summaryrefslogtreecommitdiffstats
path: root/crypto/userspace
diff options
context:
space:
mode:
authorMiloslav Trmač <mitr@redhat.com>2010-07-23 17:52:29 +0200
committerMiloslav Trmač <mitr@redhat.com>2010-07-23 17:52:29 +0200
commit16ace6317db2c47b36b08b0addfe91356151c08d (patch)
tree3a3c051b43333fabe1116e45e512acadf11da3e8 /crypto/userspace
parent893a38ffe67459db005bd1c7f129c04508cd015d (diff)
parentd3d66b196cda9b100f3e3e0e742e0c2a76f2751a (diff)
downloadkernel-crypto-16ace6317db2c47b36b08b0addfe91356151c08d.tar.gz
kernel-crypto-16ace6317db2c47b36b08b0addfe91356151c08d.tar.xz
kernel-crypto-16ace6317db2c47b36b08b0addfe91356151c08d.zip
Merge branch 'standalone-master' into standalone-rename
Conflicts: examples/Makefile examples/ncr.c examples/pk.c examples/speed.c
Diffstat (limited to 'crypto/userspace')
-rw-r--r--crypto/userspace/cryptodev_int.h11
-rw-r--r--crypto/userspace/cryptodev_main.c9
-rw-r--r--crypto/userspace/ncr-data.c292
-rw-r--r--crypto/userspace/ncr-key-storage.c21
-rw-r--r--crypto/userspace/ncr-key-wrap.c107
-rw-r--r--crypto/userspace/ncr-key.c83
-rw-r--r--crypto/userspace/ncr-pk.c240
-rw-r--r--crypto/userspace/ncr-pk.h21
-rw-r--r--crypto/userspace/ncr-sessions.c240
-rw-r--r--crypto/userspace/ncr.c2
-rw-r--r--crypto/userspace/ncr_int.h38
11 files changed, 188 insertions, 876 deletions
diff --git a/crypto/userspace/cryptodev_int.h b/crypto/userspace/cryptodev_int.h
index d12fd4f80e7..a0d30731d40 100644
--- a/crypto/userspace/cryptodev_int.h
+++ b/crypto/userspace/cryptodev_int.h
@@ -24,17 +24,6 @@
extern int cryptodev_verbosity;
-/* For zero copy */
-int __get_userbuf(uint8_t *addr, uint32_t len, int write,
- int pgcount, struct page **pg, struct scatterlist *sg);
-void release_user_pages(struct page **pg, int pagecount);
-
-/* last page - first page + 1 */
-#define PAGECOUNT(buf, buflen) \
- ((((unsigned long)(buf + buflen - 1) & PAGE_MASK) >> PAGE_SHIFT) - \
- (((unsigned long) buf & PAGE_MASK) >> PAGE_SHIFT) + 1)
-
-
struct cipher_data
{
int init; /* 0 uninitialized */
diff --git a/crypto/userspace/cryptodev_main.c b/crypto/userspace/cryptodev_main.c
index 2a0503c3154..0316a74dbb9 100644
--- a/crypto/userspace/cryptodev_main.c
+++ b/crypto/userspace/cryptodev_main.c
@@ -495,7 +495,7 @@ __crypto_run_std(struct csession *ses_ptr, struct crypt_op *cop)
#ifndef DISABLE_ZCOPY
-void release_user_pages(struct page **pg, int pagecount)
+static void release_user_pages(struct page **pg, int pagecount)
{
while (pagecount--) {
if (!PageReserved(pg[pagecount]))
@@ -504,11 +504,16 @@ void release_user_pages(struct page **pg, int pagecount)
}
}
+/* last page - first page + 1 */
+#define PAGECOUNT(buf, buflen) \
+ ((((unsigned long)(buf + buflen - 1) & PAGE_MASK) >> PAGE_SHIFT) - \
+ (((unsigned long) buf & PAGE_MASK) >> PAGE_SHIFT) + 1)
+
/* offset of buf in it's first page */
#define PAGEOFFSET(buf) ((unsigned long)buf & ~PAGE_MASK)
/* fetch the pages addr resides in into pg and initialise sg with them */
-int __get_userbuf(uint8_t *addr, uint32_t len, int write,
+static int __get_userbuf(uint8_t *addr, uint32_t len, int write,
int pgcount, struct page **pg, struct scatterlist *sg)
{
int ret, pglen, i = 0;
diff --git a/crypto/userspace/ncr-data.c b/crypto/userspace/ncr-data.c
index 73ee7370329..21aabe4fccb 100644
--- a/crypto/userspace/ncr-data.c
+++ b/crypto/userspace/ncr-data.c
@@ -101,196 +101,11 @@ void _ncr_data_item_put( struct data_item_st* item)
{
if (atomic_dec_and_test(&item->refcnt)) {
ncr_limits_remove(item->uid, item->pid, LIMIT_TYPE_DATA);
- if (item->type == NCR_DATA_KERNEL)
- kfree(item->data.kernel.data);
- else if (item->type == NCR_DATA_USER)
- ncr_data_item_put_sg(item); /* just in case */
+ kfree(item->data);
kfree(item);
}
}
-int ncr_data_item_get_sg( struct data_item_st* item, struct scatterlist** sg,
- unsigned int *sg_cnt, size_t *data_size, size_t* max_data_size, unsigned int data_flags, int write)
-{
- if (item->type == NCR_DATA_KERNEL) {
- item->flags = data_flags;
-
- sg_init_one(item->_sg, item->data.kernel.data, item->data.kernel.max_data_size);
-
- if (data_size) *data_size = item->data.kernel.data_size;
- if (max_data_size) *max_data_size = item->data.kernel.max_data_size;
- *sg_cnt = 1;
- *sg = item->_sg;
-
- } else if (item->type == NCR_DATA_USER) {
- int ret;
- size_t pagecount, item_size;
-
- ret = ncr_data_item_size(item, 0);
- if (ret < 0) {
- err();
- return ret;
- }
- item_size = ret;
-
- pagecount = PAGECOUNT(item->data.user.ptr, item_size);
-
- if (atomic_add_unless(&item->data.user.pg_used, 1, 1) == 0) {
- err();
- return -EBUSY;
- }
-
- if (!(data_flags & NCR_DATA_FLAG_EXPORTABLE)) {
- err();
- return -EPERM;
- }
-
- if (pagecount > MAX_DATA_PAGES) {
- err();
- return -EOVERFLOW;
- }
-
- ret = __get_userbuf(item->data.user.ptr, item_size, write,
- pagecount, item->data.user.pg, item->_sg);
- if (ret < 0) {
- err();
- return ret;
- }
-
- if (max_data_size) *max_data_size = item_size;
- if (data_size) *data_size = item_size;
- *sg = item->_sg;
- *sg_cnt = item->data.user.pg_cnt = pagecount;
- } else {
- err();
- return -EINVAL;
- }
-
- return 0;
-}
-
-void ncr_data_item_put_sg( struct data_item_st* item)
-{
- if (item->type == NCR_DATA_USER && atomic_read(&item->data.user.pg_used) > 0) {
- if (item->data.user.pg_cnt > 0) {
- release_user_pages(item->data.user.pg, item->data.user.pg_cnt);
- item->data.user.pg_cnt = 0;
- }
- atomic_dec(&item->data.user.pg_used);
- }
-
- return;
-}
-
-int ncr_data_item_set_size( struct data_item_st* item, size_t new_size)
-{
- switch(item->type) {
- case NCR_DATA_KERNEL:
- item->data.kernel.data_size = new_size;
-
- return 0;
- case NCR_DATA_USER:
- if (unlikely(copy_to_user(item->data.user.size_ptr, &new_size, sizeof(new_size)))) {
- err();
- return -EFAULT;
- }
- return 0;
- default:
- return -EINVAL;
- }
-}
-
-int ncr_data_item_size( struct data_item_st* item, int max)
-{
-size_t size;
-
- switch(item->type) {
- case NCR_DATA_KERNEL:
- if (max == 0)
- return item->data.kernel.data_size;
- else
- return item->data.kernel.max_data_size;
