From 4b45720ea1dffc3514c81439c7f93928d05c5521 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 24 Jul 2010 12:14:00 +0200
Subject: Simplified the session_op structure and combined the OP_SIGN with the
 OP_DIGEST for digest algorithms.

---
 examples/ncr.c   | 14 +++++++-------
 examples/pk.c    | 24 ++++++++++++------------
 examples/speed.c |  4 ++--
 3 files changed, 21 insertions(+), 21 deletions(-)

(limited to 'examples')

diff --git a/examples/ncr.c b/examples/ncr.c
index 234e8bd..d9870e0 100644
--- a/examples/ncr.c
+++ b/examples/ncr.c
@@ -809,8 +809,8 @@ test_ncr_aes(int cfd)
 		nop.init.algorithm = NCR_ALG_AES_ECB;
 		nop.init.key = key;
 		nop.init.op = NCR_OP_ENCRYPT;
-		nop.op.data.cipher.plaintext = dd;
-		nop.op.data.cipher.ciphertext = dd2;
+		nop.op.input = dd;
+		nop.op.output = dd2;
 
 		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -884,8 +884,8 @@ test_ncr_aes(int cfd)
 		nop.init.algorithm = NCR_ALG_AES_ECB;
 		nop.init.key = key;
 		nop.init.op = NCR_OP_DECRYPT;
-		nop.op.data.cipher.ciphertext = dd;
-		nop.op.data.cipher.plaintext = dd2;
+		nop.op.input = dd;
+		nop.op.output = dd2;
 
 		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -946,7 +946,7 @@ struct hash_vectors_st {
 		.plaintext_size = sizeof("what do ya want for nothing?")-1,
 		.output = (uint8_t*)"\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32",
 		.output_size = 20,
-		.op = NCR_OP_DIGEST,
+		.op = NCR_OP_SIGN,
 	},
 	{
 		.name = "HMAC-MD5",
@@ -1098,8 +1098,8 @@ test_ncr_hash(int cfd)
 		if (hash_vectors[i].key != NULL)
 			nop.init.key = key;
 		nop.init.op = hash_vectors[i].op;
-		nop.op.data.sign.text = dd;
-		nop.op.data.sign.output = dd2;
+		nop.op.input = dd;
+		nop.op.output = dd2;
 
 		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
diff --git a/examples/pk.c b/examples/pk.c
index fef695c..ce9dff8 100644
--- a/examples/pk.c
+++ b/examples/pk.c
@@ -371,8 +371,8 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 		nop.init.params.params.rsa.type = RSA_PKCS1_V1_5;
 	}
 	nop.init.op = NCR_OP_ENCRYPT;
-	nop.op.data.cipher.plaintext = datad;
-	nop.op.data.cipher.ciphertext = encd;
+	nop.op.input = datad;
+	nop.op.output = encd;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -391,8 +391,8 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 	} else {
 		nop.init.params.params.rsa.type = RSA_PKCS1_V1_5;
 	}
-	nop.op.data.cipher.plaintext = encd;
-	nop.op.data.cipher.ciphertext = encd;
+	nop.op.input = encd;
+	nop.op.output = encd;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -466,8 +466,8 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 	nop.init.params.params.rsa.sign_hash = NCR_ALG_SHA1;
 
 	nop.init.op = NCR_OP_SIGN;
-	nop.op.data.sign.text = datad;
-	nop.op.data.sign.output = signd;
+	nop.op.input = datad;
+	nop.op.output = signd;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -483,8 +483,8 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 	nop.init.params.params.rsa.sign_hash = NCR_ALG_SHA1;
 
 	nop.init.op = NCR_OP_VERIFY;
-	nop.op.data.verify.text = datad;
-	nop.op.data.verify.signature = signd;
+	nop.op.input = datad;
+	nop.op.output = signd;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -545,8 +545,8 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 	nop.init.params.params.dsa.sign_hash = NCR_ALG_SHA1;
 
 	nop.init.op = NCR_OP_SIGN;
-	nop.op.data.sign.text = datad;
-	nop.op.data.sign.output = signd;
+	nop.op.input = datad;
+	nop.op.output = signd;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -561,8 +561,8 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 	nop.init.params.params.dsa.sign_hash = NCR_ALG_SHA1;
 
 	nop.init.op = NCR_OP_VERIFY;
-	nop.op.data.verify.text = datad;
-	nop.op.data.verify.signature = signd;
+	nop.op.input = datad;
+	nop.op.output = signd;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
diff --git a/examples/speed.c b/examples/speed.c
index 1c76eb6..d3cf04a 100644
--- a/examples/speed.c
+++ b/examples/speed.c
@@ -189,8 +189,8 @@ int encrypt_data_ncr(int cfd, int algo, int chunksize)
 		nop.init.algorithm = algo;
 		nop.init.key = key;
 		nop.init.op = NCR_OP_ENCRYPT;
-		nop.op.data.cipher.plaintext = dd;
-		nop.op.data.cipher.ciphertext = dd;
+		nop.op.input = dd;
+		nop.op.output = dd;
 
 		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-- 
cgit 


From ffb3e747f8b50ca18701530d1729a4ee3aa4ae69 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 24 Jul 2010 13:43:43 +0200
Subject: Added a support for reading session data directly from userspace.

---
 examples/Makefile     |   8 +-
 examples/ncr-direct.c | 443 ++++++++++++++++++++++++++++++++++++++++++++++++++
 examples/ncr.c        |  15 +-
 examples/pk.c         |  30 ++--
 examples/speed.c      |   5 +-
 5 files changed, 479 insertions(+), 22 deletions(-)
 create mode 100644 examples/ncr-direct.c

(limited to 'examples')

diff --git a/examples/Makefile b/examples/Makefile
index c65297f..f482649 100644
--- a/examples/Makefile
+++ b/examples/Makefile
@@ -1,7 +1,7 @@
 CC = gcc
 CFLAGS = -Wall -g -O2
 
-progs := cipher hmac ncr pk speed
+progs := cipher hmac ncr pk speed ncr-direct
 
 all: $(progs)
 
@@ -17,15 +17,19 @@ hmac: hmac.c
 ncr: ncr.c
 	$(CC) $(CFLAGS) $< -o $@
 
+ncr-direct: ncr-direct.c
+	$(CC) $(CFLAGS) $< -o $@
+
 pk: pk.c
 	$(CC) $(CFLAGS) $< -o $@ -L/usr/local/lib -lgnutls
 
