/* * Copyright 2010 Red Hat, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL RED HAT, INC. OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * * Red Hat author: Jan Chadima */ #include #include #include #include #include #include "ncrypto.h" #include "ncrypto_internal.h" int ncr_key_init(ncr_key_t *key) { if ((__ncr_file_descriptor < 0) && (__ncr_global_init() < 0)) return -1; if (ioctl(__ncr_file_descriptor, NCRIO_KEY_INIT, key) < 0) return -1; return 0; } int ncr_key_generate(ncr_key_t key, ncr_key_generate_params_t params) { struct ncr_key_generate_st io; memset(&io, 0, sizeof(io)); if (key == NCR_KEY_INVALID) { errno = EINVAL; return -1; } io.desc = key; if (params) memmove(&io.params, params, sizeof(io.params)); if (__ncr_file_descriptor < 0) { errno = EBADF; return -1; } if (ioctl(__ncr_file_descriptor, NCRIO_KEY_GENERATE, &io) < 0) return -1; return 0; } int ncr_key_generate_pair(ncr_key_t key1, ncr_key_t key2, ncr_key_generate_params_t params) { struct ncr_key_generate_st io; memset(&io, 0, sizeof(io)); if (key1 == NCR_KEY_INVALID|| key2 == NCR_KEY_INVALID) { errno = EINVAL; return -1; } io.desc = key1; io.desc2 = key2; if (params) memmove(&io.params, params, sizeof(io.params)); if (__ncr_file_descriptor < 0) { errno = EBADF; return -1; } if (ioctl(__ncr_file_descriptor, NCRIO_KEY_GENERATE_PAIR, &io) < 0) return -1; return 0; } int ncr_key_derive(ncr_key_t newkey, unsigned int keyflags, ncr_key_t key, ncr_derive_t derive, ncr_key_params_t params) { struct ncr_key_derivation_params_st io; memset(&io, 0, sizeof(io)); if (newkey == NCR_KEY_INVALID || key == NCR_KEY_INVALID) { errno = EINVAL; return -1; } io.derive = derive; io.newkey = newkey; io.key = key; io.keyflags = keyflags; if (params) memmove(&io.params, params, sizeof(io.params)); if (__ncr_file_descriptor < 0) { errno = EBADF; return -1; } if (ioctl(__ncr_file_descriptor, NCRIO_KEY_DERIVE, &io) < 0) return -1; return 0; } static int ncr_key_get_info(struct ncr_key_info_st *dest, ncr_key_t key) { if (key == NCR_KEY_INVALID) { errno = EINVAL; return -1; } memset(dest, 0, sizeof(*dest)); dest->key = key; if (__ncr_file_descriptor < 0) { errno = EBADF; return -1; } if (ioctl(__ncr_file_descriptor, NCRIO_KEY_GET_INFO, dest) < 0) return -1; return 0; } ncr_algorithm_t ncr_key_get_algorithm(ncr_key_t key) { struct ncr_key_info_st io; if (ncr_key_get_info(&io, key) < 0) return -1; return io.algorithm; } int ncr_key_get_flags(ncr_key_t key) { struct ncr_key_info_st io; if (ncr_key_get_info(&io, key) < 0) return -1; return io.flags; } ncr_key_type_t ncr_key_get_type(ncr_key_t key) { struct ncr_key_info_st io; if (ncr_key_get_info(&io, key) < 0) return -1; return io.type; } int ncr_key_get_id(ncr_key_t key, void *id, size_t *id_size) { struct ncr_key_info_st io; if (ncr_key_get_info(&io, key) < 0) return -1; if (io.key_id_size < *id_size) *id_size = io.key_id_size; memmove(id, &io.key_id, *id_size); return 0; } int ncr_key_export(ncr_key_t key, void *idata, size_t idata_size) { struct ncr_key_data_st io; memset(&io, 0, sizeof(io)); if (key == NCR_KEY_INVALID || !idata || !idata_size) { errno = EINVAL; return -1; } io.key = key; io.idata = idata; io.idata_size = idata_size; if (__ncr_file_descriptor < 0) { errno = EBADF; return -1; } if (ioctl(__ncr_file_descriptor, NCRIO_KEY_EXPORT, &io) < 0) return -1; return io.idata_size; } int