- case NCR_DATA_USER:
- if (unlikely(copy_from_user(&size, item->data.user.size_ptr, sizeof(size)))) {
- err();
- return -EFAULT;
- }
- return size;
- default:
- return -EINVAL;
- }
-}
-
-int ncr_data_item_setd( struct data_item_st* item, const void* data, size_t data_size, unsigned int data_flags)
-{
-struct scatterlist* sg;
-size_t sg_max_size;
-unsigned int sg_cnt;
-int ret;
-
- ret = ncr_data_item_get_sg(item, &sg, &sg_cnt, NULL, &sg_max_size, data_flags, 1);
- if (ret < 0) {
- err();
- return ret;
- }
-
- if (data_size > sg_max_size) {
- err();
- ret = -EOVERFLOW;
- goto fail;
- }
-
- ret = sg_copy_from_buffer(sg, sg_cnt, (void*)data, data_size);
- if (ret != data_size) {
- err();
- ret = -EINVAL;
- goto fail;
- }
-
- ret = ncr_data_item_set_size( item, data_size);
- if (ret < 0) {
- err();
- goto fail;
- }
-
- ret = 0;
-fail:
- ncr_data_item_put_sg(item);
- return ret;
-}
-
-int ncr_data_item_getd( struct data_item_st* item, void* data, size_t data_size, unsigned int data_flags)
-{
-struct scatterlist* sg;
-size_t sg_size;
-unsigned int sg_cnt;
-int ret;
-
- ret = ncr_data_item_get_sg(item, &sg, &sg_cnt, &sg_size, NULL, data_flags, 0);
- if (ret < 0) {
- err();
- return ret;
- }
-
- if (data_size < sg_size) {
- err();
- ret = -EOVERFLOW;
- goto fail;
- }
-
- ret = sg_copy_to_buffer(sg, sg_cnt, data, data_size);
- if (ret != data_size) {
- err();
- ret = -EINVAL;
- goto fail;
- }
-
- ret = 0;
-fail:
- ncr_data_item_put_sg(item);
- return ret;
-}
-
int ncr_data_init(struct list_sem_st* lst, void __user* arg)
{
struct ncr_data_init_st init;
@@ -324,24 +139,22 @@ int ncr_data_init(struct list_sem_st* lst, void __user* arg)
atomic_set(&data->refcnt, 1);
- data->type = NCR_DATA_KERNEL;
-
- data->data.kernel.data = data_alloc(init.max_object_size);
- if (data->data.kernel.data == NULL) {
+ data->data = data_alloc(init.max_object_size);
+ if (data->data == NULL) {
err();
ret = -ENOMEM;
goto err_data;
}
- data->data.kernel.max_data_size = init.max_object_size;
+ data->max_data_size = init.max_object_size;
if (init.initial_data != NULL) {
- if (unlikely(copy_from_user(data->data.kernel.data, init.initial_data,
+ if (unlikely(copy_from_user(data->data, init.initial_data,
init.initial_data_size))) {
err();
_ncr_data_item_put(data);
return -EFAULT;
}
- data->data.kernel.data_size = init.initial_data_size;
+ data->data_size = init.initial_data_size;
}
down(&lst->sem);
@@ -370,70 +183,6 @@ int ncr_data_init(struct list_sem_st* lst, void __user* arg)
return ret;
}
-int ncr_data_init_user(struct list_sem_st* lst, void __user* arg)
-{
- struct ncr_data_init_user_st init;
- struct data_item_st* data;
- int ret;
-
- ret = ncr_limits_add_and_check(current_euid(), task_pid_nr(current), LIMIT_TYPE_DATA);
- if (ret < 0) {
- err();
- return ret;
- }
-
- if (unlikely(copy_from_user(&init, arg, sizeof(init)))) {
- err();
- ret = -EFAULT;
- goto err_limits;
- }
-
- data = kmalloc(sizeof(*data), GFP_KERNEL);
- if (data == NULL) {
- err();
- ret = -ENOMEM;
- goto err_limits;
- }
-
- memset(data, 0, sizeof(*data));
-
- data->flags = init.flags;
- data->uid = current_euid();
- data->pid = task_pid_nr(current);
-
- atomic_set(&data->refcnt, 1);
-
- data->type = NCR_DATA_USER;
-
- data->data.user.ptr = init.data;
- data->data.user.size_ptr = init.data_size_ptr;
-
- atomic_set(&data->data.user.pg_used, 0);
-
- down(&lst->sem);
-
- data->desc = _ncr_data_get_new_desc(lst);
-
- list_add(&data->list, &lst->list);
-
- up(&lst->sem);
-
- init.desc = data->desc;
- ret = copy_to_user(arg, &init, sizeof(init));
- if (unlikely(ret)) {
- down(&lst->sem);
- _ncr_data_unlink_item(data);
- up(&lst->sem);
- return -EFAULT;
- }
- return ret;
-
- err_limits:
- ncr_limits_remove(current_euid(), task_pid_nr(current),
- LIMIT_TYPE_DATA);
- return ret;
-}
-
int ncr_data_deinit(struct list_sem_st* lst, void __user* arg)
{
@@ -469,29 +218,25 @@ int ncr_data_get(struct list_sem_st* lst, void __user* arg)
err();
return -EFAULT;
}
-
+
data = ncr_data_item_get( lst, get.desc);
+
if (data == NULL) {
err();
return -EINVAL;
}
- if (data->type != NCR_DATA_KERNEL) {
- err();
- ret = -EINVAL;
- goto cleanup;
- }
-
if (!(data->flags & NCR_DATA_FLAG_EXPORTABLE)) {
err();
ret = -EPERM;
goto cleanup;
}
- len = min(get.data_size, data->data.kernel.data_size);
+ len = min(get.data_size, data->data_size);
+
/* update length */
get.data_size = len;
-
+
ret = copy_to_user(arg, &get, sizeof(get));
if (unlikely(ret)) {
err();
@@ -499,7 +244,7 @@ int ncr_data_get(struct list_sem_st* lst, void __user* arg)
}
if (ret == 0 && len > 0) {
- ret = copy_to_user(get.data, data->data.kernel.data, len);
+ ret = copy_to_user(get.data, data->data, len);
if (unlikely(ret)) {
err();
ret = -EFAULT;
@@ -524,18 +269,13 @@ int ncr_data_set(struct list_sem_st* lst, void __user* arg)
}
data = ncr_data_item_get( lst, get.desc);
+
if (data == NULL) {
err();
return -EINVAL;
}
- if (data->type != NCR_DATA_KERNEL) {
- err();
- ret = -EINVAL;
- goto cleanup;
- }
-
- if ((get.data_size > data->data.kernel.max_data_size) ||
+ if ((get.data_size > data->max_data_size) ||
(get.data == NULL && get.data_size != 0)) {
err();
ret = -EINVAL;
@@ -543,14 +283,14 @@ int ncr_data_set(struct list_sem_st* lst, void __user* arg)
}
if (get.data != NULL) {
- if (unlikely(copy_from_user(data->data.kernel.data, get.data,
+ if (unlikely(copy_from_user(data->data, get.data,
get.data_size))) {
err();
ret = -EFAULT;
goto cleanup;
}
}
- data->data.kernel.data_size = get.data_size;
+ data->data_size = get.data_size;
ret = 0;
diff --git a/crypto/userspace/ncr-key-storage.c b/crypto/userspace/ncr-key-storage.c
index ca96ddb3d86..69e1c50910f 100644
--- a/crypto/userspace/ncr-key-storage.c
+++ b/crypto/userspace/ncr-key-storage.c
@@ -39,17 +39,6 @@ struct packed_key {
uint32_t raw_size;
} __attribute__((__packed__));
-/**
- * key_to_storage_data:
- * @key: The key to pack
- * @sdata: Output data
- * @sdata_size: Output data size
- *
- * This function will pack the given key and return allocated data with the packed
- * key.
