, key, NULL, NCR_OP_DECRYPT, NCR_ALG_AES_ECB, (void*)aes_vectors[i].ciphertext, 16, data, 16);
+		if (output_size != 16 || memcmp(data, aes_vectors[i].plaintext, 16)) {
+			DIAGNOSTIC_ERROR("AES test vector %d failed!\n", i);
+			fprintf(stderr, "Plain[%d]: ", (int)output_size);
+			DIAGNOSTIC_DUMP(data, output_size);
+			fprintf(stderr, "Expected[%d]: ", 16);
+			DIAGNOSTIC_DUMP((int)aes_vectors[i].plaintext, 16);
+			return 1;
+		}
+	}
+
+	DIAGNOSTIC_CALL(ncr_key_deinit, key);
+	fprintf(stdout, "\n");
+
+	return 0;
+}
+
+struct hash_vectors_st {
+	const char* name;
+	ncr_algorithm_t algorithm;
+	const uint8_t* key; /* if hmac */
+	int key_size;
+	const uint8_t* plaintext;
+	int plaintext_size;
+	const uint8_t* output;
+	int output_size;
+	ncr_crypto_op_t op;
+} hash_vectors[] = {
+	{
+		.name = "SHA1",
+		.algorithm = NCR_ALG_SHA1,
+		.key = NULL,
+		.plaintext = (uint8_t*)"what do ya want for nothing?",
+		.plaintext_size = sizeof("what do ya want for nothing?")-1,
+		.output = (uint8_t*)"\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32",
+		.output_size = 20,
+		.op = NCR_OP_SIGN,
+	},
+	{
+		.name = "HMAC-MD5",
+		.algorithm = NCR_ALG_HMAC_MD5,
+		.key = (uint8_t*)"Jefe",
+		.key_size = 4,
+		.plaintext = (uint8_t*)"what do ya want for nothing?",
+		.plaintext_size = sizeof("what do ya want for nothing?")-1,
+		.output = (uint8_t*)"\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38",
+		.output_size = 16,
+		.op = NCR_OP_SIGN,
+	},
+	/* from rfc4231 */
+	{
+		.name = "HMAC-SHA224",
+		.algorithm = NCR_ALG_HMAC_SHA2_224,
+		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+		.key_size = 20,
+		.plaintext = (uint8_t*)"Hi There",
+		.plaintext_size = sizeof("Hi There")-1,
+		.output = (uint8_t*)"\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22",
+		.output_size = 28,
+		.op = NCR_OP_SIGN,
+	},
+	{
+		.name = "HMAC-SHA256",
+		.algorithm = NCR_ALG_HMAC_SHA2_256,
+		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+		.key_size = 20,
+		.plaintext = (uint8_t*)"Hi There",
+		.plaintext_size = sizeof("Hi There")-1,
+		.output = (uint8_t*)"\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32\xcf\xf7",
+		.output_size = 32,
+		.op = NCR_OP_SIGN,
+	},
+	{
+		.name = "HMAC-SHA384",
+		.algorithm = NCR_ALG_HMAC_SHA2_384,
+		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+		.key_size = 20,
+		.plaintext = (uint8_t*)"Hi There",
+		.plaintext_size = sizeof("Hi There")-1,
+		.output = (uint8_t*)"\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2\xfa\x9c\xb6",
+		.output_size = 48,
+		.op = NCR_OP_SIGN,
+	},
+	{
+		.name = "HMAC-SHA512",
+		.algorithm = NCR_ALG_HMAC_SHA2_512,
+		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+		.key_size = 20,
+		.plaintext = (uint8_t*)"Hi There",
+		.plaintext_size = sizeof("Hi There")-1,
+		.output = (uint8_t*)"\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20\x3a\x12\x68\x54",
+		.output_size = 64,
+		.op = NCR_OP_SIGN,
+	},
+};
+
+#define HASH_DATA_SIZE 64
+
+/* SHA1 and other hashes */
+static int
+test_ncr_hash(void)
+{
+	ncr_key_t key = 0;
+	uint8_t data[HASH_DATA_SIZE];
+	int i;
+	int output_size;
+
+	/* convert it to key */