 check: $(progs)
 	./ncr
+	./ncr-direct
 	./pk
 	./cipher
 	./hmac
 	./speed
 
 clean:
-	rm -f *.o *~ hmac cipher ncr pk speed
+	rm -f *.o *~ hmac cipher ncr pk speed ncr-direct
diff --git a/examples/ncr-direct.c b/examples/ncr-direct.c
new file mode 100644
index 0000000..0908e2c
--- /dev/null
+++ b/examples/ncr-direct.c
@@ -0,0 +1,443 @@
+/*
+ * Demo on how to use /dev/crypto device for HMAC.
+ *
+ * Placed under public domain.
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <time.h>
+#include <sys/ioctl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "../ncr.h"
+#include <stdlib.h>
+
+#define DATA_SIZE 4096
+#define KEY_DATA_SIZE 16
+
+
+struct aes_vectors_st {
+	const uint8_t* key;
+	const uint8_t* plaintext;
+	const uint8_t* ciphertext;
+} aes_vectors[] = {
+	{
+		.key = (uint8_t*)"\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+		.plaintext = (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+		.ciphertext = (uint8_t*)"\x4b\xc3\xf8\x83\x45\x0c\x11\x3c\x64\xca\x42\xe1\x11\x2a\x9e\x87",
+	},
+	{
+		.key = (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+		.plaintext = (uint8_t*)"\xf3\x44\x81\xec\x3c\xc6\x27\xba\xcd\x5d\xc3\xfb\x08\xf2\x73\xe6",
+		.ciphertext = (uint8_t*)"\x03\x36\x76\x3e\x96\x6d\x92\x59\x5a\x56\x7c\xc9\xce\x53\x7f\x5e",
+	},
+	{
+		.key = (uint8_t*)"\x10\xa5\x88\x69\xd7\x4b\xe5\xa3\x74\xcf\x86\x7c\xfb\x47\x38\x59",
+		.plaintext = (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+		.ciphertext = (uint8_t*)"\x6d\x25\x1e\x69\x44\xb0\x51\xe0\x4e\xaa\x6f\xb4\xdb\xf7\x84\x65",
+	},
+	{
+		.key = (uint8_t*)"\xca\xea\x65\xcd\xbb\x75\xe9\x16\x9e\xcd\x22\xeb\xe6\xe5\x46\x75",
+		.plaintext = (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+		.ciphertext = (uint8_t*)"\x6e\x29\x20\x11\x90\x15\x2d\xf4\xee\x05\x81\x39\xde\xf6\x10\xbb",
+	},
+	{
+		.key = (uint8_t*)"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe",
+		.plaintext = (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+		.ciphertext = (uint8_t*)"\x9b\xa4\xa9\x14\x3f\x4e\x5d\x40\x48\x52\x1c\x4f\x88\x77\xd8\x8e",
+	},
+};
+
+/* AES cipher */
+static int
+test_ncr_aes(int cfd)
+{
+	struct ncr_data_init_st dinit;
+	ncr_key_t key;
+	struct ncr_key_data_st keydata;
+	struct ncr_data_st kdata;
+	ncr_data_t dd, dd2;
+	uint8_t data[KEY_DATA_SIZE];
+	int i, j;
+	struct ncr_session_once_op_st nop;
+
+	dinit.max_object_size = KEY_DATA_SIZE;
+	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
+	dinit.initial_data = NULL;
+	dinit.initial_data_size = 0;
+
+	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_DATA_INIT)");
+		return 1;
+	}
+
+	dd = dinit.desc;
+
+	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_DATA_INIT)");
+		return 1;
+	}
+
+	dd2 = dinit.desc;
+
+	/* convert it to key */
+	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
+		perror("ioctl(NCRIO_KEY_INIT)");
+		return 1;
+	}
+
+	keydata.key_id[0] = 'a';
+	keydata.key_id[2] = 'b';
+	keydata.key_id_size = 2;
+	keydata.type = NCR_KEY_TYPE_SECRET;
+	keydata.algorithm = NCR_ALG_AES_CBC;
+	keydata.flags = NCR_KEY_FLAG_EXPORTABLE;
+	
+
+	fprintf(stdout, "Tests on AES Encryption\n");
+	for (i=0;i<sizeof(aes_vectors)/sizeof(aes_vectors[0]);i++) {
+
+		/* import key */
+		kdata.data = (void*)aes_vectors[i].key;
+		kdata.data_size = 16;
+		kdata.desc = dd;
+
+		if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
+			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+			perror("ioctl(NCRIO_DATA_SET)");
+			return 1;
+		}
+
+		keydata.key = key;
+		keydata.data = dd;
+		if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
+			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+			perror("ioctl(NCRIO_KEY_IMPORT)");
+			return 1;
+		}
+
+		/* encrypt */
+		memset(&nop, 0, sizeof(nop));
+		nop.init.algorithm = NCR_ALG_AES_ECB;
+		nop.init.key = key;
+		nop.init.op = NCR_OP_ENCRYPT;
+		nop.op.data.udata.input = (void*)aes_vectors[i].plaintext;
+		nop.op.data.udata.input_size = 16;
+		nop.op.data.udata.output = data;
+		nop.op.data.udata.output_size = sizeof(data);
+		nop.op.type = NCR_DIRECT_DATA;
+
+		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
+			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+			perror("ioctl(NCRIO_SESSION_ONCE)");
+			return 1;
+		}
+
+		/* verify */
+
+		if (nop.op.data.udata.output_size != 16 || memcmp(data, aes_vectors[i].ciphertext, 16) != 0) {
+			fprintf(stderr, "AES test vector %d failed!\n", i);
+
+			fprintf(stderr, "Cipher[%d]: ", (int)nop.op.data.udata.output_size);
+			for(j=0;j<nop.op.data.udata.output_size;j++)
+			  fprintf(stderr, "%.2x:", (int)data[j]);
+			fprintf(stderr, "\n");
+
+			fprintf(stderr, "Expected[%d]: ", 16);
+			for(j=0;j<16;j++)
+			  fprintf(stderr, "%.2x:", (int)aes_vectors[i].ciphertext[j]);
+			fprintf(stderr, "\n");
+			return 1;
+		}
+	}
+
+	fprintf(stdout, "Tests on AES Decryption\n");
+	for (i=0;i<sizeof(aes_vectors)/sizeof(aes_vectors[0]);i++) {
+
+		/* import key */
+		kdata.data = (void*)aes_vectors[i].key;
+		kdata.data_size = 16;
+		kdata.desc = dd;
+
+		if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
+			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+			perror("ioctl(NCRIO_DATA_SET)");
+			return 1;
+		}
+
+		keydata.key = key;
+		keydata.data = dd;
+		if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
+			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+			perror("ioctl(NCRIO_KEY_IMPORT)");
+			return 1;
+		}
+
+
+		/* decrypt */
+		memset(&nop, 0, sizeof(nop));
+		nop.init.algorithm = NCR_ALG_AES_ECB;
+		nop.init.key = key;
+		nop.init.op = NCR_OP_DECRYPT;
+		nop.op.data.udata.input = (void*)aes_vectors[i].ciphertext;
+		nop.op.data.udata.input_size = 16;
+		nop.op.data.udata.output = data;
+		nop.op.data.udata.output_size = sizeof(data);
+		nop.op.type = NCR_DIRECT_DATA;
+
+		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
+			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+			perror("ioctl(NCRIO_SESSION_ONCE)");
+			return 1;
+		}
+
+		if (nop.op.data.udata.output_size != 16 || memcmp(data, aes_vectors[i].plaintext, 16) != 0) {
+			fprintf(stderr, "AES test vector %d failed!\n", i);
+
+			fprintf(stderr, "Plain[%d]: ", (int)nop.op.data.udata.output_size);
+			for(j=0;j<nop.op.data.udata.output_size;j++)
+			  fprintf(stderr, "%.2x:", (int)data[j]);
+			fprintf(stderr, "\n");
+
+			fprintf(stderr, "Expected[%d]: ", 16);
+			for(j=0;j<16;j++)
+			  fprintf(stderr, "%.2x:", (int)aes_vectors[i].plaintext[j]);
+			fprintf(stderr, "\n");
+			return 1;
+		}
+	}
+
+
+	fprintf(stdout, "\n");
+
+	return 0;
+
+}
+
+struct hash_vectors_st {
+	const char* name;
+	ncr_algorithm_t algorithm;
+	const uint8_t* key; /* if hmac */
+	int key_size;
+	const uint8_t* plaintext;
+	int plaintext_size;
+	const uint8_t* output;
+	int output_size;
+	ncr_crypto_op_t op;
+} hash_vectors[] = {
+	{
+		.name = "SHA1",
+		.algorithm = NCR_ALG_SHA1,
+		.key = NULL,
+		.plaintext = (uint8_t*)"what do ya want for nothing?",
+		.plaintext_size = sizeof("what do ya want for nothing?")-1,
+		.output = (uint8_t*)"\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32",
+		.output_size = 20,
+		.op = NCR_OP_SIGN,
+	},
+	{
+		.name = "HMAC-MD5",
+		.algorithm = NCR_ALG_HMAC_MD5,
+		.key = (uint8_t*)"Jefe",
+		.key_size = 4,
+		.plaintext = (uint8_t*)"what do ya want for nothing?",
+		.plaintext_size = sizeof("what do ya want for nothing?")-1,
+		.output = (uint8_t*)"\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38",
+		.output_size = 16,
+		.op = NCR_OP_SIGN,
+	},
+	/* from rfc4231 */
+	{
+		.name = "HMAC-SHA224",
+		.algorithm = NCR_ALG_HMAC_SHA2_224,
+		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+		.key_size = 20,
+		.plaintext = (uint8_t*)"Hi There",
+		.plaintext_size = sizeof("Hi There")-1,
+		.output = (uint8_t*)"\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22",
+		.output_size = 28,
+		.op = NCR_OP_SIGN,
+	},
+	{
+		.name = "HMAC-SHA256",
+		.algorithm = NCR_ALG_HMAC_SHA2_256,
+		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+		.key_size = 20,
+		.plaintext = (uint8_t*)"Hi There",
+		.plaintext_size = sizeof("Hi There")-1,
+		.output = (uint8_t*)"\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32\xcf\xf7",
+		.output_size = 32,
+		.op = NCR_OP_SIGN,
+	},
+	{
+		.name = "HMAC-SHA384",
+		.algorithm = NCR_ALG_HMAC_SHA2_384,
+		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+		.key_size = 20,
+		.plaintext = (uint8_t*)"Hi There",
+		.plaintext_size = sizeof("Hi There")-1,
+		.output = (uint8_t*)"\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2\xfa\x9c\xb6",
+		.output_size = 48,
+		.op = NCR_OP_SIGN,
+	},
+	{
+		.name = "HMAC-SHA512",
+		.algorithm = NCR_ALG_HMAC_SHA2_512,
+		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+		.key_size = 20,
+		.plaintext = (uint8_t*)"Hi There",
+		.plaintext_size = sizeof("Hi There")-1,
+		.output = (uint8_t*)"\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20\x3a\x12\x68\x54",
+		.output_size = 64,
+		.op = NCR_OP_SIGN,
+	},
+};
+
+#define HASH_DATA_SIZE 64
+
+/* SHA1 and other hashes */
+static int
+test_ncr_hash(int cfd)
+{
+	struct ncr_data_init_st dinit;
+	ncr_key_t key;
+	struct ncr_key_data_st keydata;
+	struct ncr_data_st kdata;
+	ncr_data_t dd, dd2;
+	uint8_t data[HASH_DATA_SIZE];
+	int i, j;
+	struct ncr_session_once_op_st nop;
+
+	dinit.max_object_size = HASH_DATA_SIZE;
+	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
+	dinit.initial_data = NULL;
+	dinit.initial_data_size = 0;
+
+	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_DATA_INIT)");
+		return 1;
+	}
+
+	dd = dinit.desc;
+
+	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_DATA_INIT)");
+		return 1;
+	}
+
+	dd2 = dinit.desc;
+
+	/* convert it to key */
+	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
+		perror("ioctl(NCRIO_KEY_INIT)");
+		return 1;
+	}
+
+	keydata.key_id[0] = 'a';
+	keydata.key_id[2] = 'b';
+	keydata.key_id_size = 2;
+	keydata.type = NCR_KEY_TYPE_SECRET;
+	keydata.algorithm = NCR_ALG_AES_CBC;
+	keydata.flags = NCR_KEY_FLAG_EXPORTABLE;
+	
+
+	fprintf(stdout, "Tests on Hashes\n");
+	for (i=0;i<sizeof(hash_vectors)/sizeof(hash_vectors[0]);i++) {
+
+		fprintf(stdout, "\t%s:\n", hash_vectors[i].name);
+		/* import key */
+		if (hash_vectors[i].key != NULL) {
+			kdata.data = (void*)hash_vectors[i].key;
+			kdata.data_size = hash_vectors[i].key_size;
+			kdata.desc = dd;
+
+			if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
+				fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+				perror("ioctl(NCRIO_DATA_SET)");
+				return 1;
+			}
+
+			keydata.key = key;
+			keydata.data = dd;
+			if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
+				fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+				perror("ioctl(NCRIO_KEY_IMPORT)");
+				return 1;
+			}
+		}
+
+		/* encrypt */
+		memset(&nop, 0, sizeof(nop));
+		nop.init.algorithm = hash_vectors[i].algorithm;
+		if (hash_vectors[i].key != NULL)
+			nop.init.key = key;
+		nop.init.op = hash_vectors[i].op;
+		nop.op.data.udata.input =  (void*)hash_vectors[i].plaintext;
+		nop.op.data.udata.input_size = hash_vectors[i].plaintext_size;
+		nop.op.data.udata.output = data;
+		nop.op.data.udata.output_size = sizeof(data);
+		nop.op.type = NCR_DIRECT_DATA;
+
+		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
+			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+			perror("ioctl(NCRIO_SESSION_ONCE)");
+			return 1;
+		}
+
+		if (nop.op.data.udata.output_size != hash_vectors[i].output_size ||
+			memcmp(data, hash_vectors[i].output, hash_vectors[i].output_size) != 0) {
+			fprintf(stderr, "HASH test vector %d failed!\n", i);
+
+			fprintf(stderr, "Output[%d]: ", (int)nop.op.data.udata.output_size);
+			for(j=0;j<nop.op.data.udata.output_size;j++)
+			  fprintf(stderr, "%.2x:", (int)data[j]);
+			fprintf(stderr, "\n");
+
+			fprintf(stderr, "Expected[%d]: ", hash_vectors[i].output_size);
+			for(j=0;j<hash_vectors[i].output_size;j++)
+			  fprintf(stderr, "%.2x:", (int)hash_vectors[i].output[j]);
+			fprintf(stderr, "\n");
+			return 1;
+		}
+	}
+
+	fprintf(stdout, "\n");
+
+	return 0;
+
+}
+
+
+int
+main()
+{
+	int fd = -1;
+
+	/* Open the crypto device */
+	fd = open("/dev/crypto", O_RDWR, 0);
+	if (fd < 0) {
+		perror("open(/dev/crypto)");
+		return 1;
+	}
+
+	if (test_ncr_aes(fd))
+		return 1;
+
+	if (test_ncr_hash(fd))
+		return 1;
+
+	/* Close the original descriptor */
+	if (close(fd)) {
+		perror("close(fd)");
+		return 1;
+	}
+
+	return 0;
+}
diff --git a/examples/ncr.c b/examples/ncr.c
index d9870e0..bd5779c 100644
--- a/examples/ncr.c
+++ b/examples/ncr.c
@@ -809,8 +809,9 @@ test_ncr_aes(int cfd)
 		nop.init.algorithm = NCR_ALG_AES_ECB;
 		nop.init.key = key;
 		nop.init.op = NCR_OP_ENCRYPT;
-		nop.op.input = dd;
-		nop.op.output = dd2;
+		nop.op.data.ndata.input = dd;
+		nop.op.data.ndata.output = dd2;
+		nop.op.type = NCR_DATA;
 
 		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -884,8 +885,9 @@ test_ncr_aes(int cfd)
 		nop.init.algorithm = NCR_ALG_AES_ECB;
 		nop.init.key = key;
 		nop.init.op = NCR_OP_DECRYPT;
-		nop.op.input = dd;
-		nop.op.output = dd2;
+		nop.op.data.ndata.input = dd;
+		nop.op.data.ndata.output = dd2;
+		nop.op.type = NCR_DATA;
 
 		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -1098,8 +1100,9 @@ test_ncr_hash(int cfd)
 		if (hash_vectors[i].key != NULL)
 			nop.init.key = key;
 		nop.init.op = hash_vectors[i].op;
-		nop.op.input = dd;
-		nop.op.output = dd2;
+		nop.op.data.ndata.input = dd;
+		nop.op.data.ndata.output = dd2;
+		nop.op.type = NCR_DATA;
 
 		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
diff --git a/examples/pk.c b/examples/pk.c
index ce9dff8..287e9f3 100644
--- a/examples/pk.c
+++ b/examples/pk.c
@@ -371,8 +371,9 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 		nop.init.params.params.rsa.type = RSA_PKCS1_V1_5;
 	}
 	nop.init.op = NCR_OP_ENCRYPT;
-	nop.op.input = datad;
-	nop.op.output = encd;
+	nop.op.data.ndata.input = datad;
+	nop.op.data.ndata.output = encd;
+	nop.op.type = NCR_DATA;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -391,8 +392,9 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 	} else {
 		nop.init.params.params.rsa.type = RSA_PKCS1_V1_5;
 	}
-	nop.op.input = encd;
-	nop.op.output = encd;
+	nop.op.data.ndata.input = encd;
+	nop.op.data.ndata.output = encd;
+	nop.op.type = NCR_DATA;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -466,8 +468,9 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 	nop.init.params.params.rsa.sign_hash = NCR_ALG_SHA1;
 
 	nop.init.op = NCR_OP_SIGN;
-	nop.op.input = datad;
-	nop.op.output = signd;
+	nop.op.data.ndata.input = datad;
+	nop.op.data.ndata.output = signd;
+	nop.op.type = NCR_DATA;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -483,8 +486,9 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 	nop.init.params.params.rsa.sign_hash = NCR_ALG_SHA1;
 
 	nop.init.op = NCR_OP_VERIFY;
-	nop.op.input = datad;
-	nop.op.output = signd;
+	nop.op.data.ndata.input = datad;
+	nop.op.data.ndata.output = signd;
+	nop.op.type = NCR_DATA;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -545,8 +549,9 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 	nop.init.params.params.dsa.sign_hash = NCR_ALG_SHA1;
 
 	nop.init.op = NCR_OP_SIGN;
-	nop.op.input = datad;
-	nop.op.output = signd;
+	nop.op.data.ndata.input = datad;
+	nop.op.data.ndata.output = signd;
+	nop.op.type = NCR_DATA;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -561,8 +566,9 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 	nop.init.params.params.dsa.sign_hash = NCR_ALG_SHA1;
 
 	nop.init.op = NCR_OP_VERIFY;
-	nop.op.input = datad;
-	nop.op.output = signd;
+	nop.op.data.ndata.input = datad;
+	nop.op.data.ndata.output = signd;
+	nop.op.type = NCR_DATA;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
diff --git a/examples/speed.c b/examples/speed.c
index d3cf04a..1416411 100644
--- a/examples/speed.c
+++ b/examples/speed.c
@@ -189,8 +189,9 @@ int encrypt_data_ncr(int cfd, int algo, int chunksize)
 		nop.init.algorithm = algo;
 		nop.init.key = key;
 		nop.init.op = NCR_OP_ENCRYPT;
-		nop.op.input = dd;
-		nop.op.output = dd;
+		nop.op.data.ndata.input = dd;
+		nop.op.data.ndata.output = dd;
+		nop.op.type = NCR_DATA;
 
 		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-- 
cgit 


From 174add36f5b6592db7573145f5c59d0207856e07 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 24 Jul 2010 18:46:50 +0200
Subject: Added the NCR-DIRECT to speed test.