- *
- * Returns: 0 or errno.
- **/
int key_to_storage_data( uint8_t** sdata, size_t * sdata_size, const struct key_item_st *key)
{
struct packed_key * pkey;
@@ -93,16 +82,6 @@ fail:
return ret;
}
-/**
- * key_from_storage_data:
- * @key: The key to unpack on
- * @data: input data
- * @data_size: Input data size
- *
- * This function will unpack the given packed key and store it into the key item.
- *
- * Returns: 0 or errno.
- **/
int key_from_storage_data(struct key_item_st* key, const void* data, size_t data_size)
{
const struct packed_key * pkey = data;
diff --git a/crypto/userspace/ncr-key-wrap.c b/crypto/userspace/ncr-key-wrap.c
index 67fe10df7f8..939c1367135 100644
--- a/crypto/userspace/ncr-key-wrap.c
+++ b/crypto/userspace/ncr-key-wrap.c
@@ -44,33 +44,16 @@ static void val64_xor( val64_t val, uint32_t x)
}
static int rfc3394_wrap(val64_t R[], unsigned int n, struct cipher_data* ctx,
- struct data_item_st* odata, const uint8_t iv[8])
+ struct data_item_st* output, const uint8_t iv[8])
{
val64_t A;
uint8_t aes_block[16];
-int i,j, ret;
-uint8_t * output;
-size_t output_size = (n+1)*8;
-size_t max_data_size;
+int i,j;
- ret = ncr_data_item_size(odata, 1);
- if (ret < 0) {
- err();
- return ret;
- }
- max_data_size = ret;
-
-
- if (max_data_size < output_size) {
+ if (output->max_data_size < (n+1)*8) {
err();
return -EINVAL;
}
-
- output = kmalloc(output_size, GFP_KERNEL);
- if (output == NULL) {
- err();
- return -ENOMEM;
- }
memcpy(A, iv, 8);
@@ -89,14 +72,12 @@ size_t max_data_size;
memcpy(R[n-1], &aes_block[8], 8); /* R[n-1] = LSB64(AES(A^{t-1}|R_{1}^{t-1})) */
}
- memcpy(output, A, sizeof(A));
+ memcpy(output->data, A, sizeof(A));
for (j=0;j<n;j++)
- memcpy(&output[(j+1)*8], R[j], 8);
-
- ret = ncr_data_item_setd( odata, output, output_size, odata->flags);
- kfree(output);
-
- return ret;
+ memcpy(&output->data[(j+1)*8], R[j], 8);
+ output->data_size = (n+1)*8;
+
+ return 0;
}
static int rfc3394_unwrap(uint8_t *wrapped_key, val64_t R[], unsigned int n, val64_t A, struct cipher_data *ctx)
@@ -196,20 +177,12 @@ static int _unwrap_aes_rfc5649(void* kdata, size_t *kdata_size, struct key_item_
struct data_item_st *wrapped, const void* _iv, size_t iv_size)
{
size_t wrapped_key_size, n;
-uint8_t *wrapped_key = NULL;
+uint8_t *wrapped_key;
int i, ret;
struct cipher_data ctx;
uint8_t iv[4];
size_t size;
- ret = ncr_data_item_size(wrapped, 0);
- if (ret < 0) {
- err();
- return ret;
- }
- wrapped_key_size = ret;
-
-
if (iv_size != 4) {
memcpy(iv, RFC5649_IV, 4);
} else {
@@ -223,20 +196,8 @@ size_t size;
return ret;
}
- wrapped_key = kmalloc(wrapped_key_size, GFP_KERNEL);
- if (wrapped_key == NULL) {
- err();
- ret = -ENOMEM;
- goto cleanup;
- }
-
-
-
- ret = ncr_data_item_getd( wrapped, wrapped_key, wrapped_key_size, wrapped->flags);
- if (ret < 0) {
- err();
- goto cleanup;
- }
+ wrapped_key = wrapped->data;
+ wrapped_key_size = wrapped->data_size;
if (wrapped_key_size % 8 != 0) {
err();
@@ -295,7 +256,6 @@ size_t size;
ret = 0;
cleanup:
- kfree(wrapped_key);
cryptodev_cipher_deinit(&ctx);
return ret;
@@ -402,18 +362,11 @@ static int unwrap_aes(struct key_item_st* output, struct key_item_st *kek,
struct data_item_st* wrapped, const void* iv, size_t iv_size)
{
size_t wrapped_key_size, n;
-uint8_t *wrapped_key = NULL;
+uint8_t *wrapped_key;
val64_t A;
int i, ret;
struct cipher_data ctx;
- ret = ncr_data_item_size(wrapped, 0);
- if (ret < 0) {
- err();
- return ret;
- }
- wrapped_key_size = ret;
-
if (iv_size < sizeof(initA)) {
iv_size = sizeof(initA);
iv = initA;
@@ -427,18 +380,8 @@ struct cipher_data ctx;
output->type = NCR_KEY_TYPE_SECRET;
- wrapped_key = kmalloc(wrapped_key_size, GFP_KERNEL);
- if (wrapped_key == NULL) {
- err();
- ret = -ENOMEM;
- goto cleanup;
- }
-
- ret = ncr_data_item_getd( wrapped, wrapped_key, wrapped_key_size, wrapped->flags);
- if (ret < 0) {
- err();
- goto cleanup;
- }
+ wrapped_key = wrapped->data;
+ wrapped_key_size = wrapped->data_size;
if (wrapped_key_size % 8 != 0) {
err();
@@ -476,13 +419,13 @@ struct cipher_data ctx;
output->key.secret.size = n*8;
output->flags = NCR_KEY_FLAG_WRAPPABLE;
output->type = NCR_KEY_TYPE_SECRET;
+
}
ret = 0;
cleanup:
- kfree(wrapped_key);
cryptodev_cipher_deinit(&ctx);
return ret;
@@ -513,7 +456,7 @@ int ret;
goto fail;
}
- ret = ncr_key_item_get_read( &key, key_lst, wrap.key.key);
+ ret = ncr_key_item_get_read( &key, key_lst, wrap.key);
if (ret < 0) {
err();
goto fail;
@@ -530,10 +473,10 @@ int ret;
switch(wrap.algorithm) {
case NCR_WALG_AES_RFC3394:
- ret = wrap_aes(wkey, key, data, wrap.key.params.cipher.iv, wrap.key.params.cipher.iv_size);
+ ret = wrap_aes(wkey, key, data, wrap.params.params.cipher.iv, wrap.params.params.cipher.iv_size);
break;
case NCR_WALG_AES_RFC5649:
- ret = wrap_aes_rfc5649(wkey, key, data, wrap.key.params.cipher.iv, wrap.key.params.cipher.iv_size);
+ ret = wrap_aes_rfc5649(wkey, key, data, wrap.params.params.cipher.iv, wrap.params.params.cipher.iv_size);
break;
default:
err();
@@ -570,7 +513,7 @@ int ret;
return ret;
}
- ret = ncr_key_item_get_read( &key, key_lst, wrap.key.key);
+ ret = ncr_key_item_get_read( &key, key_lst, wrap.key);
if (ret < 0) {
err();
goto fail;
@@ -587,10 +530,10 @@ int ret;
switch(wrap.algorithm) {
case NCR_WALG_AES_RFC3394:
- ret = unwrap_aes(wkey, key, data, wrap.key.params.cipher.iv, wrap.key.params.cipher.iv_size);