+	DIAGNOSTIC_CALL(ncr_key_init, &key);
+	fprintf(stdout, "Tests on Hashes\n");
+	for (i = 0; i < sizeof(hash_vectors) / sizeof(hash_vectors[0]); i++) {
+		/* encrypt */
+		if (hash_vectors[i].key != NULL) {
+			DIAGNOSTIC_CALL(ncr_key_import, key, (void*)hash_vectors[i].key, hash_vectors[i].key_size, "ab", 2, NCR_ALG_AES_CBC, NCR_KEY_TYPE_SECRET, NCR_KEY_FLAG_EXPORTABLE);
+			DIAGNOSTIC_CALL(ncr_session_once_direct_data, key, NULL, hash_vectors[i].op, hash_vectors[i].algorithm, (void*)hash_vectors[i].plaintext, hash_vectors[i].plaintext_size, data, sizeof(data));
+		} else {
+			DIAGNOSTIC_CALL(ncr_session_once_direct_data, 0, NULL, hash_vectors[i].op, hash_vectors[i].algorithm, (void*)hash_vectors[i].plaintext, hash_vectors[i].plaintext_size, data, sizeof(data));
+		}
+		if (output_size != hash_vectors[i].output_size || memcmp(data, hash_vectors[i].output, hash_vectors[i].output_size)) {
+			DIAGNOSTIC_ERROR("HASH test vector %d failed!\n", i);
+			fprintf(stderr, "Output[%d]: ", (int)output_size);
+			DIAGNOSTIC_DUMP(data, output_size);
+			fprintf(stderr, "Expected[%d]: ", hash_vectors[i].output_size);
+			DIAGNOSTIC_DUMP((int)hash_vectors[i].output, hash_vectors[i].output_size);
+			return 1;
+		}
+	}
+
+	DIAGNOSTIC_CALL(ncr_key_deinit, key);
+	fprintf(stdout, "\n");
+
+	return 0;
+
+}
+
+static int
+test_ncr_hash_key(void)
+{
+	ncr_key_t key;
+	uint8_t data[HASH_DATA_SIZE];
+	ncr_session_t session;
+	const uint8_t *output = (void*)"\xe2\xd7\x2c\x2e\x14\xad\x97\xc8\xd2\xdb\xce\xd8\xb3\x52\x9f\x1c\xb3\x2c\x5c\xec";
+	int output_size;
+
+	/* convert it to key */
+	DIAGNOSTIC_CALL(ncr_key_init, &key);
+
+	fprintf(stdout, "Tests on Hashes of Keys\n");
+	fprintf(stdout, "\t%s:\n", hash_vectors[0].name);
+
+	/* import key */
+	DIAGNOSTIC_CALL(ncr_key_import, key, (void*)hash_vectors[0].plaintext, hash_vectors[0].plaintext_size, "ab", 2, NCR_ALG_AES_CBC, NCR_KEY_TYPE_SECRET, NCR_KEY_FLAG_EXPORTABLE);
+
+
+	/* encrypt */
+	DIAGNOSTIC_CALL(ncr_session_init, &session, NCR_KEY_INVALID, NULL, hash_vectors[0].op, hash_vectors[0].algorithm);
+	DIAGNOSTIC_CALL(ncr_session_update_direct_data, session, (void*)hash_vectors[0].plaintext, hash_vectors[0].plaintext_size);
+	DIAGNOSTIC_CALL(ncr_session_update_key_data, session, key);
+	DIAGNOSTIC_CALL(ncr_session_final, session, data, sizeof(data));
+	if (output_size != hash_vectors[0].output_size || memcmp(data, output, hash_vectors[0].output_size) != 0) {
+			DIAGNOSTIC_ERROR("HASH test vector %d failed!\n", 0);
+			fprintf(stderr, "Output[%d]: ", (int)output_size);
+			DIAGNOSTIC_DUMP(data, output_size);
+			fprintf(stderr, "Expected[%d]: ", hash_vectors[0].output_size);
+			DIAGNOSTIC_DUMP((int)hash_vectors[0].output, hash_vectors[0].output_size);
+			return 1;
+	}
+
+	fprintf(stdout, "\n");
+	return 0;
+}
+
+int
+main()
+{
+	/* Open the crypto device */
+	ncr_global_init(0);
+	if (test_ncr_key())
+		return 1;
+	if (test_ncr_aes())
+		return 1;
+	if (test_ncr_hash())
+		return 1;
+	if (test_ncr_hash_key())
+		return 1;
+	if (test_ncr_wrap_key())
+		return 1;
+	if (test_ncr_store_wrap_key())
+		return 1;
+	/* Close the original descriptor */
+	ncr_global_deinit();
+
+	return 0;
+}
-- 
cgit 