---
 examples/speed.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 89 insertions(+), 4 deletions(-)

(limited to 'examples')

diff --git a/examples/speed.c b/examples/speed.c
index 1416411..d49faa9 100644
--- a/examples/speed.c
+++ b/examples/speed.c
@@ -218,6 +218,78 @@ int encrypt_data_ncr(int cfd, int algo, int chunksize)
 	return 0;
 }
 
+int encrypt_data_ncr_direct(int cfd, int algo, int chunksize)
+{
+	char *buffer, iv[32];
+	static int val = 23;
+	struct timeval start, end;
+	double total = 0;
+	double secs, ddata, dspeed;
+	char metric[16];
+	ncr_key_t key;
+	struct ncr_key_generate_st kgen;
+	struct ncr_session_once_op_st nop;
+
+	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_KEY_INIT)");
+		return 1;
+	}
+
+	kgen.desc = key;
+	kgen.params.algorithm = NCR_ALG_AES_CBC;
+	kgen.params.keyflags = NCR_KEY_FLAG_EXPORTABLE;
+	kgen.params.params.secret.bits = 128; /* 16  bytes */
+	
+	if (ioctl(cfd, NCRIO_KEY_GENERATE, &kgen)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_KEY_IMPORT)");
+		return 1;
+	}
+
+
+	buffer = malloc(chunksize);
+	memset(iv, 0x23, 32);
+
+	printf("\tEncrypting in chunks of %d bytes: ", chunksize);
+	fflush(stdout);
+
+	memset(buffer, val++, chunksize);
+
+	must_finish = 0;
+	alarm(5);
+
+	gettimeofday(&start, NULL);
+	do {
+		memset(&nop, 0, sizeof(nop));
+		nop.init.algorithm = algo;
+		nop.init.key = key;
+		nop.init.op = NCR_OP_ENCRYPT;
+		nop.op.data.udata.input = buffer;
+		nop.op.data.udata.input_size = chunksize;
+		nop.op.data.udata.output = buffer;
+		nop.op.data.udata.output_size = chunksize;
+		nop.op.type = NCR_DIRECT_DATA;
+
+		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
+			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+			perror("ioctl(NCRIO_SESSION_ONCE)");
+			return 1;
+		}
+
+		total+=chunksize;
+	} while(must_finish==0);
+	gettimeofday(&end, NULL);
+
+	secs = udifftimeval(start, end)/ 1000000.0;
+	
+	value2human(total, secs, &ddata, &dspeed, metric);
+	printf ("done. %.2f %s in %.2f secs: ", ddata, metric, secs);
+	printf ("%.2f %s/sec\n", dspeed, metric);
+
+	return 0;
+}
+
 int main(void)
 {
 	int fd, i, fdc = -1;
@@ -250,6 +322,19 @@ int main(void)
 			break;
 	}
 
+	fprintf(stderr, "\nTesting NCR with NULL cipher: \n");
+	for (i = 256; i <= (64 * 1024); i *= 2) {
+		if (encrypt_data_ncr(fdc, NCR_ALG_NULL, i))
+			break;
+	}
+
+	fprintf(stderr, "\nTesting NCR-DIRECT with NULL cipher: \n");
+	for (i = 256; i <= (64 * 1024); i *= 2) {
+		if (encrypt_data_ncr_direct(fdc, NCR_ALG_NULL, i))
+			break;
+	}
+
+
 	fprintf(stderr, "\nTesting AES-128-CBC cipher: \n");
 	memset(&sess, 0, sizeof(sess));
 	sess.cipher = CRYPTO_AES_CBC;
@@ -266,15 +351,15 @@ int main(void)
 			break;
 	}
 
-	fprintf(stderr, "\nTesting NCR with NULL cipher: \n");
+	fprintf(stderr, "\nTesting NCR with AES-128-CBC cipher: \n");
 	for (i = 256; i <= (64 * 1024); i *= 2) {
-		if (encrypt_data_ncr(fdc, NCR_ALG_NULL, i))
+		if (encrypt_data_ncr(fdc, NCR_ALG_AES_CBC, i))
 			break;
 	}
 
-	fprintf(stderr, "\nTesting NCR with AES-128-CBC cipher: \n");
+	fprintf(stderr, "\nTesting NCR-DIRECT with AES-128-CBC cipher: \n");
 	for (i = 256; i <= (64 * 1024); i *= 2) {
-		if (encrypt_data_ncr(fdc, NCR_ALG_AES_CBC, i))
+		if (encrypt_data_ncr_direct(fdc, NCR_ALG_AES_CBC, i))
 			break;
 	}
 
-- 
cgit 


From 707f55b34377fd9f33ccbdd0b5ab61cb484396f0 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sun, 25 Jul 2010 21:34:55 +0200
Subject: Key wrapping operates directly to userspace data. No need to involve
 the data_t structures.

---
 examples/ncr.c | 33 ++++++++++++++++-----------------
 1 file changed, 16 insertions(+), 17 deletions(-)

(limited to 'examples')

diff --git a/examples/ncr.c b/examples/ncr.c
index bd5779c..be3dec9 100644
--- a/examples/ncr.c
+++ b/examples/ncr.c
@@ -383,7 +383,7 @@ test_ncr_wrap_key(int cfd)
 	struct ncr_data_st kdata;
 	struct ncr_key_wrap_st kwrap;
 	uint8_t data[WRAPPED_KEY_DATA_SIZE];
-
+	int data_size;
 
 	fprintf(stdout, "Tests on Keys:\n");
 
@@ -465,29 +465,23 @@ test_ncr_wrap_key(int cfd)
 	kwrap.algorithm = NCR_WALG_AES_RFC3394;
 	kwrap.keytowrap = key2;
 	kwrap.key = key;
-	kwrap.data = kdata.desc;
+	kwrap.io = data;
+	kwrap.io_size = sizeof(data);
 
 	if (ioctl(cfd, NCRIO_KEY_WRAP, &kwrap)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		perror("ioctl(NCRIO_KEY_WRAP)");
 		return 1;
 	}
+	
+	data_size = kwrap.io_size;
 
-	kdata.data = data;
-	kdata.data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_GET)");
-		return 1;
-	}
-
-	if (kdata.data_size != 24 || memcmp(kdata.data,
+	if (kwrap.io_size != 24 || memcmp(data,
 		"\x1F\xA6\x8B\x0A\x81\x12\xB4\x47\xAE\xF3\x4B\xD8\xFB\x5A\x7B\x82\x9D\x3E\x86\x23\x71\xD2\xCF\xE5", 24) != 0) {
 		fprintf(stderr, "Wrapped data do not match.\n");
 
-		fprintf(stderr, "Data[%d]: ",(int) kdata.data_size);
-		for(i=0;i<kdata.data_size;i++)
+		fprintf(stderr, "Data[%d]: ",(int) kwrap.io_size);
+		for(i=0;i<kwrap.io_size;i++)
 			fprintf(stderr, "%.2x:", data[i]);
 		fprintf(stderr, "\n");
 		return 1;
@@ -514,7 +508,8 @@ test_ncr_wrap_key(int cfd)
 	kwrap.algorithm = NCR_WALG_AES_RFC3394;
 	kwrap.keytowrap = key2;
 	kwrap.key = key;
-	kwrap.data = kdata.desc;
+	kwrap.io = data;
+	kwrap.io_size = data_size;
 
 	if (ioctl(cfd, NCRIO_KEY_UNWRAP, &kwrap)) {
 		perror("ioctl(NCRIO_KEY_UNWRAP)");
@@ -568,6 +563,7 @@ test_ncr_store_wrap_key(int cfd)
 	struct ncr_key_storage_wrap_st kwrap;
 	uint8_t data[DATA_SIZE];
 	int dd;
+	int data_size;
 
 	fprintf(stdout, "Tests on Key storage:\n");
 
@@ -626,7 +622,8 @@ test_ncr_store_wrap_key(int cfd)
 	/* now try wrapping key2 using key */
 	memset(&kwrap, 0, sizeof(kwrap));
 	kwrap.keytowrap = key2;
-	kwrap.data = dd;
+	kwrap.io = data;
+	kwrap.io_size = sizeof(data);
 
 	if (ioctl(cfd, NCRIO_KEY_STORAGE_WRAP, &kwrap)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -635,6 +632,7 @@ test_ncr_store_wrap_key(int cfd)
 	}
 
 	/* test unwrapping */
+	data_size = kwrap.io_size;
 	fprintf(stdout, "\tKey Storage Unwrap test...\n");
 
 	/* reset key2 */
@@ -652,7 +650,8 @@ test_ncr_store_wrap_key(int cfd)
 
 	memset(&kwrap, 0, sizeof(kwrap));
 	kwrap.keytowrap = key2;
-	kwrap.data = dd;
+	kwrap.io = data;
+	kwrap.io_size = data_size;
 
 	if (ioctl(cfd, NCRIO_KEY_STORAGE_UNWRAP, &kwrap)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-- 
cgit 


From 6a2560330da7bc05ccb9bc75e70ce745acba7d6c Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sun, 25 Jul 2010 22:17:22 +0200
Subject: No need for ncr-direct. All session operations are being done on keys
 or on userspace data.

---
 examples/Makefile     |   3 -
 examples/ncr-direct.c | 443 --------------------------------------------------
 examples/ncr.c        | 116 ++++---------
 examples/pk.c         | 185 ++++++---------------
 4 files changed, 82 insertions(+), 665 deletions(-)
 delete mode 100644 examples/ncr-direct.c

(limited to 'examples')

diff --git a/examples/Makefile b/examples/Makefile
index f482649..ff5381d 100644
--- a/examples/Makefile
+++ b/examples/Makefile
@@ -17,9 +17,6 @@ hmac: hmac.c
 ncr: ncr.c
 	$(CC) $(CFLAGS) $< -o $@
 
-ncr-direct: ncr-direct.c
-	$(CC) $(CFLAGS) $< -o $@
-
 pk: pk.c
 	$(CC) $(CFLAGS) $< -o $@ -L/usr/local/lib -lgnutls
 