+ ret = unwrap_aes(wkey, key, data, wrap.params.params.cipher.iv, wrap.params.params.cipher.iv_size);
break;
case NCR_WALG_AES_RFC5649:
- ret = unwrap_aes_rfc5649(wkey, key, data, wrap.key.params.cipher.iv, wrap.key.params.cipher.iv_size);
+ ret = unwrap_aes_rfc5649(wkey, key, data, wrap.params.params.cipher.iv, wrap.params.params.cipher.iv_size);
break;
default:
err();
@@ -696,13 +639,7 @@ int ret;
goto fail;
}
- ret = ncr_data_item_size(data, 0);
- if (ret < 0) {
- err();
- return ret;
- }
- sdata_size = ret;
-
+ sdata_size = data->data_size;
sdata = kmalloc(sdata_size, GFP_KERNEL);
if (sdata == NULL) {
err();
diff --git a/crypto/userspace/ncr-key.c b/crypto/userspace/ncr-key.c
index 18cb38718a3..134831e55b6 100644
--- a/crypto/userspace/ncr-key.c
+++ b/crypto/userspace/ncr-key.c
@@ -238,10 +238,7 @@ struct ncr_key_data_st data;
struct key_item_st* item = NULL;
struct data_item_st* ditem = NULL;
uint32_t size;
-uint32_t data_flags;
int ret;
-uint8_t* tmp = NULL;
-size_t max_data_size;
if (unlikely(copy_from_user(&data, arg, sizeof(data)))) {
err();
@@ -261,18 +258,11 @@ size_t max_data_size;
goto fail;
}
- data_flags = key_flags_to_data(item->flags);
-
- ret = ncr_data_item_size(ditem, 1);
- if (ret < 0) {
- err();
- goto fail;
- }
- max_data_size = ret;
+ ditem->flags = key_flags_to_data(item->flags);
switch (item->type) {
case NCR_KEY_TYPE_SECRET:
- if (item->key.secret.size > max_data_size) {
+ if (item->key.secret.size > ditem->max_data_size) {
err();
ret = -EINVAL;
goto fail;
@@ -280,39 +270,21 @@ size_t max_data_size;
/* found */
if (item->key.secret.size > 0) {
- ret = ncr_data_item_setd( ditem,
- item->key.secret.data, item->key.secret.size,
- data_flags);
- if (ret < 0) {
- err();
- goto fail;
- }
+ memcpy(ditem->data, item->key.secret.data, item->key.secret.size);
}
+ ditem->data_size = item->key.secret.size;
break;
case NCR_KEY_TYPE_PUBLIC:
case NCR_KEY_TYPE_PRIVATE:
- size = max_data_size;
-
- tmp = kmalloc(size, GFP_KERNEL);
- if (tmp == NULL) {
- err();
- ret = -ENOMEM;
- goto fail;
- }
-
- ret = ncr_pk_pack(item, tmp, &size);
- if (ret < 0) {
- err();
- goto fail;
- }
+ size = ditem->max_data_size;
+ ret = ncr_pk_pack(item, ditem->data, &size);
+
+ ditem->data_size = size;
- ret = ncr_data_item_setd( ditem, tmp, size, data_flags);
if (ret < 0) {
- err();
+ err();
goto fail;
}
-
- kfree(tmp);
break;
default:
@@ -327,7 +299,6 @@ size_t max_data_size;
return 0;
fail:
- kfree(tmp);
if (item)
_ncr_key_item_put(item);
if (ditem)
@@ -345,9 +316,7 @@ int ncr_key_import(struct list_sem_st* data_lst,
struct ncr_key_data_st data;
struct key_item_st* item = NULL;
struct data_item_st* ditem = NULL;
-uint8_t *tmp = NULL;
int ret;
-size_t data_size;
if (unlikely(copy_from_user(&data, arg, sizeof(data)))) {
err();
@@ -386,48 +355,25 @@ size_t data_size;
if (data.key_id_size > 0)
memcpy(item->key_id, data.key_id, data.key_id_size);
- ret = ncr_data_item_size(ditem, 0);
- if (ret < 0) {
- err();
- goto fail;
- }
- data_size = ret;
-
switch(item->type) {
case NCR_KEY_TYPE_SECRET:
- if (data_size > NCR_CIPHER_MAX_KEY_LEN) {
+
+ if (ditem->data_size > NCR_CIPHER_MAX_KEY_LEN) {
err();
ret = -EINVAL;
goto fail;
}
- ret = ncr_data_item_getd(ditem, item->key.secret.data, data_size, item->flags);
- if (ret < 0) {
- err();
- goto fail;
- }
- item->key.secret.size = data_size;
+ memcpy(item->key.secret.data, ditem->data, ditem->data_size);
+ item->key.secret.size = ditem->data_size;
break;
case NCR_KEY_TYPE_PRIVATE:
case NCR_KEY_TYPE_PUBLIC:
- tmp = kmalloc(data_size, GFP_KERNEL);
- if (tmp == NULL) {
- err();
- return -ENOMEM;
- }
-
- ret = ncr_data_item_getd(ditem, tmp, data_size, item->flags);
- if (ret < 0) {
- err();
- goto fail;
- }
-
- ret = ncr_pk_unpack( item, tmp, data_size);
+ ret = ncr_pk_unpack( item, ditem->data, ditem->data_size);
if (ret < 0) {
err();
goto fail;
}
- kfree(tmp);
break;
default:
@@ -442,7 +388,6 @@ size_t data_size;
return 0;
fail:
- kfree(tmp);
if (item)
_ncr_key_item_put(item);
if (ditem)
diff --git a/crypto/userspace/ncr-pk.c b/crypto/userspace/ncr-pk.c
index 6b304bbb697..b95256ddc40 100644
--- a/crypto/userspace/ncr-pk.c
+++ b/crypto/userspace/ncr-pk.c
@@ -303,6 +303,18 @@ void ncr_pk_queue_deinit(void)
destroy_workqueue(pk_wq);
}
+int ncr_key_params_get_sign_hash(ncr_algorithm_t algo, struct ncr_key_params_st * params)
+{
+ switch(algo) {
+ case NCR_ALG_RSA:
+ return params->params.rsa.sign_hash;
+ case NCR_ALG_DSA:
+ return params->params.dsa.sign_hash;
+ default:
+ return -EINVAL;
+ }
+}
+
/* Encryption/Decryption
*/
@@ -318,6 +330,8 @@ int ncr_pk_cipher_init(ncr_algorithm_t algo,
struct ncr_pk_ctx* ctx, struct ncr_key_params_st* params,
struct key_item_st *key)
{
+int ret;
+
memset(ctx, 0, sizeof(*ctx));
if (key->algorithm != algo) {
@@ -327,19 +341,24 @@ int ncr_pk_cipher_init(ncr_algorithm_t algo,
ctx->algorithm = algo;
ctx->key = key;
- ctx->sign_hash = params->params.pk.sign_hash;
+ ret = ncr_key_params_get_sign_hash(algo, params);
+ if (ret < 0) {
+ err();
+ return ret;
+ }
+ ctx->sign_hash = ret;
switch(algo) {
case NCR_ALG_RSA:
- if (params->params.pk.type == RSA_PKCS1_V1_5)
+ if (params->params.rsa.type == RSA_PKCS1_V1_5)
ctx->type = LTC_LTC_PKCS_1_V1_5;
- else if (params->params.pk.type == RSA_PKCS1_OAEP)
+ else if (params->params.rsa.type == RSA_PKCS1_OAEP)