From 7c3ff46e97576c32ccc40a890dd315f8fabf4a75 Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Thu, 5 Aug 2010 23:26:28 +0200
Subject: Remove an unused variable

---
 examples/ncr_lib.c | 2 --
 1 file changed, 2 deletions(-)

(limited to 'examples/ncr_lib.c')

diff --git a/examples/ncr_lib.c b/examples/ncr_lib.c
index 98c35cb..111f89b 100644
--- a/examples/ncr_lib.c
+++ b/examples/ncr_lib.c
@@ -52,7 +52,6 @@ static int
 test_ncr_key(void)
 {
 	ncr_key_t key;
-	struct ncr_key_data_st keydata;
 	uint8_t data[KEY_DATA_SIZE];
 	uint8_t data_bak[KEY_DATA_SIZE];
 	ssize_t output_size;
@@ -72,7 +71,6 @@ test_ncr_key(void)
 	DIAGNOSTIC_CALL(ncr_key_import, key, data, sizeof(data), "ab", 2, NCR_ALG_AES_CBC, NCR_KEY_TYPE_SECRET, NCR_KEY_FLAG_EXPORTABLE);
 	/* now try to read it */
 	fprintf(stdout, "\tKey export...\n");
-	memset(&keydata, 0, sizeof(keydata));
 	DIAGNOSTIC_CALL(ncr_key_export, key, data, sizeof(data));
 	if ((output_size != sizeof(data)) || memcmp(data, data_bak, sizeof(data))) {
 		DIAGNOSTIC_ERROR("data returned but differ!\n");
-- 
cgit 


From dd226b2e01069c3657f6f76c887d7675cc390b20 Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Thu, 5 Aug 2010 23:37:09 +0200
Subject: Use the correct wrapping key

... as specified in the RFC3394 test vector in section 4.1.
---
 examples/ncr_lib.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'examples/ncr_lib.c')