diff --git a/examples/ncr-direct.c b/examples/ncr-direct.c
deleted file mode 100644
index 0908e2c..0000000
--- a/examples/ncr-direct.c
+++ /dev/null
@@ -1,443 +0,0 @@
-/*
- * Demo on how to use /dev/crypto device for HMAC.
- *
- * Placed under public domain.
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <time.h>
-#include <sys/ioctl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "../ncr.h"
-#include <stdlib.h>
-
-#define DATA_SIZE 4096
-#define KEY_DATA_SIZE 16
-
-
-struct aes_vectors_st {
-	const uint8_t* key;
-	const uint8_t* plaintext;
-	const uint8_t* ciphertext;
-} aes_vectors[] = {
-	{
-		.key = (uint8_t*)"\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
-		.plaintext = (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
-		.ciphertext = (uint8_t*)"\x4b\xc3\xf8\x83\x45\x0c\x11\x3c\x64\xca\x42\xe1\x11\x2a\x9e\x87",
-	},
-	{
-		.key = (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
-		.plaintext = (uint8_t*)"\xf3\x44\x81\xec\x3c\xc6\x27\xba\xcd\x5d\xc3\xfb\x08\xf2\x73\xe6",
-		.ciphertext = (uint8_t*)"\x03\x36\x76\x3e\x96\x6d\x92\x59\x5a\x56\x7c\xc9\xce\x53\x7f\x5e",
-	},
-	{
-		.key = (uint8_t*)"\x10\xa5\x88\x69\xd7\x4b\xe5\xa3\x74\xcf\x86\x7c\xfb\x47\x38\x59",
-		.plaintext = (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
-		.ciphertext = (uint8_t*)"\x6d\x25\x1e\x69\x44\xb0\x51\xe0\x4e\xaa\x6f\xb4\xdb\xf7\x84\x65",
-	},
-	{
-		.key = (uint8_t*)"\xca\xea\x65\xcd\xbb\x75\xe9\x16\x9e\xcd\x22\xeb\xe6\xe5\x46\x75",
-		.plaintext = (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
-		.ciphertext = (uint8_t*)"\x6e\x29\x20\x11\x90\x15\x2d\xf4\xee\x05\x81\x39\xde\xf6\x10\xbb",
-	},
-	{
-		.key = (uint8_t*)"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe",
-		.plaintext = (uint8_t*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
-		.ciphertext = (uint8_t*)"\x9b\xa4\xa9\x14\x3f\x4e\x5d\x40\x48\x52\x1c\x4f\x88\x77\xd8\x8e",
-	},
-};
-
-/* AES cipher */
-static int
-test_ncr_aes(int cfd)
-{
-	struct ncr_data_init_st dinit;
-	ncr_key_t key;
-	struct ncr_key_data_st keydata;
-	struct ncr_data_st kdata;
-	ncr_data_t dd, dd2;
-	uint8_t data[KEY_DATA_SIZE];
-	int i, j;
-	struct ncr_session_once_op_st nop;
-
-	dinit.max_object_size = KEY_DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-	dinit.initial_data = NULL;
-	dinit.initial_data_size = 0;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
-	dd = dinit.desc;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
-	dd2 = dinit.desc;
-
-	/* convert it to key */
-	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
-		perror("ioctl(NCRIO_KEY_INIT)");
-		return 1;
-	}
-
-	keydata.key_id[0] = 'a';
-	keydata.key_id[2] = 'b';
-	keydata.key_id_size = 2;
-	keydata.type = NCR_KEY_TYPE_SECRET;
-	keydata.algorithm = NCR_ALG_AES_CBC;
-	keydata.flags = NCR_KEY_FLAG_EXPORTABLE;
-	
-
-	fprintf(stdout, "Tests on AES Encryption\n");
-	for (i=0;i<sizeof(aes_vectors)/sizeof(aes_vectors[0]);i++) {
-
-		/* import key */
-		kdata.data = (void*)aes_vectors[i].key;
-		kdata.data_size = 16;
-		kdata.desc = dd;
-
-		if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_DATA_SET)");
-			return 1;
-		}
-
-		keydata.key = key;
-		keydata.data = dd;
-		if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_KEY_IMPORT)");
-			return 1;
-		}
-
-		/* encrypt */
-		memset(&nop, 0, sizeof(nop));
-		nop.init.algorithm = NCR_ALG_AES_ECB;
-		nop.init.key = key;
-		nop.init.op = NCR_OP_ENCRYPT;
-		nop.op.data.udata.input = (void*)aes_vectors[i].plaintext;
-		nop.op.data.udata.input_size = 16;
-		nop.op.data.udata.output = data;
-		nop.op.data.udata.output_size = sizeof(data);
-		nop.op.type = NCR_DIRECT_DATA;
-
-		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_SESSION_ONCE)");
-			return 1;
-		}
-
-		/* verify */
-
-		if (nop.op.data.udata.output_size != 16 || memcmp(data, aes_vectors[i].ciphertext, 16) != 0) {
-			fprintf(stderr, "AES test vector %d failed!\n", i);
-
-			fprintf(stderr, "Cipher[%d]: ", (int)nop.op.data.udata.output_size);
-			for(j=0;j<nop.op.data.udata.output_size;j++)
-			  fprintf(stderr, "%.2x:", (int)data[j]);
-			fprintf(stderr, "\n");
-
-			fprintf(stderr, "Expected[%d]: ", 16);
-			for(j=0;j<16;j++)
-			  fprintf(stderr, "%.2x:", (int)aes_vectors[i].ciphertext[j]);
-			fprintf(stderr, "\n");
-			return 1;
-		}
-	}
-
-	fprintf(stdout, "Tests on AES Decryption\n");
-	for (i=0;i<sizeof(aes_vectors)/sizeof(aes_vectors[0]);i++) {
-
-		/* import key */
-		kdata.data = (void*)aes_vectors[i].key;
-		kdata.data_size = 16;
-		kdata.desc = dd;
-
-		if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_DATA_SET)");
-			return 1;
-		}
-
-		keydata.key = key;
-		keydata.data = dd;
-		if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_KEY_IMPORT)");
-			return 1;
-		}
-
-
-		/* decrypt */
-		memset(&nop, 0, sizeof(nop));
-		nop.init.algorithm = NCR_ALG_AES_ECB;
-		nop.init.key = key;
-		nop.init.op = NCR_OP_DECRYPT;
-		nop.op.data.udata.input = (void*)aes_vectors[i].ciphertext;
-		nop.op.data.udata.input_size = 16;
-		nop.op.data.udata.output = data;
-		nop.op.data.udata.output_size = sizeof(data);
-		nop.op.type = NCR_DIRECT_DATA;
-
-		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_SESSION_ONCE)");
-			return 1;
-		}
-
-		if (nop.op.data.udata.output_size != 16 || memcmp(data, aes_vectors[i].plaintext, 16) != 0) {
-			fprintf(stderr, "AES test vector %d failed!\n", i);
-
-			fprintf(stderr, "Plain[%d]: ", (int)nop.op.data.udata.output_size);
-			for(j=0;j<nop.op.data.udata.output_size;j++)
-			  fprintf(stderr, "%.2x:", (int)data[j]);
-			fprintf(stderr, "\n");
-
-			fprintf(stderr, "Expected[%d]: ", 16);
-			for(j=0;j<16;j++)
-			  fprintf(stderr, "%.2x:", (int)aes_vectors[i].plaintext[j]);
-			fprintf(stderr, "\n");
-			return 1;
-		}
-	}
-
-
-	fprintf(stdout, "\n");
-
-	return 0;
-
-}
-
-struct hash_vectors_st {
-	const char* name;
-	ncr_algorithm_t algorithm;
-	const uint8_t* key; /* if hmac */
-	int key_size;
-	const uint8_t* plaintext;
-	int plaintext_size;
-	const uint8_t* output;
-	int output_size;
-	ncr_crypto_op_t op;
-} hash_vectors[] = {
-	{
-		.name = "SHA1",
-		.algorithm = NCR_ALG_SHA1,
-		.key = NULL,
-		.plaintext = (uint8_t*)"what do ya want for nothing?",
-		.plaintext_size = sizeof("what do ya want for nothing?")-1,
-		.output = (uint8_t*)"\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32",
-		.output_size = 20,
-		.op = NCR_OP_SIGN,
-	},
-	{
-		.name = "HMAC-MD5",
-		.algorithm = NCR_ALG_HMAC_MD5,
-		.key = (uint8_t*)"Jefe",
-		.key_size = 4,
-		.plaintext = (uint8_t*)"what do ya want for nothing?",
-		.plaintext_size = sizeof("what do ya want for nothing?")-1,
-		.output = (uint8_t*)"\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38",
-		.output_size = 16,
-		.op = NCR_OP_SIGN,
-	},
-	/* from rfc4231 */
-	{
-		.name = "HMAC-SHA224",
-		.algorithm = NCR_ALG_HMAC_SHA2_224,
-		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
-		.key_size = 20,
-		.plaintext = (uint8_t*)"Hi There",
-		.plaintext_size = sizeof("Hi There")-1,
-		.output = (uint8_t*)"\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22",
-		.output_size = 28,
-		.op = NCR_OP_SIGN,
-	},
-	{
-		.name = "HMAC-SHA256",
-		.algorithm = NCR_ALG_HMAC_SHA2_256,
-		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
-		.key_size = 20,
-		.plaintext = (uint8_t*)"Hi There",
-		.plaintext_size = sizeof("Hi There")-1,
-		.output = (uint8_t*)"\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32\xcf\xf7",
-		.output_size = 32,
-		.op = NCR_OP_SIGN,
-	},
-	{
-		.name = "HMAC-SHA384",
-		.algorithm = NCR_ALG_HMAC_SHA2_384,
-		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
-		.key_size = 20,
-		.plaintext = (uint8_t*)"Hi There",
-		.plaintext_size = sizeof("Hi There")-1,
-		.output = (uint8_t*)"\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2\xfa\x9c\xb6",
-		.output_size = 48,
-		.op = NCR_OP_SIGN,
-	},
-	{
-		.name = "HMAC-SHA512",
-		.algorithm = NCR_ALG_HMAC_SHA2_512,
-		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
-		.key_size = 20,
-		.plaintext = (uint8_t*)"Hi There",
-		.plaintext_size = sizeof("Hi There")-1,
-		.output = (uint8_t*)"\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20\x3a\x12\x68\x54",
-		.output_size = 64,
-		.op = NCR_OP_SIGN,
-	},
-};
-
-#define HASH_DATA_SIZE 64
-
-/* SHA1 and other hashes */
-static int
-test_ncr_hash(int cfd)
-{
-	struct ncr_data_init_st dinit;
-	ncr_key_t key;
-	struct ncr_key_data_st keydata;
-	struct ncr_data_st kdata;
-	ncr_data_t dd, dd2;
-	uint8_t data[HASH_DATA_SIZE];
-	int i, j;
-	struct ncr_session_once_op_st nop;
-
-	dinit.max_object_size = HASH_DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-	dinit.initial_data = NULL;
-	dinit.initial_data_size = 0;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
-	dd = dinit.desc;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
-	dd2 = dinit.desc;
-
-	/* convert it to key */
-	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
-		perror("ioctl(NCRIO_KEY_INIT)");
-		return 1;
-	}
-
-	keydata.key_id[0] = 'a';
-	keydata.key_id[2] = 'b';
-	keydata.key_id_size = 2;
-	keydata.type = NCR_KEY_TYPE_SECRET;
-	keydata.algorithm = NCR_ALG_AES_CBC;
-	keydata.flags = NCR_KEY_FLAG_EXPORTABLE;
-	
-
-	fprintf(stdout, "Tests on Hashes\n");
-	for (i=0;i<sizeof(hash_vectors)/sizeof(hash_vectors[0]);i++) {
-
-		fprintf(stdout, "\t%s:\n", hash_vectors[i].name);
-		/* import key */
-		if (hash_vectors[i].key != NULL) {
-			kdata.data = (void*)hash_vectors[i].key;
-			kdata.data_size = hash_vectors[i].key_size;
-			kdata.desc = dd;
-
-			if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
-				fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-				perror("ioctl(NCRIO_DATA_SET)");
-				return 1;
-			}
-
-			keydata.key = key;
-			keydata.data = dd;
-			if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
-				fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-				perror("ioctl(NCRIO_KEY_IMPORT)");
-				return 1;
-			}
-		}
-
-		/* encrypt */
-		memset(&nop, 0, sizeof(nop));
-		nop.init.algorithm = hash_vectors[i].algorithm;
-		if (hash_vectors[i].key != NULL)
-			nop.init.key = key;
-		nop.init.op = hash_vectors[i].op;
-		nop.op.data.udata.input =  (void*)hash_vectors[i].plaintext;
-		nop.op.data.udata.input_size = hash_vectors[i].plaintext_size;
-		nop.op.data.udata.output = data;
-		nop.op.data.udata.output_size = sizeof(data);
-		nop.op.type = NCR_DIRECT_DATA;
-
-		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_SESSION_ONCE)");
-			return 1;
-		}
-
-		if (nop.op.data.udata.output_size != hash_vectors[i].output_size ||
-			memcmp(data, hash_vectors[i].output, hash_vectors[i].output_size) != 0) {
-			fprintf(stderr, "HASH test vector %d failed!\n", i);
-
-			fprintf(stderr, "Output[%d]: ", (int)nop.op.data.udata.output_size);
-			for(j=0;j<nop.op.data.udata.output_size;j++)
-			  fprintf(stderr, "%.2x:", (int)data[j]);
-			fprintf(stderr, "\n");
-
-			fprintf(stderr, "Expected[%d]: ", hash_vectors[i].output_size);
-			for(j=0;j<hash_vectors[i].output_size;j++)
-			  fprintf(stderr, "%.2x:", (int)hash_vectors[i].output[j]);
-			fprintf(stderr, "\n");
-			return 1;
-		}
-	}
-
-	fprintf(stdout, "\n");
-
-	return 0;
-
-}
-
-
-int
-main()
-{
-	int fd = -1;
-
-	/* Open the crypto device */
-	fd = open("/dev/crypto", O_RDWR, 0);
-	if (fd < 0) {
-		perror("open(/dev/crypto)");
-		return 1;
-	}
-
-	if (test_ncr_aes(fd))
-		return 1;
-
-	if (test_ncr_hash(fd))
-		return 1;
-
-	/* Close the original descriptor */
-	if (close(fd)) {
-		perror("close(fd)");
-		return 1;
-	}
-
-	return 0;
-}
diff --git a/examples/ncr.c b/examples/ncr.c
index be3dec9..f2c4b72 100644
--- a/examples/ncr.c
+++ b/examples/ncr.c
@@ -734,6 +734,7 @@ test_ncr_aes(int cfd)
 	uint8_t data[KEY_DATA_SIZE];
 	int i, j;
 	struct ncr_session_once_op_st nop;
+	int data_size;
 
 	dinit.max_object_size = KEY_DATA_SIZE;
 	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
@@ -791,26 +792,17 @@ test_ncr_aes(int cfd)
 			perror("ioctl(NCRIO_KEY_IMPORT)");
 			return 1;
 		}
-		/* import data */
-
-		kdata.data = (void*)aes_vectors[i].plaintext;
-		kdata.data_size = 16;
-		kdata.desc = dd;
-
-		if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_DATA_SET)");
-			return 1;
-		}
 