ctx->type = LTC_LTC_PKCS_1_OAEP;
- else if (params->params.pk.type == RSA_PKCS1_PSS)
+ else if (params->params.rsa.type == RSA_PKCS1_PSS)
ctx->type = LTC_LTC_PKCS_1_PSS;
- ctx->oaep_hash = params->params.pk.oaep_hash;
- ctx->salt_len = params->params.pk.pss_salt;
+ ctx->oaep_hash = params->params.rsa.oaep_hash;
+ ctx->salt_len = params->params.rsa.pss_salt;
break;
case NCR_ALG_DSA:
break;
@@ -354,237 +373,121 @@ int ncr_pk_cipher_init(ncr_algorithm_t algo,
}
int ncr_pk_cipher_encrypt(const struct ncr_pk_ctx* ctx,
- const struct scatterlist* isg, unsigned int isg_cnt, size_t isg_size,
- struct scatterlist *osg, unsigned int osg_cnt, size_t* osg_size)
+ const void* input, size_t input_size,
+ void* output, size_t *output_size)
{
-int cret, ret;
-unsigned long osize = *osg_size;
-uint8_t* tmp;
-void * input, *output;
-
- tmp = kmalloc(isg_size + *osg_size, GFP_KERNEL);
- if (tmp == NULL) {
- err();
- return -ENOMEM;
- }
-
- ret = sg_copy_to_buffer((struct scatterlist*)isg, isg_cnt, tmp, isg_size);
- if (ret != isg_size) {
- err();
- ret = -EINVAL;
- goto fail;
- }
-
- input = tmp;
- output = &tmp[isg_size];
-
+int cret;
+unsigned long osize = *output_size;
switch(ctx->algorithm) {
case NCR_ALG_RSA:
- cret = rsa_encrypt_key_ex( input, isg_size, output, &osize,
+ cret = rsa_encrypt_key_ex( input, input_size, output, &osize,
NULL, 0, ctx->oaep_hash, ctx->type, &ctx->key->key.pk.rsa);
if (cret != CRYPT_OK) {
+ printk("cret: %d type: %d\n", cret, ctx->type);
err();
- ret = tomerr(cret);
- goto fail;
- }
- *osg_size = osize;
-
- ret = sg_copy_from_buffer(osg, osg_cnt, output, osize);
- if (ret != osize) {
- err();
- ret = -EINVAL;
- goto fail;
+ return tomerr(cret);
}
-
+ *output_size = osize;
break;
case NCR_ALG_DSA:
- ret = -EINVAL;
- goto fail;
+ return -EINVAL;
+ break;
default:
err();
- ret = -EINVAL;
- goto fail;
+ return -EINVAL;
}
-
- ret = sg_copy_from_buffer(osg, osg_cnt, output, *osg_size);
- if (ret != *osg_size) {
- err();
- ret = -EINVAL;
- goto fail;
- }
-
- ret = 0;
-
-fail:
- kfree(tmp);
- return ret;
+
+ return 0;
}
-int ncr_pk_cipher_decrypt(const struct ncr_pk_ctx* ctx,
- const struct scatterlist* isg, unsigned int isg_cnt, size_t isg_size,
- struct scatterlist *osg, unsigned int osg_cnt, size_t* osg_size)
+int ncr_pk_cipher_decrypt(const struct ncr_pk_ctx* ctx, const void* input, size_t input_size,
+ void* output, size_t *output_size)
{
-int cret, ret;
+int cret;
+unsigned long osize = *output_size;
int stat;
-unsigned long osize = *osg_size;
-uint8_t* tmp;
-void * input, *output;
-
- tmp = kmalloc(isg_size + *osg_size, GFP_KERNEL);
- if (tmp == NULL) {
- err();
- return -ENOMEM;
- }
-
- input = tmp;
- output = &tmp[isg_size];
-
- ret = sg_copy_to_buffer((struct scatterlist*)isg, isg_cnt, input, isg_size);
- if (ret != isg_size) {
- err();
- ret = -EINVAL;
- goto fail;
- }
switch(ctx->algorithm) {
case NCR_ALG_RSA:
- cret = rsa_decrypt_key_ex( input, isg_size, output, &osize,
+ cret = rsa_decrypt_key_ex( input, input_size, output, &osize,
NULL, 0, ctx->oaep_hash, ctx->type, &stat, &ctx->key->key.pk.rsa);
if (cret != CRYPT_OK) {
err();
- ret = tomerr(cret);
- goto fail;
+ return tomerr(cret);
}
if (stat==0) {
err();
- ret = -EINVAL;
- goto fail;
+ return -EINVAL;
}
- *osg_size = osize;
+ *output_size = osize;
break;
case NCR_ALG_DSA:
- ret = -EINVAL;
- goto fail;
+ return -EINVAL;
+ break;
default:
err();
- ret = -EINVAL;
- goto fail;
+ return -EINVAL;
}
-
- ret = sg_copy_from_buffer(osg, osg_cnt, output, *osg_size);
- if (ret != *osg_size) {
- err();
- ret = -EINVAL;
- goto fail;
- }
-
- ret = 0;
-fail:
- kfree(tmp);
- return ret;
+ return 0;
}
int ncr_pk_cipher_sign(const struct ncr_pk_ctx* ctx,
- const struct scatterlist* isg, unsigned int isg_cnt, size_t isg_size,
- struct scatterlist *osg, unsigned int osg_cnt, size_t* osg_size)
+ const void* input, size_t input_size,
+ void* output, size_t *output_size)
{
-int cret, ret;
-unsigned long osize = *osg_size;
-uint8_t* tmp;
-void * input, *output;
-
- tmp = kmalloc(isg_size + *osg_size, GFP_KERNEL);
- if (tmp == NULL) {
- err();
- return -ENOMEM;
- }
-
- input = tmp;
- output = &tmp[isg_size];
-
- ret = sg_copy_to_buffer((struct scatterlist*)isg, isg_cnt, input, isg_size);
- if (ret != isg_size) {
- err();
- ret = -EINVAL;
- goto fail;
- }
+int cret;
+unsigned long osize = *output_size;
switch(ctx->algorithm) {
case NCR_ALG_RSA:
- cret = rsa_sign_hash_ex( input, isg_size, output, &osize,
+ cret = rsa_sign_hash_ex( input, input_size, output, &osize,
ctx->type, ctx->sign_hash, ctx->salt_len, &ctx->key->key.pk.rsa);
if (cret != CRYPT_OK) {
err();
return tomerr(cret);
}
- *osg_size = osize;
+ *output_size = osize;
break;
case NCR_ALG_DSA:
- cret = dsa_sign_hash( input, isg_size, output, &osize,
+ cret = dsa_sign_hash( input, input_size, output, &osize,
&ctx->key->key.pk.dsa);
if (cret != CRYPT_OK) {
err();
return tomerr(cret);
}
- *osg_size = osize;
+ *output_size = osize;
break;
default:
err();
- ret = -EINVAL;
- goto fail;
- }
-
- ret = sg_copy_from_buffer(osg, osg_cnt, output, *osg_size);
- if (ret != *osg_size) {
- err();
- ret = -EINVAL;
- goto fail;
+ return -EINVAL;
}
- ret = 0;
-fail:
- kfree(tmp);
- return ret;
+ return 0;
}
int ncr_pk_cipher_verify(const struct ncr_pk_ctx* ctx,
- const struct scatterlist* sign_sg, unsigned int sign_sg_cnt, size_t sign_sg_size,