ncr_key_import(ncr_key_t key, void *idata, size_t idata_size, void *id, size_t id_size, ncr_algorithm_t algorithm, unsigned int type, unsigned int flags) { struct ncr_key_data_st io; memset(&io, 0, sizeof(io)); if (key == NCR_KEY_INVALID || !idata || !idata_size || (!id && id_size != 0) || algorithm == NCR_ALG_NONE) { errno = EINVAL; return -1; } io.key = key; io.idata = idata; io.idata_size = idata_size; if (id_size > MAX_KEY_ID_SIZE) { errno = EOVERFLOW; return -1; } memmove(&io.key_id, id, id_size); io.key_id_size = id_size; io.algorithm = algorithm; io.type = type; io.flags = flags; if (__ncr_file_descriptor < 0) { errno = EBADF; return -1; } if (ioctl(__ncr_file_descriptor, NCRIO_KEY_IMPORT, &io) < 0) return -1; return 0; } int ncr_key_wrap(ncr_key_t key, ncr_wrap_algorithm_t algorithm, ncr_key_params_t params, ncr_key_t keytowrap, void *idata, size_t idata_size) { struct ncr_key_wrap_st io; memset(&io, 0, sizeof(io)); if (key == NCR_KEY_INVALID || keytowrap == NCR_KEY_INVALID || !idata || !idata_size) { errno = EINVAL; return -1; } io.key = key; io.algorithm = algorithm; if (params) memmove(&io.params, params, sizeof(io.params)); io.keytowrap = keytowrap; io.io = idata; io.io_size = idata_size; if (__ncr_file_descriptor < 0) { errno = EBADF; return -1; } if (ioctl(__ncr_file_descriptor, NCRIO_KEY_WRAP, &io) < 0) return -1; return io.io_size; } int ncr_key_unwrap(ncr_key_t key, ncr_wrap_algorithm_t algorithm, ncr_key_params_t params, ncr_key_t keytowrap, void *idata, size_t idata_size, ncr_algorithm_t wrapped_algorithm, unsigned int wrapped_type, unsigned int wrapped_flags) { struct ncr_key_wrap_st io; memset(&io, 0, sizeof(io)); if (key == NCR_KEY_INVALID || keytowrap == NCR_KEY_INVALID || !idata || !idata_size) { errno = EINVAL; return -1; } io.key = key; io.algorithm = algorithm; if (params) memmove(&io.params, params, sizeof(io.params)); io.keytowrap = keytowrap; io.io = idata; io.io_size = idata_size; io.wrapped_key_algorithm = wrapped_algorithm; io.wrapped_key_type = wrapped_type; io.wrapped_key_flags = wrapped_flags; if (__ncr_file_descriptor < 0) { errno = EBADF; return -1; } if (ioctl(__ncr_file_descriptor, NCRIO_KEY_UNWRAP, &io) < 0) return -1; return 0; } int ncr_key_storage_wrap(ncr_key_t keytowrap, void *idata, size_t idata_size) { struct ncr_key_storage_wrap_st io; memset(&io, 0, sizeof(io)); if (keytowrap == NCR_KEY_INVALID || !idata || !idata_size) { errno = EINVAL; return -1; } io.keytowrap = keytowrap; io.io = idata; io.io_size = idata_size; if (__ncr_file_descriptor < 0) { errno = EBADF; return -1; } if (ioctl(__ncr_file_descriptor, NCRIO_KEY_STORAGE_WRAP, &io) < 0) return -1; return io.io_size; } int ncr_key_storage_unwrap(ncr_key_t keytowrap, void *idata, size_t idata_size) { struct ncr_key_storage_wrap_st io; memset(&io, 0, sizeof(io)); if (keytowrap == NCR_KEY_INVALID|| !idata || !idata_size) { errno = EINVAL; return -1; } io.keytowrap = keytowrap; io.io = idata; io.io_size = idata_size; if (__ncr_file_descriptor < 0) { errno = EBADF; return -1; } if (ioctl(__ncr_file_descriptor, NCRIO_KEY_STORAGE_UNWRAP, &io) < 0) return -1; return 0; } int ncr_key_deinit(ncr_key_t key) { if (key == NCR_KEY_INVALID) { errno = EINVAL; return -1; } if (__ncr_file_descriptor < 0) { errno = EBADF; return -1; } if (ioctl(__ncr_file_descriptor, NCRIO_KEY_DEINIT, &key) < 0) return -1; return 0; }