 		/* encrypt */
 		memset(&nop, 0, sizeof(nop));
 		nop.init.algorithm = NCR_ALG_AES_ECB;
 		nop.init.key = key;
 		nop.init.op = NCR_OP_ENCRYPT;
-		nop.op.data.ndata.input = dd;
-		nop.op.data.ndata.output = dd2;
-		nop.op.type = NCR_DATA;
+		nop.op.data.udata.input = (void*)aes_vectors[i].plaintext;
+		nop.op.data.udata.input_size = 16;
+		nop.op.data.udata.output = data;
+		nop.op.data.udata.output_size = sizeof(data);
+		nop.op.type = NCR_DIRECT_DATA;
 
 		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -818,22 +810,14 @@ test_ncr_aes(int cfd)
 			return 1;
 		}
 
+		data_size = nop.op.data.udata.output_size;
 		/* verify */
-		kdata.desc = dd2;
-		kdata.data = data;
-		kdata.data_size = sizeof(data);
-
-		if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_DATA_GET)");
-			return 1;
-		}
 
-		if (kdata.data_size != 16 || memcmp(kdata.data, aes_vectors[i].ciphertext, 16) != 0) {
+		if (data_size != 16 || memcmp(data, aes_vectors[i].ciphertext, 16) != 0) {
 			fprintf(stderr, "AES test vector %d failed!\n", i);
 
-			fprintf(stderr, "Cipher[%d]: ", (int)kdata.data_size);
-			for(j=0;j<kdata.data_size;j++)
+			fprintf(stderr, "Cipher[%d]: ", (int)data_size);
+			for(j=0;j<data_size;j++)
 			  fprintf(stderr, "%.2x:", (int)data[j]);
 			fprintf(stderr, "\n");
 
@@ -867,49 +851,31 @@ test_ncr_aes(int cfd)
 			return 1;
 		}
 
-		/* import ciphertext */
-
-		kdata.data = (void*)aes_vectors[i].ciphertext;
-		kdata.data_size = 16;
-		kdata.desc = dd;
-
-		if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_DATA_SET)");
-			return 1;
-		}
-
 		/* decrypt */
 		memset(&nop, 0, sizeof(nop));
 		nop.init.algorithm = NCR_ALG_AES_ECB;
 		nop.init.key = key;
 		nop.init.op = NCR_OP_DECRYPT;
-		nop.op.data.ndata.input = dd;
-		nop.op.data.ndata.output = dd2;
-		nop.op.type = NCR_DATA;
+		nop.op.data.udata.input = (void*)aes_vectors[i].ciphertext;
+		nop.op.data.udata.input_size = 16;
+		nop.op.data.udata.output = data;
+		nop.op.data.udata.output_size = sizeof(data);
+		nop.op.type = NCR_DIRECT_DATA;
 
 		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 			perror("ioctl(NCRIO_SESSION_ONCE)");
 			return 1;
 		}
+		
+		data_size = nop.op.data.udata.output_size;
 
-		/* verify */
-		kdata.desc = dd2;
-		kdata.data = data;
-		kdata.data_size = sizeof(data);
 
-		if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_DATA_GET)");
-			return 1;
-		}
-
-		if (kdata.data_size != 16 || memcmp(kdata.data, aes_vectors[i].plaintext, 16) != 0) {
+		if (data_size != 16 || memcmp(data, aes_vectors[i].plaintext, 16) != 0) {
 			fprintf(stderr, "AES test vector %d failed!\n", i);
 
-			fprintf(stderr, "Plain[%d]: ", (int)kdata.data_size);
-			for(j=0;j<kdata.data_size;j++)
+			fprintf(stderr, "Plain[%d]: ", (int)data_size);
+			for(j=0;j<data_size;j++)
 			  fprintf(stderr, "%.2x:", (int)data[j]);
 			fprintf(stderr, "\n");
 
@@ -1019,7 +985,7 @@ test_ncr_hash(int cfd)
 	struct ncr_data_st kdata;
 	ncr_data_t dd, dd2;
 	uint8_t data[HASH_DATA_SIZE];
-	int i, j;
+	int i, j, data_size;
 	struct ncr_session_once_op_st nop;
 
 	dinit.max_object_size = HASH_DATA_SIZE;
@@ -1081,17 +1047,6 @@ test_ncr_hash(int cfd)
 				return 1;
 			}
 		}
-		/* import data */
-
-		kdata.data = (void*)hash_vectors[i].plaintext;
-		kdata.data_size = hash_vectors[i].plaintext_size;
-		kdata.desc = dd;
-
-		if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_DATA_SET)");
-			return 1;
-		}
 
 		/* encrypt */
 		memset(&nop, 0, sizeof(nop));
@@ -1099,34 +1054,27 @@ test_ncr_hash(int cfd)
 		if (hash_vectors[i].key != NULL)
 			nop.init.key = key;
 		nop.init.op = hash_vectors[i].op;
-		nop.op.data.ndata.input = dd;
-		nop.op.data.ndata.output = dd2;
-		nop.op.type = NCR_DATA;
+		nop.op.data.udata.input = (void*)hash_vectors[i].plaintext;
+		nop.op.data.udata.input_size = hash_vectors[i].plaintext_size;
+		nop.op.data.udata.output = data;
+		nop.op.data.udata.output_size = sizeof(data);
+		nop.op.type = NCR_DIRECT_DATA;
 
 		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 			perror("ioctl(NCRIO_SESSION_ONCE)");
 			return 1;
 		}
+		
+		data_size = nop.op.data.udata.output_size;
 
-		/* verify */
-		memset(&kdata, 0, sizeof(kdata));
-		kdata.desc = dd2;
-		kdata.data = data;
-		kdata.data_size = sizeof(data);
-
-		if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_DATA_GET)");
-			return 1;
-		}
 
-		if (kdata.data_size != hash_vectors[i].output_size ||
-			memcmp(kdata.data, hash_vectors[i].output, hash_vectors[i].output_size) != 0) {
+		if (data_size != hash_vectors[i].output_size ||
+			memcmp(data, hash_vectors[i].output, hash_vectors[i].output_size) != 0) {
 			fprintf(stderr, "HASH test vector %d failed!\n", i);
 
-			fprintf(stderr, "Output[%d]: ", (int)kdata.data_size);
-			for(j=0;j<kdata.data_size;j++)
+			fprintf(stderr, "Output[%d]: ", (int)data_size);
+			for(j=0;j<data_size;j++)
 			  fprintf(stderr, "%.2x:", (int)data[j]);
 			fprintf(stderr, "\n");
 
diff --git a/examples/pk.c b/examples/pk.c
index 287e9f3..a529e9a 100644
--- a/examples/pk.c
+++ b/examples/pk.c
@@ -297,35 +297,14 @@ int pubkey_info(void* data, int data_size, int verbose)
 	return 0;
 }
 
-static int data_get(int cfd, ncr_data_t dd, void* data, size_t data_size)
-{
-struct ncr_data_st kdata;
-
-	memset(&kdata, 0, sizeof(kdata));
-	kdata.desc = dd;
-	kdata.data = data;
-	kdata.data_size = data_size;
-
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_GET)");
-		return -1;
-	}
-
-	return 0;
-}
-
 #define RSA_ENCRYPT_SIZE 32
 
 static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oaep)
 {
-	struct ncr_data_init_st dinit;
-	ncr_data_t datad;
-	ncr_data_t encd;
 	struct ncr_session_once_op_st nop;
 	uint8_t data[DATA_SIZE];
 	uint8_t vdata[RSA_ENCRYPT_SIZE];
-	int ret;
+	int enc_size;
 
 	fprintf(stdout, "Tests on RSA (%s) key encryption:", (oaep!=0)?"OAEP":"PKCS V1.5");
 	fflush(stdout);
@@ -333,33 +312,6 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 	memset(data, 0x3, sizeof(data));
 	memset(vdata, 0x0, sizeof(vdata));
 
-	/* data to sign */
-	memset(&dinit, 0, sizeof(dinit));
-	dinit.max_object_size = DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-	dinit.initial_data = data;
-	dinit.initial_data_size = RSA_ENCRYPT_SIZE;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-	
-	datad = dinit.desc;
-
-	memset(&dinit, 0, sizeof(dinit));
-	dinit.max_object_size = DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
-	encd = dinit.desc;
-
 	/* do encryption */
 	memset(&nop, 0, sizeof(nop));
 	nop.init.algorithm = NCR_ALG_RSA;
@@ -371,15 +323,19 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 		nop.init.params.params.rsa.type = RSA_PKCS1_V1_5;
 	}
 	nop.init.op = NCR_OP_ENCRYPT;
-	nop.op.data.ndata.input = datad;
-	nop.op.data.ndata.output = encd;
-	nop.op.type = NCR_DATA;
+	nop.op.data.udata.input = data;
+	nop.op.data.udata.input_size = RSA_ENCRYPT_SIZE;
+	nop.op.data.udata.output = vdata;
+	nop.op.data.udata.output_size = sizeof(vdata);
+	nop.op.type = NCR_DIRECT_DATA;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		perror("ioctl(NCRIO_SESSION_ONCE)");
 		return 1;
 	}
+	
+	enc_size = nop.op.data.udata.output_size;
 
 	/* decrypt data */
 	memset(&nop, 0, sizeof(nop));
@@ -392,9 +348,12 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 	} else {
 		nop.init.params.params.rsa.type = RSA_PKCS1_V1_5;
 	}
-	nop.op.data.ndata.input = encd;
-	nop.op.data.ndata.output = encd;
-	nop.op.type = NCR_DATA;
+	nop.op.data.udata.input = vdata;
+	nop.op.data.udata.input_size = enc_size;
+	nop.op.data.udata.output = vdata;
+	nop.op.data.udata.output_size = sizeof(vdata);
+	nop.op.type = NCR_DIRECT_DATA;
+
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -402,12 +361,6 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 		return 1;
 	}
 	
-	ret = data_get(cfd, encd, vdata, sizeof(vdata));
-	if (ret < 0) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		return 1;
-	}
-	
 	if (memcmp(vdata, data, sizeof(vdata)) != 0) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		fprintf(stderr, "Decrypted data do not match!\n");
@@ -422,44 +375,16 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 
 static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int pss)
 {
-	struct ncr_data_init_st dinit;
-	ncr_data_t datad;
-	ncr_data_t signd;
 	struct ncr_session_once_op_st nop;
 	uint8_t data[DATA_SIZE];
+	uint8_t sig[DATA_SIZE];
+	int sig_size;
 
 	fprintf(stdout, "Tests on RSA (%s) key signature:", (pss!=0)?"PSS":"PKCS V1.5");
 	fflush(stdout);
 
 	memset(data, 0x3, sizeof(data));
 
-	/* data to sign */
-	memset(&dinit, 0, sizeof(dinit));
-	dinit.max_object_size = DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-	dinit.initial_data = data;
-	dinit.initial_data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-	
-	datad = dinit.desc;
-
-	memset(&dinit, 0, sizeof(dinit));
-	dinit.max_object_size = DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-	
-	signd = dinit.desc;
-
 	/* sign datad */
 	memset(&nop, 0, sizeof(nop));
 	nop.init.algorithm = NCR_ALG_RSA;
@@ -468,15 +393,19 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 	nop.init.params.params.rsa.sign_hash = NCR_ALG_SHA1;
 
 	nop.init.op = NCR_OP_SIGN;
-	nop.op.data.ndata.input = datad;
-	nop.op.data.ndata.output = signd;
-	nop.op.type = NCR_DATA;
+	nop.op.data.udata.input = data;
+	nop.op.data.udata.input_size = sizeof(data);
+	nop.op.data.udata.output = sig;
+	nop.op.data.udata.output_size = sizeof(sig);
+	nop.op.type = NCR_DIRECT_DATA;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		perror("ioctl(NCRIO_SESSION_ONCE)");
 		return 1;
 	}
+	
+	sig_size = nop.op.data.udata.output_size;
 
 	/* verify signature */
 	memset(&nop, 0, sizeof(nop));
@@ -486,9 +415,11 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 	nop.init.params.params.rsa.sign_hash = NCR_ALG_SHA1;
 
 	nop.init.op = NCR_OP_VERIFY;
-	nop.op.data.ndata.input = datad;
-	nop.op.data.ndata.output = signd;
-	nop.op.type = NCR_DATA;
+	nop.op.data.udata.input = data;
+	nop.op.data.udata.input_size = sizeof(data);
+	nop.op.data.udata.output = sig;
+	nop.op.data.udata.output_size = sig_size;
+	nop.op.type = NCR_DIRECT_DATA;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -496,7 +427,10 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 		return 1;
 	}
 
-	fprintf(stdout, " Success\n");
+	if (nop.op.err == NCR_SUCCESS)
+		fprintf(stdout, " Success\n");
+	else
+		fprintf(stdout, " Verification Failed!\n");
 
 	return 0;
 
@@ -504,44 +438,16 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 
 static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 {
-	struct ncr_data_init_st dinit;
-	ncr_data_t datad;
-	ncr_data_t signd;
 	struct ncr_session_once_op_st nop;
 	uint8_t data[DATA_SIZE];
+	uint8_t sig[DATA_SIZE];
+	int sig_size;
 
 	fprintf(stdout, "Tests on DSA key signature:");
 	fflush(stdout);
 
 	memset(data, 0x3, sizeof(data));
 