+ const void* signature, size_t signature_size,
const void* hash, size_t hash_size, ncr_error_t* err)
{
-int cret, ret;
+int cret;
int stat;
-uint8_t* sig;
-
- sig = kmalloc(sign_sg_size, GFP_KERNEL);
- if (sig == NULL) {
- err();
- return -ENOMEM;
- }
-
- ret = sg_copy_to_buffer((struct scatterlist*)sign_sg, sign_sg_cnt, sig, sign_sg_size);
- if (ret != sign_sg_size) {
- err();
- ret = -EINVAL;
- goto fail;
- }
switch(ctx->algorithm) {
case NCR_ALG_RSA:
- cret = rsa_verify_hash_ex( sig, sign_sg_size,
+ cret = rsa_verify_hash_ex( signature, signature_size,
hash, hash_size, ctx->type, ctx->sign_hash,
ctx->salt_len, &stat, &ctx->key->key.pk.rsa);
if (cret != CRYPT_OK) {
err();
- ret = tomerr(cret);
- goto fail;
+ return tomerr(cret);
}
if (stat == 1)
@@ -594,12 +497,11 @@ uint8_t* sig;
break;
case NCR_ALG_DSA:
- cret = dsa_verify_hash( sig, sign_sg_size,
+ cret = dsa_verify_hash( signature, signature_size,
hash, hash_size, &stat, &ctx->key->key.pk.dsa);
if (cret != CRYPT_OK) {
err();
- ret = tomerr(cret);
- goto fail;
+ return tomerr(cret);
}
if (stat == 1)
@@ -610,12 +512,8 @@ uint8_t* sig;
break;
default:
err();
- ret = -EINVAL;
- goto fail;
+ return -EINVAL;
}
-
- ret = 0;
-fail:
- kfree(sig);
- return ret;
+
+ return 0;
}
diff --git a/crypto/userspace/ncr-pk.h b/crypto/userspace/ncr-pk.h
index aebc430906a..11800175c3b 100644
--- a/crypto/userspace/ncr-pk.h
+++ b/crypto/userspace/ncr-pk.h
@@ -34,20 +34,15 @@ int ncr_pk_cipher_init(ncr_algorithm_t algo,
struct ncr_pk_ctx* ctx, struct ncr_key_params_st* params,
struct key_item_st *key);
void ncr_pk_cipher_deinit(struct ncr_pk_ctx* ctx);
-int ncr_pk_cipher_encrypt(const struct ncr_pk_ctx* ctx,
- const struct scatterlist* isg, unsigned int isg_cnt, size_t isg_size,
- struct scatterlist *osg, unsigned int osg_cnt, size_t* osg_size);
+int ncr_pk_cipher_encrypt(const struct ncr_pk_ctx* ctx, const void* input,
+ size_t input_size, void* output, size_t *output_size);
+int ncr_pk_cipher_decrypt(const struct ncr_pk_ctx* ctx, const void* input,
+ size_t input_size, void* output, size_t *output_size);
+int ncr_pk_cipher_sign(const struct ncr_pk_ctx* ctx, const void* input,
+ size_t input_size, void* output, size_t *output_size);
-int ncr_pk_cipher_decrypt(const struct ncr_pk_ctx* ctx,
- const struct scatterlist* isg, unsigned int isg_cnt, size_t isg_size,
- struct scatterlist *osg, unsigned int osg_cnt, size_t* osg_size);
-
-int ncr_pk_cipher_sign(const struct ncr_pk_ctx* ctx,
- const struct scatterlist* isg, unsigned int isg_cnt, size_t isg_size,
- struct scatterlist *osg, unsigned int osg_cnt, size_t* osg_size);
-
int ncr_pk_cipher_verify(const struct ncr_pk_ctx* ctx,
- const struct scatterlist* sign_sg, unsigned int sign_sg_cnt, size_t sign_sg_size,
- const void* hash, size_t hash_size, ncr_error_t* err);
+ const void* signature, size_t signature_size,
+ const void* hash, size_t hash_size, ncr_error_t*);
#endif
diff --git a/crypto/userspace/ncr-sessions.c b/crypto/userspace/ncr-sessions.c
index 45cd337a820..68563101400 100644
--- a/crypto/userspace/ncr-sessions.c
+++ b/crypto/userspace/ncr-sessions.c
@@ -290,6 +290,7 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses
{
struct session_item_st* ns = NULL;
int ret;
+ ncr_algorithm_t sign_hash;
const char* str = NULL;
ns = ncr_session_new(&lists->sessions);
@@ -310,7 +311,7 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses
}
/* read key */
- ret = ncr_key_item_get_read( &ns->key, &lists->key, session->params.key);
+ ret = ncr_key_item_get_read( &ns->key, &lists->key, session->key);
if (ret < 0) {
err();
goto fail;
@@ -365,7 +366,7 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses
}
/* read key */
- ret = ncr_key_item_get_read( &ns->key, &lists->key, session->params.key);
+ ret = ncr_key_item_get_read( &ns->key, &lists->key, session->key);
if (ret < 0) {
err();
goto fail;
@@ -386,12 +387,19 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses
}
} else if (ns->key->type == NCR_KEY_TYPE_PRIVATE || ns->key->type == NCR_KEY_TYPE_PUBLIC) {
- if (algo_can_digest(session->params.params.pk.sign_hash) == 0) {
+ ret = ncr_key_params_get_sign_hash(ns->key->algorithm, &session->params);
+ if (ret < 0) {
+ err();
+ return ret;
+ }
+ sign_hash = ret;
+
+ if (algo_can_digest(sign_hash) == 0) {
err();
ret = -EINVAL;
goto fail;
}
- str = _ncr_algo_to_str(session->params.params.pk.sign_hash);
+ str = _ncr_algo_to_str(sign_hash);
if (str == NULL) {
err();
ret = -EINVAL;
@@ -487,10 +495,6 @@ static int _ncr_session_update(struct ncr_lists* lists, struct ncr_session_op_st
struct session_item_st* sess;
struct data_item_st* data = NULL;
struct data_item_st* odata = NULL;
- struct scatterlist *osg;
- struct scatterlist *isg;
- size_t osg_size, isg_size, new_size, max_odata_size, idata_size;
- unsigned int osg_cnt, isg_cnt;
sess = ncr_sessions_item_get( &lists->sessions, op->ses);
if (sess == NULL) {
@@ -515,40 +519,7 @@ static int _ncr_session_update(struct ncr_lists* lists, struct ncr_session_op_st
goto fail;
}
- /* output data will have the same status as input data */
- ret = ncr_data_item_get_sg(odata, &osg, &osg_cnt, NULL, &osg_size, data->flags, 1);
- if (ret < 0) {
- err();
- goto fail;
- }
-
- if (odata != data) {
- ret = ncr_data_item_get_sg(data, &isg, &isg_cnt, &isg_size, NULL, data->flags, 0);