diff --git a/examples/ncr_lib.c b/examples/ncr_lib.c
index 111f89b..26c94c6 100644
--- a/examples/ncr_lib.c
+++ b/examples/ncr_lib.c
@@ -140,7 +140,7 @@ test_ncr_wrap_key(void)
 	fprintf(stdout, "\tKey Wrap test...\n");
 	DIAGNOSTIC_CALL(ncr_key_init, &key);
 	/* import into a key */
-	DIAGNOSTIC_CALL(ncr_key_import, key, DKEY, 16, "ab", 2, NCR_ALG_AES_CBC, NCR_KEY_TYPE_SECRET, NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE);
+	DIAGNOSTIC_CALL(ncr_key_import, key, "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", 16, "ab", 2, NCR_ALG_AES_CBC, NCR_KEY_TYPE_SECRET, NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE);
 	DIAGNOSTIC_CALL(ncr_key_init, &key2);
 	/* import into a key2 */
 	DIAGNOSTIC_CALL(ncr_key_import, key2, DKEY, 16, "ba", 2, NCR_ALG_AES_CBC, NCR_KEY_TYPE_SECRET, NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE);
@@ -149,7 +149,7 @@ test_ncr_wrap_key(void)
 	if (output_size != 24 || memcmp(data, "\x1F\xA6\x8B\x0A\x81\x12\xB4\x47\xAE\xF3\x4B\xD8\xFB\x5A\x7B\x82\x9D\x3E\x86\x23\x71\xD2\xCF\xE5", 24) != 0) {
 		DIAGNOSTIC_ERROR("Wrapped data do not match.\nData[%d]: ", (int) output_size);
 		DIAGNOSTIC_DUMP(data, output_size);
-//		return 1;
+		return 1;
 	}
 	DIAGNOSTIC_CALL(ncr_key_deinit, key2);
 	/* test unwrapping */
-- 
cgit 


From a575a898c2e9a322e6a0db9cb3e9d0e6f3876c06 Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Thu, 5 Aug 2010 23:45:34 +0200
Subject: Fix and reenable unwrapping test

---
 examples/ncr_lib.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'examples/ncr_lib.c')

diff --git a/examples/ncr_lib.c b/examples/ncr_lib.c
index 26c94c6..c041ca7 100644
--- a/examples/ncr_lib.c
+++ b/examples/ncr_lib.c
@@ -129,7 +129,7 @@ test_ncr_wrap_key(void)
 {
 	ncr_key_t key, key2;
 	uint8_t data[WRAPPED_KEY_DATA_SIZE];
-	ssize_t output_size;
+	ssize_t output_size, data_size;
 
 	fprintf(stdout, "Tests on Keys:\n");
 
@@ -146,6 +146,7 @@ test_ncr_wrap_key(void)
 	DIAGNOSTIC_CALL(ncr_key_import, key2, DKEY, 16, "ba", 2, NCR_ALG_AES_CBC, NCR_KEY_TYPE_SECRET, NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE);
 	/* now try wrapping key2 using key */
 	DIAGNOSTIC_CALL(ncr_key_wrap, key, NCR_WALG_AES_RFC3394, NULL, key2, data, sizeof(data));
+	data_size = output_size;
 	if (output_size != 24 || memcmp(data, "\x1F\xA6\x8B\x0A\x81\x12\xB4\x47\xAE\xF3\x4B\xD8\xFB\x5A\x7B\x82\x9D\x3E\x86\x23\x71\xD2\xCF\xE5", 24) != 0) {
 		DIAGNOSTIC_ERROR("Wrapped data do not match.\nData[%d]: ", (int) output_size);
 		DIAGNOSTIC_DUMP(data, output_size);
@@ -157,7 +158,7 @@ test_ncr_wrap_key(void)
 
 	/* create empty key2 */
 	DIAGNOSTIC_CALL(ncr_key_init, &key2);
-//	DIAGNOSTIC_CALL(ncr_key_unwrap, key, NCR_WALG_AES_RFC3394, NULL, key2, data, sizeof(data));
+	DIAGNOSTIC_CALL(ncr_key_unwrap, key, NCR_WALG_AES_RFC3394, NULL, key2, data, data_size);
 	/* now export the unwrapped */
 #if 0
 	/* this cannot be performed like that, because unwrap
-- 
cgit 


From fff54ce6f89dc250caa3afdffa7e17d2e889329a Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Thu, 5 Aug 2010 23:47:33 +0200
Subject: Don't set the master key in an example program.