-	/* data to sign */
-	memset(&dinit, 0, sizeof(dinit));
-	dinit.max_object_size = DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-	dinit.initial_data = data;
-	dinit.initial_data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-	
-	datad = dinit.desc;
-
-	memset(&dinit, 0, sizeof(dinit));
-	dinit.max_object_size = DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-	
-	signd = dinit.desc;
-
 	/* sign datad */
 	memset(&nop, 0, sizeof(nop));
 	nop.init.algorithm = NCR_ALG_DSA;
@@ -549,15 +455,19 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 	nop.init.params.params.dsa.sign_hash = NCR_ALG_SHA1;
 
 	nop.init.op = NCR_OP_SIGN;
-	nop.op.data.ndata.input = datad;
-	nop.op.data.ndata.output = signd;
-	nop.op.type = NCR_DATA;
+	nop.op.data.udata.input = data;
+	nop.op.data.udata.input_size = sizeof(data);
+	nop.op.data.udata.output = sig;
+	nop.op.data.udata.output_size = sizeof(sig);
+	nop.op.type = NCR_DIRECT_DATA;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		perror("ioctl(NCRIO_SESSION_ONCE)");
 		return 1;
 	}
+	
+	sig_size = nop.op.data.udata.output_size;
 
 	/* verify signature */
 	memset(&nop, 0, sizeof(nop));
@@ -566,9 +476,11 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 	nop.init.params.params.dsa.sign_hash = NCR_ALG_SHA1;
 
 	nop.init.op = NCR_OP_VERIFY;
-	nop.op.data.ndata.input = datad;
-	nop.op.data.ndata.output = signd;
-	nop.op.type = NCR_DATA;
+	nop.op.data.udata.input = data;
+	nop.op.data.udata.input_size = sizeof(data);
+	nop.op.data.udata.output = sig;
+	nop.op.data.udata.output_size = sizeof(sig);
+	nop.op.type = NCR_DIRECT_DATA;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -576,7 +488,10 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 		return 1;
 	}
 
-	fprintf(stdout, " Success\n");
+	if (nop.op.err == NCR_SUCCESS)
+		fprintf(stdout, " Success\n");
+	else
+		fprintf(stdout, " Verification Failed!\n");
 
 	return 0;
 
-- 
cgit 


From f84ea240b18ce93ae26030ce28d19af4bc9962a1 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 26 Jul 2010 00:19:45 +0200
Subject: removed the data type.

---
 examples/Makefile |   5 +-
 examples/ncr.c    | 399 ++++++------------------------------------------------
 examples/pk.c     | 148 +++++++-------------
 examples/speed.c  | 113 ----------------
 4 files changed, 92 insertions(+), 573 deletions(-)

(limited to 'examples')

diff --git a/examples/Makefile b/examples/Makefile
index ff5381d..100cc49 100644
--- a/examples/Makefile
+++ b/examples/Makefile
@@ -1,7 +1,7 @@
 CC = gcc
 CFLAGS = -Wall -g -O2
 
-progs := cipher hmac ncr pk speed ncr-direct
+progs := cipher hmac ncr pk speed
 
 all: $(progs)
 
@@ -22,11 +22,10 @@ pk: pk.c
 
 check: $(progs)
 	./ncr
-	./ncr-direct
 	./pk
 	./cipher
 	./hmac
 	./speed
 
 clean:
-	rm -f *.o *~ hmac cipher ncr pk speed ncr-direct
+	rm -f *.o *~ hmac cipher ncr pk speed 
\ No newline at end of file
diff --git a/examples/ncr.c b/examples/ncr.c
index f2c4b72..4ff59fd 100644
--- a/examples/ncr.c
+++ b/examples/ncr.c
@@ -32,11 +32,9 @@ int i;
 static int
 test_ncr_key(int cfd)
 {
-	struct ncr_data_init_st dinit;
 	struct ncr_key_generate_st kgen;
 	ncr_key_t key;
 	struct ncr_key_data_st keydata;
-	struct ncr_data_st kdata;
 	uint8_t data[KEY_DATA_SIZE];
 	uint8_t data_bak[KEY_DATA_SIZE];
 
@@ -51,17 +49,6 @@ test_ncr_key(int cfd)
 	randomize_data(data, sizeof(data));
 	memcpy(data_bak, data, sizeof(data));
 
-	dinit.max_object_size = KEY_DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-	dinit.initial_data = data;
-	dinit.initial_data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
 	/* convert it to key */
 	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
 		perror("ioctl(NCRIO_KEY_INIT)");
@@ -76,7 +63,8 @@ test_ncr_key(int cfd)
 	keydata.flags = NCR_KEY_FLAG_EXPORTABLE;
 	
 	keydata.key = key;
-	keydata.data = dinit.desc;
+	keydata.idata = data;
+	keydata.idata_size = sizeof(data);
 
 	if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -86,43 +74,21 @@ test_ncr_key(int cfd)
 
 	/* now try to read it */
 	fprintf(stdout, "\tKey export...\n");
-	if (ioctl(cfd, NCRIO_DATA_DEINIT, &dinit.desc)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_DEINIT)");
-		return 1;
-	}
-
-	dinit.max_object_size = DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-	dinit.initial_data = NULL;
-	dinit.initial_data_size = 0;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
 
 	memset(&keydata, 0, sizeof(keydata));
 	keydata.key = key;
-	keydata.data = dinit.desc;
+	keydata.idata = data;
+	keydata.idata_size = sizeof(data);
 
 	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		perror("ioctl(NCRIO_KEY_IMPORT)");
 		return 1;
 	}
-
-	/* now read data */
-	memset(&kdata, 0, sizeof(kdata));
-
-	kdata.desc = dinit.desc;
-	kdata.data = data;
-	kdata.data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
+	
+	if (keydata.idata_size !=  sizeof(data)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_GET)");
+		fprintf(stderr, "data returned but differ!\n");
 		return 1;
 	}
 
@@ -162,9 +128,12 @@ test_ncr_key(int cfd)
 		return 1;
 	}
 
+	memset(data, 0, sizeof(data));
+
 	memset(&keydata, 0, sizeof(keydata));
 	keydata.key = key;
-	keydata.data = dinit.desc;
+	keydata.idata = data;
+	keydata.idata_size = sizeof(data);
 
 	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -172,27 +141,16 @@ test_ncr_key(int cfd)
 		return 1;
 	}
 
-	/* now read data */
-	memset(data, 0, sizeof(data));
-
-	kdata.desc = dinit.desc;
-	kdata.data = data;
-	kdata.data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
+	if (keydata.idata_size == 0 || (data[0] == 0 && data[1] == 0 && data[2] == 0 && data[4] == 0)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_GET)");
+		fprintf(stderr, "Generated key: %.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x."
+			"%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x\n", data[0], data[1],
+			data[2], data[3], data[4], data[5], data[6], data[7], data[8],
+			data[9], data[10], data[11], data[12], data[13], data[14],
+			data[15]);
 		return 1;
 	}
 
-#if 0
-	fprintf(stderr, "Generated key: %.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x."
-		"%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x\n", data[0], data[1],
-		data[2], data[3], data[4], data[5], data[6], data[7], data[8],
-		data[9], data[10], data[11], data[12], data[13], data[14],
-		data[15]);
-#endif
-
 	if (ioctl(cfd, NCRIO_KEY_DEINIT, &key)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		perror("ioctl(NCRIO_KEY_DEINIT)");
@@ -219,24 +177,16 @@ test_ncr_key(int cfd)
 		return 1;
 	}
 
+	memset(data, 0, sizeof(data));
+
 	memset(&keydata, 0, sizeof(keydata));
 	keydata.key = key;
-	keydata.data = dinit.desc;
-
-	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_KEY_EXPORT)");
-		return 1;
-	}
+	keydata.idata = data;
+	keydata.idata_size = sizeof(data);
 
 	/* try to get the output data - should fail */
-	memset(data, 0, sizeof(data));
-
-	kdata.desc = dinit.desc;
-	kdata.data = data;
-	kdata.data_size = sizeof(data);
 
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)==0) {
+	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)==0) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		fprintf(stderr, "Data were exported, but shouldn't be!\n");
 		return 1;
@@ -252,135 +202,14 @@ test_ncr_key(int cfd)
 }
 
 
-static int test_ncr_data(int cfd)
-{
-	struct ncr_data_init_st init;
-	struct ncr_data_st kdata;
-	uint8_t data[DATA_SIZE];
-	uint8_t data_bak[DATA_SIZE];
-	int i;
-
-	fprintf(stdout, "Tests on Data:\n");
-	
-	randomize_data(data, sizeof(data));
-	memcpy(data_bak, data, sizeof(data));
-
-	init.max_object_size = DATA_SIZE;
-	init.flags = NCR_DATA_FLAG_EXPORTABLE;
-	init.initial_data = data;
-	init.initial_data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &init)) {
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-	
-	fprintf(stdout, "\tData Import...\n");
-
-	memset(data, 0, sizeof(data));
-
-	kdata.desc = init.desc;
-	kdata.data = data;
-	kdata.data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
-		perror("ioctl(NCRIO_DATA_GET)");
-		return 1;
-	}
-
-	if (memcmp(data, data_bak, sizeof(data))!=0) {
-		fprintf(stderr, "data returned but differ!\n");
-		return 1;
-	}
-
-	fprintf(stdout, "\tData Export...\n");
-
-	/* test set */
-	memset(data, 0xf1, sizeof(data));
-
-	kdata.desc = init.desc;
-	kdata.data = data;
-	kdata.data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
-		perror("ioctl(NCRIO_DATA_SET)");
-		return 1;
-	}
-
-	/* test get after set */
-	memset(data, 0, sizeof(data));
-
-	kdata.desc = init.desc;
-	kdata.data = data;
-	kdata.data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
-		perror("ioctl(NCRIO_DATA_GET)");
-		return 1;
-	}
-
-	for(i=0;i<kdata.data_size;i++) {
-		if (((uint8_t*)kdata.data)[i] != 0xf1) {
-			fprintf(stderr, "data returned but differ!\n");
-			return 1;
-		}
-	}
-	fprintf(stdout, "\t2nd Data Import/Export...\n");
-
-	if (ioctl(cfd, NCRIO_DATA_DEINIT, &kdata.desc)) {
-		perror("ioctl(NCRIO_DATA_DEINIT)");
-		return 1;
-	}
-
-	fprintf(stdout, "\tProtection of non-exportable data...\n");
-	randomize_data(data, sizeof(data));
-
-	init.max_object_size = DATA_SIZE;
-	init.flags = 0;
-	init.initial_data = data;
-	init.initial_data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &init)) {
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
-	kdata.desc = init.desc;
-	kdata.data = data;
-	kdata.data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)==0) {
-		fprintf(stderr, "Unexportable data were exported!?\n");
-		return 1;
-	}
-
-	fprintf(stdout, "\tLimits on maximum allowed data...\n");
-	for (i=0;i<256;i++ ) {
-		init.max_object_size = DATA_SIZE;
-		init.flags = 0;
-		init.initial_data = data;
-		init.initial_data_size = sizeof(data);
-
-		if (ioctl(cfd, NCRIO_DATA_INIT, &init)) {
-			//fprintf(stderr, "Reached maximum limit at: %d data items\n", i);
-			break;
-		}
-	}
-	
-	/* shouldn't run any other tests after that */
-
-	return 0;
-}
 
 /* Key wrapping */
 static int
 test_ncr_wrap_key(int cfd)
 {
 	int i;
-	struct ncr_data_init_st dinit;
 	ncr_key_t key, key2;
 	struct ncr_key_data_st keydata;
-	struct ncr_data_st kdata;
 	struct ncr_key_wrap_st kwrap;
 	uint8_t data[WRAPPED_KEY_DATA_SIZE];
 	int data_size;
@@ -393,17 +222,6 @@ test_ncr_wrap_key(int cfd)
 
 	fprintf(stdout, "\tKey Wrap test...\n");
 
-	dinit.max_object_size = WRAPPED_KEY_DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-	dinit.initial_data = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
-	dinit.initial_data_size = 16;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
 	/* convert it to key */
 	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
 		perror("ioctl(NCRIO_KEY_INIT)");
@@ -418,7 +236,8 @@ test_ncr_wrap_key(int cfd)
 	keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE;
 	
 	keydata.key = key;
-	keydata.data = dinit.desc;
+	keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
+	keydata.idata_size = 16;
 
 	if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -426,17 +245,6 @@ test_ncr_wrap_key(int cfd)
 		return 1;
 	}
 
-#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"
-	/* now key data */
-	kdata.data = DKEY;
-	kdata.data_size = 16;
-	kdata.desc = dinit.desc;
-
-	if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_SET)");
-		return 1;
-	}
 