- if (ret < 0) {
- err();
- goto fail;
- }
- } else {
- isg = osg;
- isg_cnt = osg_cnt;
- isg_size = osg_size;
- }
-
- ret = ncr_data_item_size(odata, 1);
- if (ret < 0) {
- err();
- goto fail;
- }
- max_odata_size = ret;
-
- ret = ncr_data_item_size(data, 0);
- if (ret < 0) {
- err();
- goto fail;
- }
- idata_size = ret;
-
- if (max_odata_size < idata_size) {
+ if (odata->max_data_size < data->data_size) {
err();
ret = -EINVAL;
goto fail;
@@ -556,30 +527,26 @@ static int _ncr_session_update(struct ncr_lists* lists, struct ncr_session_op_st
if (algo_is_symmetric(sess->algorithm)) {
/* read key */
- ret = cryptodev_cipher_encrypt(&sess->cipher, isg, osg, isg_size);
+ ret = _cryptodev_cipher_encrypt(&sess->cipher, data->data,
+ data->data_size, odata->data, data->data_size);
if (ret < 0) {
err();
goto fail;
}
-
/* FIXME: handle ciphers that do not require that */
- new_size = idata_size;
-
+ odata->data_size = data->data_size;
} else { /* public key */
- new_size = osg_size;
- ret = ncr_pk_cipher_encrypt(&sess->pk, isg, isg_cnt, isg_size,
- osg, osg_cnt, &new_size);
+ size_t new_size = odata->max_data_size;
+ ret = ncr_pk_cipher_encrypt(&sess->pk, data->data, data->data_size,
+ odata->data, &new_size);
+
+ odata->data_size = new_size;
+
if (ret < 0) {
err();
goto fail;
}
}
- ret = ncr_data_item_set_size(odata, new_size);
- if (ret < 0) {
- err();
- goto fail;
- }
-
break;
case NCR_OP_DECRYPT:
/* obtain data item */
@@ -597,39 +564,7 @@ static int _ncr_session_update(struct ncr_lists* lists, struct ncr_session_op_st
goto fail;
}
- ret = ncr_data_item_get_sg(odata, &osg, &osg_cnt, NULL, &osg_size, data->flags, 1);
- if (ret < 0) {
- err();
- goto fail;
- }
-
- if (odata != data) {
- ret = ncr_data_item_get_sg(data, &isg, &isg_cnt, NULL, &isg_size, data->flags, 0);
- if (ret < 0) {
- err();
- goto fail;
- }
- } else {
- isg = osg;
- isg_cnt = osg_cnt;
- isg_size = osg_size;
- }
-
- ret = ncr_data_item_size(odata, 1);
- if (ret < 0) {
- err();
- goto fail;
- }
- max_odata_size = ret;
-
- ret = ncr_data_item_size(data, 0);
- if (ret < 0) {
- err();
- goto fail;
- }
- idata_size = ret;
-
- if (max_odata_size < idata_size) {
+ if (odata->max_data_size < data->data_size) {
err();
ret = -EINVAL;
goto fail;
@@ -637,30 +572,26 @@ static int _ncr_session_update(struct ncr_lists* lists, struct ncr_session_op_st
/* read key */
if (algo_is_symmetric(sess->algorithm)) {
- ret = cryptodev_cipher_decrypt(&sess->cipher, isg, osg, isg_size);
+ ret = _cryptodev_cipher_decrypt(&sess->cipher, data->data, data->data_size, odata->data, data->data_size);
if (ret < 0) {
err();
goto fail;
}
/* FIXME: handle ciphers that do not require that */
- new_size = idata_size;
+ odata->data_size = data->data_size;
} else { /* public key */
- size_t new_size = osg_size;
- ret = ncr_pk_cipher_decrypt(&sess->pk, isg, isg_cnt, isg_size,
- osg, osg_cnt, &new_size);
+ size_t new_size = odata->max_data_size;
+ ret = ncr_pk_cipher_decrypt(&sess->pk, data->data, data->data_size,
+ odata->data, &new_size);
+
+ odata->data_size = new_size;
+
if (ret < 0) {
err();
goto fail;
}
}
- ret = ncr_data_item_set_size(odata, new_size);
- if (ret < 0) {
- err();
- goto fail;
- }
-
-
break;
case NCR_OP_SIGN:
@@ -673,13 +604,7 @@ static int _ncr_session_update(struct ncr_lists* lists, struct ncr_session_op_st
goto fail;
}
- ret = ncr_data_item_get_sg(data, &isg, &isg_cnt, &isg_size, NULL, data->flags, 0);
- if (ret < 0) {
- err();
- goto fail;
- }
-
- ret = cryptodev_hash_update(&sess->hash, isg, isg_size);
+ ret = _cryptodev_hash_update(&sess->hash, data->data, data->data_size);
if (ret < 0) {
err();
goto fail;
@@ -695,13 +620,7 @@ static int _ncr_session_update(struct ncr_lists* lists, struct ncr_session_op_st
goto fail;
}
- ret = ncr_data_item_get_sg(data, &isg, &isg_cnt, &isg_size, NULL, data->flags, 0);
- if (ret < 0) {
- err();
- goto fail;
- }
-
- ret = cryptodev_hash_update(&sess->hash, isg, isg_size);
+ ret = _cryptodev_hash_update(&sess->hash, data->data, data->data_size);
if (ret < 0) {
err();
goto fail;
@@ -717,14 +636,8 @@ static int _ncr_session_update(struct ncr_lists* lists, struct ncr_session_op_st
ret = 0;
fail:
- if (odata) {
- ncr_data_item_put_sg(odata);
- _ncr_data_item_put(odata);
- }
- if (data) {
- ncr_data_item_put_sg(data);
- _ncr_data_item_put(data);
- }
+ if (odata) _ncr_data_item_put(odata);
+ if (data) _ncr_data_item_put(data);
_ncr_sessions_item_put(sess);
return ret;
@@ -768,9 +681,6 @@ static int _ncr_session_final(struct ncr_lists* lists, struct ncr_session_op_st*
struct data_item_st* odata = NULL;
int digest_size;
uint8_t digest[NCR_HASH_MAX_OUTPUT_SIZE];
- struct scatterlist *osg;
- size_t osg_size, odata_size, max_odata_size;
- unsigned int osg_cnt;
sess = ncr_sessions_item_get( &lists->sessions, op->ses);
if (sess == NULL) {
@@ -816,39 +726,19 @@ static int _ncr_session_final(struct ncr_lists* lists, struct ncr_session_op_st*
err();
goto fail;
}
-
- ret = ncr_data_item_size(odata, 0);
- if (ret < 0) {
- err();
- goto fail;
- }
- odata_size = ret;
+
if (algo_is_hmac(sess->algorithm)) {
- uint8_t vdigest[digest_size];
-
- ret = ncr_data_item_getd( odata, vdigest, sizeof(vdigest), odata->flags);
- if (ret < 0) {
- err();
- goto fail;
- }
-
- if (digest_size != odata_size ||
- memcmp(vdigest, digest, digest_size) != 0) {
-