That is an operation reserved for root, and should be done during system
initialization.
---
 examples/ncr_lib.c | 2 --
 1 file changed, 2 deletions(-)

(limited to 'examples/ncr_lib.c')

diff --git a/examples/ncr_lib.c b/examples/ncr_lib.c
index c041ca7..b68a43c 100644
--- a/examples/ncr_lib.c
+++ b/examples/ncr_lib.c
@@ -187,8 +187,6 @@ test_ncr_store_wrap_key(void)
 	 */
 
 	fprintf(stdout, "\tKey Storage wrap test...\n");
-	/* create master key */
-	DIAGNOSTIC_CALL(ncr_masterkey_set, DKEY, 16);
 	/* create empty key2 */
 	DIAGNOSTIC_CALL(ncr_key_init, &key2);
 	/* import into a key2 */
-- 
cgit 


From a42a4933ba8fae9b4d0338cc40490ff5f3b9430e Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Thu, 5 Aug 2010 23:53:54 +0200
Subject: Remove somewhat confusing casts

"luckily" DIAGNOSTIC_DUMP does not quote its arguments, so
	DIAGNOSTIC_DUMP((int)array, size)
expanded into
	...
	fprintf(stderr, "%.2x:", (int)(int)array[out_index]);
	...

Still, it would break with more meticulous parenthesising, and the macro
invocations appear to be casting an array to int.
---
 examples/ncr_lib.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'examples/ncr_lib.c')

diff --git a/examples/ncr_lib.c b/examples/ncr_lib.c
index b68a43c..0237bf1 100644
--- a/examples/ncr_lib.c
+++ b/examples/ncr_lib.c
@@ -268,7 +268,7 @@ test_ncr_aes(void)
 			fprintf(stderr, "Cipher[%d]: ", (int)output_size);
 			DIAGNOSTIC_DUMP(data, output_size);
 			fprintf(stderr, "Expected[%d]: ", 16);
-			DIAGNOSTIC_DUMP((int)aes_vectors[i].ciphertext, 16);
+			DIAGNOSTIC_DUMP(aes_vectors[i].ciphertext, 16);
 			return 1;
 		}
 	}
@@ -283,7 +283,7 @@ test_ncr_aes(void)
 			fprintf(stderr, "Plain[%d]: ", (int)output_size);
 			DIAGNOSTIC_DUMP(data, output_size);
 			fprintf(stderr, "Expected[%d]: ", 16);
-			DIAGNOSTIC_DUMP((int)aes_vectors[i].plaintext, 16);
+			DIAGNOSTIC_DUMP(aes_vectors[i].plaintext, 16);
 			return 1;
 		}
 	}
@@ -400,7 +400,7 @@ test_ncr_hash(void)
 			fprintf(stderr, "Output[%d]: ", (int)output_size);
 			DIAGNOSTIC_DUMP(data, output_size);
 			fprintf(stderr, "Expected[%d]: ", hash_vectors[i].output_size);
-			DIAGNOSTIC_DUMP((int)hash_vectors[i].output, hash_vectors[i].output_size);
+			DIAGNOSTIC_DUMP(hash_vectors[i].output, hash_vectors[i].output_size);
 			return 1;
 		}
 	}
@@ -441,7 +441,7 @@ test_ncr_hash_key(void)
 			fprintf(stderr, "Output[%d]: ", (int)output_size);
 			DIAGNOSTIC_DUMP(data, output_size);
 			fprintf(stderr, "Expected[%d]: ", hash_vectors[0].output_size);
-			DIAGNOSTIC_DUMP((int)hash_vectors[0].output, hash_vectors[0].output_size);
+			DIAGNOSTIC_DUMP(hash_vectors[0].output, hash_vectors[0].output_size);
 			return 1;
 	}
 
-- 
cgit 


From 4155025dac75b5a6782b0d97517b88ccc7912500 Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Fri, 6 Aug 2010 00:02:17 +0200
Subject: Use NCR_KEY_INVALID for clarity