 	/* convert it to key */
 	if (ioctl(cfd, NCRIO_KEY_INIT, &key2)) {
@@ -452,7 +260,9 @@ test_ncr_wrap_key(int cfd)
 	keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE;
 	
 	keydata.key = key2;
-	keydata.data = kdata.desc;
+#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"
+	keydata.idata = DKEY;
+	keydata.idata_size = 16;
 
 	if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -556,13 +366,10 @@ static int
 test_ncr_store_wrap_key(int cfd)
 {
 	int i;
-	struct ncr_data_init_st dinit;
 	ncr_key_t key2;
 	struct ncr_key_data_st keydata;
-	struct ncr_data_st kdata;
 	struct ncr_key_storage_wrap_st kwrap;
 	uint8_t data[DATA_SIZE];
-	int dd;
 	int data_size;
 
 	fprintf(stdout, "Tests on Key storage:\n");
@@ -573,30 +380,6 @@ test_ncr_store_wrap_key(int cfd)
 
 	fprintf(stdout, "\tKey Storage wrap test...\n");
 
-	memset(&dinit, 0, sizeof(dinit));
-	dinit.max_object_size = DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
-	dd = dinit.desc;
-
-#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"
-	/* now key data */
-	kdata.data = DKEY;
-	kdata.data_size = 16;
-	kdata.desc = dd;
-
-	if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_SET)");
-		return 1;
-	}
-
 	/* convert it to key */
 	if (ioctl(cfd, NCRIO_KEY_INIT, &key2)) {
 		perror("ioctl(NCRIO_KEY_INIT)");
@@ -611,7 +394,9 @@ test_ncr_store_wrap_key(int cfd)
 	keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE;
 	
 	keydata.key = key2;
-	keydata.data = dd;
+#define DKEY "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"
+	keydata.idata = DKEY;
+	keydata.idata_size = 16;
 
 	if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -662,25 +447,21 @@ test_ncr_store_wrap_key(int cfd)
 	/* now export the unwrapped */
 	memset(&keydata, 0, sizeof(keydata));
 	keydata.key = key2;
-	keydata.data = dd;
+	keydata.idata = data;
+	keydata.idata_size = sizeof(data);
 
 	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		perror("ioctl(NCRIO_KEY_IMPORT)");
 		return 1;
 	}
+	
+	data_size = keydata.idata_size;
 
-	kdata.data = data;
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_GET)");
-		return 1;
-	}
-
-	if (kdata.data_size != 16 || memcmp(kdata.data, DKEY, 16) != 0) {
+	if (data_size != 16 || memcmp(data, DKEY, 16) != 0) {
 		fprintf(stderr, "Unwrapped data do not match.\n");
-		fprintf(stderr, "Data[%d]: ", (int) kdata.data_size);
-		for(i=0;i<kdata.data_size;i++)
+		fprintf(stderr, "Data[%d]: ", (int) data_size);
+		for(i=0;i<data_size;i++)
 			fprintf(stderr, "%.2x:", data[i]);
 		fprintf(stderr, "\n");
 		return 1;
@@ -726,37 +507,13 @@ struct aes_vectors_st {
 static int
 test_ncr_aes(int cfd)
 {
-	struct ncr_data_init_st dinit;
 	ncr_key_t key;
 	struct ncr_key_data_st keydata;
-	struct ncr_data_st kdata;
-	ncr_data_t dd, dd2;
 	uint8_t data[KEY_DATA_SIZE];
 	int i, j;
 	struct ncr_session_once_op_st nop;
 	int data_size;
 
-	dinit.max_object_size = KEY_DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-	dinit.initial_data = NULL;
-	dinit.initial_data_size = 0;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
-	dd = dinit.desc;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
-	dd2 = dinit.desc;
-
 	/* convert it to key */
 	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
 		perror("ioctl(NCRIO_KEY_INIT)");
@@ -774,19 +531,9 @@ test_ncr_aes(int cfd)
 	fprintf(stdout, "Tests on AES Encryption\n");
 	for (i=0;i<sizeof(aes_vectors)/sizeof(aes_vectors[0]);i++) {
 
-		/* import key */
-		kdata.data = (void*)aes_vectors[i].key;
-		kdata.data_size = 16;
-		kdata.desc = dd;
-
-		if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_DATA_SET)");
-			return 1;
-		}
-
 		keydata.key = key;
-		keydata.data = dd;
+		keydata.idata = (void*)aes_vectors[i].key;
+		keydata.idata_size = 16;
 		if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
 			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 			perror("ioctl(NCRIO_KEY_IMPORT)");
@@ -832,19 +579,9 @@ test_ncr_aes(int cfd)
 	fprintf(stdout, "Tests on AES Decryption\n");
 	for (i=0;i<sizeof(aes_vectors)/sizeof(aes_vectors[0]);i++) {
 
-		/* import key */
-		kdata.data = (void*)aes_vectors[i].key;
-		kdata.data_size = 16;
-		kdata.desc = dd;
-
-		if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_DATA_SET)");
-			return 1;
-		}
-
 		keydata.key = key;
-		keydata.data = dd;
+		keydata.idata = (void*)aes_vectors[i].key;
+		keydata.idata_size = 16;
 		if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
 			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 			perror("ioctl(NCRIO_KEY_IMPORT)");
@@ -979,36 +716,12 @@ struct hash_vectors_st {
 static int
 test_ncr_hash(int cfd)
 {
-	struct ncr_data_init_st dinit;
 	ncr_key_t key;
 	struct ncr_key_data_st keydata;
-	struct ncr_data_st kdata;
-	ncr_data_t dd, dd2;
 	uint8_t data[HASH_DATA_SIZE];
 	int i, j, data_size;
 	struct ncr_session_once_op_st nop;
 
-	dinit.max_object_size = HASH_DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-	dinit.initial_data = NULL;
-	dinit.initial_data_size = 0;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
-	dd = dinit.desc;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
-	dd2 = dinit.desc;
-
 	/* convert it to key */
 	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
 		perror("ioctl(NCRIO_KEY_INIT)");
@@ -1029,18 +742,10 @@ test_ncr_hash(int cfd)
 		fprintf(stdout, "\t%s:\n", hash_vectors[i].name);
 		/* import key */
 		if (hash_vectors[i].key != NULL) {
-			kdata.data = (void*)hash_vectors[i].key;
-			kdata.data_size = hash_vectors[i].key_size;
-			kdata.desc = dd;
-
-			if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
-				fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-				perror("ioctl(NCRIO_DATA_SET)");
-				return 1;
-			}
 
 			keydata.key = key;
-			keydata.data = dd;
+			keydata.idata = (void*)hash_vectors[i].key;
+			keydata.idata_size =  hash_vectors[i].key_size;
 			if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
 				fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 				perror("ioctl(NCRIO_KEY_IMPORT)");
@@ -1105,24 +810,6 @@ main()
 		return 1;
 	}
 
-	/* Run the test itself */
-	if (test_ncr_data(fd))
-		return 1;
-
-	/* Close the original descriptor */
-	if (close(fd)) {
-		perror("close(fd)");
-		return 1;
-	}
-
-	/* actually test if the initial close
-	 * will really delete all used lists */
-
-	fd = open("/dev/crypto", O_RDWR, 0);
-	if (fd < 0) {
-		perror("open(/dev/crypto)");
-		return 1;
-	}
 	if (test_ncr_key(fd))
 		return 1;
 
diff --git a/examples/pk.c b/examples/pk.c
index a529e9a..1aa4c5a 100644
--- a/examples/pk.c
+++ b/examples/pk.c
@@ -310,7 +310,7 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 	fflush(stdout);
 
 	memset(data, 0x3, sizeof(data));
-	memset(vdata, 0x0, sizeof(vdata));
+	memcpy(vdata, data, sizeof(vdata));
 
 	/* do encryption */
 	memset(&nop, 0, sizeof(nop));
@@ -325,8 +325,8 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 	nop.init.op = NCR_OP_ENCRYPT;
 	nop.op.data.udata.input = data;
 	nop.op.data.udata.input_size = RSA_ENCRYPT_SIZE;
-	nop.op.data.udata.output = vdata;
-	nop.op.data.udata.output_size = sizeof(vdata);
+	nop.op.data.udata.output = data;
+	nop.op.data.udata.output_size = sizeof(data);
 	nop.op.type = NCR_DIRECT_DATA;
 
 	if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
@@ -348,10 +348,10 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 	} else {
 		nop.init.params.params.rsa.type = RSA_PKCS1_V1_5;
 	}
-	nop.op.data.udata.input = vdata;
+	nop.op.data.udata.input = data;
 	nop.op.data.udata.input_size = enc_size;
-	nop.op.data.udata.output = vdata;
-	nop.op.data.udata.output_size = sizeof(vdata);
+	nop.op.data.udata.output = data;
+	nop.op.data.udata.output_size = sizeof(data);
 	nop.op.type = NCR_DIRECT_DATA;
 
 
@@ -373,6 +373,8 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 
 }
 
+#define DATA_TO_SIGN 52
+
 static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int pss)
 {
 	struct ncr_session_once_op_st nop;
@@ -394,7 +396,7 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 
 	nop.init.op = NCR_OP_SIGN;
 	nop.op.data.udata.input = data;
-	nop.op.data.udata.input_size = sizeof(data);
+	nop.op.data.udata.input_size = DATA_TO_SIGN;
 	nop.op.data.udata.output = sig;
 	nop.op.data.udata.output_size = sizeof(sig);
 	nop.op.type = NCR_DIRECT_DATA;
@@ -414,9 +416,11 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 	nop.init.params.params.rsa.type = (pss!=0)?RSA_PKCS1_PSS:RSA_PKCS1_V1_5;
 	nop.init.params.params.rsa.sign_hash = NCR_ALG_SHA1;
 
+	memset(data, 0x3, sizeof(data));
+
 	nop.init.op = NCR_OP_VERIFY;
 	nop.op.data.udata.input = data;
-	nop.op.data.udata.input_size = sizeof(data);
+	nop.op.data.udata.input_size = DATA_TO_SIGN;
 	nop.op.data.udata.output = sig;
 	nop.op.data.udata.output_size = sig_size;
 	nop.op.type = NCR_DIRECT_DATA;
@@ -429,8 +433,10 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 
 	if (nop.op.err == NCR_SUCCESS)
 		fprintf(stdout, " Success\n");
-	else
+	else {
 		fprintf(stdout, " Verification Failed!\n");
+		return 1;
+	}
 
 	return 0;
 
@@ -456,7 +462,7 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 
 	nop.init.op = NCR_OP_SIGN;
 	nop.op.data.udata.input = data;
-	nop.op.data.udata.input_size = sizeof(data);
+	nop.op.data.udata.input_size = DATA_TO_SIGN;
 	nop.op.data.udata.output = sig;
 	nop.op.data.udata.output_size = sizeof(sig);
 	nop.op.type = NCR_DIRECT_DATA;
@@ -477,7 +483,7 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 
 	nop.init.op = NCR_OP_VERIFY;
 	nop.op.data.udata.input = data;
-	nop.op.data.udata.input_size = sizeof(data);
+	nop.op.data.udata.input_size = DATA_TO_SIGN;
 	nop.op.data.udata.output = sig;
 	nop.op.data.udata.output_size = sizeof(sig);
 	nop.op.type = NCR_DIRECT_DATA;
@@ -490,8 +496,10 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 
 	if (nop.op.err == NCR_SUCCESS)
 		fprintf(stdout, " Success\n");
-	else
+	else {
 		fprintf(stdout, " Verification Failed!\n");
+		return 1;
+	}
 
 	return 0;
 
@@ -501,12 +509,11 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 static int test_ncr_rsa(int cfd)
 {
 	int ret;
-	struct ncr_data_init_st dinit;
 	struct ncr_key_generate_st kgen;
 	ncr_key_t pubkey, privkey;
 	struct ncr_key_data_st keydata;
-	struct ncr_data_st kdata;
 	uint8_t data[DATA_SIZE];
+	int data_size;
 
 	fprintf(stdout, "Tests on RSA key generation:");
 	fflush(stdout);
@@ -538,41 +545,21 @@ static int test_ncr_rsa(int cfd)
 	}
 
 	/* export the private key */
-	dinit.max_object_size = DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-	dinit.initial_data = NULL;
-	dinit.initial_data_size = 0;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-	
+	memset(data, 0, sizeof(data));
 	memset(&keydata, 0, sizeof(keydata));
 	keydata.key = privkey;
-	keydata.data = dinit.desc;
+	keydata.idata = data;
+	keydata.idata_size = sizeof(data);
 
 	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		perror("ioctl(NCRIO_KEY_EXPORT)");
 		return 1;
 	}
+	
+	data_size = keydata.idata_size;
 
-	/* now read data */
-	memset(data, 0, sizeof(data));
-
-	kdata.desc = dinit.desc;
-	kdata.data = data;
-	kdata.data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_GET)");
-		return 1;
-	}
-
-	ret = privkey_info(kdata.data, kdata.data_size, 0);
+	ret = privkey_info(data, data_size, 0);
 	if (ret != 0) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		return 1;
@@ -580,30 +567,21 @@ static int test_ncr_rsa(int cfd)
 	