+ if (digest_size != odata->data_size ||
+ memcmp(odata->data, digest, digest_size) != 0) {
+
op->err = NCR_VERIFICATION_FAILED;
} else {
op->err = NCR_SUCCESS;
}
} else {
/* PK signature */
- ret = ncr_data_item_get_sg(odata, &osg, &osg_cnt, NULL, &osg_size, odata->flags, 0);
- if (ret < 0) {
- err();
- goto fail;
- }
-
- ret = ncr_pk_cipher_verify(&sess->pk, osg, osg_cnt, osg_size,
+ ret = ncr_pk_cipher_verify(&sess->pk, odata->data, odata->data_size,
digest, digest_size, &op->err);
if (ret < 0) {
err();
@@ -872,59 +762,28 @@ static int _ncr_session_final(struct ncr_lists* lists, struct ncr_session_op_st*
goto fail;
}
- ret = ncr_data_item_size(odata, 1);
- if (ret < 0) {
- err();
- goto fail;
- }
- max_odata_size = ret;
-
digest_size = sess->hash.digestsize;
- if (digest_size == 0 || max_odata_size < digest_size) {
+ if (digest_size == 0 || odata->max_data_size < digest_size) {
err();
ret = -EINVAL;
goto fail;
}
- ret = cryptodev_hash_final(&sess->hash, digest);
- if (ret < 0) {
- err();
- goto fail;
- }
+ ret = cryptodev_hash_final(&sess->hash, odata->data);
+ odata->data_size = digest_size;
- ret = ncr_data_item_setd( odata, digest, digest_size, odata->flags);
- if (ret < 0) {
- err();
- goto fail;
- }
-
cryptodev_hash_deinit(&sess->hash);
if (sess->op != NCR_OP_DIGEST && !algo_is_hmac(sess->algorithm)) {
- size_t new_size;
-
- ret = ncr_data_item_get_sg(odata, &osg, &osg_cnt, NULL, &osg_size, odata->flags, 1);
- if (ret < 0) {
- err();
- goto fail;
- }
-
- new_size = osg_size;
-
/* PK signature */
- ret = ncr_pk_cipher_sign(&sess->pk, osg, osg_cnt, digest_size,
- osg, osg_cnt, &new_size);
- if (ret < 0) {
- err();
- goto fail;
- }
-
- ret = ncr_data_item_set_size(odata, new_size);
+ size_t new_size = odata->max_data_size;
+ ret = ncr_pk_cipher_sign(&sess->pk, odata->data, odata->data_size,
+ odata->data, &new_size);
if (ret < 0) {
err();
goto fail;
}
+ odata->data_size = new_size;
}
-
break;
default:
err();
@@ -935,10 +794,7 @@ static int _ncr_session_final(struct ncr_lists* lists, struct ncr_session_op_st*
ret = 0;
fail:
- if (odata) {
- ncr_data_item_put_sg(odata);
- _ncr_data_item_put(odata);
- }
+ if (odata) _ncr_data_item_put(odata);
cryptodev_hash_deinit(&sess->hash);
if (algo_is_symmetric(sess->algorithm)) {
cryptodev_cipher_deinit(&sess->cipher);
diff --git a/crypto/userspace/ncr.c b/crypto/userspace/ncr.c
index be0cdc89be2..5740580ca74 100644
--- a/crypto/userspace/ncr.c
+++ b/crypto/userspace/ncr.c
@@ -126,8 +126,6 @@ ncr_ioctl(struct ncr_lists* lst, struct file *filp,
switch (cmd) {
case NCRIO_DATA_INIT:
return ncr_data_init(&lst->data, arg);
- case NCRIO_DATA_INIT_USER:
- return ncr_data_init_user(&lst->data, arg);
case NCRIO_DATA_GET:
return ncr_data_get(&lst->data, arg);
case NCRIO_DATA_SET:
diff --git a/crypto/userspace/ncr_int.h b/crypto/userspace/ncr_int.h
index c5be7e52ec5..12c053afbb2 100644
--- a/crypto/userspace/ncr_int.h
+++ b/crypto/userspace/ncr_int.h
@@ -30,12 +30,6 @@ struct session_item_st {
ncr_session_t desc;
};
-typedef enum {
- NCR_DATA_KERNEL,
- NCR_DATA_USER,
-} ncr_data_type_t;
-
-#define MAX_DATA_PAGES 64
struct data_item_st {
struct list_head list;
/* This object is not protected from concurrent access.
@@ -43,23 +37,9 @@ struct data_item_st {
* not an issue).
*/
- struct scatterlist _sg[MAX_DATA_PAGES]; /* do not access directly */
- union {
- struct {
- uint8_t* data;
- size_t data_size;
- size_t max_data_size;
- } kernel;
- struct {
- uint8_t* __user ptr;
- size_t* __user size_ptr;
- struct page *pg[MAX_DATA_PAGES];
- size_t pg_cnt;
- atomic_t pg_used;
- } user;
- } data;
- ncr_data_type_t type;
-
+ uint8_t* data;
+ size_t data_size;
+ size_t max_data_size;
unsigned int flags;
atomic_t refcnt;
@@ -127,19 +107,10 @@ int ncr_data_set(struct list_sem_st*, void __user* arg);
int ncr_data_get(struct list_sem_st*, void __user* arg);
int ncr_data_deinit(struct list_sem_st*, void __user* arg);
int ncr_data_init(struct list_sem_st*, void __user* arg);
-int ncr_data_init_user(struct list_sem_st*, void __user* arg);
void ncr_data_list_deinit(struct list_sem_st*);
struct data_item_st* ncr_data_item_get( struct list_sem_st* lst, ncr_data_t desc);
void _ncr_data_item_put( struct data_item_st* item);
-int ncr_data_item_get_sg( struct data_item_st* item, struct scatterlist** sg,
- unsigned int *sg_cnt, size_t *data_size, size_t* max_data_size, unsigned int data_flags, int write);
-void ncr_data_item_put_sg( struct data_item_st* item);
-int ncr_data_item_setd( struct data_item_st* item, const void* data, size_t data_size, unsigned int data_flags);
-int ncr_data_item_getd( struct data_item_st* item, void* data, size_t data_size, unsigned int data_flags);
-int ncr_data_item_size( struct data_item_st* item, int max);
-int ncr_data_item_set_size( struct data_item_st* item, size_t new_size);
-
int ncr_key_init(struct list_sem_st*, void __user* arg);
int ncr_key_deinit(struct list_sem_st*, void __user* arg);
int ncr_key_export(struct list_sem_st* data_lst,
@@ -222,7 +193,6 @@ inline static unsigned int data_flags_to_key(unsigned int data_flags)
const char* _ncr_algo_to_str(ncr_algorithm_t algo);
int _ncr_algo_digest_size(ncr_algorithm_t algo);
-
-
+int ncr_key_params_get_sign_hash(ncr_algorithm_t algo, struct ncr_key_params_st * params);
#endif
generated by cgit (git 2.34.1) at 2025-06-12 17:39:39 +0000