---
 examples/ncr_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'examples/ncr_lib.c')

diff --git a/examples/ncr_lib.c b/examples/ncr_lib.c
index 0237bf1..a657b56 100644
--- a/examples/ncr_lib.c
+++ b/examples/ncr_lib.c
@@ -393,7 +393,7 @@ test_ncr_hash(void)
 			DIAGNOSTIC_CALL(ncr_key_import, key, (void*)hash_vectors[i].key, hash_vectors[i].key_size, "ab", 2, NCR_ALG_AES_CBC, NCR_KEY_TYPE_SECRET, NCR_KEY_FLAG_EXPORTABLE);
 			DIAGNOSTIC_CALL(ncr_session_once_direct_data, key, NULL, hash_vectors[i].op, hash_vectors[i].algorithm, (void*)hash_vectors[i].plaintext, hash_vectors[i].plaintext_size, data, sizeof(data));
 		} else {
-			DIAGNOSTIC_CALL(ncr_session_once_direct_data, 0, NULL, hash_vectors[i].op, hash_vectors[i].algorithm, (void*)hash_vectors[i].plaintext, hash_vectors[i].plaintext_size, data, sizeof(data));
+			DIAGNOSTIC_CALL(ncr_session_once_direct_data, NCR_KEY_INVALID, NULL, hash_vectors[i].op, hash_vectors[i].algorithm, (void*)hash_vectors[i].plaintext, hash_vectors[i].plaintext_size, data, sizeof(data));
 		}
 		if (output_size != hash_vectors[i].output_size || memcmp(data, hash_vectors[i].output, hash_vectors[i].output_size)) {
 			DIAGNOSTIC_ERROR("HASH test vector %d failed!\n", i);
-- 
cgit 


From 8b68956147faae4ce64c8a557c64ae2d004401d9 Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Fri, 6 Aug 2010 00:14:43 +0200
Subject: Support output data in NCRIO_SESSION_UPDATE

---
 examples/ncr_lib.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'examples/ncr_lib.c')

diff --git a/examples/ncr_lib.c b/examples/ncr_lib.c
index a657b56..e8d4a66 100644
--- a/examples/ncr_lib.c
+++ b/examples/ncr_lib.c
@@ -433,8 +433,8 @@ test_ncr_hash_key(void)
 
 	/* encrypt */
 	DIAGNOSTIC_CALL(ncr_session_init, &session, NCR_KEY_INVALID, NULL, hash_vectors[0].op, hash_vectors[0].algorithm);
-	DIAGNOSTIC_CALL(ncr_session_update_direct_data, session, (void*)hash_vectors[0].plaintext, hash_vectors[0].plaintext_size);
-	DIAGNOSTIC_CALL(ncr_session_update_key_data, session, key);
+	DIAGNOSTIC_CALL(ncr_session_update_direct_data, session, (void*)hash_vectors[0].plaintext, hash_vectors[0].plaintext_size, NULL, 0);
+	DIAGNOSTIC_CALL(ncr_session_update_key_data, session, key, NULL, 0);
 	DIAGNOSTIC_CALL(ncr_session_final, session, data, sizeof(data));
 	if (output_size != hash_vectors[0].output_size || memcmp(data, output, hash_vectors[0].output_size) != 0) {
 			DIAGNOSTIC_ERROR("HASH test vector %d failed!\n", 0);
-- 
cgit 


From 3bbecb0f648f3f831523e23f02a81e3e2cd5feac Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Fri, 6 Aug 2010 01:44:51 +0200
Subject: Implement missing algorithm-specific keygen params