 	/* export the public key */
 
+	memset(data, 0, sizeof(data));
 	memset(&keydata, 0, sizeof(keydata));
 	keydata.key = pubkey;
-	keydata.data = dinit.desc;
+	keydata.idata = data;
+	keydata.idata_size = sizeof(data);
 
 	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		perror("ioctl(NCRIO_KEY_IMPORT)");
 		return 1;
 	}
-
-	/* now read data */
-	memset(data, 0, sizeof(data));
-
-	kdata.desc = dinit.desc;
-	kdata.data = data;
-	kdata.data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_GET)");
-		return 1;
-	}
 	
-	ret = pubkey_info(kdata.data, kdata.data_size, 0);
+	data_size = keydata.idata_size;
+
+	ret = pubkey_info(data, data_size, 0);
 	if (ret != 0) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		return 1;
@@ -611,13 +589,13 @@ static int test_ncr_rsa(int cfd)
 
 	fprintf(stdout, " Success\n");
 
-	ret = rsa_key_sign_verify(cfd, privkey, pubkey, 0);
+	ret = rsa_key_sign_verify(cfd, privkey, pubkey, 1);
 	if (ret != 0) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		return 1;
 	}
 
-	ret = rsa_key_sign_verify(cfd, privkey, pubkey, 1);
+	ret = rsa_key_sign_verify(cfd, privkey, pubkey, 0);
 	if (ret != 0) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		return 1;
@@ -642,12 +620,11 @@ static int test_ncr_rsa(int cfd)
 static int test_ncr_dsa(int cfd)
 {
 	int ret;
-	struct ncr_data_init_st dinit;
 	struct ncr_key_generate_st kgen;
 	ncr_key_t pubkey, privkey;
 	struct ncr_key_data_st keydata;
-	struct ncr_data_st kdata;
 	uint8_t data[DATA_SIZE];
+	int data_size;
 
 	fprintf(stdout, "Tests on DSA key generation:");
 	fflush(stdout);
@@ -679,42 +656,20 @@ static int test_ncr_dsa(int cfd)
 		return 1;
 	}
 
-	/* export the private key */
-	dinit.max_object_size = DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-	dinit.initial_data = NULL;
-	dinit.initial_data_size = 0;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-	
 	memset(&keydata, 0, sizeof(keydata));
+	memset(data, 0, sizeof(data));
 	keydata.key = privkey;
-	keydata.data = dinit.desc;
+	keydata.idata = data;
+	keydata.idata_size = sizeof(data);
 
 	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		perror("ioctl(NCRIO_KEY_EXPORT)");
 		return 1;
 	}
+	data_size = keydata.idata_size;
 
-	/* now read data */
-	memset(data, 0, sizeof(data));
-
-	kdata.desc = dinit.desc;
-	kdata.data = data;
-	kdata.data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_GET)");
-		return 1;
-	}
-
-	ret = privkey_info(kdata.data, kdata.data_size, 0);
+	ret = privkey_info(data, data_size, 0);
 	if (ret != 0) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		return 1;
@@ -722,30 +677,21 @@ static int test_ncr_dsa(int cfd)
 	
 	/* export the public key */
 
+	memset(data, 0, sizeof(data));
 	memset(&keydata, 0, sizeof(keydata));
 	keydata.key = pubkey;
-	keydata.data = dinit.desc;
+	keydata.idata = data;
+	keydata.idata_size = sizeof(data);
 
 	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		perror("ioctl(NCRIO_KEY_IMPORT)");
 		return 1;
 	}
-
-	/* now read data */
-	memset(data, 0, sizeof(data));
-
-	kdata.desc = dinit.desc;
-	kdata.data = data;
-	kdata.data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_GET)");
-		return 1;
-	}
 	
-	ret = pubkey_info(kdata.data, kdata.data_size, 0);
+	data_size = keydata.idata_size;
+
+	ret = pubkey_info(data, data_size, 0);
 	if (ret != 0) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		return 1;
diff --git a/examples/speed.c b/examples/speed.c
index d49faa9..5898aaa 100644
--- a/examples/speed.c
+++ b/examples/speed.c
@@ -116,107 +116,6 @@ int encrypt_data(struct session_op *sess, int fdc, int chunksize)
 	return 0;
 }
 
-int encrypt_data_ncr(int cfd, int algo, int chunksize)
-{
-	char *buffer, iv[32];
-	static int val = 23;
-	struct timeval start, end;
-	double total = 0;
-	double secs, ddata, dspeed;
-	char metric[16];
-	ncr_key_t key;
-	struct ncr_key_generate_st kgen;
-	struct ncr_data_init_st dinit;
-	struct ncr_data_st kdata;
-	struct ncr_session_once_op_st nop;
-	ncr_data_t dd;
-
-	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_KEY_INIT)");
-		return 1;
-	}
-
-	kgen.desc = key;
-	kgen.params.algorithm = NCR_ALG_AES_CBC;
-	kgen.params.keyflags = NCR_KEY_FLAG_EXPORTABLE;
-	kgen.params.params.secret.bits = 128; /* 16  bytes */
-	
-	if (ioctl(cfd, NCRIO_KEY_GENERATE, &kgen)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_KEY_IMPORT)");
-		return 1;
-	}
-
-
-	buffer = malloc(chunksize);
-	memset(iv, 0x23, 32);
-
-	memset(&dinit, 0, sizeof(dinit));
-	dinit.max_object_size = chunksize;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-	dinit.initial_data = buffer;
-	dinit.initial_data_size = chunksize;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-	dd = dinit.desc;
-
-	printf("\tEncrypting in chunks of %d bytes: ", chunksize);
-	fflush(stdout);
-
-	memset(buffer, val++, chunksize);
-
-	must_finish = 0;
-	alarm(5);
-
-	gettimeofday(&start, NULL);
-	do {
-		kdata.data = buffer;
-		kdata.data_size = chunksize;
-		kdata.desc = dd;
-
-		if (ioctl(cfd, NCRIO_DATA_SET, &kdata)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_DATA_INIT)");
-			return 1;
-		}
-		
-		memset(&nop, 0, sizeof(nop));
-		nop.init.algorithm = algo;
-		nop.init.key = key;
-		nop.init.op = NCR_OP_ENCRYPT;
-		nop.op.data.ndata.input = dd;
-		nop.op.data.ndata.output = dd;
-		nop.op.type = NCR_DATA;
-
-		if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) {
-			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-			perror("ioctl(NCRIO_SESSION_ONCE)");
-			return 1;
-		}
-
-		total+=chunksize;
-	} while(must_finish==0);
-	gettimeofday(&end, NULL);
-
-	if (ioctl(cfd, NCRIO_DATA_DEINIT, &dd)) {
-		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
-	secs = udifftimeval(start, end)/ 1000000.0;
-	
-	value2human(total, secs, &ddata, &dspeed, metric);
-	printf ("done. %.2f %s in %.2f secs: ", ddata, metric, secs);
-	printf ("%.2f %s/sec\n", dspeed, metric);
-
-	return 0;
-}
 
 int encrypt_data_ncr_direct(int cfd, int algo, int chunksize)
 {
@@ -322,12 +221,6 @@ int main(void)
 			break;
 	}
 
-	fprintf(stderr, "\nTesting NCR with NULL cipher: \n");
-	for (i = 256; i <= (64 * 1024); i *= 2) {
-		if (encrypt_data_ncr(fdc, NCR_ALG_NULL, i))
-			break;
-	}
-
 	fprintf(stderr, "\nTesting NCR-DIRECT with NULL cipher: \n");
 	for (i = 256; i <= (64 * 1024); i *= 2) {
 		if (encrypt_data_ncr_direct(fdc, NCR_ALG_NULL, i))
@@ -351,12 +244,6 @@ int main(void)
 			break;
 	}
 
-	fprintf(stderr, "\nTesting NCR with AES-128-CBC cipher: \n");
-	for (i = 256; i <= (64 * 1024); i *= 2) {
-		if (encrypt_data_ncr(fdc, NCR_ALG_AES_CBC, i))
-			break;
-	}
-
 	fprintf(stderr, "\nTesting NCR-DIRECT with AES-128-CBC cipher: \n");
 	for (i = 256; i <= (64 * 1024); i *= 2) {
 		if (encrypt_data_ncr_direct(fdc, NCR_ALG_AES_CBC, i))
-- 
cgit 


From 935be4945512eb37461a226c51ede5e8b05cbe24 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 26 Jul 2010 09:46:56 +0200
Subject: Added test case for hashing secret keys. Some corrections in
 independent session updates.

---
 examples/ncr.c | 116 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 116 insertions(+)

(limited to 'examples')

diff --git a/examples/ncr.c b/examples/ncr.c
index 4ff59fd..4231ffa 100644
--- a/examples/ncr.c
+++ b/examples/ncr.c
@@ -797,6 +797,119 @@ test_ncr_hash(int cfd)
 
 }
 
+static int
+test_ncr_hash_key(int cfd)
+{
+	ncr_key_t key;
+	struct ncr_key_data_st keydata;
+	uint8_t data[HASH_DATA_SIZE];
+	int j, data_size;
+	struct ncr_session_op_st op;
+	struct ncr_session_st op_init;
+	const uint8_t *output = (void*)"\xe2\xd7\x2c\x2e\x14\xad\x97\xc8\xd2\xdb\xce\xd8\xb3\x52\x9f\x1c\xb3\x2c\x5c\xec";
+
+	/* convert it to key */
+	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
+		perror("ioctl(NCRIO_KEY_INIT)");
+		return 1;
+	}
+
+	keydata.key_id[0] = 'a';
+	keydata.key_id[2] = 'b';
+	keydata.key_id_size = 2;
+	keydata.type = NCR_KEY_TYPE_SECRET;
+	keydata.algorithm = NCR_ALG_AES_CBC;
+	keydata.flags = NCR_KEY_FLAG_EXPORTABLE;
+
+	fprintf(stdout, "Tests on Hashes of Keys\n");
+
+	fprintf(stdout, "\t%s:\n", hash_vectors[0].name);
+	/* import key */
+	keydata.key = key;
+	keydata.idata = (void*)hash_vectors[0].plaintext;
+	keydata.idata_size =  hash_vectors[0].plaintext_size;
+	if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_KEY_IMPORT)");
+		return 1;
+	}
+
+	/* encrypt */
+	memset(&op_init, 0, sizeof(op_init));
+	op_init.algorithm = hash_vectors[0].algorithm;
+	op_init.op = hash_vectors[0].op;
+
+	if (ioctl(cfd, NCRIO_SESSION_INIT, &op_init)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_SESSION_INIT)");
+		return 1;
+	}
+
+	memset(&op, 0, sizeof(op));
+	op.ses = op_init.ses;
+	op.data.udata.input = (void*)hash_vectors[0].plaintext;
+	op.data.udata.input_size = hash_vectors[0].plaintext_size;
+	op.data.udata.output = NULL;
+	op.data.udata.output_size = 0;
+	op.type = NCR_DIRECT_DATA;
+
+	if (ioctl(cfd, NCRIO_SESSION_UPDATE, &op)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_SESSION_UPDATE)");
+		return 1;
+	}
+
+	memset(&op, 0, sizeof(op));
+	op.ses = op_init.ses;
+	op.data.kdata.input = key;
+	op.data.kdata.output = NULL;
+	op.data.kdata.output_size = 0;
+	op.type = NCR_KEY_DATA;
+
+	if (ioctl(cfd, NCRIO_SESSION_UPDATE, &op)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_SESSION_UPDATE)");
+		return 1;
+	}
+
+	op.data.udata.input = NULL;
+	op.data.udata.input_size = 0;
+	op.data.udata.output = data;
+	op.data.udata.output_size = sizeof(data);
+	op.type = NCR_DIRECT_DATA;
+
+	if (ioctl(cfd, NCRIO_SESSION_FINAL, &op)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_SESSION_FINAL)");
+		return 1;
+	}		
+
+	data_size = op.data.udata.output_size;
+
+
+	if (data_size != hash_vectors[0].output_size ||
+			memcmp(data, output, hash_vectors[0].output_size) != 0) {
+			fprintf(stderr, "HASH test vector %d failed!\n", 0);
+
+			fprintf(stderr, "Output[%d]: ", (int)data_size);
+			for(j=0;j<data_size;j++)
+			  fprintf(stderr, "%.2x:", (int)data[j]);
+			fprintf(stderr, "\n");
+
+			fprintf(stderr, "Expected[%d]: ", hash_vectors[0].output_size);
+			for(j=0;j<hash_vectors[0].output_size;j++)
+			  fprintf(stderr, "%.2x:", (int)output[j]);
+			fprintf(stderr, "\n");
+			return 1;
+	}
+
+
+	fprintf(stdout, "\n");
+
+	return 0;
+
+}
+
 
 int
 main()
@@ -819,6 +932,9 @@ main()
 	if (test_ncr_hash(fd))
 		return 1;
 
+	if (test_ncr_hash_key(fd))
+		return 1;
+
 	if (test_ncr_wrap_key(fd))
 		return 1;
 
-- 
cgit