Rename ncr_key_generate_params_set_bits to
ncr_key_generate_params_set_secret_bits in the process, an incompatible
change.
---
 examples/ncr_lib.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'examples/ncr_lib.c')

diff --git a/examples/ncr_lib.c b/examples/ncr_lib.c
index e8d4a66..d0f435e 100644
--- a/examples/ncr_lib.c
+++ b/examples/ncr_lib.c
@@ -88,7 +88,7 @@ test_ncr_key(void)
 	DIAGNOSTIC_CALL(ncr_key_generate_params_init, &params);
 	DIAGNOSTIC_CALL(ncr_key_generate_params_set_algorithm, params, NCR_ALG_AES_CBC);
 	DIAGNOSTIC_CALL(ncr_key_generate_params_set_keyflags, params, NCR_KEY_FLAG_EXPORTABLE);
-	DIAGNOSTIC_CALL(ncr_key_generate_params_set_bits, params, 128); /* 16  bytes */
+	DIAGNOSTIC_CALL(ncr_key_generate_params_set_secret_bits, params, 128); /* 16  bytes */
 	DIAGNOSTIC_CALL(ncr_key_init, &key);
 	/* generate a key */
 	DIAGNOSTIC_CALL(ncr_key_generate, key, params);
@@ -109,7 +109,7 @@ test_ncr_key(void)
 	DIAGNOSTIC_CALL(ncr_key_generate_params_init, &params);
 	DIAGNOSTIC_CALL(ncr_key_generate_params_set_algorithm, params, NCR_ALG_AES_CBC);
 	DIAGNOSTIC_CALL(ncr_key_generate_params_set_keyflags, params, 0);
-	DIAGNOSTIC_CALL(ncr_key_generate_params_set_bits, params, 128); /* 16  bytes */
+	DIAGNOSTIC_CALL(ncr_key_generate_params_set_secret_bits, params, 128); /* 16  bytes */
 	DIAGNOSTIC_CALL(ncr_key_init, &key);
 	DIAGNOSTIC_CALL(ncr_key_generate, key, params);
 	DIAGNOSTIC_CALL(ncr_key_generate_params_deinit, params);
-- 
cgit 


From 139ed8c79c5258056832f3f14b8d32b7026274fd Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Sat, 7 Aug 2010 08:47:14 +0200
Subject: Provide a nicer example on including <ncrypto.h>

---
 examples/ncr_lib.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'examples/ncr_lib.c')

diff --git a/examples/ncr_lib.c b/examples/ncr_lib.c
index d0f435e..ad69fe7 100644
--- a/examples/ncr_lib.c
+++ b/examples/ncr_lib.c
@@ -12,10 +12,10 @@
 //#include <sys/ioctl.h>
 #include <sys/types.h>
 //#include <sys/stat.h>
-#include "../ncr.h"
-#include "../userspace/ncrypto.h"
 #include <stdlib.h>
 
+#include <ncrypto.h>
+
 #define DATA_SIZE 4096
 #define KEY_DATA_SIZE 16
 #define WRAPPED_KEY_DATA_SIZE 32
-- 
cgit 


From 68e12500e358cf12aefdf114ee80809af5f86e2f Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Sat, 7 Aug 2010 08:49:02 +0200
Subject: Drop a few unnecessary #includes from examples

---
 examples/ncr_lib.c | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'examples/ncr_lib.c')

diff --git a/examples/ncr_lib.c b/examples/ncr_lib.c
index ad69fe7..b83be3b 100644
--- a/examples/ncr_lib.c
+++ b/examples/ncr_lib.c
@@ -7,11 +7,8 @@
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
-//#include <fcntl.h>
 #include <time.h>
-//#include <sys/ioctl.h>
 #include <sys/types.h>
-//#include <sys/stat.h>
 #include <stdlib.h>
 
 #include <ncrypto.h>
-- 
cgit 


From aac00a3bf423f77344f62d129ef0050fea711756 Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Sun, 8 Aug 2010 02:16:07 +0200
Subject: Don't assume <ncr.h> includes <stdint.h>

---
 examples/ncr_lib.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'examples/ncr_lib.c')

diff --git a/examples/ncr_lib.c b/examples/ncr_lib.c
index b83be3b..29a7fbe 100644
--- a/examples/ncr_lib.c
+++ b/examples/ncr_lib.c
@@ -4,6 +4,7 @@
  * Placed under public domain.
  *
  */
+#include <stdint.h>
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
-- 
cgit